Database Develop

[Q] Fully functional D3 ROM with Bluetooth Message Access Profile?

Been looking around for a while, and I can't find a definitive answer for this. I love my D3, and the one major beef I have with it is that it does not support the Bluetooth Message Access Profile (MAP). As I understand it, this can be coded into the ROM, (not a hardware issue), and while I've heard some Android ROMs support it, I have not found one for the D3.
MAP will let me get and send text messages through my Ford's Sync system, which is something I desperately want.
Failing finding a ROM for D3 built with MAP, I'd like to know where I can download source code for a fully functional D3 ROM, and see if I can add the support myself (I'm a .NET developer by trade, so while I expect there to be some culture shock I expect I can get through it), compile it, and brick my phone a couple dozen times.
Can someone point me in the right direction?

Android Device Manager

In case you didn't know, Google has silently implemented FREE tracking for almost all androids. It also allows you to erase the phone if you feel that it's necessary, all you have to do is enable it as a device admin. I realize there have been apps on the market for a long time now that do this (and more) however Google doesn't require you to install or update any apps to use this service and from my brief testing it seems to work amazingly well right off the bat.
Go here and bookmark: https://www.google.com/android/devicemanager

it's about time they did this. i've hated having to install lookout or avast for decent location and remote wipe. now, that is more. further proof why you don't need an AV on your phone.

The only thing missing that I would like to see in future updates would be the ability to remotely lock the device so that a thief would have a harder time fooling around with the phone before you can track it. I've been using Where's My Droid for a long time but it lost the web interface tracking a while ago and that's been a bummer.

Is there any way to uninstall this useless feature? I never use GPS in my phone (because of the horrible reception, also because I am able to navigate without it), and also do not lose it.
Also, I already encrypted my device, so people can't do anything with it when they find it.
Also, whilst I am at it, I really do not like the way google forces their "content" down the wide opened throat of the community. I did not like the way they went with google services framework, and how you can't do jack sh*t without it, and I do not like the updates and "progression" they make.
Soo, any idea on how to get that off my phone?
Cheers!
PS: Everything I wrote is my own opinion, and if yours differs, at least RESPECT mine. If not, I could not care less about yours and do not get upset if I make fun of it. (Just in case some fanboy tries to attack me )

IRKONIK said:
Is there any way to uninstall this useless feature? I never use GPS in my phone (because of the horrible reception, also because I am able to navigate without it), and also do not lose it.
Also, I already encrypted my device, so people can't do anything with it when they find it.
Also, whilst I am at it, I really do not like the way google forces their "content" down the wide opened throat of the community. I did not like the way they went with google services framework, and how you can't do jack sh*t without it, and I do not like the updates and "progression" they make.
Soo, any idea on how to get that off my phone?
Cheers!
PS: Everything I wrote is my own opinion, and if yours differs, at least RESPECT mine. If not, I could not care less about yours and do not get upset if I make fun of it. (Just in case some fanboy tries to attack me )
Click to expand...
Click to collapse
you can disable the google play services in a custom ROM (i think it's built-in to android 4.2.2) but it'll break the YouTube app, and as you said, you're limited without it. as far as like older ROMs go (ICS, GB, etc.), the app isn't built-in and you can uninstall it.
I personally find google play services somewhat useful (especially now with the ADM), and i use YouTube occasionally so i need it for that, but we all have our own opinions, as you said, and I'd personally like to keep things civil.
and if you hate the services that much, you can actually reflash the ROM you're using without Gapps. it will be a limited experience, but the Play Services won't be there

IRKONIK said:
Is there any way to uninstall this useless feature? I never use GPS in my phone (because of the horrible reception, also because I am able to navigate without it), and also do not lose it.
Also, I already encrypted my device, so people can't do anything with it when they find it.
Also, whilst I am at it, I really do not like the way google forces their "content" down the wide opened throat of the community. I did not like the way they went with google services framework, and how you can't do jack sh*t without it, and I do not like the updates and "progression" they make.
Soo, any idea on how to get that off my phone?
Cheers!
PS: Everything I wrote is my own opinion, and if yours differs, at least RESPECT mine. If not, I could not care less about yours and do not get upset if I make fun of it. (Just in case some fanboy tries to attack me )
Click to expand...
Click to collapse
Other than what was already said I don't think there's a way to remove it, but just look at it this way... it doesn't take up any space and won't just activate by itself, so it's really not inconveniencing you in any way. I understand you don't want to be force-fed features that you don't want, and I absolutely respect that, but for many (myself included) this was a long overdue feature that will no doubt help many many users. This kinda stuff comes with the territory of owning a 'connected' device like a smartphone, so if you really want to get off the grid, just go back to a dumb-phone (yes they still exist).

Sorry for the "rant", but these updates cost me money, since I don't have a flatrare on my phone. (And Android OS still uses my data, whilst I have it turned off. Which is strange)
I actually do own "a few" dumb phones, one for calling, one for getting called, one for SMS.
So I am off grid, at least a little bit.
I actually never understood that feature. As I stated above, I am not the kind of person that loses stuff (OK, maybe sometimes my manners ) nor did I ever had something stolen from me. People tried, but never succeeded.
I am looking forward to Replicant, so I can finally shove my middle finger up Googles fat back-ends (of the wafer. Also it is somehow connected to the fat file system. Not what you thought )
Some day.. Soon.

IRKONIK said:
Sorry for the "rant", but these updates cost me money, since I don't have a flatrare on my phone. (And Android OS still uses my data, whilst I have it turned off. Which is strange)
I actually do own "a few" dumb phones, one for calling, one for getting called, one for SMS.
So I am off grid, at least a little bit.
I actually never understood that feature. As I stated above, I am not the kind of person that loses stuff (OK, maybe sometimes my manners ) nor did I ever had something stolen from me. People tried, but never succeeded.
I am looking forward to Replicant, so I can finally shove my middle finger up Googles fat back-ends (of the wafer. Also it is somehow connected to the fat file system. Not what you thought )
Some day.. Soon.
Click to expand...
Click to collapse
Replicant is available for the galaxysmtd (international galaxy s). it's not fully functional though, because there aren't a ton of open-source libraries and drivers available. if you want replicant on this phone, you gotta learn how to code, and how to build from source.
supernexus is kinda like replicant except it uses a lot of closed-source libraries that make things work. as i said, just don't flash the google apps package. it's basically a clone of the Nexus firmware, as you get all the AOSP components, nothing more or less. oh and also, very minimal google integration without Gapps

How does it work
So does Android Device Manager track the phone or tablet by the hardware signature or by Google account? I ask because I lost my Nexus 7 last Monday and immediately changed my Google Account password. Now when I try to track the Nexus 7 using Android Device Manager it shows that it has not been used since last Monday.

Capt-Capsaicin said:
So does Android Device Manager track the phone or tablet by the hardware signature or by Google account? I ask because I lost my Nexus 7 last Monday and immediately changed my Google Account password. Now when I try to track the Nexus 7 using Android Device Manager it shows that it has not been used since last Monday.
Click to expand...
Click to collapse
Hardware i reckon, when i used this it let's me choose which device I've used with my Google account. It sees phone as different again when I've flashed a new ROM.

Crawshayi said:
In case you didn't know, Google has silently implemented FREE tracking for almost all androids. It also allows you to erase the phone if you feel that it's necessary, all you have to do is enable it as a device admin. I realize there have been apps on the market for a long time now that do this (and more) however Google doesn't require you to install or update any apps to use this service and from my brief testing it seems to work amazingly well right off the bat.
Go here and bookmark: https://www.google.com/android/devicemanager
Click to expand...
Click to collapse
CM Team Announces CyanogenMod Account For Remote Device Wipe/Tracking, Dual-Release Branches For Better Security
Posted by Ryan Whitwam in News
http://www.androidpolice.com/2013/0...ng-dual-release-branches-for-better-security/
CM guys still finding ways to 1-up google android :silly:
.

[Q] ARP Spoofing/Poisoning issue on CM builds

I've done quite a bit of searching, to no avail, but I am having an issue I'd like to find a resolution to, or at the very least, find the culprit. I've been testing some CM10.x builds (not from a single dev, from many) for my Vivid for a few weeks now, and I am constantly detecting ARP Spoof attacks/ARP poison/Man-in-the-middle attacks. It doesn't matter what ROM, if its CM based, it's been happening consistently. I realize the simple fix is to not use those ROMs, how ever I am worried for others out there, and not just my own personal discomfort. So, I am calling for a meeting of minds. Is anyone else aware of this type of issue? Is this an exploit embedded in the ROM, an apk (inspected them and turned up nothing so far), a foothold stored on the SD card, or something else I've not covered? Any information and or assistance will be greatly appreciated. And hopefully, not only by me. I have loads of faith in the devs and mods on here and only with to help. Thanks in advance!
HTC Vivid - Unlocked, S-OFF, AT&T

-Zyto- said:
I've done quite a bit of searching, to no avail, but I am having an issue I'd like to find a resolution to, or at the very least, find the culprit. I've been testing some CM10.x builds (not from a single dev, from many) for my Vivid for a few weeks now, and I am constantly detecting ARP Spoof attacks/ARP poison/Man-in-the-middle attacks. It doesn't matter what ROM, if its CM based, it's been happening consistently. I realize the simple fix is to not use those ROMs, how ever I am worried for others out there, and not just my own personal discomfort. So, I am calling for a meeting of minds. Is anyone else aware of this type of issue? Is this an exploit embedded in the ROM, an apk (inspected them and turned up nothing so far), a foothold stored on the SD card, or something else I've not covered? Any information and or assistance will be greatly appreciated. And hopefully, not only by me. I have loads of faith in the devs and mods on here and only with to help. Thanks in advance!
HTC Vivid - Unlocked, S-OFF, AT&T
Click to expand...
Click to collapse
What security suite (that you really don't need) is throwing the warnings?
Sent from my Vivid 4G using Tapatalk 4

DNS logs initially, doing it old school. But then I tried DroidSheepGuard on the device for faster notifications. Also tried WiFi Protector. They both have their positives and negatives. But good ol' DNS logs and event viewers never fail me there. Each time, it traces back to my device with the CM10.x ROM. I work in the IT industry, so security is a big part of my daily routine. However, mistakes get made, being human and all. I know there are lots of network test abilities in CM that are great for testing vulnerabilities. But those tools, as I'm sure you know, can be used for nefarious purposes. And with Byod becoming more and more popular, I'd hate to see people or companies fall prey to these attacks (or tests gone awry?). I mean I know to secure my DNS servers, and vlan or segregate wifi networks. Anyway, thanks for the quick response!
Sent from my Vivid 4G using xda app-developers app

-Zyto- said:
DNS logs initially, doing it old school. But then I tried DroidSheepGuard on the device for faster notifications. Also tried WiFi Protector. They both have their positives and negatives. But good ol' DNS logs and event viewers never fail me there. Each time, it traces back to my device with the CM10.x ROM. I work in the IT industry, so security is a big part of my daily routine. However, mistakes get made, being human and all. I know there are lots of network test abilities in CM that are great for testing vulnerabilities. But those tools, as I'm sure you know, can be used for nefarious purposes. And with Byod becoming more and more popular, I'd hate to see people or companies fall prey to these attacks (or tests gone awry?). I mean I know to secure my DNS servers, and vlan or segregate wifi networks. Anyway, thanks for the quick response!
Sent from my Vivid 4G using xda app-developers app
Click to expand...
Click to collapse
I can tell you that these probably dont mean anything. Do they happen on any of my builds?

bilibox said:
I can tell you that these probably dont mean anything. Do they happen on any of my builds?
Click to expand...
Click to collapse
Well, the poisoning was bad enough to take down a test exchange 2007 sp2 server, though it was more of a redirection of packets than an actual crash. So, it does concern me. Unfortunately I did get a positive for poisoning when I was running your rootbox, (slick rom, loved it btw) but I later discovered I forgot to clear the DNS cache while running it. So I can't be 100% on whether it was from rootbox, or if it was just already poisoned with the vivid's wifi mac as the destination for the spoofed mac address. I can run another round of tests when I work slows down again.

-Zyto- said:
Well, the poisoning was bad enough to take down a test exchange 2007 sp2 server, though it was more of a redirection of packets than an actual crash. So, it does concern me. Unfortunately I did get a positive for poisoning when I was running your rootbox, (slick rom, loved it btw) but I later discovered I forgot to clear the DNS cache while running it. So I can't be 100% on whether it was from rootbox, or if it was just already poisoned with the vivid's wifi mac as the destination for the spoofed mac address. I can run another round of tests when I work slows down again.
Click to expand...
Click to collapse
have you tried these roms stock to make sure no other apps were the culprit?

bilibox said:
have you tried these roms stock to make sure no other apps were the culprit?
Click to expand...
Click to collapse
Indeed sir. As soon as I discovered the poisoning, full wipes and fresh OOB loads. Just need to rerun 2 tests I missed clearing my DNS cache for. I've also done a bit of reading, and apparently there is a security hole in JB that allows this ARP Spoofing/poisoning. From what I can tell, it looks like inadvertent poisoning, like a testing app is running a muck. More testing needed though. I was hoping someone might know the background services associated with the network testing features that come on CM builds. I would like to disable them and see how it goes in my next round of tests.
P.S. Cant wait to test other of yours as well. Rootbox would be killer for my daily driver, just need that mobile data. So if you have any newer builds with possible fixes that need testing, I'd love to give it a whirl. When I edited the APNs I was able to get the mobile data to connect for a moment, but it dropped almost immediately.

-Zyto- said:
Indeed sir. As soon as I discovered the poisoning, full wipes and fresh OOB loads. Just need to rerun 2 tests I missed clearing my DNS cache for. I've also done a bit of reading, and apparently there is a security hole in JB that allows this ARP Spoofing/poisoning. From what I can tell, it looks like inadvertent poisoning, like a testing app is running a muck. More testing needed though. I was hoping someone might know the background services associated with the network testing features that come on CM builds. I would like to disable them and see how it goes in my next round of tests.
P.S. Cant wait to test other of yours as well. Rootbox would be killer for my daily driver, just need that mobile data. So if you have any newer builds with possible fixes that need testing, I'd love to give it a whirl. When I edited the APNs I was able to get the mobile data to connect for a moment, but it dropped almost immediately.
Click to expand...
Click to collapse
It was a pain just to get rootbox built... So fixing it will probably be even harder especially since right now I am not currently deving until I get my new computer

On my Note 9 being hacked & the validity of 'Ethical hackers'...

I was running a U1 XAA build of Android 10 2.0 with the
June 1 Security patch that I'd downloaded and flashed
from Sammobile.
Awhile ago I downloaded and flashed the U1 XAA 2.1 update from the same place and noticed that there
are a number of apps I can no longer deny Wifi Control
access to under the Apps Special access area:
DeviceTest
DeviceKeystring
FACM
Gear VR Service
Voice wake-up
being 5 out of the 12 I cant deny access to.
Also I am no longer able to disable Google Play Services
whereas before in 2.0 I could. I'm not even allowed to forcestop Play Services now! Its not just these two changes, there are other things I used to be able to disable but now can't. And I have *two* 'SmartThings'
apps, one is version 10.0.37.0 and the other is version
1.7.50-21 (the-21 is just how its listed.)
I know this all sounds somewhat tame and trivial but I would like to know if this is all normal and can be confirmed by anyone else.
Anyone
-----------------
**Update**
Okay, just wanted to post some info on some sort of resolution to the above, mostly for those who make honest and earnest pleas for help and ask really pertinent questions but are ignored by the knowledgable (or criminal)
peruser.
In short, I was hacked. It doesn't come as a surprise (has happened *many* times with my N9. It *does* make me wonder about that supposed military-grade Knox security)
How do you know if you're hacked?? I just used the Running Services lister under Development Tools. Look
for services that shouldn't be running as often as they do
(Last hack they had Samsung Push which is for delivering notifications related to Samsung apps?? running something as a Service (not sure what it was but as soon as I stopped it, it popped right back up) or things you never use or have deactivated showing up in the cache (ESPECIALLY Aircommand!! Disable this as a Trusted Agent immediately! And keep an eye on it, and always keep the Air Remote feature OFF).
Also, the Google Play Store app. When I flashed the July 2020 Security update I noticed the Play Store was still at the May 2020 version update. I didn't think much of it at the time, but after having to Factory Reset I noticed it now read July 1 2020. So I guess the 'worms' have the May version hacked. Sucks that villany loves working for free breaking stuff, but in order to build something up and protect it, it takes toil and coercion.
Finally (Not sure if this is actually a sign of malware or hacking, but the only reference I could find relating to it
was from a guy who was truly beleaguered by hackers)
theres a User Certificate under Biometrics & Security / Other
Security settings / User Certificates that reads as
'FindMyMobile' and purports to being necessary for VPN security and other applications. Well, I had Find My Mobile
deactivated and uninstalled via ADB and it still showed back up after being deleted numerous times and my VPN seems to work without it. It might be for the Note 9's
built-in Knox android VPN strengthening parameters, but I couldn't find nfo online about it anywhere except in the case I mentioned which seems very odd. Qualifying proof of its malicious intent for me?: After factory resetting it hasn't shown back up.
I dont think my N9 is cleaned or I should say I'll never trust a smart phone fully again, not until the outdated and hacked 40 year old SS7 protocol that runs all cellular communications is updated, not until something more reliably secure than 'somewhat' obsfucatingly complex baseband processors are present in phones and maybe something akin to a hardware firewall in the soc that can interpret and filter non-carrier invalid commands (prob only need to update that damn SS7 protocol!) I'd also love it if Google/Alphabet would dump Android and start over with a new updated mobile OS with security at the forefront (Think, updates delivered via 'Middleware', roms bought initially directly from the manufacturer that can be crytographically flashed up to three times with signed updates with each update burned and locked into the rom via fuses. Each factory reset brings you back to your last update. The roms are only updatable if a hardware dip switch is tripped which moves actual physical leads in the soc which powers the ability to flash this chip. And maybe screw AOSP, I wonder if all this open sourceness has actually given the malware creators more knowledge to
finess the software and the hardware. The so-called white-hat 'Ethical Hackers' (LOL! HOW can breaking into someone's personal space without permission outside of national defense be considered ethical?!? All hackers are criminals. If you want to be considered a 'good' hacker (*snort*) bring to light the measly exploits and software, the slime who make and distribute the same and tell how to protect against them and detect them and disable them. Criminals giving webinars and seminars about how to circumvent protections for devices that billions of people rely on for living should be outlawed FULL-STOP-PERIOD I'd rather have one slime who knows how to get into a system than having that slime be allowed to freely distribute the software and knowledge so that millions of other definately less conscionable scum can make use of his knowledge.)
hackers only care about making their fame and fortune by
beinging to light obscure and unknown exploits that no one has ever used or are likely to use than going after to exoloits that *are* in use and *do* affect those in the here and now. It must give some sense of ease not to be in contention with real criminality and the fear of any reprisals from the 'less-ethically saturated' in the tech community.
Just wanted to get that out somewhere. I know its pointless and no-one will listen. Look at what Edward Snowden sacrificed for people who were/are unworthy of *any* sacrifice by betraying everything bit by bit, battle by battle until it must one day be reclaimed (if it can be) via costly confrontation, disruption and perhaps irrevocable critical loss.
Okay, END RANT. Yeah, a slow day, corona cloud and all.
But seriuosly the Feds need to check all this electronic criminality, its gotten waaay out of hand. TO FEDS: Less hunting terrorists, MORE hunting electronic predators and anarchists!

Hi, @tamdwin,
Even though you believe your phone may have been hacked, DeviceKeystring, DeviceTest, EmergencyManagerService, FACM, IMS Service, IOTHiddenMenu, Samsung MirrorLink 1.1, Settings, Setup Wizard, Wi-Fi Direct & WlanTest are enabled on my Note9 with One UI 2.1, Security patch: 1 July 2020 (w/out Google Play Services/Google Play Store, Bixby, GearVR, DeX...only have Google Services Framework installed).
After downloading the 1 July 2020 Security update, I noticed that these services could no longer be turned off for wi-fi control.
Wish I never downloaded the update for the fancy camera features, lol.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
Some of the settings, such as disabling "Find My Mobile" from running in the background, reset/enable after you restart the phone.

Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
But will it blend!
https://www.youtube.com/watch?v=FN9mktgYZJ8

I am worried about these things, so I am looking at developing my own custom ROM.
Sorry for my English I Am brazillian

@P00r ROFL! The Samsung S4 Active shake looks delicious! Thank you for sharing the vid!
silvaBR said:
I am worried about these things, so I am looking at developing my own custom ROM.
Click to expand...
Click to collapse
That sounds like an excellent plan!

Anywhere to find paid services?

Hello,
I hope this is the correct place to post this and the question is allowed -- my sincere apologies if not!
I have a Pixel 5 that I "degoogled" by installing LineageOS for MicroG, and I've figured out how to make just about everything I need work. The only thing that I can't find any way around is Android Auto. I drive a lot for work, and it's often a rental car in an unfamiliar area. I don't care about any other function that AA offers, except for displaying navigation on the screen. A standalone GPS isn't an option for various reasons. One workaround I tried was using a spare phone solely for navigation, but that was a nightmare when trying to switch back and forth between my Pixel 5 and the spare phone for navigation, phone calls and podcasts/music.
But ultimately, I just need AA to work for navigation, phone calls, and podcasts/music. I don't care about saving contacts, reading my texts to me, or any other function whatsoever. I know there are ways to make AA work with MicroG, but they require quite a bit of knowledge and effort. Trying to parse through the different forums proved extremely challenging because every forum had different opinions on how it could or couldn't work.
SO, what I'm trying to ask is if there is anywhere I can go to pay for help with this? I don't care if it just takes 5 minutes downloading an APK, or if it takes 5 hours to build a custom LineageOS ROM. If someone can tell me definitively what steps are needed and make sure it works, I will pay for the knowledge.
Thanks for reading!

Would you accept free support, right here?
If so, please tell me your Android version first.

Hi! Well.. it would be silly to answer no that question I just don't want to seem ungrateful, I suppose.
Funny story on the Android version. I had LineageOS for MicroG 18.1 and I wanted to update to 19.1, but like an idiot I installed LineageOS without MicroG so now nothing is really working correctly. I posted on another forum here, but researching this I'm hoping that I'll be able to just reinstall LineageOS for MicroG when a new update comes out.
So I guess the answer to that question is that I currently have LineageOS 19.1, but if all goes well you would be working with LineageOS for MicroG 19.1.

I'd personally just take the time to set back up 18.1 since TWRP is fully working and you can always just make a (nandroid) backup and if something like your current situation happens again with no microg, you can simply go back to your 18.1 and restore and have a working ROM until you have 19.1 with microg and AA.
I haven't done any searching yet and I use A11 crDroid myself, as I'm partial to it, and most likely will be using it until I get the 6a (I mean I understand it's budget but 60hz screen, ugh) or wait for 7.
(I personally believe that you may find more support for 18.1 for AA since it's been out longer. But again, haven't had time to search yet.

Thanks Andy!
Honestly the only reason I updated to 19.1 is because I was hoping it would resolve an issue I was having in 18.1. Basically, after the system was up for a bit the dialer would stop working -- when I placed a call it would immediately end the call, until I rebooted and then it worked fine for a while.
So I'm not opposed to that idea. The only problem I have is that my company uses a couple of in-house apps that are a real big pain to get registered again once I've deleted them. Even restoring from backup doesn't retain the apps "registration". So I'm trying to avoid wiping if possible. I also realize that I did it to myself and if it comes down to that, I'll have to deal with it

@andybones @BloodyFruitDestroyer
I think I've accepted that I'll have to wipe data and start fresh. What is the minimal install I can get away with to make AA work? Is there a way to do it with MicroG or would I need gaaps?
For work I have to use Microsoft Teams, SAP Concur, and a few in-house apps that all require google services. I had everything working with MicroG so I know that works.