Biometric Authentication - Banking apps. - Google Pixel 4 XL Questions & Answers

Make sure you put 1* reviews on your Banking apps or all apps that need updating to support face unlock, hopefully it will help speed up the development and support of face unlock on the pixel 4. I am really missing fingerprint unlock on my apps!

Demolition49 said:
Make sure you put 1* reviews on your Banking apps or all apps that need updating to support face unlock, hopefully it will help speed up the development and support of face unlock on the pixel 4. I am really missing fingerprint unlock on my apps!
Click to expand...
Click to collapse
Why? I just contacted my credit union asking for them to add support. Maybe larger national banks and stuff should have been aware and had support ready but smaller, more local institutions might just need to know that it's a thing on Android now.
Sent from my Pixel 4 XL using XDA Labs

In the Play Store, you can reach out to contact each app's development team via email. I've written to Chase, Bank of America, Mint, Credit Karma, and the other apps I use. Some developers are aware that they need to update, others aren't. Here are some of the responses I've received.
My original email (to each app):
Please update the Android app to support the biometric API so that I can use the secure face unlock on my Pixel 4! Thank you!
Click to expand...
Click to collapse
Bank of America:
Thank you for your feedback and we apologize for the inconvenience. We are working to update to the latest biometric authentication for the Pixel 4 and expect to have a supporting app shortly. For now, sign-in to the app using your online ID and password. Please look out for an app update soon.
Click to expand...
Click to collapse
Chase:
We'll be happy to review your request to update the
Android App.
Ivan, please note that the Chase Mobile App will work on
any Android smart phone or tablet running Android
operating system 5.0 (Lollipop) or higher. The minimum
operating system is 5.0 or higher. If your mobile phone
does not have the minimum requirement, the Chase Mobile
app will not be compatible.
We want our mobile app users to have the best experience
possible, so we regularly test chase.com using the most
current versions of operating systems. Since some mobile
app functionality may not work well on older operating
systems, we ask that you perform these updates. We
recommend you update your operating system and application
to the newest versions available. If your device isn't set
up to receive updates automatically, you can get the We
recommend you update your operating system and application
to the newest versions available.
We appreciate your business and thank you for choosing
Chase.
Click to expand...
Click to collapse
Credit Karma:
To determine if your Touch ID or Face ID function is turned on or off, go into your settings by clicking the icon in the top right corner of the app. The directions are the same whether you’re using Touch ID or Face ID.
If Touch or Face ID is turned on you will see a green circle with a white check mark.
If it’s turned off, simply click the empty circle and you’ll be prompted with a message stating the fingerprints or face registered on your phone can be used to access your Credit Karma account. Click “OK” to this prompt and you will be asked to enter your PIN to confirm this change.
Touch or Face ID is now turned on and you will be allowed to use this function to access the Credit Karma app moving forward.
Please note that if you log out of your account, the next time you open the app you’ll be prompted to enter your email address and password.
Thanks so much,
Click to expand...
Click to collapse
I've been sending further follow-ups to the ones who clearly don't understand what we are asking.
The more people who contact them, the more they'll understand that their apps are the problem by not using the current API.

I think Chase already stated that they were going to have an update before the end of the year. Hopefully sooner rather than later.

Robinhood works!

btonetbone said:
In the Play Store, you can reach out to contact each app's development team via email. I've written to Chase, Bank of America, Mint, Credit Karma, and the other apps I use. Some developers are aware that they need to update, others aren't. Here are some of the responses I've received.
My original email (to each app):
Bank of America:
Chase:
Credit Karma:
I've been sending further follow-ups to the ones who clearly don't understand what we are asking.
The more people who contact them, the more they'll understand that their apps are the problem by not using the current API.
Click to expand...
Click to collapse
Very nice work, I have left reviews and also contacted all my Banks via email. Hopefully it speeds up the process.

Throwing up a bunch of one-star reviews won't help, and all it serves to do is make the rater (you) look petty and childish. I'll send an email to my institutions, like a grownup, and go from there.

Getting in contact directly works best, via the play store will get you to the android app devs. I usually go through Twitter and you get a spokesperson who wouldn't know an apk from an adb and will give a stock response of soon™.
Remind them that the old biometric APIs are deprecated and that they should update to current versioning. Should anything happen they don't want to be the story of the bank that wasn't able to keep up.

Honestly I'm not missing it that much for my bank that much because I use LastPass which autofills it quickly. I do miss it for Outlook though because I have to do a pin.
Sent from my Pixel 4 XL using Tapatalk

So Far E-Trade has been updated to the Pixels face Unlock... I sent an email via the app store also to a credit union hoping they will update their app. I'm hoping within the next 2 weeks to a month that all major banks will update...

How secure if this anyway? I mean, my banking account has a password. I enter that password in my banking app to log into my account. In the future I will use my facial scan to log into my banking app.
Does that mean my banking account will have two password (1x password + 1x facial scan) oder will my password be stored somewhere in the app or on android and simply be passed on the my facial scan is verified?
Both do not sound very secure to me.

If you don't feel it's secure then just don't use the app.. simple. I trust that the banks know the risks and have mitigated them. After all they are the ones on the hook if there's fraud.

bobby janow said:
If you don't feel it's secure then just don't use the app.. simple. I trust that the banks know the risks and have mitigated them. After all they are the ones on the hook if there's fraud.
Click to expand...
Click to collapse
Not really the informative answer I was looking for.
I wouldn't blindly trust a bank app or any of the other countless apps that would use my facial scan.
What happens if your facial scan gets stolen / leaked. Everyone with that information will for ever be able to access your data. And you can't even change your access code like you would be able to with a password.
And it seems like you also have no idea where your facial scan is being saved, and how it is secured / locked down. Maybe it is just a plain file on your phone's storage? You don't seem to know.
Why no simply write down all your passwords in a .txt file and save it on your sdcard? That would alteast have the advantage that you could change your password at some point.

Utini said:
Not really the informative answer I was looking for.
I wouldn't blindly trust a bank app or any of the other countless apps that would use my facial scan.
What happens if your facial scan gets stolen / leaked. Everyone with that information will for ever be able to access your data. And you can't even change your access code like you would be able to with a password.
Click to expand...
Click to collapse
Isn't the face unlock for that device only? It's not like someone can install your bank app on their phone, somehow use your face unlock information, and spoof you on that device. Also there's still 2 step verification, at least with my bank, so the new app would still need to get the verification code. If anything, it's easier to do with your password because that's something that can be typed in and then somehow get the verification code text.
Sent from my Pixel 4 XL using Tapatalk

Utini said:
Not really the informative answer I was looking for.
I wouldn't blindly trust a bank app or any of the other countless apps that would use my facial scan.
What happens if your facial scan gets stolen / leaked. Everyone with that information will for ever be able to access your data. And you can't even change your access code like you would be able to with a password.
Click to expand...
Click to collapse
I'm not sure of the question you are asking. It seemed rhetorical to me basically commenting on how you don't think fingerprint, facial or password entry is secure on your app. I don't think any of it is stored in the cloud but nonetheless it's probably not as secure as walking into your bank and transacting with a teller. Even websites probably aren't as secure as you wish they were. So what exactly are you asking that you expect a reply to? You can perhaps check with your bank as to what your liability would be if your account got hacked.

EeZeEpEe said:
Isn't the face unlock for that device only? It's not like someone can install your bank app on their phone, somehow use your face unlock information, and spoof you on that device. Also there's still 2 step verification, at least with my bank, so the new app would still need to get the verification code. If anything, it's easier to do with your password because that's something that can be typed in and then somehow get the verification code text.
Sent from my Pixel 4 XL using Tapatalk
Click to expand...
Click to collapse
Oh is it? That makes it defeniately more secure. But then I would still like to know how it is ensured that my facial scan only works with my specific mobile device and not with any other mobile device.
Yep for banking there is still 2 step verficiation. Good point. But I was actually thinking more about e.g. KeePass.
bobby janow said:
I'm not sure of the question you are asking. It seemed rhetorical to me basically commenting on how you don't think fingerprint, facial or password entry is secure on your app. I don't think any of it is stored in the cloud but nonetheless it's probably not as secure as walking into your bank and transacting with a teller. Even websites probably aren't as secure as you wish they were. So what exactly are you asking that you expect a reply to? You can perhaps check with your bank as to what your liability would be if your account got hacked.
Click to expand...
Click to collapse
Maybe I didn't explain my question good enough. I will try again:
Currently I would unlock e.g. my KeePass Database with a password.
In the future I would use my facial scan for that.
I wonder at what point my facial scan will access my password of the KeePass Database, because it somehow has to know my password in order to unlock KeePass?
And in that case my password suddenly isn't saved only in my head anymore but also within android or another app (because Face Unlock has to somehow know it?).
Or will my KeePass database get a second "password" which is my facial scan data?
In that case I want to make sure that my facial scan is very secure and can't be stolen. Because if it turns up in smth like "haveibeenpwnd.com" everyone will forever be able to access all my files with my leaked facial scan which I cannot even change to something different anymore.

Utini said:
Maybe I didn't explain my question good enough. I will try again:
Currently I would unlock e.g. my KeePass Database with a password.
In the future I would use my facial scan for that.
I wonder at what point my facial scan will access my password of the KeePass Database, because it somehow has to know my password in order to unlock KeePass?
And in that case my password suddenly isn't saved only in my head anymore but also within android or another app (because Face Unlock has to somehow know it?).
Or will my KeePass database get a second "password" which is my facial scan data?
In that case I want to make sure that my facial scan is very secure and can't be stolen. Because if it turns up in smth like "haveibeenpwnd.com" everyone will forever be able to access all my files with my leaked facial scan which I cannot even change to something different anymore.
Click to expand...
Click to collapse
I used LastPass and I think it's not different then when I died the fingerprint option for it. There's a master password for the account and biometric login is, again, just for the individual device. And again, there's 2 step verification at least with LastPass, for whenever you set up.
Sent from my Pixel 4 XL using Tapatalk

EeZeEpEe said:
I used LastPass and I think it's not different then when I died the fingerprint option for it. There's a master password for the account and biometric login is, again, just for the individual device. And again, there's 2 step verification at least with LastPass, for whenever you set up.
Sent from my Pixel 4 XL using Tapatalk
Click to expand...
Click to collapse
Sounds interesting and secure. Now I am interested in how it is ensured that my fingerprint / facial scan will only work with my specific mobile device and that the stolen data from my device can't be used from another device

Utini said:
Oh is it? That makes it defeniately more secure. But then I would still like to know how it is ensured that my facial scan only works with my specific mobile device and not with any other mobile device.
Yep for banking there is still 2 step verficiation. Good point. But I was actually thinking more about e.g. KeePass.
Maybe I didn't explain my question good enough. I will try again:
Currently I would unlock e.g. my KeePass Database with a password.
In the future I would use my facial scan for that.
I wonder at what point my facial scan will access my password of the KeePass Database, because it somehow has to know my password in order to unlock KeePass?
And in that case my password suddenly isn't saved only in my head anymore but also within android or another app (because Face Unlock has to somehow know it?).
Or will my KeePass database get a second "password" which is my facial scan data?
In that case I want to make sure that my facial scan is very secure and can't be stolen. Because if it turns up in smth like "haveibeenpwnd.com" everyone will forever be able to access all my files with my leaked facial scan which I cannot even change to something different anymore.
Click to expand...
Click to collapse
Oh I see now. This really has more to do with your password manager than the bank. Unfortunately, I don't use a PM even though I suppose I should. Everyone says it's pretty secure. Since I don't really know what I'm talking about at this point I'll give it a shot anyway. lol
I don't think the facial scan or the fingerprint scan is saved anywhere other than your device. But I do use fingerprint (or did) scans on my banking app. If I change my password on the banking site my fingerprint scan will no longer work on the app. I would first have to change my password on the app and then reregister my fingerprint when the new password is entered. Can we compare it to the face scan at this point? I mean you can't change your fingerprints either right? Before I go on, am I reading your concerns correctly?

Utini said:
Sounds interesting and secure. Now I am interested in how it is ensured that my fingerprint / facial scan will only work with my specific mobile device and that the stolen data from my device can't be used from another device
Click to expand...
Click to collapse
https://support.google.com/pixelphone/answer/9517039?hl=en
Maybe this confirms it?View attachment 4860867
Sent from my Pixel 4 XL using Tapatalk

Related

[Q] Security

New to android and captivate, so excuse me if I'm missing something..but it seems that with one's google account being tied into all the functions, including buying in the market with the credit card on file with google..there has to be a setting to not allow the device to be used with a different sim..or some kind of security that will lock down your google account if the phone is stolen? Is something built in..or is there an app out there that people generally use for peace of mind?
EDIT: All of the recent Nokia phones I've had has a setting to not allow a different sim to be used
fldude99 said:
New to android and captivate, so excuse me if I'm missing something..but it seems that with one's google account being tied into all the functions, including buying in the market with the credit card on file with google..there has to be a setting to not allow the device to be used with a different sim..or some kind of security that will lock down your google account if the phone is stolen? Is something built in..or is there an app out there that people generally use for peace of mind?
Click to expand...
Click to collapse
Very interesting. I too would like to know the answer. This is one of the many reasons why I NEVER use:
A) Mobile Banking
B) Purchases of any kind that includes Plastic
C) Setup any accounts that wire account info
Call me paranoid, but hey, it will save you a ton of headache on that unfortunate "if" day. Please keep us posted.
So does anybody have an answer...or at least some kind of marketplace app that is used for security?
So is nobody interested in security? Or is there just no simple solution..one thing that I miss on my Nokia N97 is the remote lock..send a text of a secret word, and poof the device is locked...done
I think people are interested to some degree but no widely known easy method. And just an fyi, rooting your phone and gaining superuser privileges - as many of us have done - creates a big security hole for trogin malware attack, so if you have rooted your phone take care and know what your installing and try to pay attention to anything using super user privileges.

How to avoid someone stole you nexus and read your personal info

im a happy nexus 7 owner but im wondering how i can protect my nexus private data or even FB or TW from other people, in my phone i use avast so i can "delete" all data by sms, but i cant do this on my nexus, i was thinking use "pattern" or pin unlock screen, but its annoying doing this on every time i want unlock my screen, i was thinking on apps that put password on selected apps, but again maybe this could be annoying, and maybe someone with a little skill can use ADB or uninstall TB and re install and delete "data" from the app who its protecting (im rooted) so im wondering its other way to protect my nexus 7? i guess this are the best but im wondering if its other way that i didint know.
Thanks
Cerberus app
Sent from my Nexus 7 using Tapatalk 2
ateebtk said:
Cerberus app
Sent from my Nexus 7 using Tapatalk 2
Click to expand...
Click to collapse
+1 for Cerberus.
I use it on my nexus 7 and my att Samsung galaxy s ii. It can remotely wipe your device, lock it, track it via GPS even if you don't have GPS on, set off alarms, take pictures and video from the camera, and many other things. It is 110% worth it. I recommend it highly.
patriot720 said:
+1 for Cerberus.
I use it on my nexus 7 and my att Samsung galaxy s ii. It can remotely wipe your device, lock it, track it via GPS even if you don't have GPS on, set off alarms, take pictures and video from the camera, and many other things. It is 110% worth it. I recommend it highly.
Click to expand...
Click to collapse
Any noticeable effects on performance and battery life?
Lookout App.
Cerberus is a life saver! When both my Galaxy Nexus and my wallet were stolen in a restaurant I could track my mobile using a friend's phone within 2 mins after noticing the theft. I directed the police to the shop based on Cerberus' tracking and eventually got both my mobile and my wallet back within 15 mins after the call.
The issue with tracking a tablet without 3G is that you will only see it once it's logged into a wireless network rather than on the go. You'd also need to activate a pin which could be deactivated at home by an app like Tasker.
I suggest you also use Avast to scan for malware and as second protection which could survive a factory reset but not a new rom.
Sent from my Galaxy Nexus using xda premium
Yeah I'm testing thanks I will check seems kind of better than avast, not sure if this app will survive to factory reset, custom recovery should have password or something xD the bad it's nexus 7 doesn't had 3g u.u oh well thanks all
Enviado desde mi HTC One X
zen kun said:
i was thinking use "pattern" or pin unlock screen, but its annoying doing this on every time i want unlock my screen
Click to expand...
Click to collapse
Protection is sometimes not convenient, but if you don't have a code lock your device is wide open to whom ever picks it up.
Pattern or Pin Lock
When I am out, I use a pattern lock on all devices. If I am home for the weekend, I turn it off however it is turned back on before I leave the house.
Cerberus
I use this on my Nexus and it works good. You do need to have a WiFi connection which limits it greatly since I never allow my device to connect to a public WiFi... but with the lock out, 5 tries and the device locks.
Backups
While the data is fairly secure, losing the data and even perhaps more important the time and effort setting up the device in the first place, means that using a good backup and having that available OFF the device so that if it is lost/stolen/destroyed, I can simply re-root and then restore and have it back to where I was when the backup was made. I do full backups every Sun.. and other occasionally when I make big changes.
Two Factor Authentication
When Possible, use 2-Factor authentication. If you not using it, you should look into it.
Check out the app Android Lost on the play store.
It securely links with your gmail account and does not do any polling to servers so it saves your battery.
When you lose your phone it allows you to do many many things such as activate an alarm, track using gps or wifi, take a picture with the front or rear camera, wipe the phone or lock it and many more features. All remotely.
Best part is its free and has a minimal footprint on device.
Check it out!
Run L1ke H3LL said:
Check out the app Android Lost on the play store.
It securely links with your gmail account and does not do any polling to servers so it saves your battery.
When you lose your phone it allows you to do many many things such as activate an alarm, track using gps or wifi, take a picture with the front or rear camera, wipe the phone or lock it and many more features. All remotely.
Best part is its free and has a minimal footprint on device.
Check it out!
Click to expand...
Click to collapse
The Nexus 7 is not a phone, so it doesn't by default it doesn't have SMS, it by itself has no 3G/4G communications. The only way you can talk to it is via WiFi.
I use Android Lost on all my phones... but since my phone uses the same same gmail account, it can't control the Nexus, hence the use of Cerberus.
is cerberus better than where's my droid?
krelvinaz said:
The Nexus 7 is not a phone, so it doesn't by default it doesn't have SMS, it by itself has no 3G/4G communications. The only way you can talk to it is via WiFi.
I use Android Lost on all my phones... but since my phone uses the same same gmail account, it can't control the Nexus, hence the use of Cerberus.
Click to expand...
Click to collapse
I use my Nexus tethered to my phone so it uses WiFi. I suppose if I lost it would still connect to the WiFi networks in my area and I could locate it by those methods. My cable company provides public WiFi which is ubiquitous so 90% of the time if I'm not tethered I have data.
Sent from my Nexus 7 using Tapatalk 2
hoponpop said:
is cerberus better than where's my droid?
Click to expand...
Click to collapse
Much better.
---------- Post added at 12:12 AM ---------- Previous post was at 12:10 AM ----------
nyijedi said:
Any noticeable effects on performance and battery life?
Click to expand...
Click to collapse
None at all.
If u really want to protect ur data, I suggest don't root the device and encrypt the entire tablet. Then set up a PIN to unlock. Security often means you have to give up some convenience at times but the reward is satisfying.
Also like some one already suggested use 2-factor auth for FB and make sure u deprovision the tablet account when u find it lost or stolen.
Sent from my Nexus 7 using xda app-developers app
I use seek droid for my phones, but purchased cerberus with my gift moolah and am happy with its performance and have also installed it on my Acer a500. The Developer is active with the community and has beta releases that fix some of the JB bugs.
So how secure is the Cerberus site? What's the dev's credentials in IT security? Is he just some dude with an app?
In signing up for this, you're putting the ability to remote-wipe/track/spy your online life into some dude's hands. You're paying him 3 bucks and hope he can keep it secure. Can he? In mitigating one risk (device theft), you're incurring a new risk of having your device remote wiped, or being spied upon, if the site gets hacked. Good trade-off?
With a one-time fee of $3, I don't see that much incentive for the dev to continuously maintain security, assuming he even has the expertise. It's his hobby, not his livelihood.
From a cursory inspection of the Cerberus site and its support forum, I don't see the word "security" or "2-factor authentication" anywhere.
Ditto SeekDroid or any similar app.
e.mote said:
So how secure is the Cerberus site? What's the dev's credentials in IT security? Is he just some dude with an app?
In signing up for this, you're putting the ability to remote-wipe/track/spy your online life into some dude's hands. You're paying him 3 bucks and hope he can keep it secure. Can he? In mitigating one risk (device theft), you're incurring a new risk of having your device remote wiped, or being spied upon, if the site gets hacked. Good trade-off?
With a one-time fee of $3, I don't see that much incentive for the dev to continuously maintain security, assuming he even has the expertise. It's his hobby, not his livelihood.
From a cursory inspection of the Cerberus site and its support forum, I don't see the word "security" or "2-factor authentication" anywhere.
Ditto SeekDroid or any similar app.
Click to expand...
Click to collapse
Have to somewhat agree with the sentiment here.. that said, I'm presently using the Cerberus demo on my N7 and it appears quit good.... would prefer this to have been a mainstream vendor product ....
Sent from my Nexus 7 using xda app-developers app
Seek droid, and I think I only paid $.99
Sent from my Nexus 7 using Tapatalk 2
They have some really good reviews on their web site. And from very qualified sources,check it out. I just installed Cerberus and tested out great.
Sent from my Nexus 7 using xda app-developers app
>They have some really good reviews on their web site. And from very qualified sources,check it out. I just installed Cerberus and tested out great.
Yes, very qualified. Hahah.
Here's a "review" maybe you should read. It's by Cerberus itself (emphasis added). Welcome to spyware.
https://www.cerberusapp.com/privacy.php
THE INFORMATION LSDROID COLLECTS
REGISTRATION INFORMATION: You provide to LSDroid certain personally-identifiable information (such as device ID number, wireless operator / operator, your name, email address, etc.) when choosing to subscribe to the LSDroid Services.
LOCATION INFORMATION: To provide the LSDroid Services, we derive location information from your wireless operator, certain third-party service providers, or directly from the mobile device that you used to register with the LSDroid Services. This location tracking of your mobile device may occur even when the LSDroid Services mobile application is not actively open and running, but your location is being securely transmitted and logged in accordance with your privacy and opt-in settings.
COOKIES, PERSISTENT FILE INFORMATION: When you use the LSDroid Services, we may send one or more cookies (small text files containing a string of alphanumeric characters) to your computer. LSDroid may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your web browser and may be used by us during your subsequent visits to the LSDroid Web site. Persistent cookies set by the LSDroid Web site can be removed. Please review your web browser "Help" file to learn the proper way to modify your cookie settings.
LOG FILE INFORMATION: When you use the LSDroid Services, our servers automatically record certain information about your usage from your mobile device and web browser. These server securely logs may include information such as a mobile device identification number and device identifier, web requests, Internet Protocol ("IP") address, browser type, browser language, referring / exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, features used in the LSDroid mobile application, the amount of time spent on particular web pages, the dates and times of your requests, and one or more cookies that may uniquely identify your browser.

What else can the fingerprint scanner do?

I know that the fingerint scanner can be ued to unlock the phone and for paypal, web sign in and samsung verification but can I do anything else with it? It would be cool to lock specific apps. Are there any 3rd party apps that utilize the fingerprint scanner?
Ya, lastpass can be used to login to websites/applications automatically using your fingerprint. Really sweet not having to manually type in logins and passwords anymore!
And fingersecurity allows you to set up specific apps that require a fingerprint to get into them. It even has a in app purchase where you can set it not require the fingerprint while connected to specific trusted wifi networks and bluetooth devices. And even to set to only open when you use a specific finger, so not all fingers can open it if you don't want it to.
These are 2 that I have come to not be able to live without. I hope you like them as much as I do.
dfullerman said:
Ya, lastpass can be used to login to websites/applications automatically using your fingerprint. Really sweet not having to manually type in logins and passwords anymore!
And fingersecurity allows you to set up specific apps that require a fingerprint to get into them. It even has a in app purchase where you can set it not require the fingerprint while connected to specific trusted wifi networks and bluetooth devices. And even to set to only open when you use a specific finger, so not all fingers can open it if you don't want it to.
These are 2 that I have come to not be able to live without. I hope you like them as much as I do.
Click to expand...
Click to collapse
Dude fingersecurity is exactly was I was looking for. Thanks a lot! Do you know if there is an app to launch apps with your fingerprint?
Na, haven't heard or seen anything like that...don't exactly know how that would work exactly but maybe someone will figure it out.

Enterprise email

I'd like to add my corporate email to my head unit. On my tablet, it requires security to be enabled with a pin. I don't want that on my head unit. Any way around it? I want to be able to use everything else in the radio, and I'm thinking its best not to add it?
Thanks!
There are two apps in the market you can use - Touchdown or Nine (I prefer nine)
It satisfies the PIN requirement by forcing you to type in your pin only when you open the app - not on the entire device.
It does let you read part of incoming messages in notification without requiring pin at all.
As far as I know there is no simple way to completely remove the pin
Hooch0903 said:
On my tablet, it requires security to be enabled with a pin. I don't want that on my head unit.
Click to expand...
Click to collapse
Depends. Do you want to keep your job? The Android email app is simply enforcing a corporate policy. You would likely be violating your company's policy if you bypass it.
I'll have to ask if they'll approve it, since I can't add the radio to the server without their approval anyway. Appreciate the input...guess we'll see what they say about it.
Sent from my iPhone using Tapatalk

I need good hacker protection on my phone. Any suggestions?

I have noticed that my important email has been compromised. I've seen logins from the US (I've never been in the US) and even parts of Sweden that I have not visited (and by a browser that I've never used, so it's not me).
I am really surprised by this considering I use 2-factor authentication on it and my Note 8 doesn't even have Google authenticator visible. It is installed but I've hid it and use it by going to app store and searching for it.
All my important websites are protected by 2-factor authenticator. Except for my phone. I have BitDefender antivirus but I am not sure if this is enough.
I need something really strong to protect my phone from people accessing it and its apps. Mainly a protection against keyloggers.
My phone is rooted if that makes any difference.
Also, I don't mind if it costs money. I will pay well for top notch protection.
Nebell said:
I have noticed that my important email has been compromised. I've seen logins from the US (I've never been in the US) and even parts of Sweden that I have not visited (and by a browser that I've never used, so it's not me).
I am really surprised by this considering I use 2-factor authentication on it and my Note 8 doesn't even have Google authenticator visible. It is installed but I've hid it and use it by going to app store and searching for it.
All my important websites are protected by 2-factor authenticator. Except for my phone. I have BitDefender antivirus but I am not sure if this is enough.
I need something really strong to protect my phone from people accessing it and its apps. Mainly a protection against keyloggers.
My phone is rooted if that makes any difference.
Also, I don't mind if it costs money. I will pay well for top notch protection.
Click to expand...
Click to collapse
If it wasn't rooted I would just encrypt the sd card, make sure you have a good pattern/password and use Secure Folder for anything more sensitive. Between all that, bitdefender, and 2-factor authentication on accounts where possible, the only other thing I can think of is using a VPN when connecting to public wifi. Of course root breaks Knox though, so that changes things here for Secure Folder, etc. Maybe there are some other security apps you could use instead for sensitive stuff, as well as a firewall app, but root does run counter to maximum security.
Nebell said:
I have noticed that my important email has been compromised. I've seen logins from the US (I've never been in the US) and even parts of Sweden that I have not visited (and by a browser that I've never used, so it's not me).
I am really surprised by this considering I use 2-factor authentication on it and my Note 8 doesn't even have Google authenticator visible. It is installed but I've hid it and use it by going to app store and searching for it.
All my important websites are protected by 2-factor authenticator. Except for my phone. I have BitDefender antivirus but I am not sure if this is enough.
I need something really strong to protect my phone from people accessing it and its apps. Mainly a protection against keyloggers.
My phone is rooted if that makes any difference.
Also, I don't mind if it costs money. I will pay well for top notch protection.
Click to expand...
Click to collapse
Rooted phone = lack of security!
As soon as a phone is rooted there is little security as all the inbuilt security (safe folder & knox) are gone and banking apps won't work!
Sent from my SM-N9500 using Tapatalk
sefrcoko said:
If it wasn't rooted I would just encrypt the sd card, make sure you have a good pattern/password and use Secure Folder for anything more sensitive. Between all that, bitdefender, and 2-factor authentication on accounts where possible, the only other thing I can think of is using a VPN when connecting to public wifi. Of course root breaks Knox though, so that changes things here for Secure Folder, etc. Maybe there are some other security apps you could use instead for sensitive stuff, as well as a firewall app, but root does run counter to maximum security.
Click to expand...
Click to collapse
Thanks. I guess I already have enough security. I was baffled that my e-mail was compromised. Maybe it was, maybe it wasn't. I noticed no change to any of my files etc. But it does show suspicious logins from countries I have never been to.
robmeik said:
Rooted phone = lack of security!
As soon as a phone is rooted there is little security as all the inbuilt security (safe folder & knox) are gone and banking apps won't work!
Sent from my SM-N9500 using Tapatalk
Click to expand...
Click to collapse
Yeah thanks for the obvious pointer. But rooting a phone is a must. Also, all my banking apps work just fine. I am not dependant on Samsung.
As was mentioned earlier, use a VPN when using the internet. It does protect your IP and is handy to get to content you can't access from your country..
Nebell said:
Thanks. I guess I already have enough security. I was baffled that my e-mail was compromised. Maybe it was, maybe it wasn't. I noticed no change to any of my files etc. But it does show suspicious logins from countries I have never been to.
Click to expand...
Click to collapse
I assume you have already done this, but I would immediately change my password to that account (along with any other accounts that share the same password), even though you have rwo-factor authentication. Unless you logged in while on VPN or proxy, suspicious logins from other countries you haven't visited sounds like a red flag.
sefrcoko said:
I assume you have already done this, but I would immediately change my password to that account (along with any other accounts that share the same password), even though you have rwo-factor authentication. Unless you logged in while on VPN or proxy, suspicious logins from other countries you haven't visited sounds like a red flag.
Click to expand...
Click to collapse
I changed every important website to a password that is so hard to type I need to do it carefully every time. I got in contact with Fastmail (who btw is an awesome e-mail service, although paid) and they said that my phone is compromised.
Damnit.
I use my phone far more than my computers. They also suggested that I use a password manager but if my phone is compromised so easily then I probably am better off just getting better protection for my phone.
Nebell said:
I changed every important website to a password that is so hard to type I need to do it carefully every time. I got in contact with Fastmail (who btw is an awesome e-mail service, although paid) and they said that my phone is compromised.
Damnit.
I use my phone far more than my computers. They also suggested that I use a password manager but if my phone is compromised so easily then I probably am better off just getting better protection for my phone.
Click to expand...
Click to collapse
Damn that really sucks...sorry yo hear that. Hmm at this point I would backup photos, etc, flash stock firmware, and start fresh. Be careful with what you reinstall, as one of those apps/mods may possibly be the culprit.
@Nebell are you using sms to get your 2step-authentication code? maybe all your sms are being forwarded (via some malware app). You should be using a firewall if you are rooted.
Lots of apps have permission to access sms text messages and even send it.
Before i side load any apps, i use virustotal.com , go to website, upload APK file and if malware then install (if you must have it) but block it using firewall, any other red flags, then find another apk version or similar app.
Let Fastmail know of your breach and they can check which other devices or websites are registered/ linked to your account.
I suggest you backup your data, virus scan it all on a PC, wipe your android phone and start fresh. I use backup-your-mobile by Artur, to export my calendar, contacts, sms, call logs, etc. it works quite good.
good luck mate.
I think it might have been a false positive.
I reset my phone to factory settings and changed all passwords and suddenly "Ashburn US" login kept getting failed attempts on my email. But as soon as I reinstalled Edison Mail app and logged in, the success login from Ashburn US resumed.
It must somehow be connected to that app. I've sent a message to Edison and asked them if they are associated with that location. Maybe their server is located there or something, but I will wait and see what they reply before I take next action.
The fact that makes me believe this was a false positive is that I never noticed anyone reading my email or actually trying to do something, and I do have sensitive stuff in there.

Categories

Resources