Better Mobile App

How to circumvent the Pocket PC Password

If you have a device password set then you think you are safe? Not necessarily if you also have some toolbar apps, like xBar or Pocket Nav.
On the xda you can get to the start menu and run programs by following these steps. For this example I use PocketNav.
Tap on the Pocket Nav icon and close the Password program.
Press the green Phone button to start the Phone application.
Type *#06#
The Start menu appears and you can now run programs that appear in the menu, and change settings and access data, but not run files in the Programs folder.
A soft reset puts the device back to normal.
8)

The password is like a car door lock--only keeps the average casual observer out. Your data is unencrypted and accessible in a variety of ways. If you have sensitive data, get encryption. Things like CodeWallet Pro are great for specific items, or get a system-level encrypter to hide contacts, schedule, etc.

Carlos said:
The password is like a car door lock--only keeps the average casual observer out. Your data is unencrypted and accessible in a variety of ways. If you have sensitive data, get encryption. Things like CodeWallet Pro are great for specific items, or get a system-level encrypter to hide contacts, schedule, etc.
Click to expand...
Click to collapse
All nice and well: you create an encrypted file-system on an SD-card. But given that the device has persistent RAM, I would tend not to trust any encryption solution at this time. I mean: anything you enter anywhere gets stored in RAM, and none of the regular Pocket PC user applications even attempt to clean up after themselves.
If I'm shown a text-aditor or an addressbook manager that was especially written to be secure, did not use things like the Pocket PC addressbook, and came with sourcecode, I could begin to trust it.

I guess it all depends on whether you need to store the launch codes for nuclear missiles or your Visa numbers. How much effort is a potential thief willing to put towards getting your device and then getting the data out?
The data in RAM can be encrypted also by most security programs. They don't create encrypted stores necessarily; they can encrypt the built-in contacts database for example.

Carlos said:
I guess it all depends on whether you need to store the launch codes for nuclear missiles or your Visa numbers. How much effort is a potential thief willing to put towards getting your device and then getting the data out?
The data in RAM can be encrypted also by most security programs. They don't create encrypted stores necessarily; they can encrypt the built-in contacts database for example.
Click to expand...
Click to collapse
Bruce Schneier said:
There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. [...]
(preface to "Applied Cryptography")
Click to expand...
Click to collapse

Heh, exactly. Most of us only need to keep the "kid sister" or a person who finds a lost device out of our data. Some may need slightly more--to prevent a lost device from divulging a company secret, for example. If you really need to keep governments from reading data on your PPC, you should probably re-think your choice of storage device for such data.

[APP]Hydros TrackMe - Remote mobile access for all WinMo devices

Hydros TrackMe​
We all have gone through the moment of losing our phones and if you havent experienced it, consider yourself lucky, as it is a distressing moment and the worst part of it is if don't have a clue of where it is. Fortunately, next time you lose your phone, all you need to do is text your phone with a special command and magically your phone will text back to that number with information regarding it's area code, its gps coordinates and it's cell tower data which can be easily be uploaded to Hydros Sync Center and give you an exact pinpoint of where your phone is. So, the next time your neighbor or your colleague steals your phone (or accdentally "takes" it), you can find them and hold them accountable with the data in it. Speaking of data, in the emergency of you having seure data on the phone, the TrackMe app also completly wipes your phone so they won't be able to access the data. Other options for this neat app include locking down your phone and threatening them with cool messages (just so you can scare them into returning it). Either way, no matter how you use this lightweight app, you will be thanking the developer the next time you lose your phone and don't know where it is.​
System Requirements
All windows mobile phones! With or Without a gps
Features
Remote GPS tracking
Remote Hard Reset
Remote Soft Reset
Remote message sending - to threaten the robber
Remote lockdown with special password
Completly hidden from taskmanager so user can't terminate it
message to all cookers!​
Hey cookers out there! if you find this app interesting, I am giving you permission to put it on your rom (to make the world a secure place) and considering that it only takes up 63KB, this is perfect for any rom. Simply cook the cab with whatever kitchen you use and thats it. However, make sure you place it in startup so it is always running...even if you use the hard reset command from the remote access.​
DOWNLOAD LINK: http://hydrosmobile.webatu.com/Default.html​

hey guys. it's kinda my first time making an actual app for windows mobile which I have published so please let me know if I did an ok job. Also, please feel free to tell me how i can make it better. I am open to suggestions

Phone Security

I'm looking for recommendations on phone security apps in case my phone gets lost or stolen. Free or paid, I really don't care, I just want to sleep better knowing that if my clumsy self loses the phone I won't be out of 200 dollars. Thanks!

Lookout has been good for me. Does backups, anti-virus (however unnecessary as it may be right now), and phone location. Used it since beta Win Mo days.
-bZj
_____
-sent from my Samsung Vibrant via XDApp

down8 said:
Lookout has been good for me. Does backups, anti-virus (however unnecessary as it may be right now), and phone location. Used it since beta Win Mo days.
-bZj
_____
-sent from my Samsung Vibrant via XDApp
Click to expand...
Click to collapse
Thanks for the help! I tried the app and it works out well. Everything works well on it. I had to do the GPS fix on my phone to test out the Locate Device function, and good thing I did too! I would've been so mad if I used lookout and then realize the GPS on my phone didn't work, lol. Again, thanks!

I'm a fan of Mobile Defense. You can install as a system app and it will be able to survive a wipe. The only way to remove it would be a flash. It won't show up in app manager either. It can remotely activate the GPS and will notify you automatically of a sim card change via email. It can also remotely lock the phone even if you don't normally use a lock pattern. It can also display messages on the screen that won't go away without entering a code. So you can have the screen have a message telling the person to return the phone and the message won't go away until the code is entered.
The only downside is that I think the beta program is closed to new people right now. I'm not sure as I joined a while ago.

I demoed Wave Secure and liked it so much that I bought the subscription for my G1 and my Mom's My Touch.
Check the features here.
https://www.wavesecure.com/wavesecure/android.aspx
Good Luck!

And I became really a fan of the recently introduced Track and Protect. It's a service that not only allows you to locate your phone on map, lock it, wipe it or let it scream via a personal web panel but also allows you to make photos remotely and send a call back command to listen to your own phone. All this works even after SIM change! It has auto lock function, it reports you the thief's phone number, operator ID and location instantly. Really useful.

MobiJohn said:
And I became really a fan of the recently introduced Track and Protect. It's a service that not only allows you to locate your phone on map, lock it, wipe it or let it scream via a personal web panel but also allows you to make photos remotely and send a call back command to listen to your own phone. All this works even after SIM change! It has auto lock function, it reports you the thief's phone number, operator ID and location instantly. Really useful.
Click to expand...
Click to collapse
Do you know any information on there "credit" method that they are using? It seems like a great service to use except that they don't tell you anything about these "credits" on the website without registering first.
Currently I use both Mobile Defense and Lookout. I always feel safe when I have more than one security app just in case. Although, Mobile Defense might also have a paid service in the future, similar to what Trust and Protect is doing. I wouldn't mind paying Mobile Defense since they allow us to install it as a system app, which a previous user explained upon.

[Q] How do we protect our Android device from the CelleBrite UFED?

Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?

The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.

Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.

This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.

chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.

Any updates on this? I'm curious as to how to guard against ufed.

I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass

If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.

Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?

dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.

If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.

smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2

I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later

[Q] Aria requirements.

I am looking for a Smartphone with a particular form factor, the form factor is shared by the P3600, the Aria & the HD Mini. I have the 3600 but it is time to upgrade
I’ll be honest I’d rather get a HD Mini than an Aria, but I want to stick with Tel$tra and Next G is on 850 Mhtz,
So Aria it is.
Now looking at the ups and downs of this proposition it looks like it will do everything I want out of the box (Give or take a bit) the only concern is the ability to run apps from the SD which doesn’t appear to be available until upgrading to 2.2.
If I want the phone unlocked and free to do as I say, I obviously can’t go downloading a carrier specific Rom, so need either a factory default or Home baked number.
So… What Android 2.2 ROM is available that is as close to the Unlocked factory default as possible? Or can you download the Unlocked Factory Default from HTC direct (I have tried and failed)

You're looking for gene Poole's liberated 2.2.2 or attn1 fr008.
Sent from my Liberty using XDA App

mtnlion said:
You're looking for gene Poole's liberated 2.2.2 or attn1 fr008.
Click to expand...
Click to collapse
+1
You want Gene Poole's Liberated 2.2.2

Also, how and where are you getting your phone?
Most of us (it seems) in this forum got our phones when they were running 2.1 and we were able to easily root them with unrevoked. People who have gotten the Gratia or warranty replacements recently with the official 2.2 system in place have not been able to root.
FALCON-LORD said:
I am looking for a Smartphone with a particular form factor, the form factor is shared by the P3600, the Aria & the HD Mini. I have the 3600 but it is time to upgrade
I’ll be honest I’d rather get a HD Mini than an Aria, but I want to stick with Tel$tra and Next G is on 850 Mhtz,
So Aria it is.
Now looking at the ups and downs of this proposition it looks like it will do everything I want out of the box (Give or take a bit) the only concern is the ability to run apps from the SD which doesn’t appear to be available until upgrading to 2.2.
If I want the phone unlocked and free to do as I say, I obviously can’t go downloading a carrier specific Rom, so need either a factory default or Home baked number.
So… What Android 2.2 ROM is available that is as close to the Unlocked factory default as possible? Or can you download the Unlocked Factory Default from HTC direct (I have tried and failed)
Click to expand...
Click to collapse

Thanks for that mtnlion. I thought this was my last hurdle but then I considered the implications of syncing outlook contacts and calendars… It appears that you need a third part application to do that. FFS why can’t someone port WM6.5 to the Aria HW? It would make life so much easier.
Is it time for me to start learning to cook ROMs?

Thanks for the update stoneship. So it isn’t all as easy as it seems on the surface. SOD…
Maybe I just have to cross my fingers and hope that HTC keeps supporting the small form factor and wait for there next round of releases, and hope something fits.

I haven't used it in quite awhile but I'm pretty sure the HTC sync software will sync outlook and calendar when you plug in your phone.and there are apps on the market also.
Sent from my Liberty using XDA App

Thanks again mtnlion, but this still leaves me with the issue highlighted by stone ship that some systems won’t let you root break them and put on non official ROM images. The Aria as a solution is so close I can taste it… But I am just not confident it is going to be without issues.

Ahhh Screw it… I have bought one… How much trouble can it be???

Well... after rereading your post it seems that you may not be aware of this.
The phone you purchased will most likely (if new) come with software preinstalled from the factory that will prohibit you from rooting it via software methods.
You will need to send the phone to someone else to downgrade it for you. Then you can root it and install the software above.
Hope that made sense, I'm running on fumes... :-/

FALCON-LORD said:
Ahhh Screw it… I have bought one… How much trouble can it be???
Click to expand...
Click to collapse
Cross your fingers that you got one with 2.1 on it so you can root it easily. If not I can point you to someone who can s-off it for you.
The Aria is a great little phone and once you get things sorted out I think you will find you can do what you need with it. Syncing outlook contacts and calendars should not be an issue either through activesync or HTC sync regardless of official or cooked rom.

You say Active sync or HTC sync??? Does that mean that M$ Active sync can sync with an Android device? That would be weird.
The device is advertised as unlocked and 2.1 As long as it is unlocked then I am good even if it is 2.2 I don’t expect to need it rooted in the immediate term, though I do expect I am going to have to hack around a little to get the Audio on my Cardo Scala headset sorted (it doesn’t support A2DP) so I may be eating those words in short order.
Though in the words of the great tosser Jeremy Clarkson… “How Hard can it be?”

Seeing I am asking these questions I may as well outline the Bluetooth issue I have and see if any one can shed any light on the Android solution.
As I said in my previous post my Bluetooth headset doesn’t support A2DP, so to get music playing on it (or get GPS spoken directions) I need to perform a couple of hacks
The first one is to combine the stereo channels so on my Windows mobile I do this by applying the following to the registry.
[HKEY_LOCAL_MACHINE\Software\Microsoft\Bluetooth\A2DP\Settings]
"UseJointStereo"=dword:00000001
The second (And more important) is to change the Bluetooth channel behavior which is done by making the voice command attribute do nothing (remove the path of the executable) and keeping the channel open for an indefinite amount of time (VoiceCmdDuration being a large number)
[HKEY_LOCAL_MACHINE\SOFTWARE\OEM\VoiceCommand]
"LaunchApEnable"=dWord:1
"VoiceCmdDuration"=dWord:15180
So… In Android, what files do I need to tweak, and how do I need to tweak them to achieve the same results?
Thanks

Well I now have my aria in my greasy little hands, and for better or worse… It has 2.2 loaded.
Starting to sort my way through the maze of setup now…

Patience.
Sent from my Liberty using XDA App

The Limitations of Android are really annoying. (Unrooted)
I can’t Leave the device Synchronizing and also copy files back and forth (I Can in WM5)
I can’t copy files directly to the device only to the SD Card (I Can in WM5)
I can’t access the SD card from the device while I am accessing it from the PC (I Can in WM5)
I can’t edit configuration files to alter how it interacts with things such as Bluetooth (I Can in WM5)
I can’t store resources such as ringtones on the device, only on the SD card (I Can in WM5)
I can’t control the phone from my desktop computer such as MyMobiler (I Can in WM5)
And these are just the limitations I have found in 3 days when comparing it to a 6 year old Operating system.
And because it came pre installed with 2.2 I can’t root it…
It really appears that if it isn’t rooted it is pretty F#$ked.

Android is not really designed to be synchronized over USB. Yes, you can do it, and HTC makes a program for it specifically, but I suggest abandoning that habit and getting used to wireless syncing instead. The only reason I ever connect my phone to a computer is to copy a file, and even then I sometimes choose to do it with Dropbox instead, or send the link to the phone through ChromeToPhone.
Even if you don't want to use Google Calendar/Contacts as your primary calendar/contacts manager, you should be able to set up Outlook on your computer to synchronize with them. I don't personally use Outlook so I can't say what the best method for doing this is, but perhaps someone else can chime in with a suggestion.
As for the SD card, I don't think there is really any significant disadvantage to storing files on the SD card. Assuming you just leave your SD card in the phone, what's the difference? Some Android phones do have internal memory you can use for copying files to though.
As for the bluetooth issue, yes, that sucks. Good luck finding a solution for that if one exists.

Well An Update…
My Blutooth issues are managed by this app
https://market.android.com/details?id=com.bedoig.BTmono_Donate&feature=search_result
It is O.K. But does have a nasty habit of rebooting the device if you don’t shut it down properly before disconnecting the bluetooth connection.
It still doesn’t allow me to initiate actions from the headset other than picking up calls, but at the end of the day this is all I require.
After my torrent of negatives I have found a few starters for what Android is doing better…
When you mount the SD card to the computer it is fully available, you can read & edit files not just copy to and from (I Can’t in WM5)
Once you throw a file manager on the device it browses UNC paths well
Though It does appear I am getting some really weird $hit happening with my Outlook calendars.
And I have noted that I can’t have different screen timeout behavior dependent on weather it is plugged in or not.
If I could have the best of WM, and the best of Droid, I would be a happy little camper.