I asked this in XDA Android Q&A; posting to this Rezound Q&A as well in case there are any Rezound specific options that can be explored:
I've been debating configuring my personal phone to access my employer's Exchange server; I would be checking it on occasion-- more of a convenience thing to know what's up before I head in for the day.
Using the default Android Mail client and choosing ActiveSync and doing the setup, I inevitably reach a screen with the following:
Activate security policies?
Exchange security policies
Your IT administrator requires that you activate these security policies in order to sync with your Exchange Server.
Activating this administrator will allow the application Mail to perform the following operations:
! Erase all data
Perform a factory reset, which deletes all of your data without any confirmation.
! Set password rules
Restrict the types of passwords that you are allowed to use.
! Monitor screen-unlock attempts
Monitor failed attempts to log into your device.
! Lock the screen
Control when your device locks, requiring that you re-enter your password.
! Device function limitation
Restrict some function on device like Wifi, Bluetooth, Camera etc.
Click to expand...
Click to collapse
Needless to say, this is highly unappealing for my personal phone-- way too much power for the Mail application.
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
vprasad1 said:
Needless to say, this is highly unappealing for my personal phone-- way too much power for the Mail application.
Click to expand...
Click to collapse
It is designed to protect corp data. If you don't want your personal phone under that control, then don't connect it. That is the choice you have.
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
Click to expand...
Click to collapse
Nope. The policy is from the Exchange servers policies.
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
Click to expand...
Click to collapse
Not sure how you would do this.
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
Click to expand...
Click to collapse
When you connect, if they have issued the wipe command, it wipes. Distance is not relative. Wipe is wipe.
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
Click to expand...
Click to collapse
No. they could have a different policy setup for different groups of users and have you into that group, but you would have to ask the administrator though.
The exchange policies are part of the requirements of connecting to that exchange server. The policies can be changed by the administrator by putting you into another group, but I doubt they will do that. They are there to protect corp data.
There are other ways that policies can be setup, but that needs to be done again by the administrator.
These types of policies are becoming more and more common as companies realize their contacts, email and attachments are valuable and need to be protected. A lot of people use two phones, one for corp and one for personal, not mixing the two.
Remote wipe and all is a feature of activesync, not necessarily exchange. So, according to what I'm reading, you can find an email client that supports exchange but not eactivesync and get around the permissions.
I am also interested in how far the wipe can extend. It says reset to factory, which would leave your SD card intact.
gthing said:
Remote wipe and all is a feature of activesync, not necessarily exchange. So, according to what I'm reading, you can find an email client that supports exchange but not eactivesync and get around the permissions.
I am also interested in how far the wipe can extend. It says reset to factory, which would leave your SD card intact.
Click to expand...
Click to collapse
As far as I am aware, the Exchange server CAN initiate a full wipe, if your company is on Exchange 2010. The wipe command can be found in OWA settings. The only way you can get around the permissions is to login to OWA via your browser. The security settings are there for a reason, as mentioned above.
Microsoft works very hard with its partners to provide the best security possible. I do not think using Touchdown or another email client will allow you to circumvent security policies enforced by the Exchange server.
Sent from my Dell Streak 7 using Tapatalk 2
vprasad1 said:
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
Click to expand...
Click to collapse
I use TouchDown for my work e-mail, and while I have never had any administrators use remote wipe, I will let you know my experiences:
-There is an option in the settings screen for "Clean SD card on remote wipe." It's unchecked by default. I assume a remote wipe will only clear TouchDown related data, but am not 100% sure of it. At the very least this option implies that it won't normally wipe your SD card as well.
-TouchDown will ask for the same permissions. However, unlike the default mail application, which will force your whole phone to be pin locked, TouchDown will only force you to enter a pin when you open the application. This feature is nice if you don't want to always enter in a pin to unlock your phone but also want Exchange e-mail.
-As the policies are set on the ActiveSync server, there's no way to get around revoking the permissions.
If you search for it enough, you can probably find a modified mail app that doesn't require these security permissions. I know I've seen one that works with CleanRom and I use it on ICS Business Sense. No lockscreen pin required either and no device administrator.
http://forum.xda-developers.com/showthread.php?t=1456425
Sent from my ADR6425LVW using XDA
Just created the account to reply to this thread.
I am too looking for a solution to avoid giving my employer the access rights to wipe my phone, and I just wanted to comment that IMO, theorically it is not because this setting is on server side that it can't be avoided.
Android can give whatever permissions the server asks for then totally ignore the commands when they eventually come. That would probably require some coding to simulate executing the command without actually doing it, and it would definitely require root access to do this, but I do not see how that would be impossible on Android or on one of its mods.
Now obviously this is not something I'm going to waste time on. if it can't be done, my pro account will not be on my phone. That was me trying to do something for my employer, but if they don't want me to see my mails on weekends, I won't be fool enough to complain.
I'm in a similar situation. With ICS, at least it gave me the ability to only have to enter a PIN after 15 minutes or something when your phone is locked. Prior to that with GB, every screen unlock required the PIN.
I do use a modified Mail.apk, but in a sense, I'm contributing to the problem of my company not allowing android phones on their network, because there are just so many workarounds like this.
LBE Security Guard may be able to inhibit the permissions, though I wouldn't want to have to depend on that as a last line of defense right before my device is potentially WIPED!
There has to be some better solutions to control it on the client side...
My admins at work say they will not change the exchange policy.
They said it comes with Exchange Server 2010 as the default settings, but they won't change it. They have actually tested the remote wipe and it works instantly. They claim they can remote 'unwipe' it as well, but I gave an analogy about formatting drives (quick format vs. full format) that they couldn't answer.
I told them I'm concerned about anyone having that much power over personal "BYOD" phones, and the possibility of someone accidentally or maliciously wiping my device.
They said the policy will not be changed.
Does anyone know of other 3rd party mail OR calendar programs that will update my calendar without allowing these INSANE permissions? Thanks.
I've recently bought a new phone and found these ridiculous permissions when I went to sync with my work exchange.
There must be apps available or possible to develop because the email app on my old phone doesn't ask for these permissions. Unfortunately it isn't available to download, just the default app with that phone.
worldheroes said:
I've recently bought a new phone and found these ridiculous permissions when I went to sync with my work exchange.
There must be apps available or possible to develop because the email app on my old phone doesn't ask for these permissions. Unfortunately it isn't available to download, just the default app with that phone.
Click to expand...
Click to collapse
There are several mail programs in the Google Play store, if you search for 'exchange email'
I saw:
k-9 mail
touchdown
exchange exmail
maildroid
and so on...
k-9 had the best ratings and is open source so I tried it, but it couldn't connect to my exchange server. I got an error during setup:
'Setup could not finish, cannot connect to server. (ioexception)'
Please let me know if you have better luck with any exchange program!
The best choice for you is to install OWA from the play store (outlook web) and that will get you contacts, push mail and calendars without having to accept the exchange policies. All you have to do is point it to your companies webmail page and login.
I searched for OWA in the Play store but didn't find the one you mentioned. (see attachment) Is it a free app?
I have the first one by WWO. It gets the job done. 5 bucks well spent. I'm sure it can be side loaded if you'd like to test the functionality first.
Daistaar said:
I have the first one by WWO. It gets the job done. 5 bucks well spent. I'm sure it can be side loaded if you'd like to test the functionality first.
Click to expand...
Click to collapse
At the risk of asking a silly question - how would I get it to test it?
might want to try this:
http://forum.xda-developers.com/showthread.php?t=1965468
Thanks - the link to the ICS Email APK with Exchange Security removed was exactly what I needed!
I wish that app would be maintained with the current version and be put in the google play store!
If I activate the device administration can I undo it? Can I deactivate it and go back to life as usual?
quarksurfer said:
If I activate the device administration can I undo it? Can I deactivate it and go back to life as usual?
Click to expand...
Click to collapse
Yes, delete the account in question.
Related
Hey guys-
I had been using TouchDown Exchange to access my work email. When I first got android I asked my IT department if they could set it up for me but they replied that they "don't support Android, and because there are so many different android phones, they probably wouldn't ever support". Anyways, I found I could use the web-exchange server (http://xxx.xxxxxxxx.com/exchange/) as my domain on the android app and it would end up sync'ing my email to my phone.
I guess they eventually found out I was doing this somehow and they blocked it. They do support the iPhone, though, and through a coworker I was able to get the server and domain that they use.
Is there anyway I can trick the server into thinking I'm using an iPhone so it will allow me to connect and sync? I tried using the "ActiveSync Device String" and setting it to "iPhone" before connecting to the server, but that didn't work. I don't know much about exchange servers if you couldn't tell, but is there a way they can authorize only certain users to connect? Could I potentially borrow my girlfriends iphone, have them set it up on her device, and then once I get the login permissions, switch the info over to my fascinate?
Sorry to any IT administrators out there, I bet this post will annoy you haha. I just want to have email on my phone because I hate walking into work in the morning and getting blindsided by an email that was sent to me at 2am.
Thanks in advance for your help guys.
Our IT department also has a "no android" policy but I figured out that if I left the Domain blank and used the Webmail url as the Exchange server address everything would sync perfectly. I started out using Touchdown but dropped it for the stock email client.
They specifically denied your phone from syncing via ActiveSync? Even with Touchdown, which more fully supports the ActiveSync protocol than even the iPhone? Sounds like your IT guys are morons. I can fully understand not wanting to support Android phones because of all the variances. I know, because I work for an ASP hosting company that does just that. But really, if they wont support Touchdown, they're just shooting themselves in the foot, because that app will work the sane no matter what Android phone it's installed on, meaning you will have a standardized mail platform for Android that supports any and all necessary security features, including full encryption of the local mail database and any data it stores on the SD card.
I don't know if you'll get anywhere with it, but I would recommend showing the the feature list for Touchdown, including the security features, and ask them to support that one app. If you make the case that they only need to support one app for any Android phone, they should be willing to work with you on that.
Besides, every serious corporate user should be using Touchdown anyway. The stock mail client, no matter what Android phone you have, is lacking some of the most basic features, is buggy,and is essentially useless. And if days encryption is required, you're out of luck with the stock clients. Exchange syncing is really an afterthought by Google, and until they make enterprise features and data security a primary focus, things wont get any better.
Sent from XDA Premium on my Super Clean Fascinate
Oh, and btw, I'm not an expert on the matter, but I know that mobile device syncing can be disabled on a per-user basis. What I'm not sure about is if it can actually allow only certain devices to connect or not.
Sent from XDA Premium on my Super Clean Fascinate
So ive tried a bunch of different email clients and they all experience the same issue when connecting to a corporate exchange server. About once a day, at random times, they will crash and i have to force stop them and reopen the app to get it to receive exchange push email updates.
Clients I have tried are: Improved Email, Enhanced Email, K-9 and the Moxie trial. I cant find any common link as to why they all end up non-responsive. At first i thought it happened when i lose signal (such as when im in the subway) but I havent taken the subway the past few days and it still happens.
Is there something included with the atrix that kills these processes after a certain amount of time?
I manage our corporate exchange servers (2003 and 2010) and have had really good success with the built in Corporate Sync app for the atrix.
Is there something you are syncing that it can't hanfle? The calendar and contacts work great. I haven't tried tasks as I don't use them.
Aside from that, make sure on task manager that the mail clients aren't set to auto kill.
Sent from my MB860 using XDA Premium App
I wish I could get email from our exchange server, but unfortunately my company isn't going to allow that until Android becomes more secure.
beatphreek said:
I manage our corporate exchange servers (2003 and 2010) and have had really good success with the built in Corporate Sync app for the atrix.
Is there something you are syncing that it can't hanfle? The calendar and contacts work great. I haven't tried tasks as I don't use them.
Aside from that, make sure on task manager that the mail clients aren't set to auto kill.
Sent from my MB860 using XDA Premium App
Click to expand...
Click to collapse
I didnt think i had corporate sync, but i just took a look now and it seems like I do. I didnt think about trying to set it up as a new "account" in the phone.
On the bright side, enhanced email hasnt crashed in a while. I think one of the other email apps processes was killing it. I have uninstalled them all. If it crashes again, I will try the built in Corporate Sync.
Caelan, what doesnt your company like about android? All the exchange clients ive tried allow remote management which i know was a sticking point for a lot of companies when android was newer. Though I'll admit im not really up on the security issues of android... Im kind of lucky because my company lets us bring any device onto the network, and we get to admin our own computers. The benefits of working at a tech company staffed completely with geeks
albinojoe said:
Caelan, what doesnt your company like about android? All the exchange clients ive tried allow remote management which i know was a sticking point for a lot of companies when android was newer. Though I'll admit im not really up on the security issues of android... Im kind of lucky because my company lets us bring any device onto the network, and we get to admin our own computers. The benefits of working at a tech company staffed completely with geeks
Click to expand...
Click to collapse
I am not sure exactly what it is that is a security problem, but I work for a big R&D company. All our laptops, thumb drives, etc. are encrypted, and we use RSA secure tokens to connect to our network externally when OOO. As an example, if you want email access on your iPhone, the company installs security software requiring a lengthy password to even get past the lock screen, and also remote wipe ability so they can wipe your iPhone if you lose it. We have a lot of proprietary R&D documentation which they do not want to lose.
Apparently there are some security holes which should be fixed with 2.3.4, and they may already be testing this at corporate IT.
We also have full admin rights to our laptops, but they are also very secure with full HDD encryption.
Android does meet all the security requirements that Microsoft has in place for Activesync licensing, it forces a passcode to unlock, it encrypts the exchange data, and it does remote wipe.
The only thing I can think would be that due to the ability to easily root the device there are programs that get around the lock screen requirements. They may have other reasons though.
Hello
I have Galaxy S2 and synch with Exchange 2010. But i was checking on the device and under Location and security - Select device administrator, It has " Enable server-specified security Policies.
Which enables to wipe device remotly. Is there a way to stop that but keep synch.
I did a test and he not only wipes the email side but also wipes the entire device back to default.
Is there a way around this or not?
Thank You
Any update please
Sent from my GT-I9100 using XDA App
I believe the only way to change this is via a policy change at the Exchange Server end.
That said, I do remember seeing something on here about a utility that would bypass Exchange's policies.
Is there another client for the outlook so that the Exchange admin cannot wipe my device
Thank you
try using Enhanced Email, that's what i've been using since Exchange 2010 was implemented in my organisation.
NTOP said:
Hello
I have Galaxy S2 and synch with Exchange 2010. But i was checking on the device and under Location and security - Select device administrator, It has " Enable server-specified security Policies.
Which enables to wipe device remotly. Is there a way to stop that but keep synch.
I did a test and he not only wipes the email side but also wipes the entire device back to default.
Is there a way around this or not?
Thank You
Click to expand...
Click to collapse
This is a feature of Exchange just incase your device is lost the admin or you can remotely wipe all your secure information. Businesses of-course like this because they don't want their trade secrets in the back of some cab somewhere to be sold off to the highest bidder (imagine iPhone 4 but information instead of the physical device).
There are hacks out that removes the checks for security but the Server could then block those devices if they don't reply properly to requests for encryption and such.
There is however no need to try to circumvent this as you'd only ever use it in those cases, it's not like the admin is gonna just wipe your device one day because he is bored at work.
shotta35
I agree with you there if the device was given from the company but if the device is your personal and you are just synch email than i don't want the exchange admin wiping anything so that is my main reason for looking at another client
I think this is a feature of Exchange 2010
Thank You
I've been debating configuring my personal phone to access my employer's Exchange server; I would be checking it on occasion-- more of a convenience thing to know what's up before I head in for the day.
Using the default Android Mail client and choosing ActiveSync and doing the setup, I inevitably reach a screen with the following:
Activate security policies?
Exchange security policies
Your IT administrator requires that you activate these security policies in order to sync with your Exchange Server.
Activating this administrator will allow the application Mail to perform the following operations:
! Erase all data
Perform a factory reset, which deletes all of your data without any confirmation.
! Set password rules
Restrict the types of passwords that you are allowed to use.
! Monitor screen-unlock attempts
Monitor failed attempts to log into your device.
! Lock the screen
Control when your device locks, requiring that you re-enter your password.
! Device function limitation
Restrict some function on device like Wifi, Bluetooth, Camera etc.
Click to expand...
Click to collapse
Needless to say, this is highly unappealing for my personal phone-- way too much power for the Mail application.
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
try this:
http://forum.xda-developers.com/showpost.php?p=14577188
Thanks for that! I checked it out and unfortunately, HTC uses a different email program which is incompatible with rustamabd 's script. When there are daily driver AOSP ROMs avail for my phone, I'll try it out.
Hey everyone, this thread is both to let everyone know of a possible issue in Android M and to poll the community to see if this issue is isolated or if we will all be seeing it. First a bit of background on how the security policies work in Exchange ActiveSync as I understand it:
- When you assign an Exchange policy for ActiveSync devices you can basically tell it to require a password or not, encryption, etc. From there the OS of the device determines what that means. For example in Android if you are set to require a password it disables Pattern, Swipe and Face Unlock as choices for securing your phone. It assigns each a security level something like: Swipe = Not secure, Pattern = Weak security, Face Unlock = Medium Security (those are just examples.... I'm not saying thats what they are actually are) and the OS decides what level of security is acceptable when the password requirement is set. It also disables features like Smart Lock for trusted locations/bluetooth devices
As one of the admins of my own network I long ago set my policy to NOT require a password but I still do configure and use a PIN to secure my phone. The reason I set my device to not require a password was solely for the Smart Lock feature.
So the other day I flashed a 6.0 ROM on my Nexus 4 (no factory images available obviously). So I joined my phone to my Exchange server before I had setup any security and shockingly it said that it required I have a PIN. I double-checked my policy on the server and I am most definitely set to not require a password still. So now even with that policy set I am not able to use my phone without a PIN and am not able to use the Smart Lock feature and my fear is that this will also include not being able to unlock my phone with the fingerprint sensor (ouch!)
I'm sure many of you are thinking exactly what I did and that it was an issue with the ROM since it was a port. So with that in mind I setup my Exchange account on my freshly factory imaged Nexus 9 tablet and the exact same issue happens with it.
So either Google jacked up the security settings when connecting an Exchange account or there is a bug that causes the requirement of a PIN even if your policy is set not to.
Anyone else running Android 6.0 connected to an Exchange server that previously did not require a password and now does? One of the things I was most looking forward to was being able to secure my phone using my fingerprint instead of a PIN so this is a big bummer for me
If I am not mistaken, requiring a PIN is the policy of android pay, which comes default with Marshmallow, and is also a device manager. This makes sense, because Google wouldn't want someone draining your bank account in addition to stealing your phone.
rajendra82 said:
If I am not mistaken, requiring a PIN is the policy of android pay, which comes default with Marshmallow. This makes sense, because you wouldn't want someone draining your bank account in addition to stealing your phone.
Click to expand...
Click to collapse
If I dont join my Exchange server I can set any type of security I want so its not related to that
Wow, that's pretty upsetting. I too run my own Exchange Server. I always use PIN but I like the Smart Lock feature. And of course I had expected to use the fingerprint sensor. I wonder if rooting and using a combination of Tasker and the Secure Settings plug-in would allow you to get around it.
I currently have an HTC M8 and 6.0 is supposed to be out for it before the end of the month. I guess I'll load that and see how it works.
My Nexus 6 had been on M since the previews. I have a pin and I use smartlock with my moto 360. It's mostly unlocked and exchange works fine. My servers are set to require passwords and everyone at work has iphones with finger print and they work with that also.
Sent from my Nexus 6 using XDA Free mobile app
SymbioticGenius said:
My Nexus 6 had been on M since the previews. I have a pin and I use smartlock with my moto 360. It's mostly unlocked and exchange works fine. My servers are set to require passwords and everyone at work has iphones with finger print and they work with that also.
Sent from my Nexus 6 using XDA Free mobile app
Click to expand...
Click to collapse
What version of Exchange? We are running the latest 2013. My Smart Lock menu is completely greyed out and says "Disabled by administrator"
I am using Exchange 2013 and have no issues with my Nexus 5x. I am using smartlock with my Huawei Watch, location, and facelock. Maybe I'm confused about the issue here.
hollowlog said:
I am using Exchange 2013 and have no issues with my Nexus 5x. I am using smartlock with my Huawei Watch, location, and facelock. Maybe I'm confused about the issue here.
Click to expand...
Click to collapse
Nope you are understanding. I flashed 6.0 then activated my phone on my Exchange server and now it says my Smart Lock is disabled by administrator despite my policy not even requiring a password.... very odd
I use mobimail through the OWA instead of going through the Exchange Server Active Sync
I am using Nine as my exchange email client, that allows me to set a Pin on the email itself instead of needing it on the phone. Our company requires a PIN or a Password for mobile usage.
I'm using touchdown and a hosted exchange, no phone pin, nexus 5, Android 6.0 and no issues
I have used Nine before. It's not bad. Touchdown (the last time I used it) was complete garbage.
Anyone using the Gmail app that can still use smart lock in M?
I use touchdown so it's independent of my OS therefore i can set it only on the app.
WoodroweBones said:
I have used Nine before. It's not bad. Touchdown (the last time I used it) was complete garbage.
Anyone using the Gmail app that can still use smart lock in M?
Click to expand...
Click to collapse
I must admit it's got worse since symantec bought it..... but i paid for it when it was cheap and it still works so may as well make use of it.
can you post the exchange server-side security settings here? i wouldn't be surprised if google did something to "up" the security of their exchange apk. also - testing with a third party app would be a valid test as well. remove all exchange accounts from your device, confirm your basic security is re-enabled and then try an app (like nine). if the app requires security configuration, it's server-based.
640k said:
can you post the exchange server-side security settings here? i wouldn't be surprised if google did something to "up" the security of their exchange apk. also - testing with a third party app would be a valid test as well. remove all exchange accounts from your device, confirm your basic security is re-enabled and then try an app (like nine). if the app requires security configuration, it's server-based.
Click to expand...
Click to collapse
Attached
Just an update to this....
I went ahead and removed my Exchange account and immediately was able to access those other features that were previously greyed out. I then installed Nine and setup my account there and it allows me to use it without any security at all. Very odd
EDIT: Wow... Nine has improved! I might go this route anyway. I also like having my work account in a separate app as there has been a few times when I've sent a work email from my gmail account
Ok and not only does Nine have a Dark theme but it has a "True Black" option which I'm guessing was made specifically for AMOLED.... too good not to use!
kumarshah said:
I am using Nine as my exchange email client, that allows me to set a Pin on the email itself instead of needing it on the phone. Our company requires a PIN or a Password for mobile usage.
Click to expand...
Click to collapse
I use Nine as well, love it.
My company requires a pin or password, but I'm also able to use a pattern, which is much better than a pin or password for ease of use. Your fingerprint scanner on the new Nexus will be an option in addition to pin or password. No worries, it will all work.
WoodroweBones said:
Ok and not only does Nine have a Dark theme but it has a "True Black" option which I'm guessing was made specifically for AMOLED.... too good not to use!
Click to expand...
Click to collapse
also - you can change the notification icon from their little circle thingy to something that actually looks like a mail icon.
640k said:
also - you can change the notification icon from their little circle thingy to something that actually looks like a mail icon.
Click to expand...
Click to collapse
Very nice! It also does per folder notification which is just about the only reason I rooted my phone previously....