I am looking for a firewall that allows setting rules for individual apps, for example allow an application to connect to https://docs.google.com/* and nothing else. The firewalls I've tested so far (like avast! Mobile Security) only allow the selected application to connect or not, but not filtering by url, domain, ip or such.
The only firewall I've heard of is WhisperMonitor, and is not public yet. Furthermore, it is supposed to require device encryption.
Any other options available right now?
As far as I know, Avast has no plans to improve such features on their avast! mobile security. It will remain the way it is.
Related
Is it "safe" to install Android Device Administration applications on my personal device? Can my company read my private data with that application? What if it also requires Google account privilege?
My company recently adopted a policy to install an enterprise application on each employee's smartphone. The application should be installed from 3rd party market that is operated by the comapny, and requires Device Administration privilege and Google account privilege.
Even though the application does not require 'root' privilege, and Device Administration API is not related to reading data inside the phone, I'm still not sure that my personal data is safe to my company.
FYI, the API includes changing password, wipe out data, disable camera, and so on.
Please share your knowledge or opinions.
Thanks.
When ever you install any app it asks all permissions before installation...
So first of all you have to get knowledge about each and every permissions.
If any app asks for read contact data
Read sensitive log data
It can access your personal data..
So just read all permissions carefully and Google for each and every permissions to know about them in detail..
Than you go
It is better to press thanks rather saying
Good day
Hi All
my new employer has a BYOD policy but insists on using Airwatch MDM to access any of the tools I need (email, files, calendar).
I have obvious concerns over giving work access to my personal information on my phone. So .... can I use an additional profile on my phone to segregate my personal data from my work data.
i.e. switch to a "work profile" when I need to access my work tools via MDM.
The real question here is do guest and additional profiles on android keep your personal (main account) details completely seperate from Airwatch.
Thanks in advance.
That depends on the device and set-up of Airwatch - in the BYOD environment most companies use the container which separates enterprise apps (emails and etc) from your stuff. The tricky part is the location services, but most BYOD don't use or enable this - if they did they'd have to tell you and it will be in the T&C's
The polices are set out on AW at the start, I you have a vision that MDM admins sit there looking at you internet history then your sadly wrong, you cant do this on any MDM yet.
I just checked and you can't even see the apps you've installed.
Depending on the enrollment (agentless or not) you can absolutely see installed apps. Regarding seperated work/private they should be able to use Knox if Samsung devices is used.
Disclaimer: I know nothing on how to configure firewalls except for adding apps to the whitelist/blacklist.
Tried using NRFW and I noticed a few things:
1. I've consumed 12.54GB and 9.77GB was by NRFW. What's happening please.
2. I've tagged some apps that can only connect when I'm on wifi, yet I'm still getting notifications when I'm on mobile data. For example, the Facebook app and some games.
3. How do I determine which IP address should be allowed or blocked? For example, I see IP addresses pointing to Akamai and my ISP.
4. Is it a good idea to turn off background data? I restricted it on mobile data and allowed it when on wifi but some apps would not load properly even when I'm connected to a wifi network.
Thanks in advance! And please excuse me if I posted this in the wrong forum.
EDIT: I'm referring to Grey Shirt's NoRoot Firewall.
I read up a bit and learned that 1e100.net are Google's servers. I understand that these point to ads too. I also noticed my ISP's name shows up under these.
Do I allow these or do I block them?
First of all: sorry for answering so late ;-) ...:
- in my opinion, your traffic from internet is being redirected through this NoRoot Personal Firewall unto your smartphone
- so, the 9.77GB you mentioned were 'routed/directed' through the NRPFW - the rest was not (? - maybe for Android-Updates or anything?)
- as you could most probably see, all of these 9.77GB were allowed to pass through from the internet servers (akamai or google or microsoft or ibm or yahoo or many more..) to your smartphone ('s apps / system apps)
- notifications about your mobile connection(s) MAY simply be wrong (as i found out) - seemingly a bug in the NRPFW-app (?)
- akamai is one of the " intermediate servers" or main server for a couple of websites:
for example, when you open the 'WashingtonPost'-website on your smartphone, (all) contents from their website are upon an akamai-server, because 'WashingtonPost' does not have a server on its own inside their office building maybe big enough to handle all traffic from their website to all readers in the world
- your Internet Service Provider has intermediate servers for (any) web content, too - so, you might want to allow their internet addresses
- furthermore, background data is transferred when you have an email-app and this app (gmail or yahoo-app, e.g.) is transferring data even if you had closed the email-app (so you cannot see it anymore on your launcher) or it's even running in background and checking if there's new mail when auto-started while your smartphone is booting.
I need to run an app in Genymotion that is used for data entry and upload of the entered data into 3rd party sites. The logins to 3rd party sites are stored in this application (probably encrypted). The application will store multiple logins for my different customers of who need to have the data uploaded into the 3rd party sites. The data into the app will then be entered by other people to whom I outsource the data entry.
So I created Genymotion appliance, installed the app and in this application I entered logins for sites such as ebay. I am looking for suggestions on what can I do to secure the appliance to prevent the data being copied out from it.
I want to prevent the person to whom I outsource data entry to be able to install and load 3rd party other apps, modify system settings, install other apps, copy the system directory, copy the login and password information saved by the application.
Let's assume the worst possible case here when application is well written but the passwords mentioned above (for the ecommerce sites like ebay) is saved in plain text in this application in the internal application directory. What I know about the application is it doesn't support access to SD Card, only can read and write data to the internal memory.
What can I do in Gennymotion to improve the security of my appliance. Genymotion virtual machines are rooted. So I looked at following suggestions:
1. Setup restricted user on Android
2. Set restriction for the restricted user to only be able to use the one application. Disable anything else (including disabled browser, email, youtube etc..)
3. Try to get the restricted user loading on boot of Android. When Android restarts, however, it doesn't allow choice to login into the restricted user or the admin user, sort of like a Windows or MacOS login menu. To get the appliance to always start with restricted user by default, I need to add a script and the scripted will need to start using Tasker or MacroDroid.
However, how do I prevent the user from installing 3rd party apps? Is it good enough to disable all user apps (except that one used for data entry) from the restricted user? Is there any other way the user could abuse the access to the virtual appliance and load something there? Are there any system android apps I need to disable for the restricted user to prevent the user to be able to do anything bad with it?
The application used for data entry can not download any application or data, however, I believe it does use the webview because it loads sites like ebay and fills the forms on those sites. It only interacts with select websites only like Ebay to enter data into Ebay forms..
Is there anything I can do to secure Genymotion appliance any other than what I already mentioned. I would like to send the link to the Genymotion SaaS Android to people who will do data entry for me into Ebay and other sites. So I need to make sure the virtual appliance is secured as much as possible from tinkering with it. I need to make sure somebody doesn't get hand on the stored login details.
Just to clarify for the login credentials:
I am not sure how the user credentials are stored and I will find it out, however, for now, I go from the worst case scenario when the credentials are stored in plain text in the app settings. The user name and password is stored in the application with exception for Ebay because the many other sites do not have API key or any webservices interface, so the application would access those sites simply via a webview, and when it goes to login there it will do that by filling in the login information on the login form (simulates keystrokes). The user name and password is entered into the login form for the site. That's why the login info is stored in the application itself.
This question is not about how to secure the specific application I will be using, but how to secure the actual whole Android appliance from tinkering with.
I am aware I will the risks here, just want to do as much due diligence as I can.
Sources for Genymotion restricted user..
How to set restricted user as default user on reboot?
We would like to have an already added restricted user account be the default when we restart our Samsung SM-T580 tablets. At current we have 2 accounts installed, Admin and User The User is a use...
android.stackexchange.com
Root access - Device image User Guide
docs.genymotion.com
Done some digging so this cannot be done. Neither Genymobile or Appetize or other online Android emulators can offer fine-tuning in terms of user access. The closest is Genymobile because at least allows adding and removing access of users to individual appliances. That is however not resolving the issue with Android and in particular rooted Android, since all online emulators run rooted Android and I am not sure how that is secured against potentially malicious actors who receive access link.
The only easy way to solve it, kind of in a mickey-mousy way is to install Kiosk mode application. That kiosk app will run at every boot and it only shows the specific application. There is always risk of course the malicious user would do something to crash the application and the Kiosk app, but if the application is not a web browser or email client or similar it should be relatively safe.
There are plenty of Kiosk mode apps for Android but none of them is free (don't try to look, no chance to find one), the cheapest cost about 7 USD one-time purchase, the more expensive ones cost 20 per month per device or more and come with remote control etc... Not cheap but kiosk mode apps are almost exlusively used by businesses so that's why there is lack of free apps.
Anyhow I believe this is the closest as I could get to deal with this.
I would like to use an android as a Windows 10 PC terminal. I'm using a Samsung Fold3 running Android 12 if it matters. It seems like a fairly simple process. Enable Remote Desktop on the Windows 10 PC. Make sure the PC's firewall (and virus protection software) passes Remote Desktop access. Install Remote Desktop Client on the Android and setup the connection to the PC.
The Remote Desktop Client sees the PC, fills in the active user account and requests the user password. I can enter the password but the android does not respond to the "Continue" button and all I can do is cancel out of it. I can also try to edit the PC configuration to setup a user account so that a password does not need to be entered each time but in this case the save button is unresponsive whether or not a password is entered.
This same thing happens whether I select the PC found on the local wifi or I enter the PC's IP address manually (with or without the 3389 port number).
Can anyone give me a clue as to what I'm doing wrong or how to proceed?
Sorry. User error. I was doing something stupid.
Never mind.
These remote desktop options allows you to access Windows from Android easily with just one click.https://www.anyviewer.com/how-to/remote-control-windows-10-from-android-0427.html
Oliviaaaa7 said:
These remote desktop options allows you to access Windows from Android easily with just one click.https://www.anyviewer.com/how-to/remote-control-windows-10-from-android-0427.html
Click to expand...
Click to collapse
Thanks for the link.
My initial problem was just a usage error getting Microsoft Remote Desktop Client to work when on the same network. I fixed that issue and am able to use it to control my PC from an android as long as I'm on the same local network which is useful but I would also like to be able to do it from anywhere on the internet.
Your link led to a discussion of this issue with the possibility of using port forwarding or a VPN to allow access to my PC from an external network with varying degrees of complexity and hacking potential.
The link also discussed using chrome and a google account to access my PC remotely. This is unacceptable because I won't use chrome and have uninstalled it from all my android devices plus although I do have a Google account, I only use it to explicitly download apps from the store and otherwise disable Google Play Services and the Google Play Store and will not use any app that requires Google Play Services to function. So this option is out.
The final option requires me to create an account at a third party site and presumably direct all of my traffic through this third party. This too is unacceptable to me.
So the question is, is there a simpler method to access my PC from an android device that's on a different network than having to setup a vpn or enabling port forwarding on my router, that doesn't require registering for and using a third party service to accomplish the goal?