Since I'm totally new to Android. When you select encrypt internal memory what exactly is going on? What does it encrypt exactly? Contacts? Memos? Messages?
Are there any know exploits / gaping security holes?
If my phone is lost or stolen is encrypted going to prevent any data theft?
Last question would be password. Is there a recommended minimum length? Don't want to type in a paragraph every time I unlock my phone.
Thank you for any info,
BR
Is it possible to have a separate (more secure) password that is just for device encryption other than the screen lock password? seems redundant that I must put in a password for device access and use the same password to unlock the home screen. Can two passwords be used?
Related
I'm currently using my Vibrant for work. In order to connect to corporate email I am required to have security protocols in place that requires me to enter in an alpha-numeric password containing 8+ characters every time I wake the device. As you could imagine is it a real pain to plug in the lengthy password every time I want to use my phone. If I disable the security, my email will not allow me to connect to corporate. What would be great is if there was a way to use the pattern lock, and a correct input on that would plug in my alpha-numeric password automatically and unlock the screen so I would not have to type it every time. Does anyone know if this is possible?
Open a notepad app , type password and copy / paste .
Sent from my SGH-T959
If my work required that, and required me to read work email on a mobile device, they would be supplying said device to me.
How are they tying the email to the unlock wake on your vibrant?
Sent from my Samsung Galaxy S - powered by Team Whiskey™
As far as I know there isn't a way to do that, someone with more knowledge may be able to shine a different light on this. However, over in the Evo 4G area, there is a thread that talks about how to modify the Email.apk so you don't have to enter in a password or PIN (and it works quite well). Just keep in mind, you are the one responsible for your own actions if you get caught breaking your company's security policy.
jbeez, it is through a security profile that is pushed to the device before the initial sync occurs. The profile becomes basically a device admin and sets policy that you have to use a PIN or password to unlock the phone. It can also allow them to wipe the phone if they want. It can only do this if you agree to it. If you don't agree, you don't get mail.
Thanks for the replies folks. The local client on the device contains the security parameters. Would be nice if there is a way to script something to plug in the password automatically without having to type it. Maybe if the keys were bigger, but that does not help with having to plug in an 8+ alpha-numeric pw every time.
Take a look at this...I mean at the security removed gtab email. It might help.
http://forum.xda-developers.com/showthread.php?t=988902
The full phone encryption as currently implemented on Android is inconvenient because you have to enter 6+ chars every time you want to unlock your phone.
Since most of the time you want to do something unimportant, it quite kills the usability.
Knox seems to have nice approach to that by splitting the phone into personal and business part, only the later being protected.
However it's inaccessible for non-corporate customers, and still unclear how exactly it works.
So are there any other solution that allow you to protect part of your phone, like encrypt choosen folders only and password/pattern protect specific apps only, while still leave the most of the functionallity of your phone conviniently accessible?
Well, you can always go for a combo... PIN + encryption of files + password protected apps... and cerberus for anti theft (you can always remote wipe and try to recover the mobile after). Of course most security measures are "wiped" soon as the phone is wiped to install a new firmware, but while it isn't... there's a short window to recover your phone.
Seems like there isn't much security apps to more serious issues either...
The biggest issue is that PIN + encryption kills the usability since you have to enter the PIN (6+ chars) every time you want to glance at the phone.
Hi, my girl's Samsung S6 Edge got stolen today, snatched from her hand. Easy victim.
I'm trying to review the aftermath and what I did and maybe get some feedback on this.
Tracking/Remote lock
1. https://findmymobile.samsung.com/ failed - always set a password you remember; I didn't. After 7 failed login attempts account gets locked and you must reset your password, but it seems you can still lock your phone even if password is reset.
Anyway phone lock says will trigger once the device connects to the network. Is this still true if the phone is wiped?
2. https://www.google.com/android/devicemanager failed too
Maybe both failed because thief turned phone off? I did not try calling the number.
Security
3. All passwords were reset immediately, and gmail sessions were deleted.
4. Phone was locked with a PIN though a pattern would have been preferred. I do not remember if I encrypted it, but I know you cannot use pattern after you encrypt. Maybe that's why it had a PIN.
Assuming it was NOT encrypted, can a new ROM be flashed to unlock the phone and access content on storage drive (USB Debug was off)? I cannot remember if this is the case, I only rooted once and it was long time ago.
5. After 30 minutes I called the service provider and blocked the SIM card. She also offered to blacklist the IMEI number so I agreed. She even said that once you blacklist the IMEI, phone gets locked so thief cannot access it anymore - but this is bull****, it just won't be able to register to the network; it does not act as a remote lock lol. And IMEI can be easily overwritten once phone is rooted, so kind of an useless feature.
6. Reported to police but they don't care anyway, it's a petty crime. And chances of recovery are very little.
a) Would it be worthwile for the thief(s) to replace the front/back cover of the S6 Edge to a different color so they can easily sell it online locally afterwards? It seems to me the front cover is attached to the display, and to change that is quite expensive. Thoughts?
b) What happens with stolen phones anyway? Do they just root them and replace IMEI? I saw on a tv show that some will even replace the IMEI sticker on them.
thoughts:
- activate remote controls and TEST them
- install some app that takes snapshot of front camera when PIN is entered incorrectly
- encrypt phone, don't use dumb PIN
- set lock timeout to something short
- back up often
- engrave phone with custom message? (viable if you don't change often)
- have an action plan in case this happens
First two probably useless if thief switches phone off and reflashes it.
I probably need to restate my questions in a shorter format:
1. I had my phone registered with https://findmymobile.samsung.com. Will it still work if the phone is wiped?
2. Can content on the phone be accessed if phone was unencrypted and only had a PIN lock?
3. Is it easy to replace front/back case and bezel to give the phone a new 'look'?
Nobody answering... I'll try one last time.
1. Does flashing a new ROM give access to the stored files on the internal storage (like photos)?
2. Can a new ROM be flashed if the device is encrypted?
it can be flashed but the persob fill be stuck in bootloop and if the booted up ge will be stuck in frp lock by google he cant go past setup
w00tz said:
Nobody answering... I'll try one last time.
1. Does flashing a new ROM give access to the stored files on the internal storage (like photos)?
2. Can a new ROM be flashed if the device is encrypted?
Click to expand...
Click to collapse
If the guy who stole your phone flash another Rom and if not wipe the data then your photos etc will remain in your phone.. so if he wipe the data your file won't remain.. but the best option for him it's to wipe the data so this is good for you because he can't see your data.. make sure on your next phone to put pattern or a good code.. maybe you had put I didn't read all your posts.. that's all I know dude
Hi!
I had put a password on my Redmi Note 4 so my son doesn't play games on it. I usually use fingerprint or text password which I remember. However, I'm not sure what password I entered and now I've forgotten it. Now as the phone starts it is asking for the password and now it is locked. I can send some pictures of the screen for your reference (do advise how i can send these). When I try forgot password it just prompts me to the screen saying data will be erased etc...
I have important documents, ebooks, pictures and contacts on the phone which I need. Please advise if there is some way by which I can unlock the phone or at least backup all the data on the phone and then erase it.
Your help will be much appreciated.
Best regards,
Sudeep
Starting with Android 5 Lollipop there’s no built-in way to simply reset your pattern, PIN, or password and gain access to your phone or tablet. This does help provide additional protection to your data, attackers have no way of bypassing the passcode unless they actually know it.
The one and only possible solution to unlock: If you've set up Smart Lock on your phone and have it automatically log in when it’s on your home Wi-Fi then you can take your phone to that home Wi-FI network and it will automatically unlock for you, even if you can’t remember the normal unlock code.
If the phone runs Android 4.4 KitKat and older it has an integrated way to bypass your pattern, PIN, or other password if you forget it. To find this feature, first enter an incorrect pattern or PIN five times at the lock screen. You’ll see a “Forgot pattern,” “forgot PIN,” or “forgot password” button appear. Tap it. You’ll be prompted to enter the username and password of the Google account associated with your Android device.
My phone is working perfectly on the default OS I have only one problem, when using full disk encryption and/or SD card encryption there is no way to use another unlock option that passcode (with at least one letter).
By looking around it seems like there is no other solution than to use this long passcode but then to be able to use my phone normally I have to set up auto lock at 30mn.
If it's still not possible to use a numeric code with encryption, would there be a way to add a second lock screen at unlock so I can use a numeric code to unlock?
I've read articles online about this problem when android 5 was released i'm just looking for more recent info if it's possible to change this manually.
I'm not asking for a debate on encryption, i'm not paranoid and understand what encryption does and does not, it just seems crazy to me to use a phone without any other security than the passcode, if it gets stolen almost everything will be readable. (it's so much simpler on iOS)
Thank you