I have a Jelly Bean 4.1.2 based phone, specifically an LG Intuition VS-950, which I am using with the Page Plus standard plan. As the data rate of $0.10/mb on that plan is ridiculous I have it toggled off and use a Karma Go for mobile data access at a much better data rate. Unfortunately I recently encountered a case where an app or two ran through a lot of my prepaid data. I know one of the culprits and have removed it, but I would like to confirm I have the situation addressed and perhaps seek reimbursement.
If I go into Settings->Mobile Data I see the data usage history. I would like to be able to break this down a bit further, as I only use the Karma Go data part of the time. I would like to be able to isolate the data usage only to the Karma Go for the period of interest. Much of the time my phone is connected either to the office WiFi or a public hotspot, so only the usage while connected to the Karma Go is of interest to me. I have the MAC address of the Karma Go and the two SSIDs used with it, so as long as one of those is part of the data usage history I should be able to isolate it.
Is there an app out there that can do this for me? If not, can I use adb to pull the data of interest over to my laptop for further analysis?
Dave
No need for an app. In fact, the only way to edit and review your device history is through Google Settings. Open it and then select Personal Info & Privacy.
Any links tapped will take you to a browser. Sign in again if asked and edit from there. You can also instruct Google to stop or pause data collection across apps or just specific ones (like YouTube).
Sent from my m8 using Tapatalk
I attempted to follow your directions, but I can't say that I see a way to retrieve the usage data from 24 July to 4 August for further analysis from there. The data I am referring to is displayed graphically on the phone from its home screen when I hit Settings->Mobile Data and is titled "data usage cycle" at the top. In particular I need to isolate the portion of this underlying data that is associated with the MAC of my Karma Go WiFi mobile hot spot or one of its two SSIDs and the apps that were responsible for the usage. Ideally I would like to download this data to my laptop in a form that I could open as a spreadsheet for further analysis.
If this data is available online for download, as your post implies, I am afraid I would need more specific direction to be able to access it. Thanks in advance for any further clarification or information you can provide.
Dave
I did a little more searching and from what I can tell the data I am looking for is stored on my phone in /data/system/netstats/ and I downloaded the files in the directory to my laptop. The files are named dev.<startepoch>-<endepoch>, uid.<startepoch>-<endepoch>, uid_tag.<startepoch>-<endepoch> and xt.<startepoch>-<endepoch> respectively with the latest lacking the <endepoch> and are binary files of some sort. How can I work with these files to retrieve the data I am looking for.
Dave
I did yet a bit more searching and it appears that the data is in NetworkStatsCollection format. I found a link to the open source here:
https://android.googlesource.com/platform/frameworks/base/+/e098050/services/java/com/android/server/net/NetworkStatsCollection.java
How can I extract this data so that I can analyze it with other tools?
Dave
It appears that were the data I wanted logged since the last boot I could obtain it via:
adb shell dumpsys netstats detail
Unfortunately, the desired data is from a prior boot. Looking at /data/system/netstats/* shows the data is still present in an earlier file, so I would need to tell dumpsys what date range to extract. Unfortunately I don't have any documention on how to do so. Anyone know how to do so?
Dave
Related
Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?
The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.
chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.
Any updates on this? I'm curious as to how to guard against ufed.
I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass
If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.
If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2
I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later
Hi,
I thought maybe you guys, if anyone, would know. I am looking for an app that can:
- make a log of all the other apps, including stock ones, that make attempts or actual connections to the internet, and at what time
- be able to intercept those connections
- preferably I would create a white list of apps that are allowed to connect, but others do not have permission.
Purposes include:
- saving on bandwidth in poorer countries where internet is expensive.
- making sure apps or malware doesn't try to send off my data when it shouldn't be.
- prevent annoying background sync/apps from running when I don't want them
I find it strange that we either give all the permissions the app wants, or it doesn't work. Why can't we restrict their internet access?
Does this sound feasible? Does it already exist?
I'm rooted and using an Asus Transformer.
Thanks for any help
Try DroidWall. (root required)
It can block apps from connecting to the internet on an per-app based system.
But i don't think it has any kind of log or similar (haven't used it for a while, so might have been upgraded)
it looks like that does exactly what I needed, although I have to re-root my device for it to work again. Anyway, thanks for the tip
droidwall
droid wall definitely and yes it requires root.
Hello everyone !
I have a problem that may have been addressed many times before. I do apologize, but the search didn't bring me needed answers. I also apologize for any bad english.
Here is the deal :
I am concerned with the "background data" the android os transfers via my mobile internet.
I rooted the phone, cleared all the useless .apk's from /system/app folder (even removed google play and as much of google stuff as i could), installed DroidWall and set very strict firewall rules ...
And still when i open data usage in settings menu, i see "android os" transfered 6.6mb in past 20 days. WHAT is that stuff ?!
I only use internet for stock e-mail, naked browser, internet radio, and wolfram alpha. Only those 4 applications should ever use the internet. I wish that not a single byte of data is ever EVER transfered besides the needs of these 4 applications. I do not want "Android Os" or any other background process connecting to any server on the internet "behind my back".
I am not very experienced in android os. But if it is required, i will learn how to flash another rom, to cook rom, learn and do anything i can to take COMPLETE control of the bandwith, if it is possible. Is it ? If it is, the main question and the reason i posted this thread is : HOW ? Just please do not assure me that that data is nothing to worry about, or ask me why do i care. If you can say nothing about solution, you can not help me.
The device is 2011 Xperia Pro (mk16i) and android version is 4.0.4
Thanks in advance !
There are some data between your phone and google server. Recall some phones have feature to disable background data. Not sure whether your phone have it.
You could try some tool to monitor what application creates link.
themima said:
Hello everyone !
I have a problem that may have been addressed many times before. I do apologize, but the search didn't bring me needed answers. I also apologize for any bad english.
Here is the deal :
I am concerned with the "background data" the android os transfers via my mobile internet.
I rooted the phone, cleared all the useless .apk's from /system/app folder (even removed google play and as much of google stuff as i could), installed DroidWall and set very strict firewall rules ...
And still when i open data usage in settings menu, i see "android os" transfered 6.6mb in past 20 days. WHAT is that stuff ?!
I only use internet for stock e-mail, naked browser, internet radio, and wolfram alpha. Only those 4 applications should ever use the internet. I wish that not a single byte of data is ever EVER transfered besides the needs of these 4 applications. I do not want "Android Os" or any other background process connecting to any server on the internet "behind my back".
I am not very experienced in android os. But if it is required, i will learn how to flash another rom, to cook rom, learn and do anything i can to take COMPLETE control of the bandwith, if it is possible. Is it ? If it is, the main question and the reason i posted this thread is : HOW ? Just please do not assure me that that data is nothing to worry about, or ask me why do i care. If you can say nothing about solution, you can not help me.
The device is 2011 Xperia Pro (mk16i) and android version is 4.0.4
Thanks in advance !
Click to expand...
Click to collapse
Thank you for your reply !
There is a built in tool "Data Usage" in the settings. It shows the 4 applications that i use with internet + Direct Push that checks email from microsoft server + Android OS in the list as well. I guess all the stuff going on "behind my back" is packed into Android OS. What tool do you suggest ?
There is "restrict background data" option. But when i select it - i get the warning that some apps will not work unless connected to wifi. The last part of this warning indicates to me that Aroid Os will still send the data. But only when connected to wifi. And i dont want it ever to send any data. Why would any data be sent to google server ? I disabled all synchronisation with google ...
You could also use the tool network monitor https://play.google.com/store/apps/details?id=com.jmm.networkmonitor which wrote by my friend. It could find which application using your network. And could display the peer address.
I think some google application such as gtalk service are connecting google server background. No choice.
themima said:
Thank you for your reply !
There is a built in tool "Data Usage" in the settings. It shows the 4 applications that i use with internet + Direct Push that checks email from microsoft server + Android OS in the list as well. I guess all the stuff going on "behind my back" is packed into Android OS. What tool do you suggest ?
There is "restrict background data" option. But when i select it - i get the warning that some apps will not work unless connected to wifi. The last part of this warning indicates to me that Aroid Os will still send the data. But only when connected to wifi. And i dont want it ever to send any data. Why would any data be sent to google server ? I disabled all synchronisation with google ...
Click to expand...
Click to collapse
Hi,
Apologies if this is in the wrong thread category.
I'd like to permanently remove internet access from either a whole phone or from selected apps. This would create a dumbphone with a touchscreen. This is to tackle a net addiction, yet leave me with the capability of communicating with family via SMS. Existing dumbphones don't have touchscreens and often cause me excruciating pain to use, because of a condition I suffer from called fibromyalgia, which mimics the symptoms of RSI. Autocomplete on touchscreen phones reduces the number & intensity of finger-touches I need to make to type an SMS and are thus relatively freeing.
Would anyone know how this could be done, please? I rooted a phone once or twice but am not capable of following any instructions which require judgement. Please don't take more than a couple of minutes over this because there's a strong chance any advice will go over my head.
With thanks in advance for your thoughts
Jonathan
joanthan75 said:
Hi,
Apologies if this is in the wrong thread category.
I'd like to permanently remove internet access from either a whole phone or from selected apps. This would create a dumbphone with a touchscreen. This is to tackle a net addiction, yet leave me with the capability of communicating with family via SMS. Existing dumbphones don't have touchscreens and often cause me excruciating pain to use, because of a condition I suffer from called fibromyalgia, which mimics the symptoms of RSI. Autocomplete on touchscreen phones reduces the number & intensity of finger-touches I need to make to type an SMS and are thus relatively freeing.
Would anyone know how this could be done, please? I rooted a phone once or twice but am not capable of following any instructions which require judgement. Please don't take more than a couple of minutes over this because there's a strong chance any advice will go over my head.
With thanks in advance for your thoughts
Jonathan
Click to expand...
Click to collapse
Root your phone based on your past experience.
Install Xposed Installer app.
Install xposed framework by clicking install button in the app.
After a few minutes, your phone would ask for permission to reboot.
Reboot it.
It will take around 10 minutes or more to reboot.
Open the Xposed Installer app and click the menu icon on top left of the screen.
Select Downloads.
Search for XFirewall and install it.
Reboot.
Open XFirewall.
Select which apps you want to have net connectivity.
OR
You can try any other normal firewall app if you think it to be better than XFirewall
Augustoandro said:
Search for XFirewall and install it.
Reboot.
Open XFirewall.
Select which apps you want to have net connectivity.
OR
You can try any other normal firewall app if you think it to be better than XFirewall
Click to expand...
Click to collapse
Thanks Augusto! Much appreciated.
Do you or does anyone on here please know of any firewall apps which allow the user to commit to a period (24 hours, a week, a year, permanently) without network access? Unfortunately without this kind of restriction I can't trust myself to stay off the web. Five minutes reading the news or Twitter always turns into five hours.
Thanks
Hi everyone! This is my first post, but I have used the search tool already without success. I am just a user, not developer and quite noob regarding mobiles and security.
Situation
1. I've got hacked, total control (photos, emails, camera, contacts, whatsapp, screen etc) of my unrooted android phone (xiaomi redmi note 7).
It was a targetted attack, no manual app installed, no unsafe 3rd party apps allowed. Attackers only had my gmail account (linked to android) and telephone number. I know them personally, and they leaked personal information to people at work (who enjoy it between them but won't help me at all).
No high consumption of battery/data. Just leeching information, launching some apps eventually, and few interactions with the screen minimizing etc.
2. I Installed antimalware (e.g malwarebytes), antivirus (avg, esset etc). No positive results. I also installed "Noroot firewall" to control programs accessing internet, nothing strange.
3. I've changed emails(new), SIM + Telephone. Got hacked again. I suspect my own wifi was compromised.
Additionally, added 2 step verification to emails, changed passwords, encrypted the device etc. I have found no IP from them in the emails log, nor alert from gmail. Only once a session from Linux device (not mine). I believe they have accessed through the device.
4. I want to restore the device somehow and avoid getting hacked again.
One of the problems I face is taht that now I'm not in the same circle of people from which I gathered most of the info on the leaked information, so I can't get to know if the actions I am taking got rid of the hack, besides some punctual actions they may do (launch app etc). So I have to act quite paranoid and do the most secure action.
Question
1. Any idea on how they managed to do that? how can I prevent it or prove it? a reset would get rid of any proof, but I kinda prefer it if it is once and for all.
2. A hard reset only formats one partition (user data), so if there is a trojan located in /system it would be pointless. With an unrooted device I can only get rid of /cache and /data.
Should I install another ROM?(my phone has always been unrooted) which one? (restoring the stack ROM would probably be pointless if the vulnerability is due to android...
3. Is there any other measure I could take?
I'd appreciate any help.
Thank you!