Related
Hi there,
Has any one tested the hardware disc encrytion that Samsung touted pre-launch? Are there any white-papers on how this works?
"Samsung has also taken steps to include Enterprise software for business users, that include On Device Encryption, Cisco’s AnyConnect VPN, MDM (Mobile Device Management), Cisco WebEx, Juniper,[28] and secure remote device management from Sybase.[36]"
Source https://secure.wikimedia.org/wikipedia/en/wiki/Samsung_Galaxy_S_II#Bundled_applications
Regards, F.
I asked on the CM forums, and CM does not have any disc encryption, yet. DOes anyone know about Samsung's offering?
BR.
Shame-less bump, in case some one has bought the i9100 by now and found the encryption option. Any one?
I found this gumpf about it. Its a third party product provided by Sophos.
"Antivirus & Firewall Security for Android Devices with Disk Encryption
SophosWith rising security threats and growing demands for the need of end point protection and data security are growing and so does Sophos comes forward and launches a mobile control which is mainly designed and is developed for smart phones like Android. This product comes with Sophos Anti-virus, Sophos Client Firewall and Sophos Disk Encryption which protects from threats and provides the disk encryption.
Basically, the SOPHOS secures the smart phones by centrally configuring all the security settings and then also it enables the lock down of unwanted features. With strong set of password and security policy it can even control the installation of apps, blocking use of cameras, browsers like You Tube etc. Also, additionally you can easily secure the access to the corporate mail by setting up the registered devices to access the mail.
Sophos Mobile control secures the mobile devices by centrally configuring security settings and enabling lock down of unwanted features. The features like strong password policy and lock period, control and installation of applications and blocking usage of cameras and browsers will help in enabling the enforcement of consistent "
Source: hxxp://androidadvices.com/antivirus-firewall-security-for-android-devices-with-disk-encryption/
galaxy s II I9100 has disk encryption built-in but disabled
I went through the files in initramfs and i found :
1) lots of encryption related strings and error messages in the /init executable
2) /init.rc has an event handler "on property:encryption.bootmode=remount"
3) /res/encryption.conftab - a configuration file that maps directories like /data to /dev/mapper/data to /dev/block/<data block device>
important point is that /init executable contains the name of this file and error messages relevant to the processing of this file.
4) /res/images contains images that together are a encryption graphic UI
Conclusion: Block-device level encryption is available and configured through dm_crypt by the init executable and some configuration files. Some flag probably exists somewere to enable this encryption.
Guess: after the flag is flipped the device should ask during boot for encryption password and encrypt /data /efs /cache /sdcard directories. On consecutive re-boots the same password will be asked to be able to mount through the configuration file(s).
Anyone knows how to enable the damn thing? Apparently Sybase have an app called Afaria AES for samsung that enables this functionality. I guess that they are doing it using some unpublished samsung security API. Maybe an extension of the DeviceAdmin class. Anyone know a way to check this?
I configured the standard email client to connect to my exchange server which enforces an encryption policy and then I got prompted to that my SGS2 would then encrypt itself.
I've no idea if there is a way to do it manually or even how to un-encrypt it if I ever remove the exchange account.
dwod said:
I configured the standard email client to connect to my exchange server which enforces an encryption policy and then I got prompted to that my SGS2 would then encrypt itself.
I've no idea if there is a way to do it manually or even how to un-encrypt it if I ever remove the exchange account.
Click to expand...
Click to collapse
Hi, When you say, the SGS would encrypt itself, did you mean that the internal discs would be encrypted, or was this referring only to the connection over Email. I think the latter and if so then this is not the correct thread for this discussion. If the former then this is remarkable.
I am also looking for a way to enable encryption. The ability to use hardware-assisted file encryption was the first thing that caught my eye when they presented the SGS II at MWC.
I have contacted Samsung about this (twice) and they were not really helpful at all. They only replied that you need third party tools to use the SGS II encryption features and that there is no tool included with the handset. They also ignored my inquiry for a documented API which would make it possible to write a little program to switch encryption on.
It seems that Sybase Afaria is one of the solutions with the desired ability, a Microsoft Active Sync server is another, both enterprise level products. The Sophos product mentioned above might be yet another.
If we could only get some information about the API all these products must use to administer the phone!
fryandlaurie
@forgetmyname:
I'm pretty sure that it is about file level encryption: Connecting to a corporate exchange server allows the server (if configured accordingly) to enforce a host of security policies on the phone. One of these policies may well be the encryption of all mail traffic but I doubt that you would be prompted to acknowledge that.
fryandlaurie
It would be great to be able to file encrypt private photos, I don`t think its enough with a program that requirre a password to show the hidden files. As if one have physical access to the phone one can easely get the pictures.
Two options for i9100 Encryption
oleost said:
It would be great to be able to file encrypt private photos, I don`t think its enough with a program that requirre a password to show the hidden files. As if one have physical access to the phone one can easely get the pictures.
Click to expand...
Click to collapse
On Stock Samsung ROMs pre-ICS you can use Galaxy Device Encryption free or pro by hellcat (see google play) for full device encryption, including optional encrypting of the external SD card. Note, it has to be stock rom for this to work on GB and this only works on certain Samsung models that they added the encryption ability to the OS but didn't give the user a way to activate.
ICS supports encryption natively and gives the user access to turn this on without a push from an exchange server or the like, assuming this hasn't been removed/disabled by the developer of the ROM you're using.
Ed
Have you guys tried this one? I use it on my PC, but wow the Android version is intense!
From the market:
Full-featured Antivirus and Anti-Theft security for your Android phone. Protect personal data with automatic virus scans and infected-URL alerts. Stop hackers by adding a firewall (rooted phones). Control anti-theft features with remote SMS commands for: history wipe, phone lock, siren activation, GPS tracking, audio monitoring, and many other useful tools. Your ‘invisible’ app hides itself, making it extremely hard for thieves to find and disable. A standalone yet tightly integrated component of avast! Mobile Security, avast! Anti-Theft is the slyest component on the market. Formerly known as Theft Aware, the Anti-Theft portion of avast! Mobile Security has been recommended by leading industry experts that include T-Mobile, N-TV, AndroidPIT, and Android Police.
avast! Mobile Security
Antivirus
Performs on-demand scans of all installed apps and memory card content, as well as on-access scans of apps upon first execution. Options for scheduling scans, virus definition updates, uninstalling apps, deleting files, or reporting a false-positive to our virus lab.
Privacy Report
Scans and displays (grid) access rights and intents of installed apps, identifying potential privacy risks, so you know how much info you are really providing to each app.
SMS/Call Filtering
Filter calls and/or messages from contact list using set parameters based on day(s) of the week, start time, and end time. Blocked calls redirect to voicemail, while blocked messages are stored via filter log. Also possible to block outgoing calls.
App Manager
Similar to Windows Task Manager, it shows a list of running apps and their size (MB), CPU load, used memory, and number of threads and services – with an option to stop or uninstall.
Web Shield
Part of the avast! WebRep cloud, the avast! Web Shield for Android scans each URL that loads and warns you if the browser loads a malware-infected URL.
Firewall
Add a firewall to stop hackers. Disable an app’s internet access when on WiFi and 3G and roaming mobile networks. (Works only on rooted phones.)
avast! Anti-Theft
App Disguiser
After downloading avast! Anti-Theft, user can choose a custom name that disguises the app (e.g. call it “Pinocchio game”) so that it is even harder for thieves to find and remove.
Stealth Mode
Once anti-theft is enabled, the app icon is hidden in the app tray, leaving no audio or other trace on the target phone – the app is ‘invisible’, making it difficult for thieves to detect or remove.
Self-Protection
Extremely difficult for thieves to remove (especially on rooted phones), Anti-Theft protects itself from uninstall by disguising its components with various self-preservation techniques. On rooted phones it is able to survive hard-resets and can even disable the phone’s USB port.
Battery Save
Anti-Theft only launches itself and runs when it needs to perform tasks. This preserves battery life and makes it very difficult for thieves to shut it down.
SIM-Card-Change Notification
If stolen and a different (unauthorized) SIM card inserted, the phone can lock, activate siren, and send you notification (to remote device) of the phone’s new number and geo-location.
Trusted SIM Cards List
Establish a ‘white list’ of approved SIM cards that can be used in the phone without triggering a theft alert. You can also easily clear the trusted SIM cards list, to leave the one present in the phone as the only trusted one.
Remote Settings Change
A setup wizard guides the user through the installation process on rooted phones. No command-line knowledge is necessary to install Anti-Theft rooted. Also supports upgrading.
Remote Features
SMS commands provide you the following REMOTE options for your ‘lost’ (or stolen) phone: Siren, Lock, custom Display properties, Locate, Memory Wipe, covert Calling, Forwarding, “Lost” Notification, SMS Sending, History, Restart, and more.
Took forever to set up, and this thing pretty much owns your phone. Not sure if you can ever get it off, lol.
Sent from my Dell Streak using Tapatalk
I wonder how it is on battery life. I like the SIM protection / anti theft bits so might try it on my Streak while waiting for the Sammy Note to arrive...
Hogs battery on my S2, stock XWLA4 rooted. Wonder what's wrong. Uninstalled until update arrives.
One problem I encountered: it blocked all my attempts to root my phone (LG Optima Q) until I uninstalled it. Probably part of it security protection. Once it was uninstalled the phone was rooted with no difficulty.
well, that makes perfect sense; the "rooting" process is just a security exploitation even if with legitimate aims. However it was detected, good for the SW.
All Amazon Prime Phones owners received this email today:
Lockscreen offers & ads will be disabled on your Prime Exclusive Phone
Hi ***,
We wanted to provide you with an important update about your Prime Exclusive Phone.
Starting February 6, we will begin rolling out an Amazon Offers app update to disable lockscreen offers and ads on Prime Exclusive Phones. This will allow you to more easily use your phone's mobile unlock technology, as well as personalize your lockscreen with a photo or wallpaper.
When the Amazon Offers app update is available for your Prime Exclusive Phone, you can find it in the “My apps & games” section of the Google Play Store. Downloading this update will disable lockscreen offers and ads on your device. If you have enabled auto-updates in the Google Play Store, your phone will automatically update after you connect it to Wi-Fi.
Prime Exclusive Phones will still be available at a discount for Prime members and will be available unlocked, giving you the freedom and flexibility to choose the wireless carrier and service that best fit your needs. Prime Exclusive Phones will continue to provide access to pre-installed Amazon apps, including the Amazon Widget app.
Our updated Program Terms of Use can be viewed here.
Have questions?
Head to our updated FAQ page, or you can always reach out to customer support here.
Click to expand...
Click to collapse
I hope this means I can unlock my phone's bootloader now.
feb 7 and still no update
RealRobD said:
feb 7 and still no update
Click to expand...
Click to collapse
Amazon offers app in mine updated today and the lockscreenads has gone away immediately.
sjc0211 said:
Amazon offers app in mine updated today and the lockscreenads has gone away immediately.
Click to expand...
Click to collapse
Just got it
I have already received the update and I no longer have ads, now my question is can we unblock the boot loader and become root?
Great news for all
But still can not be factory unlocked from the moto website.
I've just upgraded to the s9+ from the s7edge. So far, everything about the experience has truly been an upgrade with the exception of ad blocking.
On my s7edge, I was happy with the ad blocking provided by DISCONNECT PRO and would like to use the same with my new phone. I recall that configuring the app required me to download the MY KNOX app and setup KNOX.
A search in GALAXY APPS on the S9+ does not yield the MY KNOX app. Instead, there is an app called KNOX DEPLOYMENT. Unfortunately, when I put in my credentials this app just seems to get stuck on authenticating.
I have DISCONNECT PRO on my s9+ and it claims to be working and giving me statistics but, in web browsing in Chrome, it doesn't appear to be doing anything. If memory serves, this was my experience on the s7edge until I configured with MY KNOX.
Can someone point me in the right direction?
Samsung discontinued My Knox earlier in the year. You have to use Secure Folder now
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
I too would be interested to hear about anyones experience regarding this OS
johndoe118 said:
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
Click to expand...
Click to collapse
I'm interested in this ROM too. I have a Pixel 3a. I haven't flashed it yet because I'm trying to find out what people's experiences are first. There doesn't seem to be a lot of posts about it. Did you ever flash it? Also, what do you mean by "hardcoded Google domains"?
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi. That was one reason why I lost interest in the ROM. The other was the limited device support and missing root access. I absolutely need access to the iptables. As a one-man show, the ROM can be adjusted at any time.
johndoe118 said:
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi.
Click to expand...
Click to collapse
Do you have some kind of reference for that? I'm using it now and would really like some proof to bring up in their subreddit as a WTF.
graphene seems great, no root does not
I don't want the bootloader locked.
I want Magisk extensions
I need root for LP _only_ to remove ads. Is there something like LP that allows (interactively) disabling app activities?
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network.
HTTPS: https://www.google.com/generate_204
HTTP: http://connectivitycheck.gstatic.com/generate_204
HTTP fallback: http://www.google.com/gen_204
HTTP other fallback: http://play.googleapis.com/generate_204
Click to expand...
Click to collapse
nay_ said:
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
Click to expand...
Click to collapse
Thanks, right from there
I have Graphene OS taimen-factory-2020.07.06.20.zip on my Pixel 2 XL.Under "System update settings" is "Check for updates" but nothing happens if I tap.Only the field becomes darker.Has someone experience with this?
Update with adb sideloading to 2020.08.03.22 works.
OTA update from 2020.08.03.22 to 2020.08.07.01 likewise.
I'm personally not a fan of these kinds of projects, they aren't really all that 'secure', you're still using proprietary vendor blobs and such
help please
Hello! In the description
I pointed out that you can change servers just not through the GUI.
Has anyone tried this?
```
Providing a toggle in the Settings app for using connectivitycheck.grapheneos.org as an alternative is planned. The option to blend into the crowd with the standard URLs is important and must remain supported for people who need to be able to blend in rather than getting the nice feeling that comes from using GrapheneOS servers. It's possible to use connectivitycheck.grapheneos.org already, but not via the GUI.
```
captive portal leak + location services data leak
Few points:
1. General idea is that privacy/security oriented OS (as graphene is advertised) should limit network activity as much as possible, and not ping google using captive portal service every few seconds providing perfect IP-based location to google
It is possible to switch it off, but should be off by default
2. Connections of android location services to get GPS constellations were shown before to send sim card imsi and connected cellular tower id to provider (qualcom/google):
"blog.wirelessmoves.com/2014/08/supl-reveals-my-identity-and-location-to-google.html"
Graphene still allows those connections (check their FAQ on website)
W/O root no way to switch this off. Even some devices ignore config files and still leak data (on the level of cellular modem most probably)
3. Android services make other weird connections. Example: AOSP dialler app is querying phone numbers against online database leaking all contacts to google. How was this taken care of in graphene? Are all AOSP services/apps security-verified to not leak any data?
w/o root no way to install afwall to block everything
Is graphene built-in firewall capable of blocking system services from network access?