Related
Does anyone know how to do it on the Droid?
Is there a single honorable reason why you would be interested in doing this?
I sure can't think of one.
well as soon as wifi packet injection works on android i am switching.
¿GotJazz? said:
Is there a single honorable reason why you would be interested in doing this?
I sure can't think of one.
Click to expand...
Click to collapse
Vulnerability testing... an auditor who wants to do bluetooth related pen test with his/her phone?
archangelugp said:
Vulnerability testing... an auditor who wants to do bluetooth related pen test with his/her phone?
Click to expand...
Click to collapse
Lets go with that . So I'm guessing theres no way yet?
alienware777 said:
Lets go with that . So I'm guessing theres no way yet?
Click to expand...
Click to collapse
Nope. Not yet.
I don't see why it matters to anyone why someone wants this.
I want this too. I don't have to explain to anyone as to why I want it. Because, it is absolutely none of your business. If you don't know how to implement it, then don't post.
Lol. This is a public forum. Of course you don't have to explain why you want something. Equally, if someone who could help doesn't want to, because they suspect you're up to no good, they don't have to justify their actions either, let alone help you. Blessed be.
cauli said:
Lol. This is a public forum. Of course you don't have to explain why you want something. Equally, if someone who could help doesn't want to, because they suspect you're up to no good, they don't have to justify their actions either, let alone help you. Blessed be.
Click to expand...
Click to collapse
Touché. I'll admit it. The main reason I want this is to mess with my friends. Nothing actually detrimental. Same reason I like sms bombers, and caller id fakers.
But still, this would be great to add on to my list
This would be so awesome..just from a security standpoint to be able to show and explain to friends and family to not there guards down when it comes to cyber theft and to turn off your radios when not in use
I never quite understand answers like this. This forum is for the exchange of information, not personal opinions. People that think their some kind of 'ethics police' need not be on this type of site. This site is for the exploration, hacking and development of our phones. Rooting & custom firmware is frowned upon by security researchers and manufacturers alike, but because your into it, it's morally correct?
supern0va said:
I never quite understand answers like this. This forum is for the exchange of information, not personal opinions. People that think their some kind of 'ethics police' need not be on this type of site. This site is for the exploration, hacking and development of our phones. Rooting & custom firmware is frowned upon by security researchers and manufacturers alike, but because your into it, it's morally correct?
Click to expand...
Click to collapse
Yep, one man's "not needed" is another man's necessity. This is no less needed than say someone thinking they need a ps3 controller (or wiimote) working with their phone, but no one really complains about that.
here's a very legitimate reason for you so if you know how PM me
Hi,
A friend of mine has an older mobile with a broken touchscreen - the phone no longer has a SIM or a RAM card and is in "Music Sync" mode when it connects to a PC via USB.
They are currently in a court case and need to get their old SMS's off the broken phone - all the "forensic" mobile software out there (from $500 up to $5000!!!) require that the phone is in PC-Suite (or PC-Sync) mode. This can't be changed on the phone as the touchscreen doesn't work.
The only way to get to the SMS's is by Bluesnarfing, so if you know of a PC program or a WinMo 6.5 program that will let me access their phone PM me.
Thanks.
Why is there always that one person that offers no assistance, takes up bandwidth questioning your motives...
For those that don't know:
"Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages. Bluesnarfing is much more serious in relation to Bluejacking, although both exploit others’ Bluetooth connections without their knowledge. Any device with its Bluetooth connection turned on and set to “discoverable” (able to be found by other Bluetooth devices in range) can be attacked. By turning off this feature you can be protected from the possibility of being Bluesnarfed. Since it is an invasion of privacy, Bluesnarfing is illegal in many countries."
Thread closed
First off, I want to apologize if this information is either or both regurgitated and irrelevant.
I was looking for information on eMMC, and there really isn't much, and I found an old article that describes how data reliance works with eMMC. At least a cursory look.
One of the features of Reliance (and Reliance Nitro) file system is that it never overwrites live data. It will always use free space on disk or in case there is no space, it will give “disk full” error back to the application. Reliance also has a special transaction mode called “Application-controlled”. In this case, Reliance only conducts a transaction point when asked by the application.
Click to expand...
Click to collapse
Full article here. Information about integration with embedded linux, here.
What struck me was the "Application-controlled" part. It would explain the technology that is undoing changes to /system when the system kills the temp root. I wonder if its possible for temp root to trigger the "commit" function of reliance once some small changes have been made...
Hope this is of some use.
CyWhitfield said:
First off, I want to apologize if this information is either or both regurgitated and irrelevant.
I was looking for information on eMMC, and there really isn't much, and I found an old article that describes how data reliance works with eMMC. At least a cursory look.
Full article here. Information about integration with embedded linux, here.
What struck me was the "Application-controlled" part. It would explain the technology that is undoing changes to /system when the system kills the temp root. I wonder if its possible for temp root to trigger the "commit" function of reliance once some small changes have been made...
Hope this is of some use.
Click to expand...
Click to collapse
Just an FYI, system is an EXT4 FS. This would require not only a custom kernel, but a lot of one offs in the way it's dealing with data. From what I've seen, this isn't what they are using.
But that's a very good find, I am looking into some of the information. Never heard of this before.
Thanks for the info. I would love to find out more about how this memory technology works. More articles are welcome!
Isn't that basically just wear leveling?
Is your name Ben? Or are you perhaps searching on this because of a post that Ben made on HTC? His claim was that even with an unlocked bootloader, that the eMMC could still be locked and prevent us from getting root. This seems far fetched to me.
edufur said:
Is your name Ben? Or are you perhaps searching on this because of a post that Ben made on HTC? His claim was that even with an unlocked bootloader, that the eMMC could still be locked and prevent us from getting root. This seems far fetched to me.
Click to expand...
Click to collapse
In all reality, I'm thinking this is the eventuality. Sprint knows that with root access we can circumvent the WiFi tether that they want to charge you for. They would never be OK with that.
Sent from my PG86100 using Tapatalk
Just an FYI, system is an EXT4 FS. This would require not only a custom kernel, but a lot of one offs in the way it's dealing with data. From what I've seen, this isn't what they are using.
But that's a very good find, I am looking into some of the information. Never heard of this before.
Click to expand...
Click to collapse
Given that you have taken a much closer look at the inner workings than I have, I will defer to your observation with a caveat
According to wiki eMMC supports something called Reliable Write. This suggests that the reversion capability is a part of the eMMC standard. Reliance sounds more and more like a commercial implementation of this function decoupled from a specific media type. After looking it over again, nowhere in the article about Reliance is eMMC mentioned.
Isn't that basically just wear leveling?
Click to expand...
Click to collapse
Wear leveling is a byproduct of what reliable write is doing. The difference is the ability to defer commitment of file system changes, so that a failed system update wont brick the device.
I do not know if changes made to the device are immediate and revertable (i.e., if eMMC is not told to commit a write, the changes just "go away" when its remounted). Nor do I know if reversions can be made on the fly, as we are experiencing when temp root gets deactivation.
There really isn't much information out there about this that is easy to find.
Is your name Ben? Or are you perhaps searching on this because of a post that Ben made on HTC? His claim was that even with an unlocked bootloader, that the eMMC could still be locked and prevent us from getting root. This seems far fetched to me.
Click to expand...
Click to collapse
Neither. eMMC isn't "locked" per se. HTC is using some mechanism that will revert the contents of /system to a prior state when some unknown condition is met. I do not mean to suggest that this is being done through "reliable write" or "Reliance", since it has already been pointed out by someone much more knowledgable on the subject than I that a standard EXT4 file system is being used. I honestly have no idea. I found this information somewhat by accident, and thought that if it could prove useful I should share it here.
Something is dynamically protecting the contents of /system. Once the phone is rooted, I have no doubt that this "something" will be rendered quite impotent. If it were not possible to do so in the first place, OTAs wouldn't work
Sprint knows that with root access we can circumvent the WiFi tether that they want to charge you for. They would never be OK with that.
Click to expand...
Click to collapse
The first part of your statement is true, Sprint knows full well that we can circumvent their attempts to charge us for WiFi tethering with root access. They have known this for years. They also know that in reality there is no way they can completely prevent someone from tethering their phone in one way or another. Even without root access. Ref: PDANet.
In my opinion, this protection of the eMMC contents was designed to reduce support costs from failed OTA updates bricking phones, and perhaps as protection against malware that can attain root, not unlike what Temp Root does.
I am not as paranoid as some here and refuse to accept that this was done specifically to thwart efforts to root the phone. The vast (and i mean VAST) majority of people who buy this phone will never even consider rooting the devices. This same majority has a subset of people that are easily stupid enough to screw up an OTA update or download and install malware.
I will take it a step further and opine that the only reason HTC is unlocking the bootloader is because we are such a minority AND that by tinkering with an unlocked device, we are actually helping HTC improve their product. They would rather have a more appealing facebook page than worry about losing a minuscule fraction of wifi tethering income.m Moreover, take a good look at where Sprint stands in the market, and what they have done recently to improve their position. They are doing a lot of really cool things, and have taken impressive steps to improve customer service and corporate image. That they would allow this bashing of HTC to continue unabated over a handful of tethering dollars is unlikely.
I appreciate your canter, very informative. A thanks will come your way.
Sent from my PG86100 using Tapatalk
Does pdanet allow wireless tether? I didn't think it did.
Sent from my PG86100 using Tapatalk
Nutzy said:
Does pdanet allow wireless tether? I didn't think it did.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
It doesn't act as a hotspot, no.
Sent from my PG86100 using XDA App
Nutzy said:
I appreciate your canter, very informative. A thanks will come your way.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
Much appreciated!
Sent from my PG86100 using XDA App
So, I would be interested in hearing more thoughts on this. Is the eMMC independent of the OS? In other words, would a custom ROM have to obey and work with the eMMC? Or could a custom ROM be made to either disable the eMMC or make it do what we want?
edufur said:
So, I would be interested in hearing more thoughts on this. Is the eMMC independent of the OS? In other words, would a custom ROM have to obey and work with the eMMC? Or could a custom ROM be made to either disable the eMMC or make it do what we want?
Click to expand...
Click to collapse
I think you're misunderstanding this. The eMMC is the memory inside the device that everything is stored on. It replaced the old NAND chips in older devices.
The OS is stored & runs off of eMMC memory, it's not independent. If you were to 'turn off' the eMMC the device would do nothing. A lot of the security features available on the chip itself probably aren't in use. HTC has been using their own form of write protection since early last year, even on the NAND based Evo 4G. I'd stake a bet they're using the same system here, and we just need to find a way to flash the ENG bootloader like we did last year to get around it.
I agree with you. reliance is setup to ward against "unauthorized" changes to the /system partitions. i believe the developer community takes way too deep a look at each action made by a corporation (htc) and view them as "big brother", when infact most changes are actually approved, reviewed, and committed by someone in accounting with no technical skills whatsoever. these people are forced to look at the bigger scheme of things and make a decision about it (after working for sprint for almost 2 years now...i can tell you how many decisions are literally made by someone who has no idea what the heck he is making decisions on).
instead of looking at them "trying to stop the development community from unlocking wireless tether" look at them as a CEO (who most of the time has no technical knowledge) and a PR rep (who really only cares about how their company is viewed) and using this kind of encryption is only there to "safeguard" their devices against attacks.
one would think the secret to perm rooting the device is triggering the reliance write function so it commits the changes instead of reloading them. if /system doesnt get changed unless theres an OTA of some sorts....theres more than likely a hash table that reliance would check against to verify...so an OTA would need to write to that table first, then make the changes....
more than likely some other noob has already said something along those lines and been flamed for it as well...just throwing it out there....
newkidd said:
.........
one would think the secret to perm rooting the device is triggering the reliance write function so it commits the changes instead of reloading them. if /system doesnt get changed unless theres an OTA of some sorts....theres more than likely a hash table that reliance would check against to verify...so an OTA would need to write to that table first, then make the changes....
........
Click to expand...
Click to collapse
that stuck out in bold to me..... hmmmmmm
I probably was overlooking what eMMC was, however based on the links the user gave, I later learned a little more about its potential. It would appear that HTC is doing something along the lines of the operations expressed in the link. And if they are not fully replicating efforts, it would be a shame. I like the concept of wear leveling and efficient read/writes. It would be my hope that we could integrate all those functions within a custom rom.
I found a page on the Micron site on eMMC. In the tech notes section there are informational downloads for just one chip. Specifically, the Qualcomm QSC6695
You have to register to download them. A process I have already started. Their site claims it takes a half hour to register a new account.
Once I have the PDFs, I will attach them to the OP.
I don't know if this is the chip the evo 3d is using, but if it is these may prove beneficial to have.
EDIT: Nevermind. i'd have to sign an NDA first.
EDIT: Although, this looks interesting.
Geniusdog254 said:
A lot of the security features available on the chip itself probably aren't in use. HTC has been using their own form of write protection since early last year, even on the NAND based Evo 4G. I'd stake a bet they're using the same system here, and we just need to find a way to flash the ENG bootloader like we did last year to get around it.
Click to expand...
Click to collapse
Perhaps, but a hint at the design really tells me that it would only make sense to offload this protection to the eMMC. Posted a link just a minute ago with the eMMC "enablement" model in PDF form. Interesting read...
CyWhitfield said:
I found a page on the Micron site on eMMC. In the tech notes section there are informational downloads for just one chip. Specifically, the Qualcomm QSC6695
You have to register to download them. A process I have already started. Their site claims it takes a half hour to register a new account.
Once I have the PDFs, I will attach them to the OP.
I don't know if this is the chip the evo 3d is using, but if it is these may prove beneficial to have.
EDIT: Nevermind. i'd have to sign an NDA first.
EDIT: Although, this looks interesting.
Click to expand...
Click to collapse
VERY interesting link & read for sure
CyWhitfield said:
The first part of your statement is true, Sprint knows full well that we can circumvent their attempts to charge us for WiFi tethering with root access. They have known this for years. They also know that in reality there is no way they can completely prevent someone from tethering their phone in one way or another. Even without root access. Ref: PDANet.
In my opinion, this protection of the eMMC contents was designed to reduce support costs from failed OTA updates bricking phones, and perhaps as protection against malware that can attain root, not unlike what Temp Root does.
I am not as paranoid as some here and refuse to accept that this was done specifically to thwart efforts to root the phone. The vast (and i mean VAST) majority of people who buy this phone will never even consider rooting the devices. This same majority has a subset of people that are easily stupid enough to screw up an OTA update or download and install malware.
I will take it a step further and opine that the only reason HTC is unlocking the bootloader is because we are such a minority AND that by tinkering with an unlocked device, we are actually helping HTC improve their product. They would rather have a more appealing facebook page than worry about losing a minuscule fraction of wifi tethering income.m Moreover, take a good look at where Sprint stands in the market, and what they have done recently to improve their position. They are doing a lot of really cool things, and have taken impressive steps to improve customer service and corporate image. That they would allow this bashing of HTC to continue unabated over a handful of tethering dollars is unlikely.
Click to expand...
Click to collapse
I completely agree with all of that. Other carriers have taken many steps to try to prevent wireless tethering. They've asked google to filter certain apps from the market from their customers, they've sent out letters to their customers who they suspect of tethering, they've used ECM's to try to stop it.
But Sprint...they've been remarkably silent on that front. Hell they don't even seem to plan on putting any usage caps in place. In my opinion, I suspect that Sprint wants to be different from the other carriers. They can't outright allow tethering because people would go nuts with it and it would saturate their network. Instead they have this approach of telling you that you can't do it without paying extra, but they look the other way when you do.
I don't know if I fully agree on why HTC locks the phone so tight though. I mean they really went out of their way to make sure nobody touches it. There could have been far more simple countermeasures in place to prevent malware yet still be open to somebody who has physical access to the phone.
It can't be that Sprint insisted on it being that way, otherwise Sprint would have insisted that the Nexus S be fully locked, so I don't believe that this is a carrier issue at all, at least not as far as the Evo 3D is concerned.
One of my suspicions is that HTC may make a profit off of having certain apps installed, much in the way that PC OEM's get paid to preload different apps (e.g. norton.) It could be that they want to make sure that you can't remove them. However that profit they make off of these apps may be significantly offset by having a really negative facebook page, hence the decision to unlock.
Hard to say really.
I use my (rooted and reflashed) SGS3 for work, for which it is great. Except our corporate IT folk have caught up, and now insist that I must install their security tools on my phone if I want to maintain mobile access to my corporate email, calendar etc etc. Fair enough ... not ideal, but I can appreciate their point of view.
Except their anti-virus tool (Junos Pulse) has decided that Mobile Odin Lite (which I downloaded from Chainfires post, here, http://forum.xda-developers.com/showthread.php?t=1347899) is infected with Android.Lotoor.c. A bit of Googling finds the following about "Lotoor":
Technical Information (Analysis)
Exploit:Unix/Lotoor is a detection for specially-crafted Android programs that attempt to exploit vulnerabilities in the Android operating system to gain root privilege.
Exploit:Unix/Lotoor is dropped and installed by TrojanSpy:AndroidOS/DroidDream.A. Once installed, the exploit is present as the following names:
rageagainstthecage
exploid
Allows root access
When run, Exploit:Unix/Lotoor allow a remote attacker to gain administrator privilege to the device running Android operation system.
Connects to a remote website
Exploit:Unix/Lotoor decrypts the name of a remote server provided by TrojanSpy:AndroidOS/DroidDream.A such as "184.105.245.17". The server address is used to send user identifiable data from the affected mobile device.
Click to expand...
Click to collapse
Given the nature of Mobile Odin, I can easily imagine this to be a false positive, but at the same time, I'd like a little reassurance - I don't particularly want a backdoor into my phone! Has anyone else seen or heard of this before? Or heard of any comment from Chainfire?
sixedup said:
I use my (rooted and reflashed) SGS3 for work, for which it is great. Except our corporate IT folk have caught up, and now insist that I must install their security tools on my phone if I want to maintain mobile access to my corporate email, calendar etc etc. Fair enough ... not ideal, but I can appreciate their point of view.
Except their anti-virus tool (Junos Pulse) has decided that Mobile Odin Lite (which I downloaded from Chainfires post, here, http://forum.xda-developers.com/showthread.php?t=1347899) is infected with Android.Lotoor.c. A bit of Googling finds the following about "Lotoor":
Given the nature of Mobile Odin, I can easily imagine this to be a false positive, but at the same time, I'd like a little reassurance - I don't particularly want a backdoor into my phone! Has anyone else seen or heard of this before? Or heard of any comment from Chainfire?
Click to expand...
Click to collapse
Android Anti Virus Apps are known to detect bulsh*t from time to time. Also I highly doubt that a very well known developer like Chainfire would include something in his Apps that would do harm to your device.
Its a false positive. Rageagainstthecage is an older root exploit from the Captivate days. I remember it well. You're good to go. Not a problem.
b-eock said:
Its a false positive. Rageagainstthecage is an older root exploit from the Captivate days. I remember it well. You're good to go. Not a problem.
Click to expand...
Click to collapse
Great. That was what I thought (especially given it's Chainfire's creation too). Now I just have to work out how to persuade the corporate security people to be happy about it. That will be a whole different level of problem. I can see a lot of "working around" the corporate AV & security tools in my future
They won't be persuaded. Speaking as a corporate IT guy myself, theres no way I would allow it.
rootSU said:
They won't be persuaded. Speaking as a corporate IT guy myself, theres no way I would allow it.
Click to expand...
Click to collapse
Yeah, I know. It's the classic tension of the BYOD model. My phone, but their data and paranoia. And boy are those guys paranoid - the amount of protection required just so I can access my email and contacts via my mobile (which I used to carry around as printouts and a paper address book) is out of all proportion to their value. I guess they have to prepare processes for the absolute worst case, but honestly ...
I think there's always a step too far though. They can remotely wipe the device, so they should be happy with that.
Its just with root you can bypass exchange requirement for pin / password / pattern lock. Most IT dont like that
Sent from my GT-I9300 using Tapatalk 2
Hi,
with all media attention related to NSA spy activities.
How does one know this all happening here is not related to NSA activities?
If i'm correct the bloatware a provider installs when you bought it gives nsa access or gives provider unwanted access.
Maybe i'm thinking too much, but even NSA could bring out a rom which looks great and so and you think it's save and not accessing your private details, mic or camera.
Just a thought i had.
(on duckduckgo.com there was this advertising for save internet and cyanomod, thatss how i came here)
Thanks !
Have you been abusing ice or something ?
haha no, just curious that's all. As you know google ain't clean either in terms of privacy. And Android is Google.....
But no, i like what's happening here, it was just a thought.
Alright...
Intelligence agencies can already essentially look at whatever they want whenever they want via direct access to all networks. They can break a lot of encryption. Most operating systems (whether phone/PC/whatever) either have some NSA designed bits (I.E SELinux) or 'backdoors' which enable them to access even the most tightly 'locked up' systems.
I very much doubt they need to release a bit of 'crapware' or an OS of their own given the above. Though I can imagine in certain cases they custom design an exploit for a particular individual or organisation they want keep tabs on, but I can't imagine they'd want to do it to ordinary phone users en masse in the manner you suggested.
They already 'passively' surveil just about everyone (I.E collect all data but tend not to look at it unless they need to), so they don't need to do what you mentioned.
In my view opensource system has an advantage that you can check the source code yourself for a potential backdoor.
Most of the ROMs here are opensource so you can download, check, compile and install.
However you do not have 100% opensource devices - you have for example radio drivers which we just trust they will send data to correct receiver and in correct format...
I don't think it is proven SELINUX introduces backdoor or was it? If yes, I'm very interested to see it.
https://en.wikipedia.org/wiki/Security-Enhanced_Linux. Everything is backdoored.
MistahBungle said:
Alright...
Intelligence agencies can already essentially look at whatever they want whenever they want via direct access to all networks. They can break a lot of encryption. Most operating systems (whether phone/PC/whatever) either have some NSA designed bits (I.E SELinux) or 'backdoors' which enable them to access even the most tightly 'locked up' systems.
I very much doubt they need to release a bit of 'crapware' or an OS of their own given the above. Though I can imagine in certain cases they custom design an exploit for a particular individual or organisation they want keep tabs on, but I can't imagine they'd want to do it to ordinary phone users en masse in the manner you suggested.
They already 'passively' surveil just about everyone (I.E collect all data but tend not to look at it unless they need to), so they don't need to do what you mentioned.
Click to expand...
Click to collapse
yes you're right. it totaaly agree.
thanks a lot for your answer.
MistahBungle said:
Everything is backdoored.
Click to expand...
Click to collapse
I checked Wikipedia SELinux Entry. I remember Linus's nodding, however there is no hint it was with relation of SELinux.
I found another discussion on this topic and I agree with the point that "It would be singularly dumb of them to inject backdoors in their own name."
Time will show.
Anyway - if you do not trust it, you can turn it off completely or use an alternative - AppArmor - which does not come from NSA.
So I found myself looking around at different smartphone related articles like I always do when I stumbled across one in particular that had me scared! The article was talking about Samsung and Google bringing Knox to android L. We all know how much of a problem Knox has been to us here at the dev community.
Anyways have a look for yourself here
skeezer308 said:
So I found myself looking around at different smartphone related articles like I always do when I stumbled across one in particular that had me scared! The article was talking about Samsung and Google bringing Knox to android L. We all know how much of a problem Knox has been to us here at the dev community.
Anyways have a look for yourself here
Click to expand...
Click to collapse
Hate to break it to you, but knox or no knox it will likely be a step up in security.
Why wouldn't it be?
Call it what ever you want, just make sure you start shopping for a dev edition.
Yes this was reported when they released the L preview because it's the first time they've included Samsung code into AOSP.
Every release of android will be a step up in security, I'm just going to move on from Verizon if it gets to the point where no boot loader can be unlocked.
joshm.1219 said:
Yes this was reported when they released the L preview because it's the first time they've included Samsung code into AOSP.
Every release of android will be a step up in security, I'm just going to move on from Verizon if it gets to the point where no boot loader can be unlocked.
Click to expand...
Click to collapse
The bottom line is that flexibility and customization will always interfere with security and both, fortunately and unfortunately, the latter is one that is of major concern to corporations.
Some of the arguments and measures are over the top but for the most part it part of technology maturing. Rooting a phone for most people here is harmless and enables a purpose, but it also opens the door to circumvent security and encrypted materials from our devices.
It seems Samsung and Verizon are open to creating a "developer" version to allow for justified valid reasons to root and customize, but the more personal and business purposes merge the more security becomes more important over flexibility.
I am not saying this makes it good or that you should like it. But it something that inevitably will continue to progress making it more difficult for complete control of your device.
Capitalism is based on profitability and adoption and if you get large corporation to endorse you methods then you have a huge revenue channel, right, wrong or indifferent.
Hopefully an innovation will come along that will enable the right balance, but only time will tell.
Personally I have recently decided to join BYOD at my work and consequently had to unroot my device, and I have to admit that I miss some aspects, but not enough to give up the convenience of having all I need in ONE device.
Just my $0.02
Well the part that had me concerned was knowing how locked down Samsung devices have become, especially on Verizon and ATT networks. I may be wrong but I think part of the reason we still haven't been able to find an exploit to unlock the bootloader is because of the tightening grips of Knox. Now don't get me wrong I understand that there is a need for security, especially in business with BYOD. I was half scared they were attempting to lock down android to that extent as a whole. As I read further into the article I had learned that some of the Knox feature I was fearing wear hard ware implemented. I think this part from the article pretty much sums it up.
"Even though Samsung is sharing many of the Knox functions with Google on Android L, they will still offer a superior security solution on Samsung devices. This is due to several features requiring deep hardware integration that can only be managed directly by Samsung. As listed on the Samsung Knox blog, the following will remain specific to Samsung:
TrustZone-based Integrity Measurement Architecture (TIMA)
Real-time Kernel Protection
Client Certificate Management (CCM)
Trusted Boot-based Key store
Remote attestation
Trusted Boot
Biometric authentication
KNOX Smart Card Support"
skeezer308 said:
Well the part that had me concerned was knowing how locked down Samsung devices have become, especially on Verizon and ATT networks. I may be wrong but I think part of the reason we still haven't been able to find an exploit to unlock the bootloader is because of the tightening grips of Knox. Now don't get me wrong I understand that there is a need for security, especially in business with BYOD. I was half scared they were attempting to lock down android to that extent as a whole. As I read further into the article I had learned that some of the Knox feature I was fearing wear hard ware implemented. I think this part from the article pretty much sums it up.
"Even though Samsung is sharing many of the Knox functions with Google on Android L, they will still offer a superior security solution on Samsung devices. This is due to several features requiring deep hardware integration that can only be managed directly by Samsung. As listed on the Samsung Knox blog, the following will remain specific to Samsung:
TrustZone-based Integrity Measurement Architecture (TIMA)
Real-time Kernel Protection
Client Certificate Management (CCM)
Trusted Boot-based Key store
Remote attestation
Trusted Boot
Biometric authentication
KNOX Smart Card Support"
Click to expand...
Click to collapse
There is a BIG difference between locked bootloaders and Knox...the bootloader is a proprietary part of the firmware, not the OS...Knox is integrated in the OS....neither have anything to do with the other. Please venture into the T-Mobile, Sprint and International S4 forums to see the effects of Knox. If you do not want a locked bootloader switch to a carrier that does not do it or phones that do not have it. I understand Verizon has even blocked the use of HTCDev on their newer HTC devices and updates. These carriers locking the bootloaders do so to have the most secure phones and be able to go after the military and commercial contracts. So again, do not think Knox has anything to do with the lock down of AT&T and Verizon....that is all between the carrier and Samsung.
m3Jorge said:
The bottom line is that flexibility and customization will always interfere with security and both, fortunately and unfortunately, the latter is one that is of major concern to corporations.
Some of the arguments and measures are over the top but for the most part it part of technology maturing. Rooting a phone for most people here is harmless and enables a purpose, but it also opens the door to circumvent security and encrypted materials from our devices.
It seems Samsung and Verizon are open to creating a "developer" version to allow for justified valid reasons to root and customize, but the more personal and business purposes merge the more security becomes more important over flexibility.
I am not saying this makes it good or that you should like it. But it something that inevitably will continue to progress making it more difficult for complete control of your device.
Capitalism is based on profitability and adoption and if you get large corporation to endorse you methods then you have a huge revenue channel, right, wrong or indifferent.
Hopefully an innovation will come along that will enable the right balance, but only time will tell.
Personally I have recently decided to join BYOD at my work and consequently had to unroot my device, and I have to admit that I miss some aspects, but not enough to give up the convenience of having all I need in ONE device.
Just my $0.02
Click to expand...
Click to collapse
I don't know, I don't understand how it would affect anything if they let a user decide if they wanted their bootloader unlocked for every device.
joshm.1219 said:
I don't know, I don't understand how it would affect anything if they let a user decide if they wanted their bootloader unlocked for every device.
Click to expand...
Click to collapse
Because the users are not always the owners. My work phone is an Apple 5s. But "My" is not really accurate. It's my employer's phone that they give to me to use for work purposes. So I'm the user, but if the owner wants it locked down, that's their prerogative.
Sent from my SCH-I545 using Tapatalk
brizey said:
Because the users are not always the owners. My work phone is an Apple 5s. But "My" is not really accurate. It's my employer's phone that they give to me to use for work purposes. So I'm the user, but if the owner wants it locked down, that's their prerogative.
Sent from my SCH-I545 using Tapatalk
Click to expand...
Click to collapse
So require owner account access then
I personally think if they did include knox in android L there would still be an option to use fastboot to unlock the device.
xXsquirr3lsXx said:
I personally think if they did include knox in android L there would still be an option to use fastboot to unlock the device.
Click to expand...
Click to collapse
This would be correct. Please see OP linked articled to see what is is actually being implemented here.