Here's the problem.
When I try to connect to my University's network , the my Galaxy S is able to connect JUST fine. However, when I open a browser it says the incoming certificate is not secure and then I have NO INTERNET on any page. It tries to redirect me to the login page for the network but fails to do so with a "communications error" and subsequent no internet access of any sort.
What the network is supposed to do is redirect me to the login page so that I can register the device to the network and login using my university account. My phone can't do that apparently and just sits connected to the network with NO INTERNET connectivity. How can I fix the problem?
This is the university network and the instructions how to get on it for Android devices:
http://www.colorado.edu/its/docs/wir...dwireless.html
I connect to it just fine but am UNABLE to get to that device registration/login page.
This is NOT just for my university. ANY public network which requires me to accept an "agreement" before it lets me have internet access, my phone KILLS ITSELF and CANNOT pull up the agreement page but instead tells me there is no internet. I'm SURE its a software problem or something with settings but can't figure out just what it is. Help?
Just about the only networks I can connect to on Wi-Fi are home networks.
You could see if your university has the (presumably) self-signed root certificate for their trust chain for their captive portal and install it on your Android device. That would make the browser warning go away.
You could also check if there is a "show security warnings" option in your browser and disable it to skip over the certificate entirely.
Or perhaps Samsung did something funky to the browser to explicitly forbid access to self-signed sites? I'm not too sure there, I only have HTC devices to test with.
Well the thing is I tried several browsers.
1. The default one that comes with Android
2. Opera mini
3. DolphinHD
All same thing. I'm now going to test with a beta build of Firefox for android (fennero was it called I forget) but its SUCH a stupid thing to not work. Every other device WORKS. Blackberries, Iphones, tablets, laptops....everything.
EDIT: The EXACT error I get is:
"There is a problem with the security certificate for this site. This certificate is not from a trusted authority." I get this AS it attempts to load the redirect login page (both university and at work now). Same issue. It's browser/certificate related. And its ANNOYING as hell.
EDIT 2: Found the problem. It's that stupid certificate.
"This is a result of your corporation using an in house Certificate Authority to provide SSL encryption on your mail server and clients.
Basically....the computer that issued the certificate isn't trusted by the android phone. I'm new to android so I'm not sure if you can add a trusted CA (I haven't seen any options for it).
I don't know about future updates like the above poster mentioned.
Most companies will purchase a certificate from one of the major Certificate Authorities on the internet, which are pre-programed into most operating systems to be trusted. Internal CA's are trusted by the domain environment at your work, but not by anyone else. External (Internet) CA's are trusted by everyone.
if you want an example, open up IE (gross I know) and go to your options. Click the content tab, then there should be a button label certificates. inside the certificates window select Trusted Root Certification Authorities.
That is a list of all the builtin trusted CA's provided by Microsoft and the companies that govern the internet. "
I STILL have no idea how to fix it and to make the phone accept the certificate though.
EDIT 3: Fennec (Mozilla Firefox for Android beta) managed to pull up the login page for my work network. Not sure if it will work for the university yet.
}{Alienz}{ said:
Well the thing is I tried several browsers.
1. The default one that comes with Android
2. Opera mini
3. DolphinHD
All same thing. I'm now going to test with a beta build of Firefox for android (fennero was it called I forget) but its SUCH a stupid thing to not work. Every other device WORKS. Blackberries, Iphones, tablets, laptops....everything.
EDIT: The EXACT error I get is:
"There is a problem with the security certificate for this site. This certificate is not from a trusted authority." I get this AS it attempts to load the redirect login page (both university and at work now). Same issue. It's browser/certificate related. And its ANNOYING as hell.
EDIT 2: Found the problem. It's that stupid certificate.
"This is a result of your corporation using an in house Certificate Authority to provide SSL encryption on your mail server and clients.
Basically....the computer that issued the certificate isn't trusted by the android phone. I'm new to android so I'm not sure if you can add a trusted CA (I haven't seen any options for it).
I don't know about future updates like the above poster mentioned.
Most companies will purchase a certificate from one of the major Certificate Authorities on the internet, which are pre-programed into most operating systems to be trusted. Internal CA's are trusted by the domain environment at your work, but not by anyone else. External (Internet) CA's are trusted by everyone.
if you want an example, open up IE (gross I know) and go to your options. Click the content tab, then there should be a button label certificates. inside the certificates window select Trusted Root Certification Authorities.
That is a list of all the builtin trusted CA's provided by Microsoft and the companies that govern the internet. "
I STILL have no idea how to fix it and to make the phone accept the certificate though.
EDIT 3: Fennec (Mozilla Firefox for Android beta) managed to pull up the login page for my work network. Not sure if it will work for the university yet.
Click to expand...
Click to collapse
Hate to revive a thread... but I'm having this EXACT problem trying to use Wifi at McDonald's in Spain.
Has anybody came up with ANY solution to this problem?
i have same problem on ma samsung galaxy s can`t connect to wi fi at mcdonalds any mecdonalds... it connects i get an ip but i can`t login it says i got no internet connection
Hate to bring up this thread, but i am having the same issue with 2 android 4.0 devices on my work network. Does anyone know the solution to this issue?
Does anyone know of any Windows compatible software that allows for Exchange 2003 email to be pushed to an Android Device?
I used to use SEVEN networks' Desktop Connector to achieve this. However, the beta ended. So I am trying to find anything [free or paid] that allows me to access my work email from my personal phone without the Exchange Administrator knowing/intervening.
Note: My company doesnt allow for OWA or ActiveSync. So these two are not options.
I got this crazy idea that I don't know is possible or not... what I want to do is set up my phone as wifi access point, then allow people to connect to it, but handle all incoming http traffic myself.
So:
Create a server (with KWS - Android web server)
client can connect to the phone
when client tries to open an http connection to any random server, this has to be intercepted by my app and handled by a local web server
Anyone knows any android app to do this ?
What you are talking about is a captive portal.
I made a simple app for this purpose. If you are a developer, I need your help to improve the app. For downloading the app and source code check this thread https://forum.xda-developers.com/android/general/guide-setup-fake-captive-portal-android-t4011689
FAX — As its name suggests, this is a service needed only if you want to send and receive faxes. If you’re not going to use, which may be the case for most people, disable it.
AllJoyn Router Service — This is a service that lets you connect Windows to the Internet of Things and communicate with devices such as smart TVs, refrigerators, light bulbs, thermostats, etc. If you’re not using these or don’t connect Windows to them, go ahead and turn it off.
Secondary logon — This service lets you log on to a standard account with admin privileges and run specific applications. It is triggered to start when a program is set to ‘Run as different user’ from the extended context menu. But if you are the sole user of your PC, then go ahead and disable this.
Connected User Experiences and Telemetry — If you’re concerned with privacy and don’t want to send usage data to Microsoft for analysis, then this service is one to go. Though some would say that such assessment of data is important to improve Windows on the whole, disabling it doesn’t affect normal usage and, frankly, one less data bundle wouldn’t bring the house down.
Program Compatibility Assistant Service — Unless you’re still using legacy software on your Windows 11 PC, you can easily turn off this service. This service lets you detect software incompatibility issues for old games and software. But if you’re using programs and apps built for Windows 10 or 11, go ahead and disable it.
Device Management Wireless Application Protocol (WAP) Push message Routing Service — This service is another service that helps to collect and send user data to Microsoft. Strengthen your privacy by disabling it, it is recommended that you do so.
Windows Mobile Hotspot Service — As the name suggests, this service is needed if you’re sharing your mobile’s internet connection with your PC. But if you don’t remember the last time you connected to a mobile hotspot service, you may look to disable it entirely.
Remote Desktop Configuration and Remote Desktop Services — These two services let you connect to other PCs in the vicinity. If you don’t need remote connectivity, disable these two services.
Remote Registry — This service lets any user access and modify the Windows registry. It is highly recommended that you disable this service for security purposes. Your ability to edit the registry locally (or as admin) won’t be affected.
Touch Keyboard and Handwriting Panel Service — As the name tells, this service facilitates touch keyboard and handwriting input for touch-enabled screens. So unless you have one of those, go ahead and disable it.
Windows Insider Service — Disable this service only if you’re not in the Windows Insider program. Currently, as Windows 11 is only available through it, you shouldn’t disable it. But if you’re on the final and stable version of Windows and are not testing upcoming features, disabling it shouldn’t be a problem.
Windows Image Acquisition — This service is important for people who connect scanners and digital cameras to their PC. But if you don’t have one of those, or are never planning on getting one, disable it by all means.
Windows Connect Now — This service is mainly meant for laptops and computers that need to connect to wireless networks and devices (camera, printers, and other PCs). But if you have a desktop setup without a wireless card, you won’t need this service and can disable it safely.
Windows Defender — This may raise some eyebrows, but we’re only recommending turning this off only and only if you have an antivirus that’s protecting your system. If that’s the case, Windows Defender would virtually be inactive anyway, as the third-party antivirus would act as your primary threat protection. Disabling Windows Defender at that point would help you free up valuable resources, without compromising the security of your device.
Downloaded Maps Manager — Do you use Bing Maps? Chances are that most of you rely on Google Maps built within your favorite browser and can’t care for Bing Maps. So find this unnecessary service and make sure that it’s disabled.
Parental Control — Again, the name says it all – this service allows parents to put restrictions on what their kids are accessing on the internet. But, as with many things brought with Vista, this is obsolete if you know how to filter content for your kids on the browser itself. Also, if you don’t have any kids around, that’s an obvious reason to keep this service disabled.
Xbox Services — Do you use the Xbox app to play games? If not, then you don’t need any of the Xbox services. These include the ‘Xbox Accessory Management Service’, ‘Xbox Live Auth Manager’, ‘Xbox Live Game Save’, and ‘Xbox Live Networking Service’. These won’t affect your daily use unless you do use the Xbox app on your PC. In that case, don’t touch these.
Security Center — This is another one of those services that only advanced users should turn off. The functionalities of this service are crucial – it scans the system for issues and keeps you posted about the system’s health, including pending updates, whether or not an antivirus is installed, UAC notifications, and other such messages you receive in the system tray. If you know how to check for these issues on your own, you can disable the service without any problems. If, however, you’re not sure how to check your system’s health, leave this one alone.
Print Spooler — Connected to the printer in the past few months? If not, then this service is useless to you. Go ahead and disable it if you’re not planning on using a printer anytime soon.
Portable Device Enumerator Service — This service is needed for making group policy changes for removable drives and to synchronize content for applications like Windows Media Player and Image Import Wizard on the removable drive. If these don’t mean anything to you, go ahead and disable it. Rest assured, it won’t affect your regular thumb drive use.
Retail Demo Service — Finally, this service is only meant for vendors and retailers who have to showcase the PC and Windows features for customers. Of course, a regular user would never need to use such a service, and so can disable it without any consequences.
Complete article here
jwoegerbauer said:
FAX — As its name suggests, this is a service needed only if you want to send and receive faxes. If you’re not going to use, which may be the case for most people, disable it.
AllJoyn Router Service — This is a service that lets you connect Windows to the Internet of Things and communicate with devices such as smart TVs, refrigerators, light bulbs, thermostats, etc. If you’re not using these or don’t connect Windows to them, go ahead and turn it off.
Secondary logon — This service lets you log on to a standard account with admin privileges and run specific applications. It is triggered to start when a program is set to ‘Run as different user’ from the extended context menu. But if you are the sole user of your PC, then go ahead and disable this.
Connected User Experiences and Telemetry — If you’re concerned with privacy and don’t want to send usage data to Microsoft for analysis, then this service is one to go. Though some would say that such assessment of data is important to improve Windows on the whole, disabling it doesn’t affect normal usage and, frankly, one less data bundle wouldn’t bring the house down.
Program Compatibility Assistant Service — Unless you’re still using legacy software on your Windows 11 PC, you can easily turn off this service. This service lets you detect software incompatibility issues for old games and software. But if you’re using programs and apps built for Windows 10 or 11, go ahead and disable it.
Device Management Wireless Application Protocol (WAP) Push message Routing Service — This service is another service that helps to collect and send user data to Microsoft. Strengthen your privacy by disabling it, it is recommended that you do so.
Windows Mobile Hotspot Service — As the name suggests, this service is needed if you’re sharing your mobile’s internet connection with your PC. But if you don’t remember the last time you connected to a mobile hotspot service, you may look to disable it entirely.
Remote Desktop Configuration and Remote Desktop Services — These two services let you connect to other PCs in the vicinity. If you don’t need remote connectivity, disable these two services.
Remote Registry — This service lets any user access and modify the Windows registry. It is highly recommended that you disable this service for security purposes. Your ability to edit the registry locally (or as admin) won’t be affected.
Touch Keyboard and Handwriting Panel Service — As the name tells, this service facilitates touch keyboard and handwriting input for touch-enabled screens. So unless you have one of those, go ahead and disable it.
Windows Insider Service — Disable this service only if you’re not in the Windows Insider program. Currently, as Windows 11 is only available through it, you shouldn’t disable it. But if you’re on the final and stable version of Windows and are not testing upcoming features, disabling it shouldn’t be a problem.
Windows Image Acquisition — This service is important for people who connect scanners and digital cameras to their PC. But if you don’t have one of those, or are never planning on getting one, disable it by all means.
Windows Connect Now — This service is mainly meant for laptops and computers that need to connect to wireless networks and devices (camera, printers, and other PCs). But if you have a desktop setup without a wireless card, you won’t need this service and can disable it safely.
Windows Defender — This may raise some eyebrows, but we’re only recommending turning this off only and only if you have an antivirus that’s protecting your system. If that’s the case, Windows Defender would virtually be inactive anyway, as the third-party antivirus would act as your primary threat protection. Disabling Windows Defender at that point would help you free up valuable resources, without compromising the security of your device.
Downloaded Maps Manager — Do you use Bing Maps? Chances are that most of you rely on Google Maps built within your favorite browser and can’t care for Bing Maps. So find this unnecessary service and make sure that it’s disabled.
Parental Control — Again, the name says it all – this service allows parents to put restrictions on what their kids are accessing on the internet. But, as with many things brought with Vista, this is obsolete if you know how to filter content for your kids on the browser itself. Also, if you don’t have any kids around, that’s an obvious reason to keep this service disabled.
Xbox Services — Do you use the Xbox app to play games? If not, then you don’t need any of the Xbox services. These include the ‘Xbox Accessory Management Service’, ‘Xbox Live Auth Manager’, ‘Xbox Live Game Save’, and ‘Xbox Live Networking Service’. These won’t affect your daily use unless you do use the Xbox app on your PC. In that case, don’t touch these.
Security Center — This is another one of those services that only advanced users should turn off. The functionalities of this service are crucial – it scans the system for issues and keeps you posted about the system’s health, including pending updates, whether or not an antivirus is installed, UAC notifications, and other such messages you receive in the system tray. If you know how to check for these issues on your own, you can disable the service without any problems. If, however, you’re not sure how to check your system’s health, leave this one alone.
Print Spooler — Connected to the printer in the past few months? If not, then this service is useless to you. Go ahead and disable it if you’re not planning on using a printer anytime soon.
Portable Device Enumerator Service — This service is needed for making group policy changes for removable drives and to synchronize content for applications like Windows Media Player and Image Import Wizard on the removable drive. If these don’t mean anything to you, go ahead and disable it. Rest assured, it won’t affect your regular thumb drive use.
Retail Demo Service — Finally, this service is only meant for vendors and retailers who have to showcase the PC and Windows features for customers. Of course, a regular user would never need to use such a service, and so can disable it without any consequences.
Complete article here
Click to expand...
Click to collapse
You can also use Black Viper's recommendations as well as the script even thought it pertains to Windows 10.
I need to run an app in Genymotion that is used for data entry and upload of the entered data into 3rd party sites. The logins to 3rd party sites are stored in this application (probably encrypted). The application will store multiple logins for my different customers of who need to have the data uploaded into the 3rd party sites. The data into the app will then be entered by other people to whom I outsource the data entry.
So I created Genymotion appliance, installed the app and in this application I entered logins for sites such as ebay. I am looking for suggestions on what can I do to secure the appliance to prevent the data being copied out from it.
I want to prevent the person to whom I outsource data entry to be able to install and load 3rd party other apps, modify system settings, install other apps, copy the system directory, copy the login and password information saved by the application.
Let's assume the worst possible case here when application is well written but the passwords mentioned above (for the ecommerce sites like ebay) is saved in plain text in this application in the internal application directory. What I know about the application is it doesn't support access to SD Card, only can read and write data to the internal memory.
What can I do in Gennymotion to improve the security of my appliance. Genymotion virtual machines are rooted. So I looked at following suggestions:
1. Setup restricted user on Android
2. Set restriction for the restricted user to only be able to use the one application. Disable anything else (including disabled browser, email, youtube etc..)
3. Try to get the restricted user loading on boot of Android. When Android restarts, however, it doesn't allow choice to login into the restricted user or the admin user, sort of like a Windows or MacOS login menu. To get the appliance to always start with restricted user by default, I need to add a script and the scripted will need to start using Tasker or MacroDroid.
However, how do I prevent the user from installing 3rd party apps? Is it good enough to disable all user apps (except that one used for data entry) from the restricted user? Is there any other way the user could abuse the access to the virtual appliance and load something there? Are there any system android apps I need to disable for the restricted user to prevent the user to be able to do anything bad with it?
The application used for data entry can not download any application or data, however, I believe it does use the webview because it loads sites like ebay and fills the forms on those sites. It only interacts with select websites only like Ebay to enter data into Ebay forms..
Is there anything I can do to secure Genymotion appliance any other than what I already mentioned. I would like to send the link to the Genymotion SaaS Android to people who will do data entry for me into Ebay and other sites. So I need to make sure the virtual appliance is secured as much as possible from tinkering with it. I need to make sure somebody doesn't get hand on the stored login details.
Just to clarify for the login credentials:
I am not sure how the user credentials are stored and I will find it out, however, for now, I go from the worst case scenario when the credentials are stored in plain text in the app settings. The user name and password is stored in the application with exception for Ebay because the many other sites do not have API key or any webservices interface, so the application would access those sites simply via a webview, and when it goes to login there it will do that by filling in the login information on the login form (simulates keystrokes). The user name and password is entered into the login form for the site. That's why the login info is stored in the application itself.
This question is not about how to secure the specific application I will be using, but how to secure the actual whole Android appliance from tinkering with.
I am aware I will the risks here, just want to do as much due diligence as I can.
Sources for Genymotion restricted user..
How to set restricted user as default user on reboot?
We would like to have an already added restricted user account be the default when we restart our Samsung SM-T580 tablets. At current we have 2 accounts installed, Admin and User The User is a use...
android.stackexchange.com
Root access - Device image User Guide
docs.genymotion.com
Done some digging so this cannot be done. Neither Genymobile or Appetize or other online Android emulators can offer fine-tuning in terms of user access. The closest is Genymobile because at least allows adding and removing access of users to individual appliances. That is however not resolving the issue with Android and in particular rooted Android, since all online emulators run rooted Android and I am not sure how that is secured against potentially malicious actors who receive access link.
The only easy way to solve it, kind of in a mickey-mousy way is to install Kiosk mode application. That kiosk app will run at every boot and it only shows the specific application. There is always risk of course the malicious user would do something to crash the application and the Kiosk app, but if the application is not a web browser or email client or similar it should be relatively safe.
There are plenty of Kiosk mode apps for Android but none of them is free (don't try to look, no chance to find one), the cheapest cost about 7 USD one-time purchase, the more expensive ones cost 20 per month per device or more and come with remote control etc... Not cheap but kiosk mode apps are almost exlusively used by businesses so that's why there is lack of free apps.
Anyhow I believe this is the closest as I could get to deal with this.