Hi,
I have just upgraded my Note2 to 4.4 - clean install. I have mostly set it up, when I noticed i requires PIN for storing a VPN connection or a CA certificate. However I was used to the gesture lock screen, but pin makes it harder to access while driving and other activities, so it's definitely not appreciated.
I have read some forums, and the general answer was to simply clear the credentials, but I want to keep my CA certificates, and my VPN connections, I just don't want this kind of security. I have also tried this: http://forum.xda-developers.com/showthread.php?t=2253123 but with no success - Sqlite manager can not find table locksettings (the other two are shown).
So, can anyone help me with this? I am definitely not using PIN, I'd rather set up some enormous timeout, which really is questionable from security point of view, but still better for me than typing that st*pid PIN each time.
Related
(NO ROOTING REQUIRED. Secure Settings will encourage you to root but skip that, its not neccessary for this trick to work)
I know many, like me that is annoyed that you are FORCED to have a PIN/pattern/password lock when you use secure credentials to manage your VPN connections, and saved passwords for websites and such.
Here is the solution. It requires you to buy a specific app on market, the app is not mine, and is rather expensive, but the app is very useful for other purposes too so its really worth the money.
1: You need to gather these apps:
Secure Settings: https://play.google.com/store/apps/details?id=com.intangibleobject.securesettings.plugin (FREE)
Tasker: https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm (6$)
When you're done buying Tasker and downloading Secure Settings, do this:
Enable Device admin for Secure Settings (Settings-->Security-->Device Administrators-->check "Secure Settings").
Initalize data storage. Set the pin to 0000
To initalize data storage, you can set up a VPN connection or save a password. Data storage is successfully initalized, when you no longer can disable PIN protection. (When the topmost 3 alternatives are greyed out). If you still can disable these, data storage is not initalized and is empty.
Now go to Tasker, and set up this:
Tasks -> (+) -> name: "boot"
Add Task: Task->Wait. Set Delay to 30 seconds
Add Task: Plugins->Secure Settings. Edit. Then set Password/PIN to ENABLED, pick the radio button "Pin Code", enter the PIN 0000 in both boxes.
Add Task: Task->Wait. Set Delay to 5 seconds
Add Task: Plugins->Secure Settings. Edit. Then set Password/PIN to DISABLED.
Save the task.
Now go to Profiles, name the profile "boot", select Events->System->Device boot.
Pick the task "boot".
Save, enable tasker - done.
Reboot your phone
NOTE: The device needs about 1-2 minutes to decrypt your saved credentials at boot, during this time, attempting to access VPN settings or saved password will render a password dialog. Just cancel the dialog and wait a little bit more.
The reason you need to set a PIN to 0000 before clearing it, is so Secure Settings can save your current PIN in memory, else it wont decrypt secure storage. It takes some seconds to commit the PIN set, why you need to wait 5 seconds before clearing the PIN. When you clear the PIN after this, Secure Settings will also decrypt your Secure Storage.
The reason of waiting 30 seconds at boot is because Android is extremely busy at startup, so task executing the first 30 seconds isnt reliable, so you need to wait a little before doing anything.
Enjoy your PIN-free, Pattern free, Password free lockscreen on your VPN enabled device with saved website passwords.
(NOTE to android developers: I Really hope you do NOT do anything to this. If the user want to have unsecured credentials storage, let them have. The setup here is pretty complicated so its nothing you do at mistake and then think your phone is protected. Its not a loophole either because you need to know the current PIN/Password to set up this)
qustion re
Hey Sebastian thank you so much. This worked great for me. But I didn't really understand how all this worked.
So, I just wanted to ask you if I can remove the Tasker and the Secure Settings? If i remove them, will the VPN retain the saved login and password, and will I still be to open my phone without pin?
Thanks!
free soloution
hi
i was searching for a soloution for this problem and i found this useful topic.
http://forum.xda-developers.com/showpost.php?p=25624825&postcount=13
this is the free and easy soloution.
Thank you for saving me the trouble.
Working well your method on OS 4.2.1
Thanks Sebastian
Works a treat for me but i do have a Tasker "no active profiles" icon at the top of my note 2
any thoughts?
Thanks ... superb method and great instruction to do it .
thanks
this was bugging me for days. I tried to change locksettings.db but samsung security wouldn't let me. Also tried the forgot pattern and signing with google account method but it doesn't work after reboot. You method did the trick. thanks for the solution.
how is it supposed to work?
I followed the instructions.
However on the tasker icon in the top left I see 'No active profiles'
However I do have a profile 'on boot' like described and it is set to 'on' (green icon).
Tasker is enabled.
When I reboot the tablet (nexus 7) it still asks for the pin.
These instructions are missing acceptance criteria so not sure what should happen next.
Thanks,
G
Hello Guy's,
we are testing the S3 for Enterprise use. We also want to use the Device Encryption Feature.
When i want to Encrypt the Device it Says i need a least a 6 Character long Password with one Number in it for the Sreen lock.
Thats maybe more Secure but a little to complicated for Every Day use.
Samsung E-Mail Support told me that is it Possible, to encrypt the Device with Pin Screen lock only.
But if i have a Screen Lock with Pin the Device won't start Encryption.
Can Somebody confirm that, or tell me what i'M doing wrong?
Basicly on my HTC Legend with ICS Custom i saw that PIN Only Encrpytion is Possible on ICS.
Regards
Steven
First off: encrypting with PIN is as secure as not encrypting at all - you really don't want to do that if you're not only using it as a gimmick but to actually keep your data save and secure.
That said, I think it's possible the same way as I did it on the S2.
With a custom app that triggers the encryption w/o forcing you to set a specific password first.
// EDIT
Connecting to an Exchange Active Sync server with a security policy set up to your needs might work as well.
Hello Hellcat,
BIG thank you for your reply. Setting a Active Sync Policy with 4 Chars allowed me to encrypt with pin.
i didn't know that Active sync is that powerfull out of the box.
The Interesting Point is that the Settings of the mobileiron device Managment Software didn't work, although i had the same settings.
I know that a 4 Char Pin ins't really secure, but it will still lockout 95% of random people how find a lost device.
And theres always a trade off between security and usability.
regards
Stefan
Kinda Sorta Similar
I normally just lurk and observe the talent around here, but I had to register to voice a kinda sorta similar issue. (watched noob video)
The balance between security and usability with the standard encryption scheme seems problematic. I'm pretty sure I have an original gameboy that can crack a 4 digit passcode, but I don't want to have to enter 20 characters every time just to unlock the screen.
I want to be able to have a strong password on boot, but have a separate weak password lock screen. I think that would fix the problem of usability while maintaining strong security. Is there anyway to do this?
Are there any groups or projects that include or work on user friendly encryption?
Hi,
I'm looking for a screenlock app that will enable me to lock my phone (ie requires a password) when accessing from the lock screen.
However there is a catch. What I want is to be able to enable it with a simple activation, rather than having it on all the time, or enabling it through settings all the time. I find it annoying being on all the time, but it is useful to have at times.
I have have googled, but was unable to really find anything suitable.
Cheers
You can use a program called llama to automatically set your screen password (depending on location, time etc.) or maybe a password delay.
Sent from galaxy n7105
You can use llama or its similar app called "Tasker".
I've spend hours trying to find a solution to this brutally obvious shortfall, with no luck.
There does not seem to be a secure way to lock or password protect an individual app. Sure, there are lots of app lockers out there, but they are easily defeated be just restarting the phone in safe mode where they will be disabled.
Some could argue to have a stronger lock screen, but nobody wants to input a long strong pin every single time they pick up the phone to use a text.
The ideal would be to have a simple pattern on the lock screen for basic unlocking and access to most of the system, but then have the option for a long password or pattern for the couple of sensitive apps that need it.
It seems so obvious, any reason why it doesn't seem to exist?
I am the mobile device manager for my company. We use Samsung Tab S4 tablets (Oreo 8.1) and Mobicontrol MDM for field workers and have been experiencing issues that we have not been able to recreate. The app in question is CAPI by Confirmit. We have been working with their devs but so far they have not been able to explain what is happening.
We have an alert set up in Mobicontrol to alert us to excessive memory usage but every time we receive the alert we have to hope to catch it in time to be able to remote tot he device to have a look but we have yet to be able to catch it in the moment, by the time we gain access the condition has subsided. Sometimes we get the RAM alert only, sometimes we get it in conjunction with an app crash, sometimes the app crashes without an alert. It may be that the memory spike is too brief to trip the alert, or it may be that they are only coincidental and not related at all. we just don't know.
I have been trying to find some sort of "flight data recorder" equivalent that can run on these devices that will be monitoring so that when the app crashes, or when a preset memory threshold has been exceeded, we can inspect the recorded data from the time previous to the event to hopefully identify the cause(s). So far I have been unable to find anything that does this, and my efforts at using Tasker, Elixir 2 with E Robot, MacroDroid, etc have been unsuccessful.
One of the major limitations we face is that the devices are in the hands of technically unsophisticated users. We lock down the devices fairly tightly using Mobicontrol application whitelists to limit what they users can do, but whatever solution we might come up with would have to be able to be communicated to and reliably executed by these non-technical users.
I thought maybe that enabling Developer Options and configuring debugging in the power menu would be an easy way to get debug logs but we don't permit Google or other accounts so email, Drive, etc are not options and I can't figure a way to save the logs to a local folder accessible by Mobicontrol so we can remote to the tablet to retrieve it. Nearby devices, Wifi Direct, or adb/USB connections don't work, either.
Any ideas? Would appreciate any thoughts or comments that might help us drive toward resolution of this problem.
Thanks!