How to circumvent the Pocket PC Password - MDA, XDA, 1010 General

If you have a device password set then you think you are safe? Not necessarily if you also have some toolbar apps, like xBar or Pocket Nav.
On the xda you can get to the start menu and run programs by following these steps. For this example I use PocketNav.
Tap on the Pocket Nav icon and close the Password program.
Press the green Phone button to start the Phone application.
Type *#06#
The Start menu appears and you can now run programs that appear in the menu, and change settings and access data, but not run files in the Programs folder.
A soft reset puts the device back to normal.
8)

The password is like a car door lock--only keeps the average casual observer out. Your data is unencrypted and accessible in a variety of ways. If you have sensitive data, get encryption. Things like CodeWallet Pro are great for specific items, or get a system-level encrypter to hide contacts, schedule, etc.

Carlos said:
The password is like a car door lock--only keeps the average casual observer out. Your data is unencrypted and accessible in a variety of ways. If you have sensitive data, get encryption. Things like CodeWallet Pro are great for specific items, or get a system-level encrypter to hide contacts, schedule, etc.
Click to expand...
Click to collapse
All nice and well: you create an encrypted file-system on an SD-card. But given that the device has persistent RAM, I would tend not to trust any encryption solution at this time. I mean: anything you enter anywhere gets stored in RAM, and none of the regular Pocket PC user applications even attempt to clean up after themselves.
If I'm shown a text-aditor or an addressbook manager that was especially written to be secure, did not use things like the Pocket PC addressbook, and came with sourcecode, I could begin to trust it.

I guess it all depends on whether you need to store the launch codes for nuclear missiles or your Visa numbers. How much effort is a potential thief willing to put towards getting your device and then getting the data out?
The data in RAM can be encrypted also by most security programs. They don't create encrypted stores necessarily; they can encrypt the built-in contacts database for example.

Carlos said:
I guess it all depends on whether you need to store the launch codes for nuclear missiles or your Visa numbers. How much effort is a potential thief willing to put towards getting your device and then getting the data out?
The data in RAM can be encrypted also by most security programs. They don't create encrypted stores necessarily; they can encrypt the built-in contacts database for example.
Click to expand...
Click to collapse
Bruce Schneier said:
There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. [...]
(preface to "Applied Cryptography")
Click to expand...
Click to collapse

Heh, exactly. Most of us only need to keep the "kid sister" or a person who finds a lost device out of our data. Some may need slightly more--to prevent a lost device from divulging a company secret, for example. If you really need to keep governments from reading data on your PPC, you should probably re-think your choice of storage device for such data.

Related

Windows Mobile Security?

I'm looking for some screen locking and encryption software for Windows Mobile 6 (or 6.1).
I'm looking for software that will lock the screen and buttons when the PDA is turned on, and require a password, either PIN or button entry.
I would also especially like a poison pill where the system would hard reset after a number of password failures, or failing that, at the very least it would autodelete the internal memory and PIM data. It would also be great if such a program had an OEM install for adding to one of DCDs ROMs, but that's more wishful thinking than an actual requirment.
I would be willing to pay for this software, but freeware is my first choice for obvious reasons.
Thanks to anyone who can help out.
Currently running Telus P4000 (aka Titan) with DCD 2.3.2, but willing to reflash to get the security software runing if necessary.
ncotton said:
I'm looking for some screen locking and encryption software for Windows Mobile 6 (or 6.1).
I'm looking for software that will lock the screen and buttons when the PDA is turned on, and require a password, either PIN or button entry.
I would also especially like a poison pill where the system would hard reset after a number of password failures, or failing that, at the very least it would autodelete the internal memory and PIM data. It would also be great if such a program had an OEM install for adding to one of DCDs ROMs, but that's more wishful thinking than an actual requirment.
I would be willing to pay for this software, but freeware is my first choice for obvious reasons.
Thanks to anyone who can help out.
Currently running Telus P4000 (aka Titan) with DCD 2.3.2, but willing to reflash to get the security software runing if necessary.
Click to expand...
Click to collapse
I don't know about a program will hard reset the phone on failure to authenticate, that is a hard one. But your phone should already have a security feature were you can add a pin to lock your phone or add a longer password.
Every time you boot up it will prompt you for a password.
built in security
The built in security can be bypassed by connecting to activesync, which is one of the reasons I want to replace it.
ncotton said:
The built in security can be bypassed by connecting to activesync, which is one of the reasons I want to replace it.
Click to expand...
Click to collapse
How can you bypass it through active sync?
I mean when I set the password and connected through active sync, it wouldn't sync or read unless i typed in the pin on my phone. It prompted me first and if i was unsuccessfull it would kick me off and not let active sync work.
PIN entry on PC
It's also possible to enter the PIN from the PC side (at least with WMDC on vista), which means it's easy to brute force the PIN.
There are programs that can do this, matter of fact, there are security programs out there that can remotley flash your phone should it ever get stolen or lost. Normally they are set up that you send a certain text mesage to your phone and it wipes itself clean. I just did a google search and found this: mSecure PDA
Features:
Function
Enforces security policies Windows Mobile, Palm OS and Symbian devices
Broad platform support including Windows Mobile, Palm OS
Reliable and automatic data protection, without downgrading the user experience
Protection on device or removable media using centrally-controlled, policy-based security
Remote data destruction if device is lost, stolen or subject to misuse
Sadly
"You're just a couple of steps away from an mSuite trial... Remeber that mSuite is for Enterprises only, requires a minimum of ten users for purchase and as an installer you will need Administrator rights to your corporate server. "
Click to expand...
Click to collapse
Cite
The price is ok, if I only had to buy it once that is. It seems like most of the software that does this is enterprise only.
There's another one called SafeGuard PDA but they discontinued the single user version before they got to WM6 compatability (and the WM5 version absolutely kills a WM6 device).
WM5
For anyone running WM5 who's looking at this thread someday, PocketSecure is a great program that does pretty much everything I was looking for but sadly isn't compatible with WM6 (or at least, the version I'm using anyway).
And I thought the cold war was over.
It seems if you guys want to get some James Bond gadgetry on your phones.
I understand this because we keep highly value data in our phones, but even if we do lose our phone they are is always a way to crack any locking mechanism or security measure if they have physical access to your device.
I mean if the other person is smart enough to do so.
True enough
I'm not planning on keeping national secrets on my PDA, it's just that I would like to keep some phone numbers on there that I don't want someone stumbeling upon if I'm draft enough to lose my phone or someone is quick enough to lift it.
The annoying thing is that there's a lot of decent software like this for Palm platforms. (TealLock, etc).
ncotton said:
I'm not planning on keeping national secrets on my PDA, it's just that I would like to keep some phone numbers on there that I don't want someone stumbeling upon if I'm draft enough to lose my phone or someone is quick enough to lift it.
The annoying thing is that there's a lot of decent software like this for Palm platforms. (TealLock, etc).
Click to expand...
Click to collapse
All security measures should start at the physical level. By not allowing others to steal our phones or lose them, but if you feel that you need software to secure your phone in any way check out.
http://www.handango.com/SoftwareCat...E97X&platformId=2&osId=993&N=4294913805+95886
they have many types of software that could help you. It is a start, better to be protected then not.
[email protected]$
Sorry mate, I'm not sure if I'm just missing something there or if I didn't what I'm looking for properly...
I've looked through the handango store and while it's got plenty of good software for encrypting a file (word doc etc) and plenty of good stuff for storing extra data like passwords and credit card info, all I really want is something that will lock the PDA and the built in PIM (contacts mainly) inforamation.
I'm *not* looking for a way to encrypt my storage card or individual files in main memory (and I've already got a password managent program that encypts that data and syncs it with my laptop).
P.S. It's not like I don't plan on keeping my phone secure, but the idea is that good security STARTS with physical security, it doesn't end there.
ncotton said:
Sorry mate, I'm not sure if I'm just missing something there or if I didn't what I'm looking for properly...
I've looked through the handango store and while it's got plenty of good software for encrypting a file (word doc etc) and plenty of good stuff for storing extra data like passwords and credit card info, all I really want is something that will lock the PDA and the built in PIM (contacts mainly) inforamation.
I'm *not* looking for a way to encrypt my storage card or individual files in main memory (and I've already got a password managent program that encypts that data and syncs it with my laptop).
P.S. It's not like I don't plan on keeping my phone secure, but the idea is that good security STARTS with physical security, it doesn't end there.
Click to expand...
Click to collapse
Hmm I have looked for some apps that describe your needs and found some, but they are for WM5 ...... you can try it out and see if it works. As some cabs from WM5 still work..
Well here is another website that might help out..
http://pocketpccentral.net/software/security.htm
Other then that I would recommend using google to search for your needs due to the fact that not many people here post about this.
http://www.truecrypt.org the windows version can install a program to mount a truecrypt encoded card on your PPC, but so far I dont think it can encrypt on it.
also found this http://www.microsoft.com/downloads/...CF-EF96-4567-B817-215E24668F75&displaylang=en
Dont know if these help, worth a look maybe.

[Q] How do we protect our Android device from the CelleBrite UFED?

Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?
The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.
chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.
Any updates on this? I'm curious as to how to guard against ufed.
I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass
If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.
If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2
I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later

[Q] multi user (2 users)

I'm very confused, trying to make the leap from a PC (Windows and Linux),
where it is OBVIOUS how to distinquish one user in the household from another,
to my new B/N Nook Tablet.
Ok, so I'm now using my tablet. When I hit 'Home', my desktop shows that my logged-in email is an active app. (and so are a few others).
So, I completely power it down.
When I power it back up, I expected that my email would NOT be active.
But, it IS!
What if it was some OTHER household member who powered up the tablet?
(I do NOT want them, by default, seeing my email screen!)
Is there a solution? (Or should I just return this goofy 'tablet' to Barnes and Noble, and wait til next year to see if next-year's tablet OS works the
way most of us would want it to???)
For now, think of this tablet as a personal device such as a mobile phone. Pretty sure ICS works the same way too so it might be a long wait for you.
Ok.
Meanwhile, how do I explicitly shutdown (stop) my running apps
(e.g. my email app)?
Do I 'visit' each one, and find how each app handles stopping it?
Or, better...is there a 'task-mgr' (list) for my apps, so that I could select
them all and abort them?
You could get "advanced task killer" from the market. Not sure if it needs to be rooted or if you could just side load it.
Sent from my BNTV250 using Tapatalk
MonkeysInACan said:
You could get "advanced task killer" from the market. Not sure if it needs to be rooted or if you could just side load it.
Sent from my BNTV250 using Tapatalk
Click to expand...
Click to collapse
Hmm...I'm still a newbie to all this 'root' vs 'side-load' terminology.
Side-load just means: 'Get it first on a real PC, then plug-in the USB-cable
to the tablet, and 'move it over'?
To 'root' something seems to mean that, in Linux-terminology, I first need to
have 'root' (super-user) privs, right? (I saw a thread about how to 'root'
the device, but am unclear about DETAILS. Does it violate warranties?
(yada, yada) Also, I THINK I'm hearing that, right now, I can only use
the Barnes/Noble 'app store' and NOT to the generic Android 'app store'?
True/false?
Are you saying I might need 'root' to INSTALL the app 'adv task killer', or
to RUN 'adv task killer'? (or both?)
It sounds like you want to have some form of screen locker in place so when you power back up (or unsleep) you have to enter a code or a pattern. This prevents unauthorized access to your personal tablet.
You should be able to activate it from the settings menu.
Concerning multiple logins, the presumption is one user per device. As to 'working how "most of us" would want it to'... Most people do prefer it this way. If someone else wants their own tablet, they should get their own tablet.
>the presumption is one user per device.
This is a legacy of Android still being a phone OS. Tablet is a more social device, and safe bet is that multiuser acct handling will show up at some point. Hopefully, soon. Else, Win8 will do what Android can't.
Android still has a lot of holes it needs to fill, and I'm not talking about apps.
---------- Post added at 10:05 PM ---------- Previous post was at 09:56 PM ----------
@OP
You don't need to "close" apps in Android. The OS manages memory as needed per least-recently-used basis. Using apps such as "Task Killer" is inefficient and will shorten battery life. There've been many articles/posts written on this topic. Google to find.
What's recommended is to run something like System Panel (free app in market). Over time, it'll give you a profile of which app is eating up the most battery. Use that to remove apps that are power-hogs.
At least on my Android cell phone, hitting the Home key leaves the current application running. Hitting the "Back" key ends the application. Not sure if the NT has a "Back" function...
rmm200 said:
At least on my Android cell phone, hitting the Home key leaves the current application running. Hitting the "Back" key ends the application. Not sure if the NT has a "Back" function...
Click to expand...
Click to collapse
The NT does have a back key, but that behavior depends on how the app was designed and it not true for many apps. In fact, because of what e.mote described about Android's design for "backgrounded" apps, Google recommends that apps not be designed to close itself with the back button, menu command, etc except for special circumstances.
e.mote said:
>
[...]
@OP
You don't need to "close" apps in Android. The OS manages memory as needed per least-recently-used basis. Using apps such as "Task Killer" is inefficient and will shorten battery life. There've been many articles/posts written on this topic. Google to find.
What's recommended is to run something like System Panel (free app in market). Over time, it'll give you a profile of which app is eating up the most battery. Use that to remove apps that are power-hogs.
Click to expand...
Click to collapse
Ah, but that's the question/issue: i.e. I WANT to close this particular app (email), for
security reasons!
Are you saying that apps in Android are often NOT programmed with a
mechanism to STOP them?
By design, yes - most apps are not programmed to fully stop themselves - they remain resident in memory in case you return to that app - it reduces load times and allows content viewing sites (news readers, downloading the newest emails, periodic alerting tools, etc) to work in the background so the information is available when you want it without having to do a load at the time you bring up the app.
Any app that's paused (not the current focus) may be asked to relinquish resources by the OS in order to allow another app (with the current focus) the ability to run. This is all handled by the OS, and applications are expected to always be interruptable, thus constantly persisting their state as they are being used. This allows for something else to interrupt (such as a phone call or selection of another app, or an alert from your alarm program) with a reasonable expectation that whatever you were doing wasn't lost.
The security built into Android is the ability to require a passcode or pattern to unlock the phone when coming out of a sleep state. Failing to set that pattern or passcode is a failing of the user, not the OS.
Phones and Tablets, from the android perspective, are an extension of the person. Though I sometimes use my wife's NookColor, or she mine - it is a rare thing and any use beyond that by friends is always supervised.
Other tablet OSs may have the concept of 'logging in', but not Android.
So, I'm screwed? No way to get her email logged in?
Hmm...I HOPE I'm still missing something simple. (Otherwise, I'm
screwed, and I'll have to return this diabolical BEAST to the store.)
This unit is a gift for my wife for Xmas.
To familiarize myself with it, I setup and logged-in to my
Gmail acct.
Of course, NOW I want to:
'Log out' of my gmail, and setup the 'email app' to login to
her email (non-Gmail-based). [And, have THAT one be the
always-open email-acct, (tho I do NOT LIKE this 'feature'
of always-logged-in at all!)]
How do I do that? ('Rooting' this Nook Tablet is NOT an option, so
if that's part of your proposed "solution", forget it.)
TIA...
cookdav said:
Hmm...I HOPE I'm still missing something simple. (Otherwise, I'm
screwed, and I'll have to return this diabolical BEAST to the store.)
This unit is a gift for my wife for Xmas.
To familiarize myself with it, I setup and logged-in to my
Gmail acct.
Of course, NOW I want to:
'Log out' of my gmail, and setup the 'email app' to login to
her email (non-Gmail-based). [And, have THAT one be the
always-open email-acct, (tho I do NOT LIKE this 'feature'
of always-logged-in at all!)]
How do I do that? ('Rooting' this Nook Tablet is NOT an option, so
if that's part of your proposed "solution", forget it.)
TIA...
Click to expand...
Click to collapse
There should be an option in the Settings section to add and remove email accounts. I don't have a NT but that's pretty standard as Android devices go.
I have to say you seem to have a lot of misinformed expectations of the Android/Nook experience. Keep remembering that the software was originally developed for mobile phones, so expecting things to be done in the same way to a desktop OS is gonna cause you grief.
tomegranate said:
There should be an option in the Settings section to add and remove email accounts. I don't have a NT but that's pretty standard as Android devices go.
Click to expand...
Click to collapse
Ah...'should' is the operative word. But, I do NOT see any such option.
I have to say you seem to have a lot of misinformed expectations of the Android/Nook experience. Keep remembering that the software was originally developed for mobile phones, so expecting things to be done in the same way to a desktop OS is gonna cause you grief.
Click to expand...
Click to collapse
Hmm...I'd characterize my expectations quite differently. This is the FIRST
(and I hope LAST) implementation of an 'email reader' that was designed
with NO WAY to log out/close down. Common sense SHOULD dictate
that they'd provide a way to log-out or reset to a different email-acct,
but so far, there's NO SIGN that anyone had any common sense.
Hey, maybe the 'crime-stoppers' (aka 'big brothers'/homeland-security) folks
asked for this 'feature'. It will make it easier now...they can just say:
"Great...there's her B/N Nook Tablet! She can't have logged out, so just look
thru her emails, and see who she's been corresponding with."
Right now, my opinion of this beast is worse than the 'Hotel California':
Last thing I remember, I was
Running for the door
I had to find the passage back
To the place I was before
�relax,� said the night man,
We are programmed to receive.
You can checkout any time you like,
But you can never leave!
Hell, on a Nook, I can't even checkout!
cookdav said:
Ah...'should' is the operative word. But, I do NOT see any such option.
Hmm...I'd characterize my expectations quite differently. This is the FIRST
(and I hope LAST) implementation of an 'email reader' that was designed
with NO WAY to log out/close down. Common sense SHOULD dictate
that they'd provide a way to log-out or reset to a different email-acct,
but so far, there's NO SIGN that anyone had any common sense.
Hey, maybe the 'crime-stoppers' (aka 'big brothers'/homeland-security) folks
asked for this 'feature'. It will make it easier now...they can just say:
"Great...there's her B/N Nook Tablet! She can't have logged out, so just look
thru her emails, and see who she's been corresponding with."
Right now, my opinion of this beast is worse than the 'Hotel California':
"You can checkout any time you like, But you can never leave! "
Hell, on a Nook, I can't even checkout!
Click to expand...
Click to collapse
But you can lock the tablet.
The option is there. I don't have my NT in front of me, but there is an option to remove B&N account settings and wipe the device. That's what you want. It will remove everything that you set up.
As far as your opinion that this is the first such email program that doesn't log out...there has never been a smartphone OS email program that logs completely out, or one that allows multiple users. Android was developed for Phones. The expectation is that you will use your phone, not share it with 10 people with each of them having their own settings.
Something that you are referring to is available, but not from an Android, Blackberry or iOS device. You would have to get a Windows (not Win Mobile) tablet, which will not work as well (yet) as any of the other OS's because it was not designed specifically for the hardware it's running on.
Easy way to have what you want on this tablet: Don't set up email using the built in email program. Use the browser and don't have it remember the password.
@OP
Your expectations aren't unreasonable. It's just that Android-on-tablet is still very much a work in progress, and you along with all of us are beta testers.
Multiuser handling is just one of many issues that have arisen. In the Kindle Fire forum, there are complaints about not being able to disable one-click purchasing for when handing the KF to your kids. iOS has had the same issue, and has a partial workaround. Until Android supports multiuser, there is no good solution.
For e-mail, you can try various email clients to see if any supports discrete logins/logouts (and of course pulling mail from your webmail account).
http://google.com/search?q=email+apps+for+android
cookdav said:
Ah...'should' is the operative word. But, I do NOT see any such option.
Hmm...I'd characterize my expectations quite differently. This is the FIRST
(and I hope LAST) implementation of an 'email reader' that was designed
with NO WAY to log out/close down. Common sense SHOULD dictate
that they'd provide a way to log-out or reset to a different email-acct,
but so far, there's NO SIGN that anyone had any common sense.
Hey, maybe the 'crime-stoppers' (aka 'big brothers'/homeland-security) folks
asked for this 'feature'. It will make it easier now...they can just say:
"Great...there's her B/N Nook Tablet! She can't have logged out, so just look
thru her emails, and see who she's been corresponding with."
Right now, my opinion of this beast is worse than the 'Hotel California':
"You can checkout any time you like, But you can never leave! "
Hell, on a Nook, I can't even checkout!
Click to expand...
Click to collapse
Jesus guy, it's not an 'email reader', whatever that means, it's a mobile tablet computer, and it handles email accounts the same way as all tablet computers that use a mobile OS (ones based on Android, iOS, and presumably webOS and Blackberry too), because they're designed for personal, individual use. Smartphones don't have a way to log out of your email account in the way you're expecting, and neither does a modern tablet.
If this is the first time you've used this type of device, you need to exercise more patience before you start stamping your feet, otherwise people are gonna be unwilling to help you.
I'm 100% certain there is a way to remove your email account from the device, you just haven't found it yet. This is very likely not the fault of the device! Did you even read the user manual? http://img1.imagesbn.com/pimages/nook/tablet/mediakit/userguide_NOOKTablet_111115.pdf
Reset the unit to factory standard and put it in the box, it is an option under 'settings' and will return it to the "as-purchased state" with all data wiped.
Then decide if you're returning it or wrapping it to give to your your wife.
In the future, consider letting the person receiving the gift having the pleasure of opening a unit in pristine condition. My wife would kill me if I "pre-opened" an electronic device intended for her "to familiarize myself with it". Let that happen on the day she opens it, after she's decided she needs help. I think it's deplorable that you've cracked the seals and denied her the experience of opening something new.
If you want to 'log out', then you have to shut the device down instead of leaving it in 'sleep mode'. No power means the apps aren't running (unless you or the OS have set them up as background processes). When you turn it back on, you'll realize quickly that there is no 'select profile' or 'choose user' function because it is designed to be one device for one user.
If the user wants security to prevent other people from reading sensitive information, they should set the screen lock code in the settings menu.
-=-=-
At this point, I believe you have all the information you need:
1) Devices are intended to be single user, by design, regardless of your desire to have them be otherwise.
2) Use the built in screen lock capability if you are concerned about sensitive information being viewed.
3) You should reset the device to factory settings via the settings menu to wipe all data you've entered and return it to a nearly 'as new' state.
4) You should not be playing with your wife's new device and instead allow her to experience the setup guide and walk through the configuration of the device in the way she desires.
If there is another specific question about how things work or operate, please ask. If there are further conspiracy theories I'm sure there are better forums for that than this one.
Wow. lotta words - no Solution...
You're going to have to factory reset the device:
Settings>Device Info>Erase and Factory Reset
Once its resets, enter your wife's information.
You seem to think that phones and Pads run like Windows where you can log out as yourself and no one can see your email. Phones and pads are single user devices and will not work like Windows. Even Windows phones and pad don't operate like that.

[Q] Password Protect QuickOffice Files

Hi there, i have a quicksheet on my Razr in which i save a few of my bank details that i may need on person at all times due to nature of my job. I need to password-protect that file of mine. Any ideas???
There is no way I would store that on my phone with a simple spreadsheet password. They are easily cracked.
I would find an app that would encrypt the file to your password. I don't know if there is an equivalent of Truecrypt for Android.
I heartily agree with 85Gallon... but... if nobody is going to lose money or their job if this info is discovered, then you might consider App Protector by Clutch Mobile (formerly Carrot Apps). It will password protect any app. However, any serious player on XDA could circumvent it fairly quickly. App Protector does not encrypt anything. It just puts a lock on apps that might access that data -- and it's not that great of a lock.
If you work for a bank and you need to keep a list of addresses, Managers and their personal cell numbers, maybe this is enough. If you're storing anything more critical, listen to 85Gallon and find a better solution.
I would suggest "Sec Notes". It stores data encrypted using AES encryption in a database. Notes can be Notepad, Spreadsheets and checklists. Spreadsheet supports formulas too, so it might match what you want. Best part is it allows automatic backup to Google Drive and Dropbox. You can also backup to SD cart manually any time.
https://play.google.com/store/apps/details?id=com.skipser.secnotes
85gallon said:
There is no way I would store that on my phone with a simple spreadsheet password. They are easily cracked.
I would find an app that would encrypt the file to your password. I don't know if there is an equivalent of Truecrypt for Android.
Click to expand...
Click to collapse

Secure compromised device

Hi everyone! This is my first post, but I have used the search tool already without success. I am just a user, not developer and quite noob regarding mobiles and security.
Situation
1. I've got hacked, total control (photos, emails, camera, contacts, whatsapp, screen etc) of my unrooted android phone (xiaomi redmi note 7).
It was a targetted attack, no manual app installed, no unsafe 3rd party apps allowed. Attackers only had my gmail account (linked to android) and telephone number. I know them personally, and they leaked personal information to people at work (who enjoy it between them but won't help me at all).
No high consumption of battery/data. Just leeching information, launching some apps eventually, and few interactions with the screen minimizing etc.
2. I Installed antimalware (e.g malwarebytes), antivirus (avg, esset etc). No positive results. I also installed "Noroot firewall" to control programs accessing internet, nothing strange.
3. I've changed emails(new), SIM + Telephone. Got hacked again. I suspect my own wifi was compromised.
Additionally, added 2 step verification to emails, changed passwords, encrypted the device etc. I have found no IP from them in the emails log, nor alert from gmail. Only once a session from Linux device (not mine). I believe they have accessed through the device.
4. I want to restore the device somehow and avoid getting hacked again.
One of the problems I face is taht that now I'm not in the same circle of people from which I gathered most of the info on the leaked information, so I can't get to know if the actions I am taking got rid of the hack, besides some punctual actions they may do (launch app etc). So I have to act quite paranoid and do the most secure action.
Question
1. Any idea on how they managed to do that? how can I prevent it or prove it? a reset would get rid of any proof, but I kinda prefer it if it is once and for all.
2. A hard reset only formats one partition (user data), so if there is a trojan located in /system it would be pointless. With an unrooted device I can only get rid of /cache and /data.
Should I install another ROM?(my phone has always been unrooted) which one? (restoring the stack ROM would probably be pointless if the vulnerability is due to android...
3. Is there any other measure I could take?
I'd appreciate any help.
Thank you!

Categories

Resources