Hey,
I found a software for everyone who daily forget their private information , like mail account passwords or paypal information. The software is called PIN Manager and is developed and distributed by valuephone! This is the link to their website: www.valuephone.com. If anyone wants to use this software, he must create an account at the website. So you can sync and edit your stored data in the portal. That’s extremely easy and no strange typing on a touchscreen to enter information. The data itself is secured with an own pin, so no one else can use the program.
gomac
The plus is it seems to be free, the negative is that you are entrusting all your sensitive data to a third party.
I am currently using SplashID. Whilst it is not free it keeps my data under my control and allows me to edit it all on the PC and then just synch to my Xperia.
You can also use Keypass, which is free and allows you to encrypt all your passwords, usernames, pins, etc using one masterpassword and/or keyfile(s).
Georgeous2008 said:
You can also use Keypass, which is free and allows you to encrypt all your passwords, usernames, pins, etc using one masterpassword and/or keyfile(s).
Click to expand...
Click to collapse
Or the new Cryptowallet for free!
Main Features:
* Strong encryption and password protection ensures the security of all of your information
* User-friendly login panel to eliminate key loggers threat.
* Predefined Templates, Icons gives you more than 30 templates for different kinds of information you may need in your daily life
* Smart Card Fields. There is a number of specific operations you can do with your card directly form Crypto Wallet just by clicking the appropriate card field
o Make a phone call
o Send an Email
o Go to a website
* Compatible with the Pocket PC 2003, Windows Mobile 5, 6 OS
Related
Please read these 5 ideas I have and then make a vote to the app you would love to use the most and would most likely donate towards serious (and opensource!) development. If you are unclear about anything, please ask before voting! Thanks.
1. Better FaceBook Sync - like BookSync, but instead of being restricted to Facebook's ToS it would use the html interface to additionally sync these infos:
* Sync all friends photos with captions tags and comments for offline browsing.
* Phone numbers
* Email addresses (yes, I am aware it's a .gif)
* Addresses
* Facebook Events (and Friends' events)
* as well as profile pics (high res), date of birth (for birthday reminders), name (girls who marry update on your phone instantly)
* option to only silently sync when using wifi (and of course, only updates get pulled down)
2. Better Lock - replace the default WM 6.x security lock feature where you enter a PIN every 24 hours or so, with a much more friendly AND more secure version:
* Incremental Challenge/Response: Have your PIN as 8 or so digits but every 12 hours or so (configurable) it will ask for just 1 digit ("Enter the 4th digit of your PIN"). Enter it wrong and it'll ask for 2 digits now. Wrong again.. 4 digits and so on. Additionally, every 24 hours or so, ask for extra digit.
* While locked, allow for basic functions such as wifi on/off, email/text/call anyone already in address book, turn device off, allow reading of texts that contain a magic password (so owner can communicate with "thief").
* Button to show owner info (incase it's lost) with sub-button to call owners emergency contact number
* 3 invalid attempts = phone texts and calls emergency number and/or integrates with RemoteTracker
3. Better Marketplace - like Microsoft Marketplace and AppToDate merged with improvements
* Microsoft Marketplace requires each dev to upload and maintain thier app (never gonna happen with 100% esp abandoned but still useful apps)
* AppToDate is abandoned? Last update 2008..
* Allow free software only!!!!
* Allow trusted mods to upload apps on behalf of devs, making this BetterMarketplace very comprehensive
* UC compatible & allowing user to record installed apps to our server so after hard reset you can enter user/pass and automagically get all your favourite apps installed
* Compatibility Matrix: only apps that work on your phone are displayed (eg, qvga/vga and wm5/wm6 and so on)
* Popularity Contest: rank apps based on usage in total minutes. This way, only the truly useful apps get to top of list
* Install via web.. using your user account, you can click to install from the Web interface... and your ppc will amazingly start to install it! ppc application interface will exist too ofc.
4. Mobile Proxy - a http proxy on your phone that modifies your web experience via plugins ideas such as:
* Google Maps Mobile - allow supercaching.. which means remember map segments forever on SD card. Perhaps even precaching your area.
* Windows Live Messenger - allow use of MSN when offline. I often turn my phone on/off often and drives friends insane as they see me go offline..online..offline..online. To solve this, this proxy plugin could re-route MSN protocol via our desktop computer so that a) we can sign into multiple locations, something the ppc app doesnt support yet and b) we can receive and view messages we missed while ppc was offline, same for sending msgs could be queued.
* Ad blocker, flash blocker, javascript blocker
* Send custom headers to custom http servers (to fake/force mobile or desktop view per site)
5. Email Redefined - not too sure about my competence to pull this one off though.
Instead of receiving a torrent of email to my device, half of which I don't care about, separate emails into 3 distinct channels:-
1. General crap. When received has no notification, not even a number next to the titanium email plugin.
2. From humans not in my address book. New senders get an instant reply asking them to complete a captcha if they want my mobile to buzz.
3. From friends who are in my address book. I would get a sound played, much like a 'new SMS' sound, and titanium would show "1" next to email.
* If possible with Mobile Outlook, treat facebook inbox-messages as emails.. so buzz, play a sound, and allow reply (via fb).
* If possible (might cost the user), add email push facility whereby the phone receives a hidden SMS text when you have a new email worthy of a beep/buzz, wakes up (but with screen still off and device locked), connects to data (wifi/3g, as configured), gets the email, then beeps/buzzes.
Better Facebook and Marketplace definitely! Those are a must!
Can't decide between Marketplace and Proxy. I LOVE your ideas for marketplace, but I've been wanting to sign into multiple locations since I've had IM on my phone. I hardly ever sign into my IM's because of it. I think I'm going with Marketplace with Proxy being a close second.
Bump (1 of 2).
It would be useful if some of you could post a reply like the above 2 people did too.. as it seems voting in a poll does not bump this thread.. (a forum bug imho). Also useful if anyone can point out competition (free or payware) to each and any of my ideas, unless already mentioned. Thanks!
Bump (2 of 2)
Facebook !
Ciao
I've started on the most popular idea, any alpha testers PM me (your msn address preferred)
facebook sync at http://forum.xda-developers.com/showthread.php?t=621538
Better FaceBook Sync all the way......
I work for an IT firm, and often when we go onsite we end up having to retrieve user passwords for various reasons. Right now our options are to:
A) Print out the site's password sheet and take it with us
B) RDP back to our company network and lookup each password as needed
The first solution is rife with security concerns, while the second is a pain in the butt.
What I would like to do is set up a background wifi sync at the office with my android tablet, so every time I leave the building I automagically have up-to-date files with me. But also store them in an encrypted folder or format, so if the tablet gets lost we don't have to reset many hundreds of client passwords. I am not at all opposed to buying an app, or more than one if this can be accomplished in a convenient and secure way. Any ideas?
Dropbox? Preferably combined with storing the passwords in an encrytped database such as keepass?
Really, you want confirmed sign off from your management here. ****ing up with a customer password database (say you lost your phone) is a Career Limiting Move.
Sent from my GT-I9100 using Tapatalk
seems to many permissons...
THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
HARDWARE CONTROLS
TAKE PICTURES AND VIDEOS
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.
YOUR LOCATION
COARSE (NETWORK-BASED) LOCATION
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
Hide
HARDWARE CONTROLS
CONTROL VIBRATOR
Allows the application to control the vibrator.
NETWORK COMMUNICATION
VIEW NETWORK STATE
Allows an application to view the state of all networks.
VIEW WI-FI STATE
Allows an application to view the information about the state of Wi-Fi.
ksoze11 said:
seems to many permissons...
THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
HARDWARE CONTROLS
TAKE PICTURES AND VIDEOS
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.
YOUR LOCATION
COARSE (NETWORK-BASED) LOCATION
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
Hide
HARDWARE CONTROLS
CONTROL VIBRATOR
Allows the application to control the vibrator.
NETWORK COMMUNICATION
VIEW NETWORK STATE
Allows an application to view the state of all networks.
VIEW WI-FI STATE
Allows an application to view the information about the state of Wi-Fi.
Click to expand...
Click to collapse
Yes it is safe, it needs the permissions for geotagging, letting you share pics online, save pics to sd card, keep phone awake while using app etc. Not sure about the log permission though, it might be to read and send them error reports.
Dave
Sent from my LG P920 using Tapatalk
Camera 360 privacy concern
I still suspect it... Why in the heavens would it need these 3:
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
I just ran it and it only tried using two things, one was gps and one was imei.
The location is for geotagging and I would think it uses imei to identify you have right to use it as it was a paid for app originally and this permission may have been left in.
I use lbe privacy guard and these permissions were all it tried using, blocked both with lbe and app still works so maybe you could try that if your concerned.
Dave
Sent from my LG P920 using Tapatalk
Thanks! I'll try both that privacy guard and the app.
does this blocking thing work with trektrak mobile security as well?
I'm after the advice of someone who knows about Android permissions and security.
I'd like to make use of this app - https://play.google.com/store/apps/details?id=com.faradayinstitute&hl=en
That requires these permissions:
This app has access to these permissions:
Your messages
receive text messages (SMS)
Network communication
full network access
view network connections
view Wi-Fi connections
Phone calls
read phone status and identity
Storage
modify or delete the contents of your USB storage
Microphone
record audio
Your social information
read your contacts
modify your contacts
read call log
write call log
Your accounts
find accounts on the device
System tools
send sticky broadcast
test access to protected storage
Affects battery
control vibration
prevent device from sleeping
Your applications information
run at startup
Audio settings
change your audio settings
But isn't that list of permissions completely OTT? I expressed my concerns to them and received the following reply:
I am writing to update you with regards to your enquiry about the Faraday App. I have been in touch with our developers and they have informed me that although this is a long list it is quite common with Android. They are currently working to see if they can reduce the list, however, there is nothing to worry about since you know the origin of there App, The Faraday Institute, and therefore can easily determine whether you wish to allow access (if it is a source you trust/is reputable etc..). The reason they need access to some parts is simply to add their details to your phone, (access your phone book for example is only to add The Faraday to your contacts).
I hope this answers your query for now. I will update you when I receive more information from the developers. Please feel free to contact me if you require further assistance.
I'm no expert but it doesn't really seem satisfactory - or am I worrying necessarily?
Ergates said:
I'm after the advice of someone who knows about Android permissions and security.
I'd like to make use of this app - https://play.google.com/store/apps/details?id=com.faradayinstitute&hl=en
That requires these permissions:
This app has access to these permissions:
Your messages
receive text messages (SMS)
Network communication
full network access
view network connections
view Wi-Fi connections
Phone calls
read phone status and identity
Storage
modify or delete the contents of your USB storage
Microphone
record audio
Your social information
read your contacts
modify your contacts
read call log
write call log
Your accounts
find accounts on the device
System tools
send sticky broadcast
test access to protected storage
Affects battery
control vibration
prevent device from sleeping
Your applications information
run at startup
Audio settings
change your audio settings
But isn't that list of permissions completely OTT? I expressed my concerns to them and received the following reply:
I am writing to update you with regards to your enquiry about the Faraday App. I have been in touch with our developers and they have informed me that although this is a long list it is quite common with Android. They are currently working to see if they can reduce the list, however, there is nothing to worry about since you know the origin of there App, The Faraday Institute, and therefore can easily determine whether you wish to allow access (if it is a source you trust/is reputable etc..). The reason they need access to some parts is simply to add their details to your phone, (access your phone book for example is only to add The Faraday to your contacts).
I hope this answers your query for now. I will update you when I receive more information from the developers. Please feel free to contact me if you require further assistance.
I'm no expert but it doesn't really seem satisfactory - or am I worrying necessarily?
Click to expand...
Click to collapse
what kind of app is it? (currently unable to access playstore)
mjz2cool said:
what kind of app is it? (currently unable to access playstore)
Click to expand...
Click to collapse
Just a "news" app. Here's the description:
The official application of The Faraday Institute for Science and Religion at St Edmund's College, Cambridge. Access news, leading stories of the day, educational resources, and much more, from the institute that is leading research in the understanding of the relation between science and religion.
Bump
Ergates said:
Bump
Click to expand...
Click to collapse
And once more for luck!
Ergates said:
And once more for luck!
Click to expand...
Click to collapse
Any views?
I need to run an app in Genymotion that is used for data entry and upload of the entered data into 3rd party sites. The logins to 3rd party sites are stored in this application (probably encrypted). The application will store multiple logins for my different customers of who need to have the data uploaded into the 3rd party sites. The data into the app will then be entered by other people to whom I outsource the data entry.
So I created Genymotion appliance, installed the app and in this application I entered logins for sites such as ebay. I am looking for suggestions on what can I do to secure the appliance to prevent the data being copied out from it.
I want to prevent the person to whom I outsource data entry to be able to install and load 3rd party other apps, modify system settings, install other apps, copy the system directory, copy the login and password information saved by the application.
Let's assume the worst possible case here when application is well written but the passwords mentioned above (for the ecommerce sites like ebay) is saved in plain text in this application in the internal application directory. What I know about the application is it doesn't support access to SD Card, only can read and write data to the internal memory.
What can I do in Gennymotion to improve the security of my appliance. Genymotion virtual machines are rooted. So I looked at following suggestions:
1. Setup restricted user on Android
2. Set restriction for the restricted user to only be able to use the one application. Disable anything else (including disabled browser, email, youtube etc..)
3. Try to get the restricted user loading on boot of Android. When Android restarts, however, it doesn't allow choice to login into the restricted user or the admin user, sort of like a Windows or MacOS login menu. To get the appliance to always start with restricted user by default, I need to add a script and the scripted will need to start using Tasker or MacroDroid.
However, how do I prevent the user from installing 3rd party apps? Is it good enough to disable all user apps (except that one used for data entry) from the restricted user? Is there any other way the user could abuse the access to the virtual appliance and load something there? Are there any system android apps I need to disable for the restricted user to prevent the user to be able to do anything bad with it?
The application used for data entry can not download any application or data, however, I believe it does use the webview because it loads sites like ebay and fills the forms on those sites. It only interacts with select websites only like Ebay to enter data into Ebay forms..
Is there anything I can do to secure Genymotion appliance any other than what I already mentioned. I would like to send the link to the Genymotion SaaS Android to people who will do data entry for me into Ebay and other sites. So I need to make sure the virtual appliance is secured as much as possible from tinkering with it. I need to make sure somebody doesn't get hand on the stored login details.
Just to clarify for the login credentials:
I am not sure how the user credentials are stored and I will find it out, however, for now, I go from the worst case scenario when the credentials are stored in plain text in the app settings. The user name and password is stored in the application with exception for Ebay because the many other sites do not have API key or any webservices interface, so the application would access those sites simply via a webview, and when it goes to login there it will do that by filling in the login information on the login form (simulates keystrokes). The user name and password is entered into the login form for the site. That's why the login info is stored in the application itself.
This question is not about how to secure the specific application I will be using, but how to secure the actual whole Android appliance from tinkering with.
I am aware I will the risks here, just want to do as much due diligence as I can.
Sources for Genymotion restricted user..
How to set restricted user as default user on reboot?
We would like to have an already added restricted user account be the default when we restart our Samsung SM-T580 tablets. At current we have 2 accounts installed, Admin and User The User is a use...
android.stackexchange.com
Root access - Device image User Guide
docs.genymotion.com
Done some digging so this cannot be done. Neither Genymobile or Appetize or other online Android emulators can offer fine-tuning in terms of user access. The closest is Genymobile because at least allows adding and removing access of users to individual appliances. That is however not resolving the issue with Android and in particular rooted Android, since all online emulators run rooted Android and I am not sure how that is secured against potentially malicious actors who receive access link.
The only easy way to solve it, kind of in a mickey-mousy way is to install Kiosk mode application. That kiosk app will run at every boot and it only shows the specific application. There is always risk of course the malicious user would do something to crash the application and the Kiosk app, but if the application is not a web browser or email client or similar it should be relatively safe.
There are plenty of Kiosk mode apps for Android but none of them is free (don't try to look, no chance to find one), the cheapest cost about 7 USD one-time purchase, the more expensive ones cost 20 per month per device or more and come with remote control etc... Not cheap but kiosk mode apps are almost exlusively used by businesses so that's why there is lack of free apps.
Anyhow I believe this is the closest as I could get to deal with this.