I am a n00b with Android and have the following question. Are EVDO authorization credentials such as MIP/PPP username and password are set within OS, i.e. built-in into PPP daemon? If so, then rooting is required to modify those settings (for example, to use the firmware with another Carrier).
Or are they stored separately, outside of- and external to Android OS? If, so rooting neither required, nor helpful for modifying EVDO authorization credentials
Related
Hello to all;
I have came across the app. Pdroid (for managing security settings in my phone); and I´m really interested into installing it; even thou I didn´t catch exactly what to do (even with the patch creator for Windows).
My fear resides into the use of Gingerreal 1.4 Rom, so here´s my question...
Does anyone using Gingerreal 1.4 for Ace have compiled the patch ?
If yes, would you care to share it or at least give me more instructions into how to create the patch myself ?
This is the link to the app:
http://forum.xda-developers.com/showthread.php?t=1357056
Thanks a lot for the support.
Some help... ?
Hello to All;
I have obtained help from user "frsp2" on the Pdroid Topic, here is the link:
http://forum.xda-developers.com/showthread.php?t=1357056&page=65
He help creating a patch to install Pdroid in my Ace and the Gingerreal 1.4 ROM.
So here are the links for the patch
Im using Ginger Real 1.4
SGA-GR-1.4_GINGERBREAD.XWKPW
http://www.mediafire.com/?qjpbq5bt0xanmpw - patch
http://www.mediafire.com/?ooc9wd8bwg9lw50 - reverse patch
And here some desctiption of Pdroid:
PDroid allows blocking access for any installed application to the following data separately:
Device ID (IMEI/MEID/ESN)
Subscriber ID (IMSI)
SIM serial (ICCID)
Phone and mailbox number
Incoming call number
Outgoing call number
GPS location
Network location
List of accounts (including your google e-mail address)
Account auth tokens
Contacts
Call logs
Calendar
SMS
MMS
Browser bookmarks and history
System logs
SIM info (operator, country)
Network info (operator, country)
For device ID, phone and mailbox number, SIM serial, subscriber ID and device location it also allows supplying custom or random values.
Why you would want to use it:
Applicaitons do NOT crash when access to private data is blocked (unlike with Permissions Denied or CM)
Fine-grained tuning of access to private data
No background service needed
Very small memory footprint (~700KB)
No impact on battery life
No impact on performance (5ms overhead on access to private data; yes, that's 0.005s)
100% reliable unlike ROOT applications (LBE), which need to start their background service on boot (see android underground to learn why this is an issue)
No ROOT required for the app to run
No Android permissions required for the app to run
Open-source
I have found that many apps require permissions even when not open... so I´m very happy with this tool, hopefully can be useful to others.
Hi
I've followed the instructions from Nexus offical guide and installed my personal certificate stored in a pfx file (PKCS#12) in my Google Nexus (ICS 4.0.4). At this point I faced a little problem: the new certificate is not listed in "User" tab in "Credentials". It works anyway because I can use it in web pages.
But the big problem IMHO, is the way Android protects your certificates. It only requests the user to set a pattern, PIN, or password to unlock the screen. I'm missing a password-protected access to my credentials like IE does in Windows, for instance every time your certificate is requested by a web site.
Is there a method to enhance security of your certificates in ICS and set a password for accessing certificates storage?
Thank you
I am researching how feasible it is to develop a custom user authentication system for Android. Not at the application level but at the operating system level where many users can login into a device with a user name and password and log out. The user profile should be pulled from a repository not already provisioned on the device. This would be similar to how users log onto a PC using Windows Active Directory. Has anyone seen this accomplished?
Thanks
Dear all,
I'm searching for some help regarding system certificates on Android.
First of all, a little bit of context : I'm in charge of the migration of mobile devices from one Airwatch server to another. All devices are managed by MDM (Airwatch MDM Agent) that allows deployment of configuration profiles and apps. One of those profiles is called "CertAuth" and pushes some certificates that are needed to access internal ressources.
A few months ago, we have discoverd that one of the system certificates (Thawte Primary Root G3) was missing on some devices, mainly old versions of Android.
So we decided to push this certificate through the "CertAuth" profile.
Now the problem whith that method is that once the devices are unenrolled from the first server, profile "CertAuth", all corporate content and apps are removed (normal behavior). As Thawte Primary Root G3 certificate is part of the system certificates, it cannot be removed. So it is simply disabled.
This certificate is needed to access the target server, so once devices try to enroll, they receive some error message "cannot connect to host". Connection is simply refused due to the disabled Thawte G3.
Of course it can be manually enabled, but as you all may know, basic users are not always able to find the correct option in the device settings...
So (finally) my question is : is there any way to remotely enable this system certificate (little swich OFF/ON) in order to void manual action on more than 5000 devices?
By using a script or something that would be deployed on devices as third-party content/not removable content?
I'm using an app that communicates with the server via a REST API. Authentication and authorization is implemented with OAuth, of course. I need the access token that the app uses. The phone is rooted and I have access to the file system via adb.
I could grab the token with the help of a MITM attack. But that's complex to setup and I may have to retrieve the token again in the near future. I do not prefer this solution.
I'm looking for a simpler approach. The app has to store the token somewhere, be it in a file, or in a database.
My question is: Is there an app somewhere, that perhaps does already what I need (getting OAuth access tokens from other Android apps?) or what other suggestions do you have? Perhaps you can tell me what's best practice for an Android app when it comes to storing access tokens? And where to find the storage on the Android file system?