Hi,
I am thinking about using apps which can autologin to special services like skype or facebook. But I do not want to give others access to my accounts when my device is lost or stolen.
I searched for android apps which can force a password / pattern request when launching a specified app and found some. But how do they work? Do they encrypt the target application settings or do they just act as a fake-security layer before launching the app, allowing everyone to bypass it when extracting a nandroid backup for example?
Thanks for help
WongKit
Related
Is it "safe" to install Android Device Administration applications on my personal device? Can my company read my private data with that application? What if it also requires Google account privilege?
My company recently adopted a policy to install an enterprise application on each employee's smartphone. The application should be installed from 3rd party market that is operated by the comapny, and requires Device Administration privilege and Google account privilege.
Even though the application does not require 'root' privilege, and Device Administration API is not related to reading data inside the phone, I'm still not sure that my personal data is safe to my company.
FYI, the API includes changing password, wipe out data, disable camera, and so on.
Please share your knowledge or opinions.
Thanks.
When ever you install any app it asks all permissions before installation...
So first of all you have to get knowledge about each and every permissions.
If any app asks for read contact data
Read sensitive log data
It can access your personal data..
So just read all permissions carefully and Google for each and every permissions to know about them in detail..
Than you go
It is better to press thanks rather saying
Good day
Hi All
I have a problem with the Restricted Profile on Kitkat on my Nexus 7
I have been letting my kids play "Clash of Clans" on my N7, in my wisdom I created restricted profiles for them to play on. They are getting tablets for their Christmas and I want to migrate their games to their new tablets and here begins the problem
To migrate their accounts to the new devices I need to generate a Link Code in Clash of Clans.
To generate the link code I need to have a Google+ account linked to the profile.
The problem I have is that the Android restricted profiles are not able to have a Google+ profile connected to the account.
Have been trying to find out if it is possible to upgrade a restricted profile to a full profile, but this does not seem possible.
Alternatively some way to link a Google+ account to a restricted account, all seems not doable.
Anyone have any other suggestions for a work around on this problem?
Thanks
JohnB
sc00bs said:
Hi All
I have a problem with the Restricted Profile on Kitkat on my Nexus 7
I have been letting my kids play "Clash of Clans" on my N7, in my wisdom I created restricted profiles for them to play on. They are getting tablets for their Christmas and I want to migrate their games to their new tablets and here begins the problem
To migrate their accounts to the new devices I need to generate a Link Code in Clash of Clans.
To generate the link code I need to have a Google+ account linked to the profile.
The problem I have is that the Android restricted profiles are not able to have a Google+ profile connected to the account.
Have been trying to find out if it is possible to upgrade a restricted profile to a full profile, but this does not seem possible.
Alternatively some way to link a Google+ account to a restricted account, all seems not doable.
Anyone have any other suggestions for a work around on this problem?
Thanks
JohnB
Click to expand...
Click to collapse
I am fairly sure that it isn't possible to upgrade a restricted account.
but...
in my experience, Kids get over these inconveniences fairly quickly.
Have been thinking about this a bit more, and may have an idea as to how to solve this problem.
Does anyone know if it would be possible for me to copy the "Clash of Clans" data from the restricted profile to a full profile on the device that I could then link to a Google+ account and migrate over to the new device?
JohnB
sc00bs said:
Have been thinking about this a bit more, and may have an idea as to how to solve this problem.
Does anyone know if it would be possible for me to copy the "Clash of Clans" data from the restricted profile to a full profile on the device that I could then link to a Google+ account and migrate over to the new device?
JohnB
Click to expand...
Click to collapse
Sorry to resurrect an old thread, but I faced a similar dilemma yesterday, that I was able to solve. Root is obviously necessary, but it is possible to "upgrade" a restricted profile. In a nutshell, you need to modify the "/data/system/users/[nn].xml" file, and remove some files from "/data/system/users/[nn]/ folder, where [nn] corresponds to the numeric value of the restricted user.
So, if I remember correctly, this is what I did (I assume you have adb setup, and know your way around that):
Code:
adb pull /data/system/users/nn.xml
(replace "nn" with the right number for the user you want to modify; same for below)
Open the file you retrieved in a text editor like Notepad++, that won't mess with the line endings, and change
Code:
flags="24"
to
Code:
flags="16"
. Delete the contents of
Code:
<restrictions />
Save, and upload back to device:
Code:
adb push nn.xml /data/system/users/
Now delete some files from the user profile, related to restrictions:
Code:
adb shell
su (necessary if you don't see "#")
rm /data/system/users/nn/package-restrictions.xml
rm /data/system/users/nn/res_com.google.android.gms.xml
exit (twice, if you had to "su")
adb reboot
You should now be able to login as the user, and have access as a secondary user. You may need to remove/add some applications if they don't behave, and/or delete cache/data for the Play store and Google Framework. You may also need to remove all the Google accounts attached to the profile, and add them again for Play store to be able to install apps. I was getting errors, which cleared up after doing that.
So after completing the above, I was able to attach my son's CoC to his Google+ profile, and enable transferring it's data to another device, if I want to in the future. I decided to give "Screen Time Parental Control" a go, instead of the frustrating "restricted" profile. So far so good. Not sure yet if I want to shell out the $$ for the dude's Remote Control app, but so far I'm liking it. I think after the 15 day trial, though, I'll be hooked. Anyway, HTH anyone else trying to figure this out.
Edit: Forgot another detail: I did try to copy off the CoC data, and populate it into a new unrestricted profile, "chown"ing the files for the user, etc, for the new account, and it was a miserable fail. I also tried the flags="16" hack, installed Titanium Backup, and backed it up, but the resulting backup was useless. It was unable to be restored in a new profile. This is when I discovered that deleting those 2 files completely unlocked the profile, not just changing the flag, as mentioned on another website.
hondoslack said:
Sorry to resurrect an old thread, but I faced a similar dilemma yesterday, that I was able to solve. Root is obviously necessary, but it is possible to "upgrade" a restricted profile. In a nutshell, you need to modify the "/data/system/users/[nn].xml" file, and remove some files from "/data/system/users/[nn]/ folder, where [nn] corresponds to the numeric value of the restricted user.
Click to expand...
Click to collapse
I have this same issue where I m trying to get COC and other data from a Nexus 7 using 4.4.2, Kernal version 3.1.10-g4776c68 and a restricted profile. I am a noob and not familiar with adb. Is it possible to change a restricted profile to unrestricted without rooting? I searched many forums and could not find a solution.
I'm having a similar problem backing up a different game app on my son's restricted account. How do I find the numeric value for the restricted user account?
LilacPhoenix said:
I'm having a similar problem backing up a different game app on my son's restricted account. How do I find the numeric value for the restricted user account?
Click to expand...
Click to collapse
A restricted account is a separate profile of a main account and cannot have a separate google account or gmail address associated with it. It is not possible to change the status to a regular account. You can set up a new account for your son with a separate gmail address, download the game and contact their support telling them you cannot access your account. Just make sure you copy all of the game ID information for the user so they can search for it. And don't access the game on the restricted device, otherwise it may appear that you are just trying to steal someone's ID.
Dear experts,
I have a Samsung Galaxy S7, rooted with Superman Rom v2.7 (Android N) installed. I was very sad when I found out, that it is impossible to have device encryption enabled on a rooted Android N phone. I do not want to go without root any more - too many benefits (Titanium etc) and I also do not want to revert to a former Android version. But I definitely also want to be sure, that if my phone gets lost or stolen, my personal data are not accessible by unauthorized third parties (other than Google and NSA). Without device encryption, this is a real challenge. A thief could simply boot into recovery mode and pull all my data. Even if this is rather unlikely to happen, as thiefs in general are not that interested in personal data, I want to eliminate this threat as far as possible.
So I made up a list of all my data persistent on my device, which I do not want to be accessible by thiefs:
Calendar (i.e. my google calendar app data)
Tasks (i.e. my tasks app data)
Contacts
E-Mails (i.e. my K-9 app data)
SMS messages
WhatsApp messages
Browser history and bookmarks (i.e. my Firefox app data)
Passwords (i.e. my password manager app data)
Access credentials from banking, cloud and social media apps
Photos
So far so good. My passwords are stored encrypted safely by my password manager app - so this point is done. WhatsApp only stores backups of its database encrypted (though they also can be decrypted with some programming skills) - the app data itself (and thus the messages) is stored unencrypted. I am rather sure that access credentials from banking, cloud and social media (Facebook) apps are stored encrypted. And as of my photos, they are just files and I found the tool EMS Lite, capable of putting all my sensible files into an encrypted container, simmilar to TrueCrypt. So what is left are calendar, tasks, contacts, K-9 data, Whatsapp messages, sms messages, Firefox data.
So my question to you is: How to encrypt these data (or parts of it) so that thiefs cannot simply access it by pulling it from my phone? Is there an app, capable of encrypting other apps data?
It must be possible, especially with root. Titanium is capable of encrypting other apps data. The workflow for making it impossible to access an app's data with Titanium would be this:
Enable Titanium encryption in the settings and set a key
Backup the app data
Wipe the app data
This way, a thief has no chance to access the app data without your password. To reaccess the data, one has to restore it via Titanium and provide the key. Of course, this workflow is not practicable to do every time I want to reaccess one of these apps, but theoretically it should work.
Long story short: Is it possible to encrypt specific app's data? If no, do you have any other tips for me to protect my data (or parts of it) from beeing accessed by possible thiefs (other than not loosing my phone)?
Thank you very much!
blaukraut said:
Dear experts, I have a Samsung Galaxy S7, rooted with Superman Rom v2.7 (Android N) installed. I was very sad when I found out, that it is impossible to have device encryption enabled on a rooted Android N phone...
Click to expand...
Click to collapse
I don't have this device but, your best bet is to post this question within the following Q&A thread that's specific to your device.
https://forum.xda-developers.com/showthread.php?t=3341138
Good Luck!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Thanks, I already asked that question in the Superman Rom specific thread, without success. And since my question applys to ALL rooted Nougat devices (not just the SGS7), I thought this is the place where I will most likely get a good answer.
However, I will do as you said and ask my question in the SGS7 Q&A thread too.
Thanks!
--- unintentional double post. sorry but my post did not appear after posting.
Hello everyone,
I am looking forward on using the Face-Unlock feature to not have to manually write all my different 27 digit password for banking, keepass,...
How ever, I really wonder how all this works and how this is still secure. For example "KeePass":
- I have a Keepass database with a master password for the database
- No one except me knows what password and it isn't saved or written down anywhere else
- Currently I enter the password, KeePass will test if it is the correct input for decryption, and if so, it will decrypt.
This is the point where I would want to use Face-Unlock in the feature.
So does my KeePass database then have two password (1x master password and 1x my facial scan)?
Or will I will to tell "Android" my master password for all my apps and it will store it somewhere in Android and simply "pass it on" to KeePass if the Face-Unlock is verfied?
I am asking because I do not want any app or system or whatever to save my master password as this might cause security risks that no one can really evalute.
Also I wouldn't want to add a second unlocking feature to my KeePass databe (the facial scan). Because it might be less secure than my master password and there for weaken the encryption of my database?
Thanks in advance!
I need to run an app in Genymotion that is used for data entry and upload of the entered data into 3rd party sites. The logins to 3rd party sites are stored in this application (probably encrypted). The application will store multiple logins for my different customers of who need to have the data uploaded into the 3rd party sites. The data into the app will then be entered by other people to whom I outsource the data entry.
So I created Genymotion appliance, installed the app and in this application I entered logins for sites such as ebay. I am looking for suggestions on what can I do to secure the appliance to prevent the data being copied out from it.
I want to prevent the person to whom I outsource data entry to be able to install and load 3rd party other apps, modify system settings, install other apps, copy the system directory, copy the login and password information saved by the application.
Let's assume the worst possible case here when application is well written but the passwords mentioned above (for the ecommerce sites like ebay) is saved in plain text in this application in the internal application directory. What I know about the application is it doesn't support access to SD Card, only can read and write data to the internal memory.
What can I do in Gennymotion to improve the security of my appliance. Genymotion virtual machines are rooted. So I looked at following suggestions:
1. Setup restricted user on Android
2. Set restriction for the restricted user to only be able to use the one application. Disable anything else (including disabled browser, email, youtube etc..)
3. Try to get the restricted user loading on boot of Android. When Android restarts, however, it doesn't allow choice to login into the restricted user or the admin user, sort of like a Windows or MacOS login menu. To get the appliance to always start with restricted user by default, I need to add a script and the scripted will need to start using Tasker or MacroDroid.
However, how do I prevent the user from installing 3rd party apps? Is it good enough to disable all user apps (except that one used for data entry) from the restricted user? Is there any other way the user could abuse the access to the virtual appliance and load something there? Are there any system android apps I need to disable for the restricted user to prevent the user to be able to do anything bad with it?
The application used for data entry can not download any application or data, however, I believe it does use the webview because it loads sites like ebay and fills the forms on those sites. It only interacts with select websites only like Ebay to enter data into Ebay forms..
Is there anything I can do to secure Genymotion appliance any other than what I already mentioned. I would like to send the link to the Genymotion SaaS Android to people who will do data entry for me into Ebay and other sites. So I need to make sure the virtual appliance is secured as much as possible from tinkering with it. I need to make sure somebody doesn't get hand on the stored login details.
Just to clarify for the login credentials:
I am not sure how the user credentials are stored and I will find it out, however, for now, I go from the worst case scenario when the credentials are stored in plain text in the app settings. The user name and password is stored in the application with exception for Ebay because the many other sites do not have API key or any webservices interface, so the application would access those sites simply via a webview, and when it goes to login there it will do that by filling in the login information on the login form (simulates keystrokes). The user name and password is entered into the login form for the site. That's why the login info is stored in the application itself.
This question is not about how to secure the specific application I will be using, but how to secure the actual whole Android appliance from tinkering with.
I am aware I will the risks here, just want to do as much due diligence as I can.
Sources for Genymotion restricted user..
How to set restricted user as default user on reboot?
We would like to have an already added restricted user account be the default when we restart our Samsung SM-T580 tablets. At current we have 2 accounts installed, Admin and User The User is a use...
android.stackexchange.com
Root access - Device image User Guide
docs.genymotion.com
Done some digging so this cannot be done. Neither Genymobile or Appetize or other online Android emulators can offer fine-tuning in terms of user access. The closest is Genymobile because at least allows adding and removing access of users to individual appliances. That is however not resolving the issue with Android and in particular rooted Android, since all online emulators run rooted Android and I am not sure how that is secured against potentially malicious actors who receive access link.
The only easy way to solve it, kind of in a mickey-mousy way is to install Kiosk mode application. That kiosk app will run at every boot and it only shows the specific application. There is always risk of course the malicious user would do something to crash the application and the Kiosk app, but if the application is not a web browser or email client or similar it should be relatively safe.
There are plenty of Kiosk mode apps for Android but none of them is free (don't try to look, no chance to find one), the cheapest cost about 7 USD one-time purchase, the more expensive ones cost 20 per month per device or more and come with remote control etc... Not cheap but kiosk mode apps are almost exlusively used by businesses so that's why there is lack of free apps.
Anyhow I believe this is the closest as I could get to deal with this.