[Q] multi user (2 users) - Barnes & Noble Nook Tablet

I'm very confused, trying to make the leap from a PC (Windows and Linux),
where it is OBVIOUS how to distinquish one user in the household from another,
to my new B/N Nook Tablet.
Ok, so I'm now using my tablet. When I hit 'Home', my desktop shows that my logged-in email is an active app. (and so are a few others).
So, I completely power it down.
When I power it back up, I expected that my email would NOT be active.
But, it IS!
What if it was some OTHER household member who powered up the tablet?
(I do NOT want them, by default, seeing my email screen!)
Is there a solution? (Or should I just return this goofy 'tablet' to Barnes and Noble, and wait til next year to see if next-year's tablet OS works the
way most of us would want it to???)

For now, think of this tablet as a personal device such as a mobile phone. Pretty sure ICS works the same way too so it might be a long wait for you.

Ok.
Meanwhile, how do I explicitly shutdown (stop) my running apps
(e.g. my email app)?
Do I 'visit' each one, and find how each app handles stopping it?
Or, better...is there a 'task-mgr' (list) for my apps, so that I could select
them all and abort them?

You could get "advanced task killer" from the market. Not sure if it needs to be rooted or if you could just side load it.
Sent from my BNTV250 using Tapatalk

MonkeysInACan said:
You could get "advanced task killer" from the market. Not sure if it needs to be rooted or if you could just side load it.
Sent from my BNTV250 using Tapatalk
Click to expand...
Click to collapse
Hmm...I'm still a newbie to all this 'root' vs 'side-load' terminology.
Side-load just means: 'Get it first on a real PC, then plug-in the USB-cable
to the tablet, and 'move it over'?
To 'root' something seems to mean that, in Linux-terminology, I first need to
have 'root' (super-user) privs, right? (I saw a thread about how to 'root'
the device, but am unclear about DETAILS. Does it violate warranties?
(yada, yada) Also, I THINK I'm hearing that, right now, I can only use
the Barnes/Noble 'app store' and NOT to the generic Android 'app store'?
True/false?
Are you saying I might need 'root' to INSTALL the app 'adv task killer', or
to RUN 'adv task killer'? (or both?)

It sounds like you want to have some form of screen locker in place so when you power back up (or unsleep) you have to enter a code or a pattern. This prevents unauthorized access to your personal tablet.
You should be able to activate it from the settings menu.
Concerning multiple logins, the presumption is one user per device. As to 'working how "most of us" would want it to'... Most people do prefer it this way. If someone else wants their own tablet, they should get their own tablet.

>the presumption is one user per device.
This is a legacy of Android still being a phone OS. Tablet is a more social device, and safe bet is that multiuser acct handling will show up at some point. Hopefully, soon. Else, Win8 will do what Android can't.
Android still has a lot of holes it needs to fill, and I'm not talking about apps.
---------- Post added at 10:05 PM ---------- Previous post was at 09:56 PM ----------
@OP
You don't need to "close" apps in Android. The OS manages memory as needed per least-recently-used basis. Using apps such as "Task Killer" is inefficient and will shorten battery life. There've been many articles/posts written on this topic. Google to find.
What's recommended is to run something like System Panel (free app in market). Over time, it'll give you a profile of which app is eating up the most battery. Use that to remove apps that are power-hogs.

At least on my Android cell phone, hitting the Home key leaves the current application running. Hitting the "Back" key ends the application. Not sure if the NT has a "Back" function...

rmm200 said:
At least on my Android cell phone, hitting the Home key leaves the current application running. Hitting the "Back" key ends the application. Not sure if the NT has a "Back" function...
Click to expand...
Click to collapse
The NT does have a back key, but that behavior depends on how the app was designed and it not true for many apps. In fact, because of what e.mote described about Android's design for "backgrounded" apps, Google recommends that apps not be designed to close itself with the back button, menu command, etc except for special circumstances.

e.mote said:
>
[...]
@OP
You don't need to "close" apps in Android. The OS manages memory as needed per least-recently-used basis. Using apps such as "Task Killer" is inefficient and will shorten battery life. There've been many articles/posts written on this topic. Google to find.
What's recommended is to run something like System Panel (free app in market). Over time, it'll give you a profile of which app is eating up the most battery. Use that to remove apps that are power-hogs.
Click to expand...
Click to collapse
Ah, but that's the question/issue: i.e. I WANT to close this particular app (email), for
security reasons!
Are you saying that apps in Android are often NOT programmed with a
mechanism to STOP them?

By design, yes - most apps are not programmed to fully stop themselves - they remain resident in memory in case you return to that app - it reduces load times and allows content viewing sites (news readers, downloading the newest emails, periodic alerting tools, etc) to work in the background so the information is available when you want it without having to do a load at the time you bring up the app.
Any app that's paused (not the current focus) may be asked to relinquish resources by the OS in order to allow another app (with the current focus) the ability to run. This is all handled by the OS, and applications are expected to always be interruptable, thus constantly persisting their state as they are being used. This allows for something else to interrupt (such as a phone call or selection of another app, or an alert from your alarm program) with a reasonable expectation that whatever you were doing wasn't lost.
The security built into Android is the ability to require a passcode or pattern to unlock the phone when coming out of a sleep state. Failing to set that pattern or passcode is a failing of the user, not the OS.
Phones and Tablets, from the android perspective, are an extension of the person. Though I sometimes use my wife's NookColor, or she mine - it is a rare thing and any use beyond that by friends is always supervised.
Other tablet OSs may have the concept of 'logging in', but not Android.

So, I'm screwed? No way to get her email logged in?
Hmm...I HOPE I'm still missing something simple. (Otherwise, I'm
screwed, and I'll have to return this diabolical BEAST to the store.)
This unit is a gift for my wife for Xmas.
To familiarize myself with it, I setup and logged-in to my
Gmail acct.
Of course, NOW I want to:
'Log out' of my gmail, and setup the 'email app' to login to
her email (non-Gmail-based). [And, have THAT one be the
always-open email-acct, (tho I do NOT LIKE this 'feature'
of always-logged-in at all!)]
How do I do that? ('Rooting' this Nook Tablet is NOT an option, so
if that's part of your proposed "solution", forget it.)
TIA...

cookdav said:
Hmm...I HOPE I'm still missing something simple. (Otherwise, I'm
screwed, and I'll have to return this diabolical BEAST to the store.)
This unit is a gift for my wife for Xmas.
To familiarize myself with it, I setup and logged-in to my
Gmail acct.
Of course, NOW I want to:
'Log out' of my gmail, and setup the 'email app' to login to
her email (non-Gmail-based). [And, have THAT one be the
always-open email-acct, (tho I do NOT LIKE this 'feature'
of always-logged-in at all!)]
How do I do that? ('Rooting' this Nook Tablet is NOT an option, so
if that's part of your proposed "solution", forget it.)
TIA...
Click to expand...
Click to collapse
There should be an option in the Settings section to add and remove email accounts. I don't have a NT but that's pretty standard as Android devices go.
I have to say you seem to have a lot of misinformed expectations of the Android/Nook experience. Keep remembering that the software was originally developed for mobile phones, so expecting things to be done in the same way to a desktop OS is gonna cause you grief.

tomegranate said:
There should be an option in the Settings section to add and remove email accounts. I don't have a NT but that's pretty standard as Android devices go.
Click to expand...
Click to collapse
Ah...'should' is the operative word. But, I do NOT see any such option.
I have to say you seem to have a lot of misinformed expectations of the Android/Nook experience. Keep remembering that the software was originally developed for mobile phones, so expecting things to be done in the same way to a desktop OS is gonna cause you grief.
Click to expand...
Click to collapse
Hmm...I'd characterize my expectations quite differently. This is the FIRST
(and I hope LAST) implementation of an 'email reader' that was designed
with NO WAY to log out/close down. Common sense SHOULD dictate
that they'd provide a way to log-out or reset to a different email-acct,
but so far, there's NO SIGN that anyone had any common sense.
Hey, maybe the 'crime-stoppers' (aka 'big brothers'/homeland-security) folks
asked for this 'feature'. It will make it easier now...they can just say:
"Great...there's her B/N Nook Tablet! She can't have logged out, so just look
thru her emails, and see who she's been corresponding with."
Right now, my opinion of this beast is worse than the 'Hotel California':
Last thing I remember, I was
Running for the door
I had to find the passage back
To the place I was before
�relax,� said the night man,
We are programmed to receive.
You can checkout any time you like,
But you can never leave!
Hell, on a Nook, I can't even checkout!

cookdav said:
Ah...'should' is the operative word. But, I do NOT see any such option.
Hmm...I'd characterize my expectations quite differently. This is the FIRST
(and I hope LAST) implementation of an 'email reader' that was designed
with NO WAY to log out/close down. Common sense SHOULD dictate
that they'd provide a way to log-out or reset to a different email-acct,
but so far, there's NO SIGN that anyone had any common sense.
Hey, maybe the 'crime-stoppers' (aka 'big brothers'/homeland-security) folks
asked for this 'feature'. It will make it easier now...they can just say:
"Great...there's her B/N Nook Tablet! She can't have logged out, so just look
thru her emails, and see who she's been corresponding with."
Right now, my opinion of this beast is worse than the 'Hotel California':
"You can checkout any time you like, But you can never leave! "
Hell, on a Nook, I can't even checkout!
Click to expand...
Click to collapse
But you can lock the tablet.

The option is there. I don't have my NT in front of me, but there is an option to remove B&N account settings and wipe the device. That's what you want. It will remove everything that you set up.
As far as your opinion that this is the first such email program that doesn't log out...there has never been a smartphone OS email program that logs completely out, or one that allows multiple users. Android was developed for Phones. The expectation is that you will use your phone, not share it with 10 people with each of them having their own settings.
Something that you are referring to is available, but not from an Android, Blackberry or iOS device. You would have to get a Windows (not Win Mobile) tablet, which will not work as well (yet) as any of the other OS's because it was not designed specifically for the hardware it's running on.
Easy way to have what you want on this tablet: Don't set up email using the built in email program. Use the browser and don't have it remember the password.

@OP
Your expectations aren't unreasonable. It's just that Android-on-tablet is still very much a work in progress, and you along with all of us are beta testers.
Multiuser handling is just one of many issues that have arisen. In the Kindle Fire forum, there are complaints about not being able to disable one-click purchasing for when handing the KF to your kids. iOS has had the same issue, and has a partial workaround. Until Android supports multiuser, there is no good solution.
For e-mail, you can try various email clients to see if any supports discrete logins/logouts (and of course pulling mail from your webmail account).
http://google.com/search?q=email+apps+for+android

cookdav said:
Ah...'should' is the operative word. But, I do NOT see any such option.
Hmm...I'd characterize my expectations quite differently. This is the FIRST
(and I hope LAST) implementation of an 'email reader' that was designed
with NO WAY to log out/close down. Common sense SHOULD dictate
that they'd provide a way to log-out or reset to a different email-acct,
but so far, there's NO SIGN that anyone had any common sense.
Hey, maybe the 'crime-stoppers' (aka 'big brothers'/homeland-security) folks
asked for this 'feature'. It will make it easier now...they can just say:
"Great...there's her B/N Nook Tablet! She can't have logged out, so just look
thru her emails, and see who she's been corresponding with."
Right now, my opinion of this beast is worse than the 'Hotel California':
"You can checkout any time you like, But you can never leave! "
Hell, on a Nook, I can't even checkout!
Click to expand...
Click to collapse
Jesus guy, it's not an 'email reader', whatever that means, it's a mobile tablet computer, and it handles email accounts the same way as all tablet computers that use a mobile OS (ones based on Android, iOS, and presumably webOS and Blackberry too), because they're designed for personal, individual use. Smartphones don't have a way to log out of your email account in the way you're expecting, and neither does a modern tablet.
If this is the first time you've used this type of device, you need to exercise more patience before you start stamping your feet, otherwise people are gonna be unwilling to help you.
I'm 100% certain there is a way to remove your email account from the device, you just haven't found it yet. This is very likely not the fault of the device! Did you even read the user manual? http://img1.imagesbn.com/pimages/nook/tablet/mediakit/userguide_NOOKTablet_111115.pdf

Reset the unit to factory standard and put it in the box, it is an option under 'settings' and will return it to the "as-purchased state" with all data wiped.
Then decide if you're returning it or wrapping it to give to your your wife.
In the future, consider letting the person receiving the gift having the pleasure of opening a unit in pristine condition. My wife would kill me if I "pre-opened" an electronic device intended for her "to familiarize myself with it". Let that happen on the day she opens it, after she's decided she needs help. I think it's deplorable that you've cracked the seals and denied her the experience of opening something new.
If you want to 'log out', then you have to shut the device down instead of leaving it in 'sleep mode'. No power means the apps aren't running (unless you or the OS have set them up as background processes). When you turn it back on, you'll realize quickly that there is no 'select profile' or 'choose user' function because it is designed to be one device for one user.
If the user wants security to prevent other people from reading sensitive information, they should set the screen lock code in the settings menu.
-=-=-
At this point, I believe you have all the information you need:
1) Devices are intended to be single user, by design, regardless of your desire to have them be otherwise.
2) Use the built in screen lock capability if you are concerned about sensitive information being viewed.
3) You should reset the device to factory settings via the settings menu to wipe all data you've entered and return it to a nearly 'as new' state.
4) You should not be playing with your wife's new device and instead allow her to experience the setup guide and walk through the configuration of the device in the way she desires.
If there is another specific question about how things work or operate, please ask. If there are further conspiracy theories I'm sure there are better forums for that than this one.

Wow. lotta words - no Solution...
You're going to have to factory reset the device:
Settings>Device Info>Erase and Factory Reset
Once its resets, enter your wife's information.
You seem to think that phones and Pads run like Windows where you can log out as yourself and no one can see your email. Phones and pads are single user devices and will not work like Windows. Even Windows phones and pad don't operate like that.

Related

Asking all Owners...

Ohhh, you brave souls... haha
I was in the o2 shop this lunch having a play with their live unit (well, except it had no SIM or web connectivity. for this type of phone that's pretty limiting!)
some questions i was unable to get help with, i am hoping you have more experience of, before i consider the device further:
1. SMS display. i much prefer the look of iPhone's SMS "dual conversations" - its very clear which side of the chat is which and generally more friendly and usable. can the x10's change to this type of layout? rather than listing each reply above or below each other. found no options in the main settings area from the home screen (not sure if the context-specific settings under messaging is any different...?)
2. mac compatability. is this possible? can it sync properly with itunes? does it use a 3rd party app to do so? could this be "culled", ala blackberry/palm syncing with itunes? does the x10 appear as a mounted usb volume? (in this way, i could use applescript to manage the library - horrible, but it might work). someone with actual experience here with a mac would allay my fears, rather than commenting it might be possible (sorry if that seems abrupt in advance...)
3. other syncing needs. i guess most other aspects for sync'ing are removed/negated with an android handset - are we as users supposed to follow the "cloud computing" google-masterplan? do others sync with desktops and for what purpose?
4. browser/app zooming. the device doesnt have multi-touch (plenty covered on this, and other forums!) but, the iPhone has other methods of navigating around the browser and apps. i.e. double tapping a block of text, which i would consider a single fingered gesture. as the test unit i was playing had no web connectivity i couldnt test it out - can someone comment?
here's hoping for advantageous answers
jingo_man
1. use Handcent SMS , can make it look 100% like iPhone sms
jingo_man said:
...............
1. SMS display. i much prefer the look of iPhone's SMS "dual conversations" - its very clear which side of the chat is which and generally more friendly and usable. can the x10's change to this type of layout? rather than listing each reply above or below each other. found no options in the main settings area from the home screen (not sure if the context-specific settings under messaging is any different...?)
...............................
3. other syncing needs. i guess most other aspects for sync'ing are removed/negated with an android handset - are we as users supposed to follow the "cloud computing" google-masterplan? do others sync with desktops and for what purpose?
4. browser/app zooming. the device doesnt have multi-touch (plenty covered on this, and other forums!) but, the iPhone has other methods of navigating around the browser and apps. i.e. double tapping a block of text, which i would consider a single fingered gesture. as the test unit i was playing had no web connectivity i couldnt test it out - can someone comment?....
Click to expand...
Click to collapse
1. Well, probably the handcent sms thingy, never tried it tho.
or you could go into contacts and find the contact there. When you go there the sms messages are listed in a simmular way as on the iPhone.
You on the right hand side
and you friend on the left..
3. I have just used the Cloud sync method to be honest, haven't really bothered to do it in any other way. But there is probably a way to do it.
4. The zooming is no problem to be honest, the double-tap to zoom thing works good enough. So I have to say that I kinda like it Even tho the multi-touch zoom was handy every now and then..
1. handcent works fine on this phone, and has customisable colours and themes.
2. can't comment on mac, but it is APPARENTLY possible to sync with itunes for the PC through iTunes Agent. I know this won't help you but it might help someone else reading this later.
3. cloud seems to be the way forward, and it works great on the x10. when you first plug it in to the usb though you get the option to install some sony ericsson syncing software, which is the same as i used for my c902 to transfer all my contacts to gmail for this phone. it is pretty simple to use.
4. the default zoom on the android is nice to use. browsers like dolphin (available from the market) come with their own zoom, but i disabled this cos the x10 seems to handle it nicely natively.
hope that helps
1. handsent sms. hmmmm... that does look more along the lines that i was thinking for layout/design. but i'm guessing this wont play nice with the timescape app, which seems pretty central.
i thought i went into the individual contact at one point, and it had the same appearance as when displayed under the general. i may make a return visit to the store to check that out...
i dont think i would mind using separately bought apps, but 1 of the biggest selling points seems to be the timescape so not sure i'd want to miss out on using it. though might change once i have used it for a while...
2. here's hoping eventually a mac user stumbles across this thread and is in a giving mood about their experience.
3. cloud syncing. suppose i can get onboard. not a massive issue not to rely on desktop software. i guess this means no-one really sync's it with a desktop then?]
4. glad of the double-tap zoom, atleast thats something. and its generally how i start to zoom on iPhone (in the browser) but how does this work in other apps? i.e. google maps cant double tap, as there's no "frame border" to sync the tap too...
this could a deal breaker for me, for this product. not a massive app user, but love web browsing on these devices when out-and-about. fine control offered by pinch/zoom far more refined and easier to use than the clunky zoom button, which just didnt seem to refresh fast enough to make it smooth...
maybe wont get onboard with all these bits until i consistently use the device, but not paying best part of £500 to find out!
please continue with more insights if you got 'em
2. mac compatability. is this possible? can it sync properly with itunes? does it use a 3rd party app to do so? could this be "culled", ala blackberry/palm syncing with itunes? does the x10 appear as a mounted usb volume? (in this way, i could use applescript to manage the library - horrible, but it might work). someone with actual experience here with a mac would allay my fears, rather than commenting it might be possible (sorry if that seems abrupt in advance...)
hi, Mac user here. Yes it mounts like a USB-HDD, and turns off in the phone. So you can transfere files, and then just unmount it. Transfered 7 GB of musik files, no problem.
jingo_man said:
1. handsent sms. hmmmm... that does look more along the lines that i was thinking for layout/design. but i'm guessing this wont play nice with the timescape app, which seems pretty central.
i thought i went into the individual contact at one point, and it had the same appearance as when displayed under the general. i may make a return visit to the store to check that out...
i dont think i would mind using separately bought apps, but 1 of the biggest selling points seems to be the timescape so not sure i'd want to miss out on using it. though might change once i have used it for a while...
Click to expand...
Click to collapse
even with that installed, the other messaging app still runs. handsent simply becomes the default. this means that when you load up timescape, it pulls in the messages from the standard messages app and works like a charm.
its a shame we cant just use the screen under the contact to send a message, that looks pretty good. click onto a contact, and scoll along at the bottom, past call log, onto messaging. that is a sweet screen.
jingo_man said:
2. mac compatability. is this possible? can it sync properly with itunes? does it use a 3rd party app to do so? could this be "culled", ala blackberry/palm syncing with itunes? does the x10 appear as a mounted usb volume? (in this way, i could use applescript to manage the library - horrible, but it might work). someone with actual experience here with a mac would allay my fears, rather than commenting it might be possible (sorry if that seems abrupt in advance...)
3. other syncing needs. i guess most other aspects for sync'ing are removed/negated with an android handset - are we as users supposed to follow the "cloud computing" google-masterplan? do others sync with desktops and for what purpose?
Click to expand...
Click to collapse
Use Salling Media Sync for iTunes sync http://www.salling.com/MediaSync/Mac/
Adress book and iCal has support for google sync, just enable it in the prefs and then everything syncs from google.
Just enter your gmail details.
the web browser on this thing is amazing really. renedering is smooth and pages launch instantly. i am very impressed with the web browser and with the added extra of using dolphin you be on to a winner. web browser on this is better than my N1
you mean like this...?
jingo_man said:
Ohhh, you brave souls... haha
I was in the o2 shop this lunch having a play with their live unit (well, except it had no SIM or web connectivity. for this type of phone that's pretty limiting!)
some questions i was unable to get help with, i am hoping you have more experience of, before i consider the device further:
1. SMS display. i much prefer the look of iPhone's SMS "dual conversations" - its very clear which side of the chat is which and generally more friendly and usable. can the x10's change to this type of layout? rather than listing each reply above or below each other. found no options in the main settings area from the home screen (not sure if the context-specific settings under messaging is any different...?)
.....
here's hoping for advantageous answers
jingo_man
Click to expand...
Click to collapse
I dont know about all the other questions, but did you mean something this? (Oh, crap! Where is my image? Ok, no image, dont know how to get one into this post)
I mean from it you see exactly who is on which side of the conversation

[Q] Location-aware lock screen?

Is anyone aware of a location-aware app to enable and disable the lock screen? I'd actually prefer to trigger it based on WiFi availability, but I'd consider other location schemes.
Via e-mail, I have potentially sensitive business information on my phone.
However, I primarily work from a home office which makes the code-based lock screen a minor hassle. (I don't use the pattern, the finger marks on the screen make it too easy to guess.)
So obviously I'd love it if my lock would kick-in when I head to lunch or need to physically visit the "real" office or whatever -- but not when I'm at home.
Any ideas?
I've no suggestions but I've thought of the exact same thing. I'd love for it pattern lock when I'm anywhere but my home.
I would even pay for that app.
I would recommend looking into Tasker. I haven't personally used it, but I have heard many great things about it. On their website it lists some examples of what you can use it for, one of them is changing phone settings based on location. You can download a free 7 day trial from their website. It costs 3.49 GBP direct from their website or 3.99 GBP in the market.
tasker. dinglisch. net (I can't post links to outside websites, remove the spaces)
Forgot all about Tasker. Good idea.
I've used Setting Profiles to do the same.
When I'm at work the pattern gets set, but when I'm at home, it's not on.
I just downloaded Settings Profiles, but none of the security settings can be adjusted in a profile (at least, not in the Lite version). I'd prefer something more straightforward like that, but none of the profile apps I checked have that setting available.
It appears Tasker can do this with the aid of a plugin:
http://groups.google.com/group/tasker/browse_thread/thread/35f0c3d6dcf4a644/964318b8f77810fc
Haven't tried it yet, though.
Ah. Apparently this is never going to be possible as of 2.2 and higher.
Google blocked programmatic access to the Secure Settings provider as of Froyo.
<sigh>
First we lose GPS control. Now this. Hell, by the time Android 4.0 is out, we'll probably have to check with the Google front desk just to place a call.
(Yes I understand why... but it seems like they could provide some kind of authorization mechanism in case, you know, we pesky old users consciously decided to give access to those settings to a particular application...)
It wouldn't be difficult to add a way for a service or application to communicate
with the lock screen, like Settings can choose which lock screen to display.
the application would at least have to be installed to /system/app but may
have to be signed with the same key as the ROM, if that is the case then
files could be used instead of the system settings db.
this would only protect from a casual attack like some nosy person picking up the phone
and browsing through your stuff, Odin is the ultimate root kit, so a prepared attacker could
probably get what they want in 5-10 min.
Yeah, but vulnerability to ODIN is going to be the case no matter what. I'm a lot more worried about "Some Random Idiot in a Bar" than I am about the several hundred people across the country who can actually use ODIN well enough to go all Wargames on my phone.

[Q] How do we protect our Android device from the CelleBrite UFED?

Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?
The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.
chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.
Any updates on this? I'm curious as to how to guard against ufed.
I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass
If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.
If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2
I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later

[Q] [HELP] Google Apps Device Policy Work Around?

Hey everyone,
This one really has me stumped. My work is finally moving it's email from Exchange to Google Apps for Business, and for many reasons at first I couldn't be happier. I signed on as an early adopter and have now realized I've hit a huge snag. I can no longer get email notifications on my device without basically giving my employer nearly full control of my personal device. They are requiring the Google Apps Device Policy and forcing a 6 character password to unlock my device, encryption, and permission to remote wipe, among other things. I just really don't feel comfortable giving them that kind of control over my personal device but I do need immediate access to my email to stay on top of things since I'm out in the field way more often than I get a chance to sit in an office. The mobile Gmail site works well enough, but not as well as IMAP support with push notifications would. When we were on Outlook, their policy was essentially similar in that you couldn't bring your own device, but I was able to find a nice app called Outlook Web Mail for Outlook OWA Web Mail which essentially logs into the webmail site and was able to present it in a mobile format and even offer notifications.
I guess what I'm looking for at this point is something similar. I'm hoping someone can suggest an app that, as far as the server is concerned, is just checking the mail from the mobile website but is presenting it to me in an app that is able to give me notifications, even if it's on an interval and not push. Does anyone know if such an app exists for Google Apps for Business accounts or is even possible?
If not, then I guess the next thing I would be looking for is a hackier workaround that can convince the server that I'm abiding by all the rules and still allow me to do whatever I want with my device. I realize this is riskier as far as getting me into trouble but I am rooted and familiar with flashing, Xposed Modules and whatnot (I was surprised my device was even approved with my root status and custom rom).
So sorry for the dissertation but I wanted to lay the whole situation out. I found other threads about GADP but they were more talking about device compatibility rather than a workaround/bypass for it. Anyone gone through something similar at their job? Any help would be greatly appreciated. Worse come to worse, the mobile site isn't the worst thing in the world considering that Outlook mess we came from. Thanks in advance.
My device:
Retail Verizon Note 3 rooted with SafeStrap running the latest Eclipse ROM
anyone?
Well is there any way to receive notifications from the mobile site? I think I recall a few years back when Google pulled sync support for iOS that some iPhone users had to do some shenanigans like this without push support and people used apps that were essentially browsers to check mail and provide notifications. Is there anything similar on Android? Or does it not exist since it's a niche concept? I just have a hard time believing I'm the only person with this problem.
If you want to just access emails, calendar, etc., try Touchdown. https://play.google.com/store/apps/details?id=com.nitrodesk.droid20.nitroid&hl=en
You will not use the gmail or google contacts/calendar app though.
Blis said:
If you want to just access emails, calendar, etc., try Touchdown. https://play.google.com/store/apps/details?id=com.nitrodesk.droid20.nitroid&hl=en
You will not use the gmail or google contacts/calendar app though.
Click to expand...
Click to collapse
That's for the reply. I'll give that a go. I've actually rigged it up so I still get notifications at this point through filters and auto forwards to my personal account. But something more native would be a lot better. Thanks again.
No further information on this thread?
I'm in the same situation with my company making the switch to google apps. They are enforcing encryption and non root'd phone. I have found that I can use IMAP to get my email, but my calendar is not found.
I have looked into just circumventing the checks....the only encryption solution i've found is some twrp/titanium back up so that you can at least easily recover systems after u've already been encrypted (not exactly a great solution).
As for the root access, ,the only solution i've found is with rootcloak (im not even sure if either of these solutions would actually work. I'm very much interested in a real solution.
Rootcloack didn't work for me, but that was 8 months ago. Try Touchdown, it's free for 30 days.
Try bluemail.
nomaanym said:
Try bluemail.
Click to expand...
Click to collapse
No luck for me. I appreciate the recommendation. I thought it was going to work when it went through my job's secure portal for setup but not such luck.
I'm looking for a way to do this as well.
I'm in a very similar situation and looking for the same workaround. Currently I'm able to use Edison Software's "Email" app to log in my corporate email account, but without the ability to receive notifications... which is a step better to endure the horrible mobile UI on gmail's website, but still would be better to have push notifications
Have you found any good alternative for gmail/hangouts/sheets without having to install "device policy"??
B1gC72 said:
Hey everyone,
This one really has me stumped. My work is finally moving it's email from Exchange to Google Apps for Business, and for many reasons at first I couldn't be happier. I signed on as an early adopter and have now realized I've hit a huge snag. I can no longer get email notifications on my device without basically giving my employer nearly full control of my personal device. They are requiring the Google Apps Device Policy and forcing a 6 character password to unlock my device, encryption, and permission to remote wipe, among other things. I just really don't feel comfortable giving them that kind of control over my personal device but I do need immediate access to my email to stay on top of things since I'm out in the field way more often than I get a chance to sit in an office. The mobile Gmail site works well enough, but not as well as IMAP support with push notifications would. When we were on Outlook, their policy was essentially similar in that you couldn't bring your own device, but I was able to find a nice app called Outlook Web Mail for Outlook OWA Web Mail which essentially logs into the webmail site and was able to present it in a mobile format and even offer notifications.
I guess what I'm looking for at this point is something similar. I'm hoping someone can suggest an app that, as far as the server is concerned, is just checking the mail from the mobile website but is presenting it to me in an app that is able to give me notifications, even if it's on an interval and not push. Does anyone know if such an app exists for Google Apps for Business accounts or is even possible?
If not, then I guess the next thing I would be looking for is a hackier workaround that can convince the server that I'm abiding by all the rules and still allow me to do whatever I want with my device. I realize this is riskier as far as getting me into trouble but I am rooted and familiar with flashing, Xposed Modules and whatnot (I was surprised my device was even approved with my root status and custom rom).
So sorry for the dissertation but I wanted to lay the whole situation out. I found other threads about GADP but they were more talking about device compatibility rather than a workaround/bypass for it. Anyone gone through something similar at their job? Any help would be greatly appreciated. Worse come to worse, the mobile site isn't the worst thing in the world considering that Outlook mess we came from. Thanks in advance.
My device:
Retail Verizon Note 3 rooted with SafeStrap running the latest Eclipse ROM
Click to expand...
Click to collapse
scorpienez said:
Have you found any good alternative for gmail/hangouts/sheets without having to install "device policy"??
Click to expand...
Click to collapse
Nope. It just doesn't work on Android. They gave me an iPhone (I asked for a Pixel ) when I got a promotion last year, so now I just carry 2 phones. That said, I haven't rooted in a while so I don't know what's happening in that front anymore.
I don't think there's a way to do what I was trying to do before. Sorry folks.
Me too...
B1gC72 said:
Nope. It just doesn't work on Android. They gave me an iPhone (I asked for a Pixel ) when I got a promotion last year, so now I just carry 2 phones. That said, I haven't rooted in a while so I don't know what's happening in that front anymore.
I don't think there's a way to do what I was trying to do before. Sorry folks.
Click to expand...
Click to collapse
I'm sorry to hear that. My educational institution's unlimited-storage Google account seems like the perfect match for this phone, but draconian MDM is a non-starter. Hopefully someone in the community does find a workaround at some point!
I have the exact same problem. I got a new personal phone which I was hoping I would be able to use Gmail and Google Classroom on for school but the device policy manager deactivates a bunch of my settings when i try it. The accounts just don't work without the policy manager, from the internet or the app. Do you think that if I were to speak to the school about it that they would be able to remove it? or is it impossible from their end due to the privileges they need over the account for security etc?
Thanks for your help,
Boxboy5
Blis said:
If you want to just access emails, calendar, etc., try Touchdown. https://play.google.com/store/apps/details?id=com.nitrodesk.droid20.nitroid&hl=en
You will not use the gmail or google contacts/calendar app though.
Click to expand...
Click to collapse
We're sorry, the requested URL was not found on this server.

Firefox OS as an embedded email reader?

Greetings,
At my office, we rotate after-hours email monitoring but some of the older guys are apprehensive about getting cell phones, so keeping up on-the-go can be difficult. I am wondering about buying a ZTE Open off of ebay and getting a pay/mb data plan and we can pass that around as a dedicated email reader.
Up to that point, there is nothing to worry about, but what I am thinking of playing around with is cutting the OS down to only the email app and settings. I'd like to have it boot directly to email with settings available from the pull-down menu, if possible. I mainly want to keep it simple enough for cellular-phobic people and also take away the ability to browse the web and run up my cellphone bill.
I'm not super fluent in the in's and out's of FXOS beyond the app level, but I'm interested poking around, I'm just looking to gauge the difficulty. There are cheaper android devices that I could try with as well, but I'd much rather hack around in HTML/JS than Java. That being said, I have the option of just customizing the Andriod UI to remove everything except the mail app, so if tearing down the Firefox UI would be a lot of work, I'll just do that.
I have a Flame that I can run tests on before spending any money, but I appreciate your opinions before a throw away a bunch of time that could be used on something useful.
John
That's super doable and not very difficult I think! Only with one (obvious?) condition: you must have full root access to your device. ZTE gives a rooting tool, so if you stick with the Open C (or the flame) you should be good to go. Don't choose a Kliff for example, as they are not rootable yet.
First of all, stripping all of gaia (the top layer of firefox OS, containing all the UI) has already been done by JanOS (for IoT device), so you can get inspiration from them. They reduced it to only one js file and a folder, where you can put your own js that gets executed at startup. Your use case is a bit more complex though: you still want to access settings, and be able to go back to email when needed. Basically, you need the email app to replace the homescreen right?
Creating alternate homescreen is a possibility that firefox os gives you, see https://developer.mozilla.org/en-US/Apps/Build/Manifest#role
You can try adding the role "homescreen" to the email app, flash your device, change the homescreen in the settings and see what happens!
NB: when you change the manifest of an internal apps, you might need to rehash it by downloading https://github.com/julienw/config-files/blob/master/addpref and execute
Code:
./addpref rehash-manifest
while your device is connected (and usb debugging is on).
You might need to add handler in the email for the home button to work correctly, in a similar fashion as in verticalhome (which is the name of the folder containing the homescreen app, not "homescreen").
Good luck! Don't hesitate to ping me if you need any help.
---------- Post added at 11:00 AM ---------- Previous post was at 10:46 AM ----------
Dude I just tried this and it's working like a charm. The thing that took me the most time was the configuration of the email account

Categories

Resources