Hi there,
Has any one tested the hardware disc encrytion that Samsung touted pre-launch? Are there any white-papers on how this works?
"Samsung has also taken steps to include Enterprise software for business users, that include On Device Encryption, Cisco’s AnyConnect VPN, MDM (Mobile Device Management), Cisco WebEx, Juniper,[28] and secure remote device management from Sybase.[36]"
Source https://secure.wikimedia.org/wikipedia/en/wiki/Samsung_Galaxy_S_II#Bundled_applications
Regards, F.
I asked on the CM forums, and CM does not have any disc encryption, yet. DOes anyone know about Samsung's offering?
BR.
Shame-less bump, in case some one has bought the i9100 by now and found the encryption option. Any one?
I found this gumpf about it. Its a third party product provided by Sophos.
"Antivirus & Firewall Security for Android Devices with Disk Encryption
SophosWith rising security threats and growing demands for the need of end point protection and data security are growing and so does Sophos comes forward and launches a mobile control which is mainly designed and is developed for smart phones like Android. This product comes with Sophos Anti-virus, Sophos Client Firewall and Sophos Disk Encryption which protects from threats and provides the disk encryption.
Basically, the SOPHOS secures the smart phones by centrally configuring all the security settings and then also it enables the lock down of unwanted features. With strong set of password and security policy it can even control the installation of apps, blocking use of cameras, browsers like You Tube etc. Also, additionally you can easily secure the access to the corporate mail by setting up the registered devices to access the mail.
Sophos Mobile control secures the mobile devices by centrally configuring security settings and enabling lock down of unwanted features. The features like strong password policy and lock period, control and installation of applications and blocking usage of cameras and browsers will help in enabling the enforcement of consistent "
Source: hxxp://androidadvices.com/antivirus-firewall-security-for-android-devices-with-disk-encryption/
galaxy s II I9100 has disk encryption built-in but disabled
I went through the files in initramfs and i found :
1) lots of encryption related strings and error messages in the /init executable
2) /init.rc has an event handler "on property:encryption.bootmode=remount"
3) /res/encryption.conftab - a configuration file that maps directories like /data to /dev/mapper/data to /dev/block/<data block device>
important point is that /init executable contains the name of this file and error messages relevant to the processing of this file.
4) /res/images contains images that together are a encryption graphic UI
Conclusion: Block-device level encryption is available and configured through dm_crypt by the init executable and some configuration files. Some flag probably exists somewere to enable this encryption.
Guess: after the flag is flipped the device should ask during boot for encryption password and encrypt /data /efs /cache /sdcard directories. On consecutive re-boots the same password will be asked to be able to mount through the configuration file(s).
Anyone knows how to enable the damn thing? Apparently Sybase have an app called Afaria AES for samsung that enables this functionality. I guess that they are doing it using some unpublished samsung security API. Maybe an extension of the DeviceAdmin class. Anyone know a way to check this?
I configured the standard email client to connect to my exchange server which enforces an encryption policy and then I got prompted to that my SGS2 would then encrypt itself.
I've no idea if there is a way to do it manually or even how to un-encrypt it if I ever remove the exchange account.
dwod said:
I configured the standard email client to connect to my exchange server which enforces an encryption policy and then I got prompted to that my SGS2 would then encrypt itself.
I've no idea if there is a way to do it manually or even how to un-encrypt it if I ever remove the exchange account.
Click to expand...
Click to collapse
Hi, When you say, the SGS would encrypt itself, did you mean that the internal discs would be encrypted, or was this referring only to the connection over Email. I think the latter and if so then this is not the correct thread for this discussion. If the former then this is remarkable.
I am also looking for a way to enable encryption. The ability to use hardware-assisted file encryption was the first thing that caught my eye when they presented the SGS II at MWC.
I have contacted Samsung about this (twice) and they were not really helpful at all. They only replied that you need third party tools to use the SGS II encryption features and that there is no tool included with the handset. They also ignored my inquiry for a documented API which would make it possible to write a little program to switch encryption on.
It seems that Sybase Afaria is one of the solutions with the desired ability, a Microsoft Active Sync server is another, both enterprise level products. The Sophos product mentioned above might be yet another.
If we could only get some information about the API all these products must use to administer the phone!
fryandlaurie
@forgetmyname:
I'm pretty sure that it is about file level encryption: Connecting to a corporate exchange server allows the server (if configured accordingly) to enforce a host of security policies on the phone. One of these policies may well be the encryption of all mail traffic but I doubt that you would be prompted to acknowledge that.
fryandlaurie
It would be great to be able to file encrypt private photos, I don`t think its enough with a program that requirre a password to show the hidden files. As if one have physical access to the phone one can easely get the pictures.
Two options for i9100 Encryption
oleost said:
It would be great to be able to file encrypt private photos, I don`t think its enough with a program that requirre a password to show the hidden files. As if one have physical access to the phone one can easely get the pictures.
Click to expand...
Click to collapse
On Stock Samsung ROMs pre-ICS you can use Galaxy Device Encryption free or pro by hellcat (see google play) for full device encryption, including optional encrypting of the external SD card. Note, it has to be stock rom for this to work on GB and this only works on certain Samsung models that they added the encryption ability to the OS but didn't give the user a way to activate.
ICS supports encryption natively and gives the user access to turn this on without a push from an exchange server or the like, assuming this hasn't been removed/disabled by the developer of the ROM you're using.
Ed
Hi,
I made a new app: NFC Safe!
With NFC Safe you will be able to encrypt your private data with a NFC Tag (e.g. NFC Key Fob). You can add unlimited custom folder and entries. You will have only access to those entries with the specific NFC Tag! This is much more secure than protecting your data only with a password!
You can use any NFC Tag for this app! Your NFC Tag will be written with some data so it can only be used for this app.
NFC Safe | Windows Phone Apps+Games Store (United States)
Would be nice, if you test my app! My app is available for free!
With one of the next releases it will be also possible to encrypt/decrypt media files (images, audio, etc.)
Best Regards,
Sascha
I don't have any NFC tags on me right now nor would i really use this, but i have to say, this is a really cool idea!
While I understand if you're hesitant to post it, I'd want to review the app's source code before using it myself. Getting cryptography right, even when just using existing and well, implemented pieces, is vastly harder than getting it wrong. What algorithm do you use to encrypt the data? How about generating the key data? Are you using secure buffers? Initialization vectors? How are you detecting which key is correct for the data you're trying to access; is there a hash? What hash function? There are a lot of other important questions here, too.
With that said, the idea is fantastic. It would be especially great if you could support two-factor authentication (password + NFC tag, in this case) for extra-sensitive data, although password management in crypto has its own set of problems (what key derivation function, with what parameters? How are the password verifiers stored? Etc.)
Sorry for late reply!
xandros9 said:
I don't have any NFC tags on me right now nor would i really use this, but i have to say, this is a really cool idea!
Click to expand...
Click to collapse
Then you should buy an NFC Tag! They are really cheap. For example you could buy a NFC keyfob, so you will have your NFC tag always in your pocket and as said, such a NFC Tag costs ca. 1 USD at ebay
GoodDayToDie said:
While I understand if you're hesitant to post it, I'd want to review the app's source code before using it myself. Getting cryptography right, even when just using existing and well, implemented pieces, is vastly harder than getting it wrong. What algorithm do you use to encrypt the data? How about generating the key data? Are you using secure buffers? Initialization vectors? How are you detecting which key is correct for the data you're trying to access; is there a hash? What hash function? There are a lot of other important questions here, too.
With that said, the idea is fantastic. It would be especially great if you could support two-factor authentication (password + NFC tag, in this case) for extra-sensitive data, although password management in crypto has its own set of problems (what key derivation function, with what parameters? How are the password verifiers stored? Etc.)
Click to expand...
Click to collapse
Hi thanks for your feedback and your questions! I think you misunderstood my app. It's not a military app, where the highest security is important! My app doesn't need to encrypt the data, because the data is stored on your Windows Phone in the application data storage. Noone has access to this. If ever any person has access to those data, you and all other Windows Phone users have a very big problem!
So, my app is an app, not a Windows Application, where virus, NSA, etc. have access to your data There are a lot of apps which protect your personal data with a password. So if someone else has your phone (stolen, or a friend while you are not watching at it), he will be able to see your data, if the know your password (this is not impossible!) or guess your password! So my app protects your data with an NFC Tag. It's very comfortable to use and faster than typing a password and also more secure, because the third-person needs your phone AND your NFC Tag.
However, my app also encrypts the whole data, so even if someone have access to the application data storage, he will be unable to read your data. Windows Phone has a built in encryption mechanism, which can be used from an API. I'm using this encryption mechanism. This mechanism uses Triple-DES. It uses the user credentials and a randomly generated password (GUID with 36 chars/numbers and "-"-sign) to encrypt the data.
Hi! Welcome to XDA-Developers, where all of your assumptions about what cannot be accessed on the phone are wrong, or will be shortly!
OK, that's half a joke. But only half... as it turns out, the claim that "... Windows Phone in the application data storage. Noone has access to this." has been untrue for months. Check the Dev&Hacking forum, especially the Interop-unlock and SamWP8 Tools threads. We have the ability to access the entire WP8 file system. Currently that access is only via MTP (USB connection), but I and other people are working on extending it to homebrew apps as well.
Moving on... 3DES (even if used with a good mode of operation and a unique initialization vector, which I am guessing you probably didn't do) is obsolete and should not be used anymore. While it is considered adequate for existing code, it should not be used in new software, and cryptographers have been recommending a move to newer ciphers (such as AES) for years. As for using a GUID as a password, GUIDs are 128 bits (the dashes don't count, because they are always the same value in the same place, and each of the other 32 digits is hexadecimal only, meaning merely 4 bits of data), which is plenty if they are generated securely; however, most GUID generators do not use cryptographically secure random number generators. GUIDs are supposed to be unique (that's what the U stands for), but are not guaranteed to be unpredictable (which is one of the key requirements for an encryption key), and the way they are generated reflects this.
Oh, and good security is important in an awful lot more places than "a military app"! In fact, there's no such thing as "military-grade" encryption, really; there's only good encryption, and encryption which shouldn't be used for any purpose. For example, modern TLS (Transport Layer Security, the replacement for SSL or Secure Sockets Layer) cipher suites are intended to be secure even against governments and megacorporations (although there is of course suspicion as to whether the NSA have broken some of those cipher suites)... but TLS isn't just used on extremely sensitive stuff like top-secret documents and such, it's also used when browsing Facebook and Twitter, or accessing Gmail, or many other things of similarly minor sensitivity.
Thank you for explaining the intended use cases of the app, though. Do please be careful when making claims such as that something is "much more secure", though; you are liable to mislead people. TrueCrypt, a PC app that performs disk encryption and is intended to stand up to very powerful adversaries, uses only a password most of the time - but I would expect that, given a well-chosen password, it is more secure than this app. There are many critical components to security, and only the weakest link in the chain matters.
For what it's worth, if you are interested, I would be happy to help secure the app (on my own time, free of charge) as it sounds like something that I would quite like to use, if I could trust its security.
What exactly is your problem?!?!
I said, that noone has access to the Application Data Storage and this is true! There is no Virus available for Windows Phone and there is no App in the Store available which has access to another app's data storage! We are not talking about some special cases where the third-person already have STOLEN your device, because nothing in this world is safe! NOTHING! Everything can be hacked! Also I didnt know that all current Lumia devices were hacked. Other devices are not relevant (Nokia has a market share of more than 90%!).
The built-in encryption mechanism in Windows Phone is the same almost ANY Windows Phone app uses! Any banking app, Facebook, eBay, PayPal. The Wallet feature of Windows Phone uses it. If you have set up accounts (E-Mail, Microsoft Account, Office365, etc.) your passwords were encrypted with the SAME API my app uses. So if you think this API is totally unsafe, WHY THE HELL are you using Windows Phone? Also Windows Vista, 7, 8 and 8.1 uses THE SAME API for a lot of thinks. So please don't use Windows anymore!
I said, my app is more secure THAN AN APP which only uses a password and that is true. Also my app additionally encrypts the data and not only block the access to the data (which a lot of other apps only do!).
Please decrypt the attached file and tell me, how you did that and how long it took Thanks!
Whoa, whoa, calm down.
First of all, don't count on that "no app in the store..." business; There's *probably* no malicious app that can do so, but OEM apps can, if they have som reason to do so, access other app's install and data folders. I've written apps (using the Samsung OEM components, which are clumsy for the purpose but *do* work) to do it myself. It's not something you're likely to see in widespread use, but it's possible.
If you aren't bothering with the case of your phone being stolen, what's the point of the encryption anyhow? I mean, prevention of data loss in the event of device theft is one of *the* key use cases for data storage encryption! It's the rationale behind things like BitLocker (which is available on WP8, but only if the user has connected their phone to a company's Exchange server that pushes a policy requiring device encryption).
If you were honestly worried about market share, you probably wouldn't target WP at all; Nokia's fraction of the WP market share is lower than WP's fraction of the smartphone market share. Nonetheless, you are correct that, at this time, Nokia WP8 devices haven't been cracked. Nor have HTC's phones. I'm confident that this will change in time, though. You might have misunderstood my little joke at the start of my last post... but breaking into smartphone operating systems, getting past the lockdown policies that say "noone[sic] has access" (it's "nobody" or "no one", by the way) and taking those decisions into our own hands.
I guarantee you that the vast majority of WP apps don't use 3DES. I *know* full well that the Microsoft code doesn't; they had already deprecated that cipher years ago, when I interned there, long before even WP7 existed; its use was prohibited for new code. Just because you used the DPAPI (Data Protection API) doesn't mean you used it correctly (and by the way, that internship involved working on encryption in Windows, writing test tools for it). Please don't take this as some kind of personal insult; in my line of work (security engineer), I see a ton of misuse of cryptography. It is, as I said in my first post, hard to get right. That's why I offered to help.
I'm not going to bother taking the time to figure out what cipher you used on that file, and what its contents are supposed to look like enough to start doing any cryptanalysis, but I guarantee you it's not very good. There are repeated patterns, including long strings of null bytes, that are phenomenally unlikely to occur in a file that short after passing it through even a half-decent cipher (we're talking 1-in-several-billion chance here, no joke). Coming to this conclusion took all of a few seconds, by the way, using no tool more sophisticated than Notepad++. If I was pulling it off of a phone, I'd have a lot more idea of what type of plaintext to expect, and I could examine the decompilation of the app to see what ciphers were used, which would make things a lot easier. I'd say "for all I know, you just took the output of CryptGenRandom and put it in a file" but if you had, it wouldn't have had obvious patterns in it... in any case, it doesn't matter. I don't have to prove anything to you. I'm *trying* to help, and offer some good advice as well, but I can't force you to take it. There's no call for getting defensive, though. I wrote a file encryption utility myself one, in fact. It sucked, so then I wrote a program to break its encryption. Both experiences (but mostly the latter) taught me things.
A new version is available now, which includes image/photo encryption, OneDrive backup, bugfixes and other small improvments!
http://www.windowsphone.com/s?appid=0a8656d4-ed32-4bb5-baac-1317827e18d8
Hi,
I have a question:
My app is available in German and English since one year now! It was downloaded over 1000 times in Germany, but only 80 times in USA, UK, etc. I got 40 reviews (4-5 stars) in Germany and only one bad review in USA. So could someone explain what's wrong with my app? Is it not visible in the US Windows Phone store? Is my app very bad translated? Are there no Windows Phone users in the USA? Or maybe no one use NFC in the USA?
Best regards,
Sascha
Sorry, I don't tried your app yet but will try to answer your questions.
First, probably it's something wrong with your marketing, not the app Le me say: 1080 downloads per year - it's too small number (even 1000 in Germany). For example, my "marketplace entry ticket", "Lunar Lander Touch" app, very unpopular and underrated (but it's still one of my favorite games on WP, and good alcohol tester ), has 4078 for the year 2013.
As for NFC: I've tried to use it but stopped because of very uncomfortable WP implementation. That service should work flawlessly, without user interaction, stupid questions and dialogs, to be useful and popular. But unfortunately it's not (for the Windows Phones). Microsoft must add an option to disable NFC warnings.
P.S. I may recommend you to use "Snowden case" for advertizing
Thanks for your feedback!
Yes, I know that the download numbers are very bad, but I don't have an idea how to improve this. Because of my app is free and my private hobby I don't have money to buy ads, etc.
Improving my app had not effect. Thanks to DVLUP I "bought" ads for 50$ with AdDuplex, but this also had no effect.
It's really hard for individuals to get their apps famous and in a higher ranking in the Windows Phone Store without investing money
I understand... AdDuplex is really bad: I've tried once ($100 from DVLUP meeting plus I've bought another $100 coupon for $40) during a week - no results at all. Complained to AdDuplex support and manager gave me additional $300 for free, to spend within one day (sic! He-he, I wish to get $300 daily from my app!) - still no visible results, just a regular download fluctuations...
What you may try: advertise on more forums, prepare good pictures/screenshots; may be, video clip "howto" will be helpful. Embed RateMyApp Nokia's control (check NuGet) to your form. If you have XP on DVLUP, spend 'em for advertising campaign (these ones are extremely effective!).
P.S. I also thought about xda-based developers club, with "rate 5 stars my apps, and I'll rate yours" rule but I don't know how to implement it properly (but good customer rating is very important for the app distribution).
Thanks!
I already added RateMyApp. This was really helpfull to get more reviews. It's a pity that I had not implemented such a thing from the very first time my app was added to the Windows Phone Store :-/
I "bought" 1 week in App Social (DVLUP). Hope this helps. But it is also only in Germany.... I have enough users and reviews in Germany, I need them in USA, UK, etc. The problem with the DVLUP campaigns is, that you need at least 50 or 100 reviews (and 4,5 stars) as a requirement for the advertising. But you don't have so many reviews and that's the reason why you need the campaign to get more reviews, but you can't buy the campaign... A vicious circle!
I will do my best to get more downloads in other countries than Germany!
Hey, thanks for this app i find it realy useful.
Danke!
And here is the idea for the ad banner
Great idea
btw: Version 2.1 with new type "User Credentials" is available now!
Ok, I stopped developing, it's not worth. Sorry!
how secure is Remix-os and Android-X86?
can I, for example, run my bank-app on it?
Thats a good question...
Do you trust google?
Would you trust ex-google employees? (Remix developer team)
Do you trust.. all your apps, that you installed?
The RemixOs M comes pre-Rooted and has therefore a higher chance for malware takeovers
So... how knows
Ps... installing a firewall.. is adviced (like netguard,you can select what apps can connect to the web)
capoeiraES said:
how secure is Remix-os and Android-X86?
can I, for example, run my bank-app on it?
Click to expand...
Click to collapse
That sort of thing depends on the bank app. Most have set conditions that have nothing or very little to do with Android version but rather the hardware used [where they can ensure the OS is exactly the same and unaltered on the same device]. Bank apps may report things like 'altered OS detected' or 'you're device has been rooted' and refuse to work; but most of the time the issue is that the device itself is blacklisted by the app.
mitchell4you said:
Thats a good question...
Do you trust google?
Would you trust ex-google employees? (Remix developer team)
Do you trust.. all your apps, that you installed?
The RemixOs M comes pre-Rooted and has therefore a higher chance for malware takeovers
So... how knows
Ps... installing a firewall.. is adviced (like netguard,you can select what apps can connect to the web)
Click to expand...
Click to collapse
This is false having a rooted device can actually increase security if you know what your doing.
Sent from my DROID Turbo using XDA-Developers mobile app
gangrenius said:
This is false having a rooted device can actually increase security if you know what your doing.
Sent from my DROID Turbo using XDA-Developers mobile app
Click to expand...
Click to collapse
Man I know Linux (Arch) very well, but I still don't understand Android.
can I do things like compile Linux packages in terminal? or does Android only execute APK?
I have the same concern as OP. I understand computer security but I can't say the same about phones/tablets.
My concern is, would it be possible for the OS to log your key entries and have access to those data? Or keep a log in the system that contains sensitive data? I know, I sound paranoid but it's better to be safe than sorry. I just installed RemixOS on my old Nexus 10 and I'm really impressed with the performance.
I always have these types of concerns when installing custom roms. If someone can help me understand the situation better, I'd appreciate it. Thank you.
hooman64 said:
I have the same concern as OP. I understand computer security but I can't say the same about phones/tablets.
My concern is, would it be possible for the OS to log your key entries and have access to those data? Or keep a log in the system that contains sensitive data? I know, I sound paranoid but it's better to be safe than sorry. I just installed RemixOS on my old Nexus 10 and I'm really impressed with the performance.
I always have these types of concerns when installing custom roms. If someone can help me understand the situation better, I'd appreciate it. Thank you.
Click to expand...
Click to collapse
NO. I don't recommend sensitive data running Windows 10, Ubuntu based distro's, android, or IOS
the way how Jide is displaying ads in the OS is a definite IDGAFF about security.
as for android-x86
http://www.android-x86.org/documents/analytics-program
WIndows 10
adobe flash built-in. if you remove it you lose system updates.
good luck disabling cortana. if you actually manage system updates will enable it again
Ubuntu
12.04.1 LTS user updated to try newer LTS's. WTF did canonical do?
Maromi said:
NO. I don't recommend sensitive data running Windows 10, Ubuntu based distro's, android, or IOS
the way how Jide is displaying ads in the OS is a definite IDGAFF about security.
as for android-x86
http://www.android-x86.org/documents/analytics-program
WIndows 10
adobe flash built-in. if you remove it you lose system updates.
good luck disabling cortana. if you actually manage system updates will enable it again
Ubuntu
12.04.1 LTS user updated to try newer LTS's. WTF did canonical do?
Click to expand...
Click to collapse
Well I see your point, what I mostly am concerned about is that RemixOS is closed source, so I don't know if users data could be abused or used in a way that is not ethical. Again, I am not saying it is. I just am curious to know if there is evidence proof that it's not. I'm just trying to be more educated in this regard. Thank you.
hooman64 said:
Well I see your point, what I mostly am concerned about is that RemixOS is closed source, so I don't know if users data could be abused or used in a way that is not ethical. Again, I am not saying it is. I just am curious to know if there is evidence proof that it's not. I'm just trying to be more educated in this regard. Thank you.
Click to expand...
Click to collapse
closed source is the problem. we don't realy know what is in the code at all.
capoeiraES said:
closed source is the problem. we don't realy know what is in the code at all.
Click to expand...
Click to collapse
True!
Does anybody know if there is a tool to monitor OS activities?
To monitor data.. android tuner by 3c (you can also manage startup apps)
To manage data.. netguard.. firewall, seems a to be a good app
Cheers
mitchell4you said:
To monitor data.. android tuner by 3c (you can also manage startup apps)
To manage data.. netguard.. firewall, seems a to be a good app
Cheers
Click to expand...
Click to collapse
Thanks buddy.
If you really want to find out exactly what it's doing set it up with a wired Ethernet connection through a trusted device (device would need two Ethernet ports.) Run wireshark or similar on trusted device. Leave it in this configuration for days, not hours. As for security in android your best bet, as with all modern electronics, is to invest in a hardware firewall to put it behind. Untangle NG or the like can even be run on an old computer. Failing that, root plus a firewall that writes to IPtables, which is what protects most of the internet anyway. AFWall+ is an example of that.
tjmidnight420 said:
If you really want to find out exactly what it's doing set it up with a wired Ethernet connection through a trusted device (device would need two Ethernet ports.) Run wireshark or similar on trusted device. Leave it in this configuration for days, not hours. As for security in android your best bet, as with all modern electronics, is to invest in a hardware firewall to put it behind. Untangle NG or the like can even be run on an old computer. Failing that, root plus a firewall that writes to IPtables, which is what protects most of the internet anyway. AFWall+ is an example of that.
Click to expand...
Click to collapse
This is great info. I m gonna try this and see if I get anywhere. Thank you very much for the info.