[Q] Android App Management - Android Q&A, Help & Troubleshooting

Hello all,
I'm looking for a solution that will allow me to manage apps remotely.
I have a closed network (no Internet access) for Android devices that will be accessing an "app store" hosted on a server which, as far as I know, can be a simple web server that hosts .apk files for download.
This is an OK solution but I'm looking for open source or even 3rd party "app stores" that have the capability to manage an Android device from a central server. I'd like it to not only install apps but also automatically push app updates to devices or remove apps remotely.
I'm guessing apps like f-droid could be modified to point to a repository on a local server for users to download apps but this doesn't do much as far as remote management.
Thanks!

Related

Online Privacy Shield: Find apps that have access to our social profiles data

FreakSense: Online Privacy Shield is able, once downloaded and installed on our Android smartphones or tablet, to scan and do a search on all the applications installed on the device that we have access to our online profiles. The search can be carried out to discover the applications that have access to our data from Facebook, Yahoo !, Twitter, Google, LinkedIn, Dropbox, Instagram and Flickr. These are the main ones, but you can add other online services.
Online Privacy Shield also will catalog the software used on the PC
What might seem strange is that it should be listed not only the applications that you have currently installed on your device, but also applications that have also uninstalled a long time or you have installed on your PC. But what assures us that not Online Privacy Shield does just what he fights for? I mean, who assures us that it does not store our data?
The answer lies in the fact that, in addition to being specified in the description on the Play Store, whenever we want to scan an online service, we have to re-enter again our data.
cloudyjohn said:
FreakSense: Online Privacy Shield is able, once downloaded and installed on our Android smartphones or tablet, to scan and do a search on all the applications installed on the device that we have access to our online profiles. The search can be carried out to discover the applications that have access to our data from Facebook, Yahoo !, Twitter, Google, LinkedIn, Dropbox, Instagram and Flickr. These are the main ones, but you can add other online services.
Online Privacy Shield also will catalog the software used on the PC
What might seem strange is that it should be listed not only the applications that you have currently installed on your device, but also applications that have also uninstalled a long time or you have installed on your PC. But what assures us that not Online Privacy Shield does just what he fights for? I mean, who assures us that it does not store our data?
The answer lies in the fact that, in addition to being specified in the description on the Play Store, whenever we want to scan an online service, we have to re-enter again our data.
Click to expand...
Click to collapse
Didn't know about this app before. Doesn't seem that useful to me frankly. I'd rather restrict access to my info than simply be told who has already acessed it. Furthermore, it is not open source. That is usually a no-no for security/privacy apps as you then have to hope the developers aren't lying about any claims they make.
Have a look at OpenPDroid or even CM11 in-built Privacy Guard or AppOps for some examples of tools that restrict what apps can do/access on your device.
Incidentally, having to re-enter your online credentials isn't evidence of anything. The app may still transmit your data and credentials to external servers without your knowledge or permission anyway and the need to re-enter the credentials just ensures that it always has up-to-date credentials in case you changed your passphrase/password for instance. An open source app that you can build yourself removes any doubt.

android pay in system administrators without installation of android pay

Hi,
I noticed the android pay has been added to device administrators in my android phone. I haven't installed android pay.
I have google play sevices 8.3.01.
I found nothing in google search about it.
Do anyone know if this is a part of google updates?
Let's return to this thread as I observed certain behavior.
Once I installed bank application - google pay device admin appears however I don't have google pay application.
I figured out that it is embedded into google services framework.
I disabled admin using system tuner but despite that admin appears again in random times.
Obviously bank app uses some google's function or google framework scans device periodically and enables it again.
It is not related to use bank app, nor reboot, nor google wallet in general.
I wonder if anyone has an idea what function is triggering admin to be active again and again.

NoRoot Firewall

Disclaimer: I know nothing on how to configure firewalls except for adding apps to the whitelist/blacklist.
Tried using NRFW and I noticed a few things:
1. I've consumed 12.54GB and 9.77GB was by NRFW. What's happening please.
2. I've tagged some apps that can only connect when I'm on wifi, yet I'm still getting notifications when I'm on mobile data. For example, the Facebook app and some games.
3. How do I determine which IP address should be allowed or blocked? For example, I see IP addresses pointing to Akamai and my ISP.
4. Is it a good idea to turn off background data? I restricted it on mobile data and allowed it when on wifi but some apps would not load properly even when I'm connected to a wifi network.
Thanks in advance! And please excuse me if I posted this in the wrong forum.
EDIT: I'm referring to Grey Shirt's NoRoot Firewall.
I read up a bit and learned that 1e100.net are Google's servers. I understand that these point to ads too. I also noticed my ISP's name shows up under these.
Do I allow these or do I block them?
First of all: sorry for answering so late ;-) ...:
- in my opinion, your traffic from internet is being redirected through this NoRoot Personal Firewall unto your smartphone
- so, the 9.77GB you mentioned were 'routed/directed' through the NRPFW - the rest was not (? - maybe for Android-Updates or anything?)
- as you could most probably see, all of these 9.77GB were allowed to pass through from the internet servers (akamai or google or microsoft or ibm or yahoo or many more..) to your smartphone ('s apps / system apps)
- notifications about your mobile connection(s) MAY simply be wrong (as i found out) - seemingly a bug in the NRPFW-app (?)
- akamai is one of the " intermediate servers" or main server for a couple of websites:
for example, when you open the 'WashingtonPost'-website on your smartphone, (all) contents from their website are upon an akamai-server, because 'WashingtonPost' does not have a server on its own inside their office building maybe big enough to handle all traffic from their website to all readers in the world
- your Internet Service Provider has intermediate servers for (any) web content, too - so, you might want to allow their internet addresses
- furthermore, background data is transferred when you have an email-app and this app (gmail or yahoo-app, e.g.) is transferring data even if you had closed the email-app (so you cannot see it anymore on your launcher) or it's even running in background and checking if there's new mail when auto-started while your smartphone is booting.

Need to lock Genymotion SaaS appliance to run only 1 app in restricted user by default and prevent install 3rd party apps and access to settings

I need to run an app in Genymotion that is used for data entry and upload of the entered data into 3rd party sites. The logins to 3rd party sites are stored in this application (probably encrypted). The application will store multiple logins for my different customers of who need to have the data uploaded into the 3rd party sites. The data into the app will then be entered by other people to whom I outsource the data entry.
So I created Genymotion appliance, installed the app and in this application I entered logins for sites such as ebay. I am looking for suggestions on what can I do to secure the appliance to prevent the data being copied out from it.
I want to prevent the person to whom I outsource data entry to be able to install and load 3rd party other apps, modify system settings, install other apps, copy the system directory, copy the login and password information saved by the application.
Let's assume the worst possible case here when application is well written but the passwords mentioned above (for the ecommerce sites like ebay) is saved in plain text in this application in the internal application directory. What I know about the application is it doesn't support access to SD Card, only can read and write data to the internal memory.
What can I do in Gennymotion to improve the security of my appliance. Genymotion virtual machines are rooted. So I looked at following suggestions:
1. Setup restricted user on Android
2. Set restriction for the restricted user to only be able to use the one application. Disable anything else (including disabled browser, email, youtube etc..)
3. Try to get the restricted user loading on boot of Android. When Android restarts, however, it doesn't allow choice to login into the restricted user or the admin user, sort of like a Windows or MacOS login menu. To get the appliance to always start with restricted user by default, I need to add a script and the scripted will need to start using Tasker or MacroDroid.
However, how do I prevent the user from installing 3rd party apps? Is it good enough to disable all user apps (except that one used for data entry) from the restricted user? Is there any other way the user could abuse the access to the virtual appliance and load something there? Are there any system android apps I need to disable for the restricted user to prevent the user to be able to do anything bad with it?
The application used for data entry can not download any application or data, however, I believe it does use the webview because it loads sites like ebay and fills the forms on those sites. It only interacts with select websites only like Ebay to enter data into Ebay forms..
Is there anything I can do to secure Genymotion appliance any other than what I already mentioned. I would like to send the link to the Genymotion SaaS Android to people who will do data entry for me into Ebay and other sites. So I need to make sure the virtual appliance is secured as much as possible from tinkering with it. I need to make sure somebody doesn't get hand on the stored login details.
Just to clarify for the login credentials:
I am not sure how the user credentials are stored and I will find it out, however, for now, I go from the worst case scenario when the credentials are stored in plain text in the app settings. The user name and password is stored in the application with exception for Ebay because the many other sites do not have API key or any webservices interface, so the application would access those sites simply via a webview, and when it goes to login there it will do that by filling in the login information on the login form (simulates keystrokes). The user name and password is entered into the login form for the site. That's why the login info is stored in the application itself.
This question is not about how to secure the specific application I will be using, but how to secure the actual whole Android appliance from tinkering with.
I am aware I will the risks here, just want to do as much due diligence as I can.
Sources for Genymotion restricted user..
How to set restricted user as default user on reboot?
We would like to have an already added restricted user account be the default when we restart our Samsung SM-T580 tablets. At current we have 2 accounts installed, Admin and User The User is a use...
android.stackexchange.com
Root access - Device image User Guide
docs.genymotion.com
Done some digging so this cannot be done. Neither Genymobile or Appetize or other online Android emulators can offer fine-tuning in terms of user access. The closest is Genymobile because at least allows adding and removing access of users to individual appliances. That is however not resolving the issue with Android and in particular rooted Android, since all online emulators run rooted Android and I am not sure how that is secured against potentially malicious actors who receive access link.
The only easy way to solve it, kind of in a mickey-mousy way is to install Kiosk mode application. That kiosk app will run at every boot and it only shows the specific application. There is always risk of course the malicious user would do something to crash the application and the Kiosk app, but if the application is not a web browser or email client or similar it should be relatively safe.
There are plenty of Kiosk mode apps for Android but none of them is free (don't try to look, no chance to find one), the cheapest cost about 7 USD one-time purchase, the more expensive ones cost 20 per month per device or more and come with remote control etc... Not cheap but kiosk mode apps are almost exlusively used by businesses so that's why there is lack of free apps.
Anyhow I believe this is the closest as I could get to deal with this.

Need help with Remote Desktop Client on Android

I would like to use an android as a Windows 10 PC terminal. I'm using a Samsung Fold3 running Android 12 if it matters. It seems like a fairly simple process. Enable Remote Desktop on the Windows 10 PC. Make sure the PC's firewall (and virus protection software) passes Remote Desktop access. Install Remote Desktop Client on the Android and setup the connection to the PC.
The Remote Desktop Client sees the PC, fills in the active user account and requests the user password. I can enter the password but the android does not respond to the "Continue" button and all I can do is cancel out of it. I can also try to edit the PC configuration to setup a user account so that a password does not need to be entered each time but in this case the save button is unresponsive whether or not a password is entered.
This same thing happens whether I select the PC found on the local wifi or I enter the PC's IP address manually (with or without the 3389 port number).
Can anyone give me a clue as to what I'm doing wrong or how to proceed?
Sorry. User error. I was doing something stupid.
Never mind.
These remote desktop options allows you to access Windows from Android easily with just one click.https://www.anyviewer.com/how-to/remote-control-windows-10-from-android-0427.html
Oliviaaaa7 said:
These remote desktop options allows you to access Windows from Android easily with just one click.https://www.anyviewer.com/how-to/remote-control-windows-10-from-android-0427.html
Click to expand...
Click to collapse
Thanks for the link.
My initial problem was just a usage error getting Microsoft Remote Desktop Client to work when on the same network. I fixed that issue and am able to use it to control my PC from an android as long as I'm on the same local network which is useful but I would also like to be able to do it from anywhere on the internet.
Your link led to a discussion of this issue with the possibility of using port forwarding or a VPN to allow access to my PC from an external network with varying degrees of complexity and hacking potential.
The link also discussed using chrome and a google account to access my PC remotely. This is unacceptable because I won't use chrome and have uninstalled it from all my android devices plus although I do have a Google account, I only use it to explicitly download apps from the store and otherwise disable Google Play Services and the Google Play Store and will not use any app that requires Google Play Services to function. So this option is out.
The final option requires me to create an account at a third party site and presumably direct all of my traffic through this third party. This too is unacceptable to me.
So the question is, is there a simpler method to access my PC from an android device that's on a different network than having to setup a vpn or enabling port forwarding on my router, that doesn't require registering for and using a third party service to accomplish the goal?

Categories

Resources