2012 edition: best anti-theft app? - Android Q&A, Help & Troubleshooting

Right now it looks like Cerberus is still great - or should we take a good look at Avast and Kaspersky as well?
Prey got a lot of press hype, but it seems like on android it can't take pictures of the thief? Can cerberus be forced to use the front camera?

Confirmed that Cerberus can take pictures with the front camera. I tested it when I first installed it and it works very well. It even flashes to a bright white screen for a second in case of low light conditions.

Try Androidlost.
I found it much, much better.

Romonster said:
Try Androidlost.
I found it much, much better.
Click to expand...
Click to collapse
What he said
Sent from my SPH-D700 using Tapatalk

Romonster said:
Try Androidlost.
I found it much, much better.
Click to expand...
Click to collapse
Interesting. So you would say this is better than Cerberus? In which ways?

1. It's absolutely free.
2. Uses your Google account, no need to create another account for app and no battery drain.
3. More features- pull last 50 messages and browse/download/delete sdcard contents remotely.

Considering I got Cerberos for free during their giveaway, it's serving me very well. I particularly like the five devices I can track with it; makes me feel better about taking both my phone and tablet into public.

How effective are anti-theft apps?
Do any of these anti-theft apps prevent a factory reset or a ROM flash?
Have any independent comparisons been published?
How does SamsungDive compare to the likes of Prey et al?

I think Avast Mobile Security is a pretty good bet, allows SMS only management, and system installation so goes to the rom.
Respect to flashing the device, I think regardless on any anti theft software (cerberus, androidlost, avast mobile security) you can start the device in Recovery mode and flash a new rom, wipe cache & data and such. That is because the recovery prevails over the operating system because loads first when demanded.

AndroidLost
Win

HairyScot said:
Do any of these anti-theft apps prevent a factory reset or a ROM flash?
Click to expand...
Click to collapse
scandiun said:
I think Avast Mobile Security is a pretty good bet, allows SMS only management, and system installation so goes to the rom.
Respect to flashing the device, I think regardless on any anti theft software (cerberus, androidlost, avast mobile security) you can start the device in Recovery mode and flash a new rom, wipe cache & data and such. That is because the recovery prevails over the operating system because loads first when demanded.
Click to expand...
Click to collapse
With Avast if you allow its root options you can set the phone so that it CANNOT be data reset from the phone menus or recovery. It can block USB Debugging as well so that the phone cannot be wiped and reset that way either. You can also set Anti-Theft as an app with Admin permissions so that it cannot be uninstalled, not to mention it will run in stealth mode when active so that it doesn't appear in your apps list at all. It is also separate from the Anti-virus portion so you can uninstall that and there would be no way to tell the Anti-theft is even present on the phone.
It is amazing that it's still free, but as Avast! stated they make their money off of their PC utilities and plan to keep it free.

MissionImprobable said:
With Avast if you allow its root options you can set the phone so that it CANNOT be data reset from the phone menus or recovery. It can block USB Debugging as well so that the phone cannot be wiped and reset that way either. You can also set Anti-Theft as an app with Admin permissions so that it cannot be uninstalled, not to mention it will run in stealth mode when active so that it doesn't appear in your apps list at all. It is also separate from the Anti-virus portion so you can uninstall that and there would be no way to tell the Anti-theft is even present on the phone.
It is amazing that it's still free, but as Avast! stated they make their money off of their PC utilities and plan to keep it free.
Click to expand...
Click to collapse
Do you mean the phone won't enter on recovery holding power+volup+menu? And that there won't be the option to install update from sdcard?

MissionImprobable said:
With Avast if you allow its root options you can set the phone so that it CANNOT be data reset from the phone menus or recovery. It can block USB Debugging as well so that the phone cannot be wiped and reset that way either. You can also set Anti-Theft as an app with Admin permissions so that it cannot be uninstalled, not to mention it will run in stealth mode when active so that it doesn't appear in your apps list at all. It is also separate from the Anti-virus portion so you can uninstall that and there would be no way to tell the Anti-theft is even present on the phone.
It is amazing that it's still free, but as Avast! stated they make their money off of their PC utilities and plan to keep it free.
Click to expand...
Click to collapse
scandiun said:
Do you mean the phone won't enter on recovery holding power+volup+menu? And that there won't be the option to install update from sdcard?
Click to expand...
Click to collapse
Since I have paid for Avast! on my PC maybe I should use it for my Android devices.
Would be interesting to verify if it can prevent flashing etc.

HairyScot said:
Since I have paid for Avast! on my PC maybe I should use it for my Android devices.
Would be interesting to verify if it can prevent flashing etc.
Click to expand...
Click to collapse
As far as I know, there is no such hardware locking ability on some devices, at least in my SGS2 there is no way to prevent flashing.

does this thing really work? just a newbie here.

You can install cerberus on to the root of your phone to gain two additional features that will result in cerberus still being installed even after a delete/wipe.
Link to cerberus q&a HERE
Just expand the "I have a rooted device. Can I get additional features?" topic and follow instructions
Remember when un-installing cerberus to uninstall it the proper way to avoid problems when flashing it to root, open the app login and disable admin then uninstall

ill have to check that out

Thing is if you lose your phone the best you can hope for is a quick lock via a website to track it down or protect your data (which will already be backed up)
As long as you can secure the phone and data then how much do you really want to catch a thief?
Will check these out though as being able to lock the phone down and ensure it has to be reflashed is good, but unless you use encryption not sure how any of these can really protect the data?

scandiun said:
Do you mean the phone won't enter on recovery holding power+volup+menu? And that there won't be the option to install update from sdcard?
Click to expand...
Click to collapse
I was still able to wipe data and cache after I sent a text to set it as lost, but once the phone restarted the Anti-theft app was still active so that aspect that is common to Cerberus still works at least. I'm about to see if it survives RSD.
Edit: Alrighty. As stated Anti-theft survived wipe/reset so that part holds true, and RSD is unable to function so it is preventing USB debugging access. The only thing that shows that anything out of the ordinary is going on is that you have the option to set one app as admin and it does not appear with the rest of your apps in the app drawer, but as you can name it anything that you want only someone very familiar with Avast/Cerberus would have any reason to suspect that it's an anti-theft app.
One thing that may give it away that the phone is being tracked is that an SMS goes to the device saying that it has been marked lost and depending on your network and when the thief powers off the phone it still may show up in the inbox and they could see it. Considering that many thieves may switch SIMs as soon as they get the phone though, this should be a non-issue and is covered by the forwarding and SIM-tracking portions of the App.
I would like to play with all this further, but as of now it appears that Avast pretty much performs as promised and your phone will still be trackable even if someone does a battery pull and reset. You will have to send an additional Lost SMS if you wish to lock the phone again, but you can send your other commands: SIREN ON, LOCATE, etc and it the phone will react appropriately. The LOCATE command will give you the owner name, Cell ID, Carrier, and new ID. If they change SIM cards the new SIM info will be forwarded to the two numbers you chose as friends during setup. You can do a test to make sure they'll get the message, but I would like to actually try this but my phone is CDMA only so I can't vet that out.
Declaring lost does Automatically power WIFI, GPS, and Data back on as promised. I apparently misspoke about being able to prevent access to recovery. When locked it is impossible to access the system menus on the phone, but as noted it can be wiped and reset from recovery though Avast will survive this and it looks like Cerberus should as well since it utilizes a similar method.
Don't know how much more to ask for from an anti-theft app, especially a free one. The only nice addition would be being able to lock recovery the way you can BIOS, though this may make a savvy thief more likely to toss the phone so maybe it's a good thing that they would be able to flash a new Rom via SD and the phone could still be tracked with them none the wiser.
---------- Post added at 03:58 AM ---------- Previous post was at 03:14 AM ----------
Doallyn said:
Thing is if you lose your phone the best you can hope for is a quick lock via a website to track it down or protect your data (which will already be backed up)
As long as you can secure the phone and data then how much do you really want to catch a thief?
Will check these out though as being able to lock the phone down and ensure it has to be reflashed is good, but unless you use encryption not sure how any of these can really protect the data?
Click to expand...
Click to collapse
All my important data is backed up so that I'm not worried about. As to the thief bit, this app is great. When it becomes clear to thieves that stealing a phone will at best result in them getting a GPS tracker that they need to toss and at worse give them something that actually lands them in jail then thefts will certainly drop off. Apps like this and Cerberus will make phone theft something that's benefits certainly do not outweigh the potential costs.

The reason Avast and Cerberus (or just any other system app) survives a wipe/factory reset is because they are in the System folder... all those apps aren't deleted when you perform a wipe...
But sure enough, if the thief flashes a new ROM from recovery then all apps are gone, nothing will survive that!
Anyway, Avast seems to be the way to go since is free ;-)

Related

Android Security [questions, problems and discussion]

Hello all
As someone handling sensitive information, I would like to investigate the security Android is dealing with.
First of all I got scared when I bought the app called SQLite Editor. It had all of my most vital passwords just stored in plain text. What I did immediately was a format of both internal and SD card as a reaction. However, I couldn't even find a feature to secure wipe the internal memory, while I've DBAN'd the SD card 7x.
So my thought was, I have to encrypt it. ICS seems to have a nice feature for that, however, it doesn't kind of work for me. I'm currently on cm-9.0.0-rc1-tinystream-hephappy-p500 (RC1-Rev.B). I went to Security in System Settings and touched "Encrypt Device". It gave some confirmations and I've accepted them however, now I'm kind of stuck on this screen.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
My first thought was "it is encrypting". But after hours of waiting, I wanted to check if it's done already. So I clicked the power-button once (just to unlock) and it asked for my password. I've entered it and it just went into my normal launcher. I've checked if anything had changed and no, my device has not been encrypted. Any logs somewhere? Any ideas what could have caused the problem?
Beside that, I asked myself the question "how secure is my Google account". As I am not planning to store any password to my device anymore, I am still connected to my Google account. I have DroidWall blocking all connections (except for my OpenVPN one).
Now my question is, what if my phone gets stolen. Does my SD-card contain any sensitive data, that's the first question. I am using LINK2SD to put everything on my SD card by the way. What security does Android use to connect to my Google account? If the thief turns on wifi and starts sniffing what data passes, what exactly would a hacker be able to sniff from me? Even then, my contacts contain valuable information. If my phone gets stolen, a hacker could simply steal all of my contacts, can't he?
Does someone have any idea to secure my phone? To connect to the internet I have OpenVPN working and blocking other connections with DroidWall. So the real case is, the data on my phone itself. Even if I use a anti-theft tool from the market and do a remote factory reset, the thief would still be able to use a datarecovery tool and so I would be screwed...
Another question: is it possible to combine a password lock and a slide lockscreen? As when I now enter my password and then put my phone in my pocket, it automaticly presses lots of things I don't want to press as there is no lockscreen for 30 minutes (I made the modification to the settings as my password is very long and I don't want to re-enter it each time). It would be perfect if a password lock would be on there to boot the phone (and even better to decrypt it) and every next time without rebooting the phone getting a patern unlock, that would be great.
So, if you can add anything usefull about securing or what security Android uses, please let me know.
Thank you very much
PS: One completely different question: does someone know why my phone boots when I plug it in to a charger? I don't like that, I want to charge without booting.
Encrypting the device will just make your device request a password each time you power it on. Since you securely erased your SD card (7x), it'll be somewhat difficult to recover those files. Just to be sure though, you could erase it using 35x (you may also want to defrag any files first). Your device connects to your Google account using a secure connection (more detailed here: https://developers.google.com/secure-data-connector/docs/1.3/security). If your contacts were synced with your Google account, it'll be ridiculously easy for anyone to access them (as long as your device is still linked to your account). So yes, a hacker could gain access (you wouldn't even need to be a hacker to do it; It's that simple).
This is quite a useful app to secure your device: https://play.google.com/store/apps/details?id=com.morrison.applock&hl=en. There are some methods to get around it, but you are able to prevent them from happening so it's still quite handy. If you remotely wipe your device, a "theif" may not be able to recover your data. Data recovery tools usually deal with external memory, so it'll be harder to recovery your device's internal data.
Yes, it is possible. If you set a password lock on your device and use some 3rd party screen lock, then you can use them at the same time. Remember you can also setup a SIM lock.
P.S: Does your device boot up fully or just to the battery charging icon? Does your device boot into recovery mode while attempting to charge it while off?
Thank you for your valuable reaction. According to what you say, Android actually doesn't care about security at all. I've just read that the Device Encryption isn't even 256-bit AES, but only 128. However, according to the link I can see that it actually uses some kind of VPN to connect to my Google account? If it is that secure, can I assume that my SQL Database of the Googel account also has extra encryption on it? And how far do you think that tunnel connection goes, does it also count for the GMail app or just for the basic Android connection? However, my contacts are indeed synced with my Google account. What do you suggest to do then? Noone should ever possibly get access to it. Let's say that I want to be as secure as that even the FBI or CIA won't be able to access it, any suggestions to accomplish that?
What I'm thinking about now is unlinking my Google account with my Android device (or even flashing a rom without Google Apps), but what would my phone make sense then? All of my contacts, numbers and more are stored on my Google profile, no other place. You also mentioned "so it'll be harder to recovery your device's internal data", from which I presume it is possible. Because I'm kind of paranoid because of what happened to me in the past, I hereby think that the only way to fix it is by encrypting the device. However, I can't get past that logo and a 3rd party app doesn't seem to do that kind of job (except for WhisperCore, which has been out of development since it has been bought by Twitter).
An interesting idea that I've just thought of is importing my contacts into Skype and then just always use the Skype app (combined with 3G). Skype always uses a 256-bit AES encryption and so it is secure for sure.
So, what do you think? Should I unlink my Google account with my Android device? Or should I just disable sync? Also, in my experience, there indeed always is a way to bypass an app locker (as easy as just removing the app, which can easily be done from recovery).
PS: It fully boots up. My previous version of CM9 booted to the battery charging icon, it's that that I want back.
Set a pattern unlock... it is FBI-proof as stated by CNET (if I've not mistaken)
And even amazon is using 128-bit... that isn't anything strange that Google isn't using 256-bit
Accidentally sent from my Google Nexus S
Yes it does use that connection (it wouldn't make sense to make it "open stream"). Your database files can be easily accessed from your device. The information will be secured in your Google account, but hackers can still find ways to access it (difficulty would depend on what you do). The tunnel connection goes for all your Google apps. Well if you're that paranoid, you'll probably want to remove your contacts from your Google account and disable sync.
If you do that, you will not be able to access any Google services from an app, your device will be missing important Google framework files, and you will not be able to download apps from the Play Store. Everything's possible .
Yes, you could do that. Keep in mind that the number of bits isn't necessarily important. See here: http://www.bestsslcertificates.com/articles11.html.
I would suggest disable sync.
P.S: Did you change your recovery since then?
melvinchng said:
Set a pattern unlock... it is FBI-proof as stated by CNET (if I've not mistaken)
And even amazon is using 128-bit... that isn't anything strange that Google isn't using 256-bit
Accidentally sent from my Google Nexus S
Click to expand...
Click to collapse
I am going to be honest, the first thing I did when I read this was laughing. But after some research, I saw you actually have a point. I've just read this: http://www.electricpig.co.uk/2012/0...roids-old-school-pattern-unlock-is-fbi-proof/
But then I ask myself, how hard can the FBI suck? If I'm right, you can just reboot into recovery and then access everything from there? Even disabling the pattern unlock from there is an option, no?
Beside that, what about encrypted messaging and encrypting calls. There are lots of apps available for that, but none except for Skype is stable and non-ugly at the same time.
Rakoen said:
I am going to be honest, the first thing I did when I read this was laughing. But after some research, I saw you actually have a point. I've just read this: http://www.electricpig.co.uk/2012/0...roids-old-school-pattern-unlock-is-fbi-proof/
But then I ask myself, how hard can the FBI suck? If I'm right, you can just reboot into recovery and then access everything from there? Even disabling the pattern unlock from there is an option, no?
Beside that, what about encrypted messaging and encrypting calls. There are lots of apps available for that, but none except for Skype is stable and non-ugly at the same time.
Click to expand...
Click to collapse
You can't change the setting in recovery, eg. Disable pattern unlock. It is a setting, unless you are just a little bit lucky, or else system will be corrupted
Accidentally sent from my Google Nexus S
Rakoen said:
I am going to be honest, the first thing I did when I read this was laughing. But after some research, I saw you actually have a point. I've just read this: http://www.electricpig.co.uk/2012/0...roids-old-school-pattern-unlock-is-fbi-proof/
But then I ask myself, how hard can the FBI suck? If I'm right, you can just reboot into recovery and then access everything from there? Even disabling the pattern unlock from there is an option, no?
Beside that, what about encrypted messaging and encrypting calls. There are lots of apps available for that, but none except for Skype is stable and non-ugly at the same time.
Click to expand...
Click to collapse
You could "encrypt" your messages and calls with an app locker (make "settings" be a locked app so it cannot be uninstalled). No, the pattern unlock cannot be disabled via recovery. You can access many things from recovery, but not like that. The only way they could know your pattern would be by finger markings (which you could wipe away or get a fingerprint resistant screen; unless your device is one of those which can be bypassed with key combinations).
Theonew said:
Yes it does use that connection (it wouldn't make sense to make it "open stream"). Your database files can be easily accessed from your device. The information will be secured in your Google account, but hackers can still find ways to access it (difficulty would depend on what you do). The tunnel connection goes for all your Google apps. Well if you're that paranoid, you'll probably want to remove your contacts from your Google account and disable sync.
If you do that, you will not be able to access any Google services from an app, your device will be missing important Google framework files, and you will not be able to download apps from the Play Store. Everything's possible .
Yes, you could do that. Keep in mind that the number of bits isn't necessarily important. See here: http://www.bestsslcertificates.com/articles11.html.
I would suggest disable sync.
P.S: Did you change your recovery since then?
Click to expand...
Click to collapse
There must be a solution for this, without having to remove the complete Google framework. But indeed, I am that paranoid. Nothing may lead to any personal file I have. However, you also mentioned "removing contacts from my Google account". Why would that be necessary? Google doesn't even give the FBI access to my account so why wouldn't it be secure? What I'm thinking off now is syncing my Google account with my Android device. Then unlinking it and then encrypting the contacts, just the contacts. Then I did sync, I did unlink and did encrypt. Wouldn't that make it impossible for enyone on the entire world to access anything from me?
Google services are not important for me, that "important framework files" don't sound important enough to me and the Google Play store... I don't care about it. Enough APK's around. Security first.
You are reminding me that the bits aren't important, while that's true, I want to remind you that secure deletion of 35x isn't that important too. 7x is more than enough if you choose a powerfull PNG stream.
Theonew said:
You could "encrypt" your messages and calls with an app locker (make "settings" be a locked app so it cannot be uninstalled). No, the pattern unlock cannot be disabled via recovery. You can access many things from recovery, but not like that. The only way they could know your pattern would be by finger markings (which you could wipe away or get a fingerprint resistant screen; unless your device is one of those which can be bypassed with key combinations).
Click to expand...
Click to collapse
Well, I actually was thinking like "why would you even neet to unlock the device". As far as I know, something as a pattern lockscreen doens't encrypt/decrypt anything except for your launcher, which is not a necessary product. I mean, you say "you can access many things from recovery", doesn't this include like every important files? Aren't databases accessible and so also contacts or messages?
However, about the encrypted calls and messages I actually mean off the record things. Like TextSecure do.
Rakoen said:
There must be a solution for this, without having to remove the complete Google framework. But indeed, I am that paranoid. Nothing may lead to any personal file I have. However, you also mentioned "removing contacts from my Google account". Why would that be necessary? Google doesn't even give the FBI access to my account so why wouldn't it be secure? What I'm thinking off now is syncing my Google account with my Android device. Then unlinking it and then encrypting the contacts, just the contacts. Then I did sync, I did unlink and did encrypt. Wouldn't that make it impossible for enyone on the entire world to access anything from me?
Google services are not important for me, that "important framework files" don't sound important enough to me and the Google Play store... I don't care about it. Enough APK's around. Security first.
You are reminding me that the bits aren't important, while that's true, I want to remind you that secure deletion of 35x isn't that important too. 7x is more than enough if you choose a powerfull PNG stream.
Click to expand...
Click to collapse
About the Google framework files, you may want to take a look here: http://forum.xda-developers.com/showthread.php?t=1715375. That could be necessary to prevent hackers from getting to them. Yes, unless your data was still left on Google servers (in your account) and hackers got to it.
Yes, but some powerful undelete and data recovery softwares can still recovery data deleted using 7x (especially if the files were fragmented).
Rakoen said:
Well, I actually was thinking like "why would you even neet to unlock the device". As far as I know, something as a pattern lockscreen doens't encrypt/decrypt anything except for your launcher, which is not a necessary product. I mean, you say "you can access many things from recovery", doesn't this include like every important files? Aren't databases accessible and so also contacts or messages?
However, about the encrypted calls and messages I actually mean off the record things. Like TextSecure do.
Click to expand...
Click to collapse
You can use 3rd party apps to set pattern unlock for other apps. Partly, but not quite. In recovery, you can access /data (where all your data is stored), but only to backup that partition (unless you made a previous backup which would also allow you to "restore"). You can't access the files like being able to view them (unless you are using Aroma file manager, but you still won't access those files). Databases, contacts, and messages are not accessible (unless you backed them up to your SDcard - they still wouldn't be readable though).
Rakoen said:
Well, I actually was thinking like "why would you even neet to unlock the device". As far as I know, something as a pattern lockscreen doens't encrypt/decrypt anything except for your launcher, which is not a necessary product. I mean, you say "you can access many things from recovery", doesn't this include like every important files? Aren't databases accessible and so also contacts or messages?
However, about the encrypted calls and messages I actually mean off the record things. Like TextSecure do.
Click to expand...
Click to collapse
This topic is getting more and more interesting.
In the other hand, IF you're having pure Google Device with build in memory, people cant access your storage (built in memory) without entering a pattern or etc
Accidentally sent from my Google Nexus S
Theonew said:
About the Google framework files, you may want to take a look here: http://forum.xda-developers.com/showthread.php?t=1715375. That could be necessary to prevent hackers from getting to them. Yes, unless your data was still left on Google servers (in your account) and hackers got to it.
Yes, but some powerful undelete and data recovery softwares can still recovery data deleted using 7x (especially if the files were fragmented).
You can use 3rd party apps to set pattern unlock for other apps. Partly, but not quite. In recovery, you can access /data (where all your data is stored), but only to backup that partition (unless you made a previous backup which would also allow you to "restore"). You can't access the files like being able to view them (unless you are using Aroma file manager, but you still won't access those files). Databases, contacts, and messages are not accessible (unless you backed them up to your SDcard - they still wouldn't be readable though).
Click to expand...
Click to collapse
The 7x note is not correct for 100%. The way that I overwrite data won't make it possible to recover anything at 7x, not even using powerful undelete or data recovery software. Even if you're a professional, it will be very hard to get back any data. I have experience in this sector, so I know where I'm talking about on this part.
However, what you just said about the pattern unlock is almost unbelievable. Doesn't this simply solve everything? I mean, why would anyone ever use the Android Device Encryption in ICS if there is something as a pattern unlock? Why would it make sense to use AES 128-bit when you can't even access it without the encryption?
So it wouldn't even make sense to unlink my Google account, would it? It isn't accessible you say, so why whould it be any concern? If the FBI isn't able to break behind the pattern unlock, who would be? You first said that a hacker can easily get access to any sensitive data if I sync my Google account, but why should it? Even without OpenVPN, it uses a VPN encryption for every Google App ... so Android is the best in security, I was wrong?
melvinchng said:
This topic is getting more and more interesting.
In the other hand, IF you're having pure Google Device with build in memory, people cant access your storage (built in memory) without entering a pattern or etc
Accidentally sent from my Google Nexus S
Click to expand...
Click to collapse
You are very right on that. It really is getting interesting. Your "IF" makes me wonder what exactly you mean. As I have a LG Optimus One (P500) with custom rom, custom recovery and custom radio. Does it make any difference here?
Rakoen said:
You are very right on that. It really is getting interesting. Your "IF" makes me wonder what exactly you mean. As I have a LG Optimus One (P500) with custom rom, custom recovery and custom radio. Does it make any difference here?
Click to expand...
Click to collapse
You can't access your storage WITHOUT entering the pattern in stock device. IF you're in stock and wanted to root, both system and internal SD will be wiped (a factory reset will be made). So no data will be left
Device: nexus s, galaxy nexus, nexus 7
Accidentally sent from my Google Nexus S
And regarding to the security, Google released an app that helps you to monitor which app is requesting what permission. You can even set which permission is deny so that you can't install the app and highly "dangerous" app will be kept away from your device.
Accidentally sent from my Google Nexus S
Rakoen said:
The 7x note is not correct for 100%. The way that I overwrite data won't make it possible to recover anything at 7x, not even using powerful undelete or data recovery software. Even if you're a professional, it will be very hard to get back any data. I have experience in this sector, so I know where I'm talking about on this part.
However, what you just said about the pattern unlock is almost unbelievable. Doesn't this simply solve everything? I mean, why would anyone ever use the Android Device Encryption in ICS if there is something as a pattern unlock? Why would it make sense to use AES 128-bit when you can't even access it without the encryption?
So it wouldn't even make sense to unlink my Google account, would it? It isn't accessible you say, so why whould it be any concern? If the FBI isn't able to break behind the pattern unlock, who would be? You first said that a hacker can easily get access to any sensitive data if I sync my Google account, but why should it? Even without OpenVPN, it uses a VPN encryption for every Google App ... so Android is the best in security, I was wrong?
Click to expand...
Click to collapse
Not necessarily. If someone knows your pattern unlock, they could unlock your device. Or even people standing behind you could see it. Someone may use it if another person knows their unlock pattern (but wouldn't know the code).
If USB debugging is enabled, someone could access your databases, etc. over adb. You wouldn't need to sync your Google account - your device would do that automatically (unless you disabled sync which is what I suggested).
melvinchng said:
You can't access your storage WITHOUT entering the pattern in stock device. IF you're in stock and wanted to root, both system and internal SD will be wiped (a factory reset will be made). So no data will be left
Device: nexus s, galaxy nexus, nexus 7
Accidentally sent from my Google Nexus S
Click to expand...
Click to collapse
That's a true thing you say there. But however, it doesn't apply in my situation. I currently am on a rooted device that not even is a nexus (LG Optimus One P500)... so how does it make sense in my case?
melvinchng said:
And regarding to the security, Google released an app that helps you to monitor which app is requesting what permission. You can even set which permission is deny so that you can't install the app and highly "dangerous" app will be kept away from your device.
Accidentally sent from my Google Nexus S
Click to expand...
Click to collapse
I've blocked all connections using DroidWall, so it would be impossible to upload anything personal to an intruder. Beside that, I use my own way of scanning apps and so I do know if I'm secure on that matter. However, thanks for letting me know there is an app for that.
However, I'm not concerned about that kind of security (I am protected against any kind of virusses or malware), my concern is about sniffers and more importantly thiefs that are great hackers (which in my case are around the corner).
Theonew said:
Not necessarily. If someone knows your pattern unlock, they could unlock your device. Or even people standing behind you could see it. Someone may use it if another person knows their unlock pattern (but wouldn't know the code).
If USB debugging is enabled, someone could access your databases, etc. over adb. You wouldn't need to sync your Google account - your device would do that automatically (unless you disabled sync which is what I suggested).
Click to expand...
Click to collapse
Disable visible pattern and use two steps verification for Gmail.
Google search for it, 2 steps verification for Gmail.
Even thought someone has your Gmail account AND password, they still aren't able to log in into your mail... and the password that you use to log in in your Android device IS different from the normal one AND the password has to renew monthly..
Google really put a lot of hard work on solving those problem that you mentioned. Try out those things that Google has made
Accidentally sent from my Google Nexus S
Theonew said:
Not necessarily. If someone knows your pattern unlock, they could unlock your device. Or even people standing behind you could see it. Someone may use it if another person knows their unlock pattern (but wouldn't know the code).
If USB debugging is enabled, someone could access your databases, etc. over adb. You wouldn't need to sync your Google account - your device would do that automatically (unless you disabled sync which is what I suggested).
Click to expand...
Click to collapse
Well, then I'm going to create a pattern unlock as strong that it's impossible to follow, even if the person is standing beside me and looking at it. I'm also not planning to show it to anyone and will look around if there are cameras every time I unlock (yes, I am paranoid, but with reason).
I thought exactly the same about USB debugging and so I disabled it. I don't understand what you are trying to say with the sync. Why would I want to disable it? What would it add as security?
And it seems like I skipped this:
Theonew said:
P.S: Did you change your recovery since then?
Click to expand...
Click to collapse
No, I haven't change my recovery since a long time.
Rakoen said:
That's a true thing you say there. But however, it doesn't apply in my situation. I currently am on a rooted device that not even is a nexus (LG Optimus One P500)... so how does it make sense in my case?
I've blocked all connections using DroidWall, so it would be impossible to upload anything personal to an intruder. Beside that, I use my own way of scanning apps and so I do know if I'm secure on that matter. However, thanks for letting me know there is an app for that.
However, I'm not concerned about that kind of security (I am protected against any kind of virusses or malware), my concern is about sniffers and more importantly thiefs that are great hackers (which in my case are around the corner).
Click to expand...
Click to collapse
Can you let us know what is your job / what does your phone contains / what is most of them...
And actually, there is an Chinese app, 360 Strong Box, and what it does is exactly what you want. It is a software made by 360 company, the app can convert image / video / documents and data into a file that can only be access by using the 360 strongbox... you don't have to worry about the security, 360 is one of the largest Chinese security company that provides antivirus or anti spyware on different platform, windows, android, symbian, iOS etc.
UNFORTUNATELY, it is in Chinese language and the company signed it in private, so I couldn't compile and recompile it and make a translation.
Request from the company for the English translation. I can help them to translate if they're willing to release a copy of English version. The translation is about 400 lines only, a short app.
Accidentally sent from my Google Nexus S

[Q] The best anti-theft for android?

Before purchasing the S3 I read up about it and found one called "Pray anti-theft" which was supposed to be pretty good.
I installed it onto my S3 and it seems in order to track it my phone needs to be connected to the internet with the SIM card in tact..
Who is going to find a phone and leave the SIM card in?
Can anybody recommend a better one?
There is no "anti-theft" thing.
Anyone with good knowledge of android can easily flash a new ROM in your stolen phone and factory reset it which will remove whatever you have installed there.
Avast is imo the best, it can track with gps and when the sim gets replaced you get the simcard number send to a chosen number.
Also with root they can't remove the app, go into settings, and with a factory reset it keeps active.
you can also give commands via sms to your phone.
Send from my GT-I9300 with Tapatalk
Avast antivirus integrates a module that used to be a standalone app called Theft Aware. This installs as a system app (if rooted), hides itself from the app drawer and you can only show it by dialling a PIN in the dialer. It can be set up so it will send an SMS to a trusted number when the SIM card is swapped, and from there you can control the phone by SMS commands. You can request GPS updates, make the phone call you, wipe remotely, turn on a siren... This all works through SMS - no mobile data or wifi necessary, and it works if they ditch your SIM. The recent version also added web-based tracking and control. And it's free! But of course if the thief does a firmware flash you're out of luck. The thing is, I think most petty thieves aren't android experts.
DashingGentleman said:
Avast antivirus integrates a module that used to be a standalone app called Theft Aware. This installs as a system app (if rooted), hides itself from the app drawer and you can only show it by dialling a PIN in the dialer. It can be set up so it will send an SMS to a trusted number when the SIM card is swapped, and from there you can control the phone by SMS commands. You can request GPS updates, make the phone call you, wipe remotely, turn on a siren... This all works through SMS - no mobile data or wifi necessary, and it works if they ditch your SIM. The recent version also added web-based tracking and control. And it's free! But of course if the thief does a firmware flash you're out of luck. The thing is, I think most petty thieves aren't android experts.
Click to expand...
Click to collapse
I would be very surprised if anybody in my area has even heard of rooting
you think Samsung would have some sort of security feature for the best phone on the market.. (a good one, not the one it comes with)
Thanks guys, so on a rooted device I can just install avast from the google store and it will install as a system app?
https://play.google.com/store/apps/details?id=com.lsdroid.cerberus&hl=en
Cerberus. www.cerberusapp.com - you can install the application in the ROM if bootloader is unlocked so it will survive a factory reset (along with it's settings files).
Cerberus can remotely record audio, video and take pictures of the person using it. GPS location, remote lock and wipe. A few euros for a lifetime licence. Cerberus is the plain simple best.
Why not just use Samsung dive that is pre installed. Works perfectly, can track the phone, even on intervals. Can lock the phone, forward calls and texts, and more.
All this works even when the sim is changed.
Sent from my SGS3 on Omega v9.0 using XDA Premium
ticktime said:
There is no "anti-theft" thing.
Anyone with good knowledge of android can easily flash a new ROM in your stolen phone and factory reset it which will remove whatever you have installed there.
Click to expand...
Click to collapse
It is there, don't talk about things you don't know about :good:
---------- Post added at 08:14 PM ---------- Previous post was at 08:02 PM ----------
UrbanDesigns said:
I would be very surprised if anybody in my area has even heard of rooting
you think Samsung would have some sort of security feature for the best phone on the market.. (a good one, not the one it comes with)
Thanks guys, so on a rooted device I can just install avast from the google store and it will install as a system app?
Click to expand...
Click to collapse
It won't install as a system app, but it makes an file that Avast won't be removed when you factory reset the phone, the app will stay installed because of that back-up.
It also blocks usb-debugging, so you can't flash another rom, It will remain protecting your phone whatever they try do delete or modify.
They can't even get into settings
Cerberus doesn't provide that, and needs to be flashed to survive a factory reset, with Avast you aren't even allowed to do actions...
Avast is free, and if rooted it gives you the best protection possible!
I have question , i have rotoped phone and flashed cerberus, if have disabled data connections and phone isnt on wifi . Can i control and track device?
Sent from my XT910 using xda premium
Marwvek said:
I have question , i have rotoped phone and flashed cerberus, if have disabled data connections and phone isnt on wifi . Can i control and track device?
Sent from my XT910 using xda premium
Click to expand...
Click to collapse
I found this for you, which answers many questions and has contact info.
Yes. You can enable Data & Wifi via individual SMS commands.
https://www.cerberusapp.com/help.php
here use "Samsung Dive"
http://www.samsungdive.com/
Actually dont use samsung dive. It pops-out notifications when the device is being tracked, etc., so every thief will know that you are tracking him and will do factory reset.
I'm not saying that you should not set-up this. Do it, but use it as a last resort.
I suggest cerberus, its cheap, easy to hide (however I personally make it a system application using titanium backup, so that it's not shown in normal app managers), and somehow reliable. I miss for it the function to turn on data and wifi automatically after sim-change.
ticktime said:
There is no "anti-theft" thing.
Anyone with good knowledge of android can easily flash a new ROM in your stolen phone and factory reset it which will remove whatever you have installed there.
Click to expand...
Click to collapse
What about remapping the phone's physical keys so the thief will have a lot of trouble on entering the recovery mode?
It's not a 100% safe solution, but pretty decent for forcing the thief to use the phone while he can be tracked by an anti-theft app.
I'm not sure if this can be done on my rooted Galaxy Note, but if it would be possible I'd try.
brdeveloper said:
What about remapping the phone's physical keys so the thief will have a lot of trouble on entering the recovery mode?
It's not a 100% safe solution, but pretty decent for forcing the thief to use the phone while he can be tracked by an anti-theft app.
I'm not sure if this can be done on my rooted Galaxy Note, but if it would be possible I'd try.
Click to expand...
Click to collapse
not possible
Judging from this conversation avast seems to be better than all the others. Has anyone tried using avg antivirus?
If it is only anti theft, then, Android Device Tracker Free is better than all apps in its class.
It can be used as a system app (for rooted devices, for non-rooted devices can be used as a normal app) which will not be affected even if thief wipes the data and it will send sms to your configured mobile number when he tries to change the sim.
It doesn't consume battery. Because, it acts only when sim is replaced.
Link: https://play.google.com/store/apps/details?id=com.appzdevelopers.androiddevicetrackerf
GotYa best anti theft app ever>>https://play.google.com/store/apps/details?id=com.myboyfriendisageek.gotya
Take pic and upload on your mail with location and time.
[email protected] when someone geeks with your phone

[Q] Lookout vs Avast - For Physical Security

I doubt it matters but, I have an Evo 3D.
Lots of articles out there on Antivirus apps for phones and their (mostly personal blogs) opinions on them.
Thing is, I am not too worried about viruses, I mostly just install apps from the Google or Amazon appstore, and sometimes sideload from XDA, so my vector for viruses is pretty small.
I am more interested in remote access to find my phone if it gets lost and stolen, and I figured since many antivirus apps now support this feature too, I might as well get both in one package (although I am usually weary of "Jack of all trades, master of none").
So yeah, not hard to see that Lookout and Avast are the two most popular. While I don't care about the other features that Lookout gives you such as phishing protection, backing up contacts (Dosen't Google already do this with your G-mail account?) and call history, etc. It does have one feature I do care about.... remote lock. I wouldn't mind buying Lookout... but you cannot, its a monthly (or yearly) fee instead.
I don't mind paying for the best (although $3 a month for a phone seems kinda excessive for me) but I don't know what the "best" is, especially since everybody grades them on their antivirus features while its the lost/stolen phone features that I care about. Avast has nearly all of Lookout's features (at least the ones I care about) for free though, except for the recently added "Signal Flare" feature that I thought was a pretty good idea.
Which would you recommend if I purely care about the phone tracking features and the security is just a bonus?
P.S. Is there any way Avast can be remotely controlled through some PC client or web interface instead of SMS?
Also, any idea if once I root my phone, I can reinstall Avast with superuser permissions?
I read that Avast can survive even a hard reset if installed on a rooted device.
The only "security" app anyone should ever invest in is Cerberus Anti Theft. Nuff said.
Cyber Akuma said:
Also, any idea if once I root my phone, I can reinstall Avast with superuser permissions?
I read that Avast can survive even a hard reset if installed on a rooted device.
Click to expand...
Click to collapse
Can survive only avast anti theft but not avast anti virus
Sent from my GT-S5660
---------- Post added at 05:48 AM ---------- Previous post was at 05:44 AM ----------
Cyber Akuma said:
I doubt it matters but, I have an Evo 3D.
Lots of articles out there on Antivirus apps for phones and their (mostly personal blogs) opinions on them.
Thing is, I am not too worried about viruses, I mostly just install apps from the Google or Amazon appstore, and sometimes sideload from XDA, so my vector for viruses is pretty small.
I am more interested in remote access to find my phone if it gets lost and stolen, and I figured since many antivirus apps now support this feature too, I might as well get both in one package (although I am usually weary of "Jack of all trades, master of none").
So yeah, not hard to see that Lookout and Avast are the two most popular. While I don't care about the other features that Lookout gives you such as phishing protection, backing up contacts (Dosen't Google already do this with your G-mail account?) and call history, etc. It does have one feature I do care about.... remote lock. I wouldn't mind buying Lookout... but you cannot, its a monthly (or yearly) fee instead.
I don't mind paying for the best (although $3 a month for a phone seems kinda excessive for me) but I don't know what the "best" is, especially since everybody grades them on their antivirus features while its the lost/stolen phone features that I care about. Avast has nearly all of Lookout's features (at least the ones I care about) for free though, except for the recently added "Signal Flare" feature that I thought was a pretty good idea.
Which would you recommend if I purely care about the phone tracking features and the security is just a bonus?
P.S. Is there any way Avast can be remotely controlled through some PC client or web interface instead of SMS?
Click to expand...
Click to collapse
Yeah
http://my.avast.com
But you need avast anti theft
After instal anti theft you can remove avast anti virus and instal other av protection. Avast anti theft still will be there in system partition to protect your phone/remote control
Sent from my GT-S5660
look at the price
Both products have a ton of features. But with Avast you get all the "extra" features for free. With Lookout, you need to pay to get all the features. And Avast *does* have a web interface for remote control (it didn't used to, but it does now).
And yes, Avast can even survive hard resets when installed on a rooted device.
droidnoid15 said:
Both products have a ton of features. But with Avast you get all the "extra" features for free. With Lookout, you need to pay to get all the features. And Avast *does* have a web interface for remote control (it didn't used to, but it does now).
And yes, Avast can even survive hard resets when installed on a rooted device.
Click to expand...
Click to collapse
If Avast is anything like the PC version, you can shut down 8 out of 10 (or whatever the number is) shields, firewall, etc. with virtually no compromise. They are all over kill. You just need a file scanner that runs when an file or script is executed or copied to the device.
So on Avast for Android, can you turn off everything except Anti-Theft and the most primary/basic scanning function to minimize overhead and battery usage?
Does anyone know if avast anti theft features can be removed by doing a factory reset? I know cerberus can still wipe the phone as long as another rom isn't installed.
shiboby said:
Does anyone know if avast anti theft features can be removed by doing a factory reset? I know cerberus can still wipe the phone as long as another rom isn't installed.
Click to expand...
Click to collapse
No they cannot be removed even with a factory rest if you have installed the Root version of Avast Anti Theft. This version goes in your system partition and is not deleted in a factory reset.
But if the ROM is changed or a Nandroid backup is restored which does not have your Avast Anti Theft installed then all features and control is lost.
Regards,
RaHBeR

Security idea?

Hi people;
I just wanna point out am idea abt security of device. Is that possibile to add an counter to pin login screen to count back unsuccessful login attempts? Actually an add-on to pin login security to enhance general device security. As been on BlackBerry devices. After an settled number of login attempts device could block it self or better to wipe device to factory settings?
Just an idea just came out from an necessity.
Thanks.
Sent from my GT-I9100
I think that's a wonderful idea. Go forth and develop it my friend. Hey, why not use Kickstarter to gain funding?
****Non of this is of any importance. Just chill the f**k out and relax****
It would take ayear or more if i do it.im a rookie
Sent from my GT-I9100
Just install programs like Cerberus, They have much better features then this.
Cerberus or other prg's made to work on after stolen. This improvement is as a first defence for data security. All other scenarios can fail after device stolen. Cerberus only takes pictures what will i do with pic.of thief after its stolen and what if thief is after my data not my device.
Sent from my GT-I9100
I saw an app in the play store can't remember the name it was in the top 60 that if you're patter unlock was entered incorrectly it would take a pic and email location and pic to you
asterius said:
Cerberus or other prg's made to work on after stolen. This improvement is as a first defence for data security. All other scenarios can fail after device stolen. Cerberus only takes pictures what will i do with pic.of thief after its stolen and what if thief is after my data not my device.
Sent from my GT-I9100
Click to expand...
Click to collapse
In cerberus you can set what you want even clear sdcard.
asterius said:
Cerberus or other prg's made to work on after stolen. This improvement is as a first defence for data security. All other scenarios can fail after device stolen. Cerberus only takes pictures what will i do with pic.of thief after its stolen and what if thief is after my data not my device.
Sent from my GT-I9100
Click to expand...
Click to collapse
Dude, you have absolutely no idea what your talking about and obviously havent even used the app or web service or any other of the many same type apps.
You can manually OR automatically wipe data on internal or external card, lock device, get GPS location, take pictures, videos, sound recordings, display messages, send sms, make it scream. etc etc etc. You can automate these actions in various scenarios from wrong unlock codes, new sim card inserted etc. You can also hide the app or install as system app so they can uninstall even if wiped. Only way to get rid is install new rom, but majority of people who would find/steal phone wouldnt have a clue flashing roms was even possible.
Your idea is and already has been used in various security apps for long time.

[Q] Make App that stays after wipe?

Hi there,
I'm curious if it is possible to install an app so that it will be there, even if the phone is wiped (either from the phone or CWM/TWRP). I don't care if the phone must be rooted or the app needs to be pushed to system apps or integrated in the rom. It's basically because I want to make my own phone tracking software that sends me the position periodically or after SIM was changed. I heard that cerberus was capable of doing that (or at least not being uninstalled wihtout authorization).
It's not about just getting an app like that, but the fun, developing it myself. A friend of mine was robbed recently, so I got interested in that stuff...
So, is there any way to make an app stick after wipe?
Thx in advance
SKArabaeus said:
Hi there,
I'm curious if it is possible to install an app so that it will be there, even if the phone is wiped (either from the phone or CWM/TWRP). I don't care if the phone must be rooted or the app needs to be pushed to system apps or integrated in the rom. It's basically because I want to make my own phone tracking software that sends me the position periodically or after SIM was changed. I heard that cerberus was capable of doing that (or at least not being uninstalled wihtout authorization).
It's not about just getting an app like that, but the fun, developing it myself. A friend of mine was robbed recently, so I got interested in that stuff...
So, is there any way to make an app stick after wipe?
Thx in advance
Click to expand...
Click to collapse
System apps won't be affected by a factory reset, a wipe of the system partition will obviously remove it though. This would require the phone to be rooted.Also, apps which require you to add as admin (try installing avast interface), can't be uninstalled unless that option is turned off.

Categories

Resources