I am an IT Consultant and I like to keep my client network documentation on my View but that also leaves a gaping security hole because Android lacks real security. Before I got the view, I used Dropbox and Truecrypt to keep a container in sync between my main computer and my traveling notebook and a thumbdrive so that I always have access to these documents. Up until last night, I was unable to access a TrueCrypt container within Android, when I found EDS Lite which purports to be able to open the file.
So I installed Dropbox and EDS Lite but I am unable to figure out how to get Dropbox to sync the container to the View and then where to find the container using EDS Lite. I have tried google to no avail as I cannot find a dropbox folder. Anyone want to give me a heads up as to what I am missing?
Easy.
Use Cheetah Sync for Files/Folders
or
FolderSync
Thanks!
Nice find. Thanks for the response. These might just be the droids I am looking for...
you can find the synced files (mark favorite on dropbox first) on sd folder android/data/com.dropbox.android/yourfiles. then add container in EDS.
There's also called cryptonite. Here's the link about truecrypt porting
http://forum.xda-developers.com/showthread.php?t=872297&page=7
Yeah, maybe easier with folder sync anyway...
TrueCrypt
I like the idea of truecrypt volumes on the device, as this allows for them to automatically 'lock' the volume when the device is locked and to not unlock it even if the device is unlocked and to require the pass phrase to unlock it. Everyone should be this paranoid about the security of their devices especially in wake of the court decision that a simple traffic stop is enough to allow a police officer to activate your phone and look through it. Even if no citation or charges are issued and consent is not needed. They cannot force you to unlock it or to give them the pin / password / pattern to unlock it. There are dozens of new laws enacted each year and there is always the chance you are awry of some law that could land you potential jail time. You never know what could turn up in the background of a picture on your phone that The facial recognition is a joke as it can be activated by holding the phone in front of someone's face. You should always refuse a search of your person or vehicle and you should always exercise your right to an attorney and exercise your 5th amendment rights. I really want a fingerprint reader on my phone like I have had on my notebooks for a decade.
Related
Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?
The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.
chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.
Any updates on this? I'm curious as to how to guard against ufed.
I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass
If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.
If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2
I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later
Hello XDA-Developers!
I had an idea this morning.
Current Transfer Tech:
Bluetooth - Requires the user of both devices to enable their bluetooth devices, then they have to go about pairing the devices to allow file tansfer (this is not always the case though). then the, shall we call him "sender" has to select a file and attempt to bluetooth the file to the, shall we say "reciever", who in turn has to accept the data and then the transfer starts.
Wifi - not used very often but files can be transferred through an app or through an ftp server etc from one device to another. this however requires a little, if not more, skill to complete and can be fustrating looking for ip addresses etc.
NFC - this is an emerging technology that is being implemented in more and more devices such as the Galaxy Nexus. This is a very efficient and fast way to transfer data from one NFC enabled device to another NFC enabled device, however like most of the android community, my phone does not have this capability.
My Idea:
This is just an idea and you may say what you like about it but i thought i would write it down here, the first place that came into my mind where i thought that someone could take this idea further.
Now my friend uses a blackberry, and i know that that word is almost taboo on this forum but hear me out. He uses his blackberry for a service called BBM (Blackberry Messenger), i am sure you are all familiar, and to add a friend of his so that he can contact them using the service, he simply uses his blackberrys camera to scan a 2D Barcode on his friends device and all his BBM Pin and other data is transfered through the phones camera so that they can communicate on the service.
I though that this could be used more on android devices. This could be used to transfer small files from one device to another such as contact information, websites (already a reality), even larger files such as word documents and other reletavely small documents. Now i know that these files cannot be displayed on a single 2D barcode but maybe they can be send using not one barode but a series, the barcodes could be in an animation on the device screen, showing one barcode after another all and the "reciever" could simply hold his device's camera over the animation and it could read the series of barcodes and then compile all of the data to create a single document.
Now i realise that this could be a silly idea as the ammount of data that can be transferred through a 2D barcode is not huge, al lot of barcodes would be needed to transfer a larger file than someones contact details.
Let me know what you think, and you are free to do what you want with my idea, i wont hold it against you
hazzahex
Hello
I know it's a little late (only 3 years lol), but I just wanted you to know that I've implemented a system similar to the one you describe
It was my college's final project
hazzahex said:
Hello XDA-Developers!
I had an idea this morning.
Current Transfer Tech:
Bluetooth - Requires the user of both devices to enable their bluetooth devices, then they have to go about pairing the devices to allow file tansfer (this is not always the case though). then the, shall we call him "sender" has to select a file and attempt to bluetooth the file to the, shall we say "reciever", who in turn has to accept the data and then the transfer starts.
Wifi - not used very often but files can be transferred through an app or through an ftp server etc from one device to another. this however requires a little, if not more, skill to complete and can be fustrating looking for ip addresses etc.
NFC - this is an emerging technology that is being implemented in more and more devices such as the Galaxy Nexus. This is a very efficient and fast way to transfer data from one NFC enabled device to another NFC enabled device, however like most of the android community, my phone does not have this capability.
My Idea:
This is just an idea and you may say what you like about it but i thought i would write it down here, the first place that came into my mind where i thought that someone could take this idea further.
Now my friend uses a blackberry, and i know that that word is almost taboo on this forum but hear me out. He uses his blackberry for a service called BBM (Blackberry Messenger), i am sure you are all familiar, and to add a friend of his so that he can contact them using the service, he simply uses his blackberrys camera to scan a 2D Barcode on his friends device and all his BBM Pin and other data is transfered through the phones camera so that they can communicate on the service.
I though that this could be used more on android devices. This could be used to transfer small files from one device to another such as contact information, websites (already a reality), even larger files such as word documents and other reletavely small documents. Now i know that these files cannot be displayed on a single 2D barcode but maybe they can be send using not one barode but a series, the barcodes could be in an animation on the device screen, showing one barcode after another all and the "reciever" could simply hold his device's camera over the animation and it could read the series of barcodes and then compile all of the data to create a single document.
Now i realise that this could be a silly idea as the ammount of data that can be transferred through a 2D barcode is not huge, al lot of barcodes would be needed to transfer a larger file than someones contact details.
Let me know what you think, and you are free to do what you want with my idea, i wont hold it against you
hazzahex
Click to expand...
Click to collapse
Hi there, i have a quicksheet on my Razr in which i save a few of my bank details that i may need on person at all times due to nature of my job. I need to password-protect that file of mine. Any ideas???
There is no way I would store that on my phone with a simple spreadsheet password. They are easily cracked.
I would find an app that would encrypt the file to your password. I don't know if there is an equivalent of Truecrypt for Android.
I heartily agree with 85Gallon... but... if nobody is going to lose money or their job if this info is discovered, then you might consider App Protector by Clutch Mobile (formerly Carrot Apps). It will password protect any app. However, any serious player on XDA could circumvent it fairly quickly. App Protector does not encrypt anything. It just puts a lock on apps that might access that data -- and it's not that great of a lock.
If you work for a bank and you need to keep a list of addresses, Managers and their personal cell numbers, maybe this is enough. If you're storing anything more critical, listen to 85Gallon and find a better solution.
I would suggest "Sec Notes". It stores data encrypted using AES encryption in a database. Notes can be Notepad, Spreadsheets and checklists. Spreadsheet supports formulas too, so it might match what you want. Best part is it allows automatic backup to Google Drive and Dropbox. You can also backup to SD cart manually any time.
https://play.google.com/store/apps/details?id=com.skipser.secnotes
85gallon said:
There is no way I would store that on my phone with a simple spreadsheet password. They are easily cracked.
I would find an app that would encrypt the file to your password. I don't know if there is an equivalent of Truecrypt for Android.
Click to expand...
Click to collapse
So catch is being discontinued.. I need a legit solid comparable application, keep sometimes doesn't save photos.
Any personal experiences with evernote or spring pad?
I mainly use it to save photos I find on fb or Internet.
Thanks!
Sent from my SCH-I535 using Tapatalk 2
I am in a similar dilemma.
I don't like evernote, mainly because they are way too expensive (about 5$ a month is unreasonable in my opinion).
Evernote does not have a true offline option in the free version!
Here are the features that a good note app/service should have (catch notes had all these options):
Web interface and backup/synch (dropbox and web storage services do not count)
Offline editing and full access
Search everything (preferably as you type)
Categories/tags
Password options (preferred)
Reasonable export options is a must so you are not locked in to the app.
No monthly fees for above service (onetime fee only, or atleast a more reasonable month fee than 5$/month)
I looked briefly at the following apps/services and those are the issues I found which do not match my needs:
ColorNote: no web interface
MobisleNotes: web interface without search, no import/export option
Inkpad/notepad: no import/export option on web interface
Note Everything: no sync or export function
I figured I use catch regardless, and just use it for its internal storage options just sucks there aren't any real comparable services.
Catch stores data on android/data/com.threenbananas
Sent from my Nexus 7 using Tapatalk 2
masri1987 said:
Catch stores data on android/data/com.threenbananas
Click to expand...
Click to collapse
i have 3000+ notes and im looking at simplenote as a host, syncing with NValt on desktop, and there are a few android clients.
evernote is very reliable but too heavy. also i dont like that everything must have a title, and i you have to pay to store everything local. most of my notes are short and plaintext anyway.
however im having a lot of trouble importing them to simplenote. they have a tool but its super finicky and inconsistent. i think it will be easier to hack the notes into a client db, and then sync them up to simplenote. however this too is proving difficult because i want to keep the create and modify dates intact as well as the tags.
please let me know if anyone finds a soln.
in the meantime, id like to find the datafile on my phone. at the directory above i have hidden files turned on, but still see only media in ./media and one zero byte file in ./cache. where is the text data?
No luck yet
gnormal said:
i have 3000+ notes and im looking at simplenote as a host, syncing with NValt on desktop, and there are a few android clients.
evernote is very reliable but too heavy. also i dont like that everything must have a title, and i you have to pay to store everything local. most of my notes are short and plaintext anyway.
however im having a lot of trouble importing them to simplenote. they have a tool but its super finicky and inconsistent. i think it will be easier to hack the notes into a client db, and then sync them up to simplenote. however this too is proving difficult because i want to keep the create and modify dates intact as well as the tags.
please let me know if anyone finds a soln.
in the meantime, id like to find the datafile on my phone. at the directory above i have hidden files turned on, but still see only media in ./media and one zero byte file in ./cache. where is the text data?
Click to expand...
Click to collapse
It appears the support pages are still up, abet slow at loading
Code:
http : / / support . catch . com/customer/portal/articles/1020076-i-can-t-see-my-notes-in-global-search-on-android
I can't see my notes in Global Search on Android
Last Updated: Apr 16, 2013 12:25PM PDT
We have made a decision to not allow for a Global Search based on security reasons. With the option to set a passcode on your notes, we feel that Global Search would navigate around this and violate the notes security.
For example: If you have a passcode set on your notes, yet we allowed for Global Search, any term you search for may return a result, thereby indicating that the searched for text is part of a note's content.
Click to expand...
Click to collapse
Im currently looking for a way around this as im trying to use dropbox (storage) and dropsync (to sync particular folders)
If this fails it appears ill have to learn how to create apps and create my own with the Catch API
Failing that decompiling and rebuilding it to my specs is prob the final method
lets hope it doesent come to that
As you can see I haven't been converted to the dark side of other apps yet
Me too. I'm still using catch but locally.
Sent from my SCH-I535 using Tapatalk 2
Did anyone actually get an email regarding this shutdown? I had a bunch of notes stored in AK notepad which are basically lost forever, and I don't have any emails from catch.com notifying me of the termination - I'm just finding out today.
Maybe they ended up in my spam :/
So i got myself an OBD bluetooth scanner and the Torque app...bloody brilliant.
So much information!
anyway, i cant seem to get it to upload data logs to the web viewer?
i have my account created and setup correctly but nothing in the web viewer when i log in.
Does anyone use the app and have any ideas on how to get this to work?
Secondary i have e-mailed myself some data logs and cant get them to open properly?
I cant seem to get Track Recorder to work with Torque Sync software, it stucks at Searching for Torque
Valiceemo said:
So i got myself an OBD bluetooth scanner and the Torque app...bloody brilliant.
So much information!
anyway, i cant seem to get it to upload data logs to the web viewer?
i have my account created and setup correctly but nothing in the web viewer when i log in.
Does anyone use the app and have any ideas on how to get this to work?
Secondary i have e-mailed myself some data logs and cant get them to open properly?
Click to expand...
Click to collapse
I imagine the particular posters have found answers to their problems seeing as this thread
dates from 2014 but I thought it might be worthwhile answering all the same as I ran in to the same niggles when I began using this app so if anyone searching these issues subsequently may find some worth from my reply.
First of all as a far as experience and knowledge is concerned. Firstly with cars;fixing,modifying, engine management tuning, obd2, diagnostics. Basically my auto knowledge is extremely wide and extensive from approx 35 years of obsession and getting stuck in an the deep end whereas my knowledge and experience of computers and smart phone tech is on much, much shakier ground
In fact, for those of my vintage. i.e late 30s,early 40s remember when we were kids. and programmable VCRs were the height of cutting edga technology. Well I'm like the way our parents and grand parents were then. i.e pretty much baffled by it and even following the instructions it was hit and miss whether you actually managed to record that film rhat was on at 4am lol.
So for the second issue brought up by the OP it doesn't matter whether you email yourself the log file or not (I found the few times i tried it that the file wouldn't attach and when it did the problem was the same anyway) you need Microsoft Office or any other type of office suite to view the files. On the pc i have Microsoft office but had to download an app to my phone to view. csv files. Again an office suite that not only displays. csv files but puts them into a spreadsheet format is required.
As for the first issue it's preferable in every way to view the site. on a pc because on the phone display the actual box to sign into is off screen and takes a little bit of zooming out and seaching to find, the same goes after you have signed in when another box appears with a list of the logs files recorded and the tab to choose it. This is where my lack of fundamental computer/web knowledge comes in. I can't tell you why it doesn't sit nicely inti an easily accessible mobile format but it doesn't. Once you've found the first sign in box/pop up it becomes simple, annoying but simple.
As for there being nothing after signing into the webview site successfully all I can assume is either you've no log files to view which you should have if it's all been set up correctly, including choosing which PIDs to send to logfile or the pop up/window where you click on your logfiles is right off screen and has to be looked for. Of course you don't get that problem if accessed using your desktop.