Security password or no? - Galaxy S III Q&A, (US Carriers)

A lot of people always question why I don't have any security measures in place after swiping my screen. I personally just don't see the benefit of typing in a password every single time I unlock, versus the risk of actually losing my phone.
I also feel that if the worst did happen, I could change my Gmail and Facebook passwords and that would basically cover all bases. In fact, all I'd have to do is revoke two-step authorization for Gmail and that would basically do it too. I don't have any financial information stored to the phone if I think about it (with exception of maybe Fandango).
One time, I found an non-password protected iPhone in a cab. There was no password lock on the phone, and we were able to return the phone to the owner by finding the last person he called. He happened to be with the person who picked up.
How do most people here feel about it?

It's really up to you. If you're comfortable with no password, just have a plan in case you lose it. Which, it sounds like you do. Also think about backing up things like pictures from time to time.
I use the face recognition feature. Works pretty well once you train it. And I have my name on the swipe screen before that, so maybe I'll get it back if someone I know finds it.
And, while I haven't tried it on this phone yet, Seekdroid is another option. Lets you remotely lock and wipe the phone from any web browser.
Sent from my SCH-I535 using Tapatalk

dunderball said:
A lot of people always question why I don't have any security measures in place after swiping my screen. I personally just don't see the benefit of typing in a password every single time I unlock, versus the risk of actually losing my phone.
I also feel that if the worst did happen, I could change my Gmail and Facebook passwords and that would basically cover all bases. In fact, all I'd have to do is revoke two-step authorization for Gmail and that would basically do it too. I don't have any financial information stored to the phone if I think about it (with exception of maybe Fandango).
One time, I found an non-password protected iPhone in a cab. There was no password lock on the phone, and we were able to return the phone to the owner by finding the last person he called. He happened to be with the person who picked up.
How do most people here feel about it?
Click to expand...
Click to collapse
I prefer at-least a simple password. Also, under Security -> Owner information - I have a message for any potential finders of my phone: "If this phone is lost please email ma at [email protected]". That message scrolls across the screen even when locked.

Related

Phone Security

I'm looking for recommendations on phone security apps in case my phone gets lost or stolen. Free or paid, I really don't care, I just want to sleep better knowing that if my clumsy self loses the phone I won't be out of 200 dollars. Thanks!
Lookout has been good for me. Does backups, anti-virus (however unnecessary as it may be right now), and phone location. Used it since beta Win Mo days.
-bZj
_____
-sent from my Samsung Vibrant via XDApp
down8 said:
Lookout has been good for me. Does backups, anti-virus (however unnecessary as it may be right now), and phone location. Used it since beta Win Mo days.
-bZj
_____
-sent from my Samsung Vibrant via XDApp
Click to expand...
Click to collapse
Thanks for the help! I tried the app and it works out well. Everything works well on it. I had to do the GPS fix on my phone to test out the Locate Device function, and good thing I did too! I would've been so mad if I used lookout and then realize the GPS on my phone didn't work, lol. Again, thanks!
I'm a fan of Mobile Defense. You can install as a system app and it will be able to survive a wipe. The only way to remove it would be a flash. It won't show up in app manager either. It can remotely activate the GPS and will notify you automatically of a sim card change via email. It can also remotely lock the phone even if you don't normally use a lock pattern. It can also display messages on the screen that won't go away without entering a code. So you can have the screen have a message telling the person to return the phone and the message won't go away until the code is entered.
The only downside is that I think the beta program is closed to new people right now. I'm not sure as I joined a while ago.
I demoed Wave Secure and liked it so much that I bought the subscription for my G1 and my Mom's My Touch.
Check the features here.
https://www.wavesecure.com/wavesecure/android.aspx
Good Luck!
And I became really a fan of the recently introduced Track and Protect. It's a service that not only allows you to locate your phone on map, lock it, wipe it or let it scream via a personal web panel but also allows you to make photos remotely and send a call back command to listen to your own phone. All this works even after SIM change! It has auto lock function, it reports you the thief's phone number, operator ID and location instantly. Really useful.
MobiJohn said:
And I became really a fan of the recently introduced Track and Protect. It's a service that not only allows you to locate your phone on map, lock it, wipe it or let it scream via a personal web panel but also allows you to make photos remotely and send a call back command to listen to your own phone. All this works even after SIM change! It has auto lock function, it reports you the thief's phone number, operator ID and location instantly. Really useful.
Click to expand...
Click to collapse
Do you know any information on there "credit" method that they are using? It seems like a great service to use except that they don't tell you anything about these "credits" on the website without registering first.
Currently I use both Mobile Defense and Lookout. I always feel safe when I have more than one security app just in case. Although, Mobile Defense might also have a paid service in the future, similar to what Trust and Protect is doing. I wouldn't mind paying Mobile Defense since they allow us to install it as a system app, which a previous user explained upon.

[REQ] for developers - Finger Print lock Apps

Occasionally I leave my phone laying around or let other people play with it, but it's getting very tedious having to lock it all the time. Anyone up for creating a app that will let me lock certain portions/apps on the phone (ie. SMS, gallery, etc.) using the built in finger print scanner?
I will second this. I recall reading that Moto was going to release the APIs for the print scanner. That should make it considerably easier.
just a bump, I know all you great minds out there are capable of this and want this too =)
+1
+1 yes, yes, yes a needed app
Yes, yes, YES! I've been thinking about requesting something like this for a while now!
I emailed the developer of Widget Locker since he seems to be fiddling with the Finger Print Scanner on the Atrix to see if he's interested in making a separate app for this. I wouldn't mind paying something like $1 for it.
How can we get this thread more attention from developers on XDA?
Keep the thread bumped, add some other keywords such a biometric scanner, fingerprints, fingerprint scanner, etc. (I myself didn't find this when searching), post the same on other forums, that's all you can do really!
PiTT said:
I emailed the developer of Widget Locker since he seems to be fiddling with the Finger Print Scanner on the Atrix to see if he's interested in making a separate app for this.
Click to expand...
Click to collapse
And here I am! (Sorry for taking some time to get back to this)
What I'm doing from WidgetLocker is piggy backing on the system security, so I don't interface with the fingerprint scanner directly. However I have looked into this as it could be interesting for WidgetLocker to be able to use in more ways, and potentially another separate app like discussed here.
I've seen the other thread about the password keeper and this one about an app-lock type thing. The issue with a password keeper is that the passwords should be stored encrypted, otherwise if someone stole your phone they'd just need to root if (if it's not already) and they'd be able to get all your password. But encrypting the passwords with a key that's stored somewhere is really just adding a few extra steps, they're not truly protected. Normally they'd be encrypted with your password, and only decryptable with you typing the password again. But I don't think this could be done for the fingerprint scanner due to what information is available (And how the fingerprint information is stored on disk). I could be wrong however.
As for the app-locker thing, there are also security issues here, but I think app-lockers are more used as a deterrent than as real security. To lock out your friend rather than a thief. But there's a fair amount of non-fingerprint related work to be done for this kind of app as well.
If I do end up doing anything with it I'll post back.
I said this in the development section when it was released lol. So....+1 and good idea!
Atrix4G Rooted!
[email protected] said:
And here I am! (Sorry for taking some time to get back to this)
What I'm doing from WidgetLocker is piggy backing on the system security, so I don't interface with the fingerprint scanner directly. However I have looked into this as it could be interesting for WidgetLocker to be able to use in more ways, and potentially another separate app like discussed here.
I've seen the other thread about the password keeper and this one about an app-lock type thing. The issue with a password keeper is that the passwords should be stored encrypted, otherwise if someone stole your phone they'd just need to root if (if it's not already) and they'd be able to get all your password. But encrypting the passwords with a key that's stored somewhere is really just adding a few extra steps, they're not truly protected. Normally they'd be encrypted with your password, and only decryptable with you typing the password again. But I don't think this could be done for the fingerprint scanner due to what information is available (And how the fingerprint information is stored on disk). I could be wrong however.
As for the app-locker thing, there are also security issues here, but I think app-lockers are more used as a deterrent than as real security. To lock out your friend rather than a thief. But there's a fair amount of non-fingerprint related work to be done for this kind of app as well.
If I do end up doing anything with it I'll post back.
Click to expand...
Click to collapse
my reasoning behind this type of app as you said isn't for REAL security from a thief, more of a deterrent from people around me....such as a nosy friend or girlfriend =)
"such as a nosy"
Well, of course cell phones have had a way to prevent that for what, 20+ years now? You leave it locked, except for "emergency and speed dial" or other restricted calling. No reason that someone has to borrow my cell phone (and deprive me of my phone!) while they're doing whatever with it.
I don't have any guilt about saying "Sure, you can make a call. But I need my phone with me."
PiTT said:
my reasoning behind this type of app as you said isn't for REAL security from a thief, more of a deterrent from people around me....such as a nosy friend or girlfriend =)
Click to expand...
Click to collapse
Well, if you have a friend that would invade your privacy then they are not your friend. And if you have a girlfriend that doesn't trust you enough to respect your privacy then dump her. You can't have a relationship without trust.
There are already apps that let you lock particular applications. I hand my phone over to my 4-year-old all the time so she can play Fruit Ninja, so I keep my work email locked down. I guess it would be kind of cool if the app locking software took advantage of the Atrix's fingerprint scanner.
live4nyy said:
Well, if you have a friend that would invade your privacy then they are not your friend. And if you have a girlfriend that doesn't trust you enough to respect your privacy then dump her. You can't have a relationship without trust.
Click to expand...
Click to collapse
lol, I second this... She's obviously insecure.
And why are we assuming that it's the girlfriend that's untrustworthy? PiTT (no offense, all due respect) is the one with dirty little secrets on his phone.
aquariumdrinker said:
And why are we assuming that it's the girlfriend that's untrustworthy? PiTT (no offense, all due respect) is the one with dirty little secrets on his phone.
Click to expand...
Click to collapse
Thanks =)
you guys are missing the point, it was just an example. Now back to the topic at hand.
I would love to be able to lock my phone using the finger print swype. This can't be to hard, could it?
jange said:
I would love to be able to lock my phone using the finger print swype. This can't be to hard, could it?
Click to expand...
Click to collapse
I don't understand what you are asking here. If you're going to be swiping your finger over the sensor to lock it, wouldn't it be just as simple to just press the button? If you have the sensor lock enabled, it will be locked with access only being granted to your finger swipe.
GEESH!
Clearly some people on this thread don't understand what's going on here. So let me break it down....
It's not about "it's not a real friend if they invade your privacy".
It's not about "why not just lock the phone itself".
Maybe you have a family member, girlfriend, wife, or CHILD you want to be allowed to use your phone. This requires unlocking the phone itself.
Buuuut, you don't want them snooping in your email or for the dense folks who don't get it, you don't want a CHILD deleting your messages accidentally, replying inadvertently to a co-worker via email etc.
Or let's be real, you don't want your GF or wife to see the chic you've been bangin's nude photo in your phone.
So you want to FINGERPRINT LOCK specific apps, like TEXT, EMAIL, SKYPE, TANGO, FRING, ETC! That way your "guest" can use your phone, but can't use any other apps without your finger!
GEESH!
I'd really like to see phones with Windows-like login profiles. So I can have my profile, ADMIN, and my wife can have hers GUEST.
Anyway...I second/triple/quadruple the idea of a fingerprint reader app lock. Right now I use AppProtector, and I'm looking into a new app called simply LOCK or (App) Lock.
"Clearly some people on this thread don't understand what's going on here. So let me break it down....
........you don't want your GF or wife to see the chic you've been bangin's nude photo in your phone."
*grin* The premise of your post made me laugh hard.
On a real note, I think this kind of application would be awesome. I too use appprotector, and I used to use the fingerprint scanner, but it just became bothersome to use everytime I locked my phone and had to unlock it. I don't have anything to hide on my phone, but I do lock my "SU" folder that contains all of my root tools. I have a 12 yo at home, and she could very easily mess something up without knowing it. I think the idea of locking certains apps with the fingerprint scanner is a fantastic idea, and I'd be willing to pay a few bucks for it for sure.
Actually, a whole utility for the fingerprint scanner on the Atrix that allowed you to do multiple things with it would be great.
Like was posted previously, it would be nice to have guest accounts (for wife and child etc), and with a fingerprint swipe, they wouldn't even have to login..swipe and go.

[Q] How do we protect our Android device from the CelleBrite UFED?

Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?
The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.
chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.
Any updates on this? I'm curious as to how to guard against ufed.
I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass
If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.
If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2
I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later

[Q] How can I prove that my Android Device (SGS2) has been used by someone else?

Back Story:
My phone was left in my house (shared with other people) yesterday while I was at work. When I got home I was checking missed calls, voicemail etc and I noticed that some text messages were missing. I looked a bit more and it seems that 2 seperate sms message threads had been deleted and a number of contacts had been deleted too. Now, this has happened before to another housemate but we couldn't prove that it had been done. We are pretty sure we know who did it but I need concrete evidence that the phone was accessed.
Phone Specs: Samsung Galaxy S2, rooted, running CM7 latest nightly. I also have Cerebrus installed if that helps.
So my questions are as follows:
1) Is it possible to see what activity was happening on my phone yesterday? I don't have any "logging" software running.
2) Is it possible to retrieve the deleted SMS messages?
I work in IT so am pretty tech savvy, just not in the workings of the Android OS!
All help greatly appreciated.
P.S. I have already been able to restore the contacts that were deleted using the restore functionality in gmail.
The short answer is no. It is, at least in theory, possible to "undelete" stuff, but it isn't usually practical. Even if you did, you wouldn't have "proof" in the legal sense.
That said, I have been involved in a similar situation. Here's the approach we used. It is reasonable to assume that this behavior will continue. Therefore, get some logging software installed. Do NOT talk about it. Do nothing out of the ordinary. Just quietly install some software that will let you see what is going on with your phone. I know there are apps which will email an alert when accessed, snap a pic from the front-facing camera, log SMS to email, remotely lock the phone, etc etc. Based on what you need to accomplish, get these set up and then BE PATIENT. wait a few days (unless you normally leave your phone at home) and leave it again when the person in question might be around.
A pic would be sufficient proof I would think for confronting a roomie. If nothing else log your sms's. I use integrated Google Voice so I'd get an alert on my PC even if I didn't have the phone (very handy, that), but that may not be an option for you.
I also use SeekDroid for remote locking, and I -think- there's a remote camera provision, but it's at a higher paid level than I am subscribed to. At any rate that's my suggestions.
Or, the simple solution: Put a better lock code on your phone.
-JB
A lock code would help prevent the behavior in the future. For catching the vandal red-handed, I believe an app like Gotcha! may do what you need.

Android 8.1.0 unable to save contacts?

Not particularly mobile-savvy and days of forum searches have yielded nothing, now heartily sick to the back teeth with this data hungry time-vampire and at this point would quite happily drop kick it across the yard and revert to my little Pixi3 so here goes...
Bought a pair of Wileyfox Swift 2+ phones for myself and one of my sons, my lad's happy to leave the Google defaults ex-factory and can enter and retrieve contacts without issue via something called Google Play which seems to have delusions of grandueur and one eye on world domination 8-{ I on the other hand am totally old skool when it comes to handing over personal data to who knows who and cannot see any good reason why Mr. Google should have any involvement with or access to my contacts so have disabled its permissions. Trying for the first time to save a mate's phone number as a new contact threw up a "Couldn't save contact changes" message. Why not? Wot's yer problem??
Restoring permissions for all apps to do what the hell they liked when ever they liked made no difference at all, it still wouldn't and still won't save a contact? Nothing I've yet done has had any effect, it really wants me to use Google Play (whatever that is)
A functional contact directory would seem to be fundamental element of a mobile phone so why on Earth does this now have to be farmed out to an off-device server??? It's insecure, unnecessary, raises all sorts of privacy issues and frankly is taking bloody liberties in my book Why is their no option to either save a contact to the SIM or SD card, what's so hard about that?
The Guv's now pulling out what remains of his prematurely greying hair and needs to know where all the hidden switches are to get this thing to remember that at the end of the day (and the reason for its purchase) ... it's not a life coach, bank clerk and change agent rolled into one - it's a damn phone.
many thanks in advance folks for any assistance
Guv

Categories

Resources