Related
Have you guys tried this one? I use it on my PC, but wow the Android version is intense!
From the market:
Full-featured Antivirus and Anti-Theft security for your Android phone. Protect personal data with automatic virus scans and infected-URL alerts. Stop hackers by adding a firewall (rooted phones). Control anti-theft features with remote SMS commands for: history wipe, phone lock, siren activation, GPS tracking, audio monitoring, and many other useful tools. Your ‘invisible’ app hides itself, making it extremely hard for thieves to find and disable. A standalone yet tightly integrated component of avast! Mobile Security, avast! Anti-Theft is the slyest component on the market. Formerly known as Theft Aware, the Anti-Theft portion of avast! Mobile Security has been recommended by leading industry experts that include T-Mobile, N-TV, AndroidPIT, and Android Police.
avast! Mobile Security
Antivirus
Performs on-demand scans of all installed apps and memory card content, as well as on-access scans of apps upon first execution. Options for scheduling scans, virus definition updates, uninstalling apps, deleting files, or reporting a false-positive to our virus lab.
Privacy Report
Scans and displays (grid) access rights and intents of installed apps, identifying potential privacy risks, so you know how much info you are really providing to each app.
SMS/Call Filtering
Filter calls and/or messages from contact list using set parameters based on day(s) of the week, start time, and end time. Blocked calls redirect to voicemail, while blocked messages are stored via filter log. Also possible to block outgoing calls.
App Manager
Similar to Windows Task Manager, it shows a list of running apps and their size (MB), CPU load, used memory, and number of threads and services – with an option to stop or uninstall.
Web Shield
Part of the avast! WebRep cloud, the avast! Web Shield for Android scans each URL that loads and warns you if the browser loads a malware-infected URL.
Firewall
Add a firewall to stop hackers. Disable an app’s internet access when on WiFi and 3G and roaming mobile networks. (Works only on rooted phones.)
avast! Anti-Theft
App Disguiser
After downloading avast! Anti-Theft, user can choose a custom name that disguises the app (e.g. call it “Pinocchio game”) so that it is even harder for thieves to find and remove.
Stealth Mode
Once anti-theft is enabled, the app icon is hidden in the app tray, leaving no audio or other trace on the target phone – the app is ‘invisible’, making it difficult for thieves to detect or remove.
Self-Protection
Extremely difficult for thieves to remove (especially on rooted phones), Anti-Theft protects itself from uninstall by disguising its components with various self-preservation techniques. On rooted phones it is able to survive hard-resets and can even disable the phone’s USB port.
Battery Save
Anti-Theft only launches itself and runs when it needs to perform tasks. This preserves battery life and makes it very difficult for thieves to shut it down.
SIM-Card-Change Notification
If stolen and a different (unauthorized) SIM card inserted, the phone can lock, activate siren, and send you notification (to remote device) of the phone’s new number and geo-location.
Trusted SIM Cards List
Establish a ‘white list’ of approved SIM cards that can be used in the phone without triggering a theft alert. You can also easily clear the trusted SIM cards list, to leave the one present in the phone as the only trusted one.
Remote Settings Change
A setup wizard guides the user through the installation process on rooted phones. No command-line knowledge is necessary to install Anti-Theft rooted. Also supports upgrading.
Remote Features
SMS commands provide you the following REMOTE options for your ‘lost’ (or stolen) phone: Siren, Lock, custom Display properties, Locate, Memory Wipe, covert Calling, Forwarding, “Lost” Notification, SMS Sending, History, Restart, and more.
Took forever to set up, and this thing pretty much owns your phone. Not sure if you can ever get it off, lol.
Sent from my Dell Streak using Tapatalk
I wonder how it is on battery life. I like the SIM protection / anti theft bits so might try it on my Streak while waiting for the Sammy Note to arrive...
Hogs battery on my S2, stock XWLA4 rooted. Wonder what's wrong. Uninstalled until update arrives.
One problem I encountered: it blocked all my attempts to root my phone (LG Optima Q) until I uninstalled it. Probably part of it security protection. Once it was uninstalled the phone was rooted with no difficulty.
well, that makes perfect sense; the "rooting" process is just a security exploitation even if with legitimate aims. However it was detected, good for the SW.
Hi friends ..
Server FortiGuard web filter at work I put, I'm looking for these filters to overcome the android software, thank you in advance for your help ..
Note: Seeking the program is dns exchange program, a program that can change the server like ultrasurf
Orbot (Tor-Vidalia)
Have you tried Orbot?
It is available on play store.
Yep Orbot would be the best choice but would be also slow, first try to use a proxy website, like hidemyass...
Hi,
I recently purchased a relatively generic Chinese MTK 6589 based phone, a Star S7589 5.8" screen.
And I notice some potentially serious issues with SSL on this phone. I've only had the phone a few days. There are a few minor annoyances, such as apps that use the face-facing camera not working. But what first led me to suspect something more serious might be wrong was when I tried to connect to my bank.
I signed in using the form on the main bank domain. The site uses a "verification image" on both mobile and full-sized versions of the page. But on this phone the verification image didnt load. But I figured, I dont exactly have much in the account so I entered my password. The password was rejected and it looped back to the banking site provider's login page which you cant log in from directly anyway.
So I tried loading up chrome from the app store. On chrome, I tried to follow the login procedure, but after entering my username on the main bank domain, I am greeted with an SSL error 107.
Firefox behaves similarly to the built in droid browser.
The bank also has an app. Not sure of its underlying connection mechanism but it is presumably SSL and it won't connect either.
After googling around a bit about error 107 and SSL MITM's, I found some threads here suggesting it was an issue for certain CyanogenMod roms. I'm using the factory rom (see below for version info.) The only app I could find on the play store to try to verify SSL certs or MITM presence was Kurt Huwig's SSL Verify:
url to play store -> play.google.com/store/apps/details?id=de.huwig.sslverify&hl=en
So I installed it. Here is the screenshot (aborted early because seemingly every 2nd or 3rd domain it checks returned "certificate mismatch"):
url to screenshot -> dumpt.com/img/viewer.php?file=s1tppuca9avpxtxqg50p.jpg
This is my 2nd phone from this vendor. 1st one wouldnt stay connected to the tower so I never had a chance to encounter this issue.
I am quite concerned about the possibility of these certificate chain errors reflecting intentional preloaded MITM capability.
I'm no newb to tech, security, or electronics, but my understanding of the mechanisms of certificates and the CA chain is far from that of a developer.
But one of the more paranoid of my friends, with equal or greater astuteness in the field of network security, upon learning I was experimenting with noname phones from China (my previous phone was a MTK 6577 that behaved flawlessly) had previously suggested that a lot of chinese phones come with pre-installed kernel vulnerabilities where certain rarely invoked syscalls run natively as root.
So needless to say, I'm posting this here in hopes that someone could offer an explanation for the output of SSL Verify that reflects a harmless, unintentional, and perhaps ubiquitous flaw in certain codebases as I found suggested in another xda-developer forum. As opposed to, my worst fear, an imminent threat to whatever percentage of android devices that have this vulnerability.
As suggested in that other thread I just tried creating a new APN with only the most minimal of parameters (both proxy fields blank etc.) when compared to the default which is presumably supplied by the tower/provider.
Non-SSL browsing seems perhaps slightly faster (will run a speed test later to verify) but doesnt help the SSL error 107 issue.
Running SSL Verify still shows the same list of certificates/signatures as mismatched as in the screenshot.
However I note, when watching the program run, that it is not ALL the domains that SSL verify checks - but it is roughly half of them. If anyone has a rational explanation for this - or knows of another app I could install to attempt to verify these results and/or SSL MITM vulnerabilities in general - please let me know.
from "about phone" page:
Model number: v89_jbl1a698
Android Version: 4.2.1
Baseband Version: MOLY.WR8.W1248.MD.WG.MP.V6.P4, 22013/04/12 17:49
Kernel Version: 3.4.5 [email protected] #1 Mon Apr 22 11:15:49 CST 2013
Build number: v89_jbl1a698_20130422
off topic a little
can you please link me a download of the origional rom, i kinda bricked my star haha, anyways, thanks if you can and thanks if you even read this, im just 15, had $200 to waste on it and now its bricked, i know i probably coulda bought something wayyyy better for $200 but eeh, live and learn anyways have a good one:silly::laugh::cyclops::good::good::good::laugh::silly::laugh::silly::laugh::fingers-crossed::silly::silly:
Years ago I bought a cheap and powerful rugged phone to use it as a navigation tool on my motorcycle.
A view months ago it began that the phone sporadicly opens up add websites in the chrome browser. This happens about once a day.
I read that the manufacturer is not trustworthy and DooGee delivered some firmware updates with trojan sw. So I guess in the best case DooGee tries to do some extra money by showing me adds. They may installed a backdoor that now opens these websites.
I don't make security critical things on this device but still I want to get rid of these adds. It's annoying to drive with the bike and navigate and then the navigation software is hidden because of these useless adds.
I do have root on this device using an older version of magisk.
I have Titanium Backup and theoretically I would be able to disable all processes / apps if I would know the name of the app.
But I don't know how I can find out which process is the originator of these adds.
I disabled the chrome browser but I guess there is an other process that just shows the website in chrome. So it may not be chrome browser's fault?!
And the list of all apps is long because I have to suspect the system apps also.
I tried some virus scanners from play store but they all found nothing. Useless apps...
Hope someone here can help.
Any idea for a good strategy how to find the bad app or process?
Any tool recommendation that may can find it?
Thanks.
Try Malwarebytes for your mobile device.
fpdragon said:
Any idea for a good strategy how to find the bad app or process?
Any tool recommendation that may can find it?
Click to expand...
Click to collapse
Boot device into Safe Mode: You'll see "Safe mode" at the bottom of your screen
One by one, remove recently downloaded apps.
Tip: To remember the apps that you remove so that you can add them back, make a list.
After each removal, restart your device normally. See whether removing that app solved the problem.
jwoegerbauer said:
Boot device into Safe Mode: You'll see "Safe mode" at the bottom of your screen
One by one, remove recently downloaded apps.
Tip: To remember the apps that you remove so that you can add them back, make a list.
After each removal, restart your device normally. See whether removing that app solved the problem.
Click to expand...
Click to collapse
I am pretty sure that I don't downloaded any app that throws the adds. It must be something that comes from DooGee.
Bernal79 said:
mcafee will help to get rid of the malware
Click to expand...
Click to collapse
mcafee has not found anything
James_Watson said:
Try Malwarebytes for your mobile device.
Click to expand...
Click to collapse
malwarebytes has not found anything
However, thanks for the recommendation.
fpdragon said:
mcafee has not found anything
malwarebytes has not found anything
Click to expand...
Click to collapse
Not surprising me.
Malicious software comes in several flavors, distinguished primarily by their method of propagation. The two most pervasive forms are viruses and worms. A virus attaches itself to an existing program such that, when that program is executed, bad things happen. Like a biological virus, it cannot live without a host. In contrast, a worm is an independent program that reproduces itself without requiring a host program. Depending on the form, a worm may be able to propagate without any action on the victim's part. Most malicious software today consists of worms rather than viruses.
Worms and viruses require slightly different protection mechanisms because of their different propagation methods. A virus scanner operates by searching for the signatures of known viruses. A signature is a characteristic pattern that occurs in every copy of a virus. It might be a string of characters, such as a message that the virus will display on the screen when activated, or it might be binary computer code or even a particular bit of data that is embedded in the virus. These patterns are identified by technicians at organizations specializing in computer security and are then made available on security Web sites. Virus scanners can then download the patterns to bring their internal pattern lists up to date.
An Antivirus software is checking your Android devices's apps and comparing them to known types of malware ( viruses & worms). It will also scan your Android device for behaviors that may signal the presence of a new, unknown malware. Typically, Antivirus software uses all of these 3 detection processes:
Specific Detection – This works by looking for known malware by a specific set of characteristics.
Generic Detection – This process looks for malware that are variants of known “families,” or malware related by a common codebase.
Heuristic Detection – This process scans for previously unknown viruses by looking for known suspicious behavior or file structures.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
IMHO Android itself is a pretty secure operating system.
jwoegerbauer said:
Not surprising me.
Malicious software comes in several flavors, distinguished primarily by their method of propagation. The two most pervasive forms are viruses and worms. A virus attaches itself to an existing program such that, when that program is executed, bad things happen. Like a biological virus, it cannot live without a host. In contrast, a worm is an independent program that reproduces itself without requiring a host program. Depending on the form, a worm may be able to propagate without any action on the victim's part. Most malicious software today consists of worms rather than viruses.
Worms and viruses require slightly different protection mechanisms because of their different propagation methods. A virus scanner operates by searching for the signatures of known viruses. A signature is a characteristic pattern that occurs in every copy of a virus. It might be a string of characters, such as a message that the virus will display on the screen when activated, or it might be binary computer code or even a particular bit of data that is embedded in the virus. These patterns are identified by technicians at organizations specializing in computer security and are then made available on security Web sites. Virus scanners can then download the patterns to bring their internal pattern lists up to date.
An Antivirus software is checking your Android devices's apps and comparing them to known types of malware ( viruses & worms). It will also scan your Android device for behaviors that may signal the presence of a new, unknown malware. Typically, Antivirus software uses all of these 3 detection processes:
Specific Detection – This works by looking for known malware by a specific set of characteristics.
Generic Detection – This process looks for malware that are variants of known “families,” or malware related by a common codebase.
Heuristic Detection – This process scans for previously unknown viruses by looking for known suspicious behavior or file structures.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
IMHO Android itself is a pretty secure operating system.
Click to expand...
Click to collapse
Thank you for the good explanation. But how can I track down the originator of the popup adds?
I would expect that the originator of the adds runs as a system app. If I could find out which system app does this and It's functions is not neccessary (eg system update or something) then I could kill and remove it.
BTW, after disabling the chrome browser it seems that there are no popup adds any more. For two days no more adds. I guess this is because I removed the last browser from the system and now the adds can't be opend? But still it would be cool to track down the application that opens the adds if I need a browser one time.
fpdragon said:
Thank you for the good explanation. But how can I track down the originator of the popup adds?
I would expect that the originator of the adds runs as a system app. If I could find out which system app does this and It's functions is not neccessary (eg system update or something) then I could kill and remove it.
BTW, after disabling the chrome browser it seems that there are no popup adds any more. For two days no more adds. I guess this is because I removed the last browser from the system and now the adds can't be opend? But still it would be cool to track down the application that opens the adds if I need a browser one time.
Click to expand...
Click to collapse
It seems that you have turned on notification from a website in chrome. Clear chrome browsing data. Re-enable chrome. And check whether you receive any adds or not.
I am building a webapp for android TV. It not need internet. It is a niche market. So I will not publish it on google play, but I will put a demo version on a website, and I will send by email a full features version after a payment. It will cost about 30-40 dollars.
How can I protect my full version webapp from illegal copy and piracy?
I am thinking about check the mac address of the android device, but I do not know how to from a webapp that use a simple HTML, CSS and Javascript.
What is the best solution?
get a lawyer for that legal stuffs
The way I've done it with a few of my windows apps is to have the user login, and check that it is the only device currently logged on with that username/password. This requires internet though.
The Mac address is a good idea. I switch my Mac on my PC a bit depending on my work settings so it seems a little off too me, but I most people don't spoof their mac that often. I can't see a reason people would be doing it on an Android TV.
You could go with the classic serial number approached, but that is easily shared. Although the reality is no matter what you do there is always a chance that somebody will reverse engineer it. There are some dedicated hackers and crackers out there, and android apps are easy to modify code so the chance is raised a bit there. So weigh the options of how much effort it is for you, and how tedious you want it to be for the end user, verses how many will actually copy it. Is it worth building something more technical for the 5-10% of users that will manage to use it for free? I just pulled that number out of nowhere, different apps have higher potential so there is that factor too, and that's a question for you to answer not me. Just somethings to think about.
---------- Post added at 07:07 PM ---------- Previous post was at 07:06 PM ----------
The way I've done it with a few of my windows apps is to have the user login, and check that it is the only device currently logged on with that username/password. This requires internet though.
The Mac address is a good idea. I switch my Mac on my PC a bit depending on my work settings so it seems a little off too me, but I most people don't spoof their mac that often. I can't see a reason people would be doing it on an Android TV.
You could go with the classic serial number approached, but that is easily shared. Although the reality is no matter what you do there is always a chance that somebody will reverse engineer it. There are some dedicated hackers and crackers out there, and android apps are easy to modify code so the chance is raised a bit there. So weigh the options of how much effort it is for you, and how tedious you want it to be for the end user, verses how many will actually copy it. Is it worth building something more technical for the 5-10% of users that will manage to use it for free? I just pulled that number out of nowhere, different apps have higher potential so there is that factor too, and that's a question for you to answer not me. Just somethings to think about.
irresistiblecam said:
I am building a webapp for android TV. It not need internet. It is a niche market. So I will not publish it on google play, but I will put a demo version on a website, and I will send by email a full features version after a payment. It will cost about 30-40 dollars.
How can I protect my full version webapp from illegal copy and piracy?
I am thinking about check the mac address of the android device, but I do not know how to from a webapp that use a simple HTML, CSS and Javascript.
What is the best solution?
Click to expand...
Click to collapse
Android 10 came up with the default "randomized MAC address" feature. For anyone who is serious about mobile security, this feature is a must-use, should never get disabled, IMHO.
jwoegerbauer said:
Android 10 came up with the default "randomized MAC address" feature. For anyone who is serious about mobile security, this feature is a must-use, should never get disabled, IMHO.
Click to expand...
Click to collapse
thank you Danksh you was very helpfull.
jwoegerbauer, I didn't known the randomized function on android 10. But what is the default settings when a phone or tv is selled?
irresistiblecam said:
jwoegerbauer, I didn't known the randomized function on android 10. But what is the default settings when a phone or tv is selled?
Click to expand...
Click to collapse
Told you that default setting is "randomized MAC address".
FYI:
You must distinguish between MAC address, IMEI and Device ID, which are 3 completely different things: And, these can be changed by the Android user at any time - or will automatically get changed by Android OS itself.
MAC address - read: Wi-Fi MAC address - is used for networking, normally over the Internet
IMEI is a unique manufacturer-assigned number that is part of the Android phone and identifies the handset itself. The identifier that is really used to connect your phone with a phone number is the SIM ID which I believe is the ICCID. This is pretty much what identifies your phone to the tower.
Device ID ( often refered to as Android ID ) is generated when you boot your Android phone first time and will be there forever. When you format everything and factory reset your device then this device ID is overwritten and re-generated and stored again. Similarly, if you ever install a new ROM on your Android device, then this device ID will be overwritten and re-generated when you boot the device first time.
Knowing this you can see that none of the 3 mentioned numbers is unchangeable.