I understand most people are concerned about losing warranty. Is there anything specific with apps or built in programs that are unusable once Knox is tripped? and is there more reason to hold on to the Knox?
i understand my phone will not be under warranty after rooting or putting CW on it.
Does Losing warranty lose insurance on the phone as well?
Could someone elaborate on exactly what in the phone Knox is contained in? Please dont refer me to links im looking for a strait forward answer. And by link im saying to the links stating that knox is a one time write memory partition on the phone. Where is this located and what are some of the problems the programers are facing in finding a way to block this?
This info is readily available. But I'll throw some out there because I'm bored.as I understand it...
Platform Security Samsung KNOX addresses platform security with a comprehensive three-pronged strategy to secure the system: Customizable Secure Boot*, ARMĀ® TrustZoneĀ®-based Integrity Measurement Architecture (TIMA), and a kernel with built-in Security Enhancements for Android (SE for Android) access controls
Basically knox was designed to ensure a secured environment especially for byod scenarios in corporate settings.
Knox itself is spread out over these systems. With extra protection at the kernel level.
This was done to ensure device and data security. However bypassing this by installing root while keeping knox 0x0 defeats this.
By flipping the knox flag. You pretty much just lose the extra data security which would only really be any use in a corporate or enterprise environment with heavy security.
From my Note 3 using Tapatalk
Related
Ok so this is a question for lets say hardcore developers, lately Ive taken an interest in android security after the Snowden revelations, (not that any of us have anything to hide), but mainly due to the simple principle of privacy in the digital age... anyhow in my research ive found various ways and sites that can help harden ones security on android , and there are also tools that have been developed to purposely get around these same security precautions on android. My question is to various developers that design security related apps, those who design custom recoveries (TWRP, CM, etc), and even those that work on fastboot (Google).
1) I know there are plenty of apps that are made for security, but are developers sure they are cleaning up (read "wiping ram, on say an app FC, a reboot, or upon receiving a fastboot request from a host")? In the age of NSA and everyone else wanting all in your business, are developers making sure that keys, and other secure info is destroyed, and not still in memory or God forbid in some file on the SD card?
2) Is there any way to make/modify the bootloader so that before you could even get to the bootloader menu (ie. fastboot/recovery/boot/etc..) the bootloader either nukes the entire RAM or fills it with random data? Granted there are always ways to get to ones data, but i was just wondering if there was consideration for the lifespan of said 'security' once one is done with some secure app are the keys tossed(?) ram cleared before deallocation, etc?
3) And... in the interim is there a way users can auto clear/wipe deallocated RAM and SD/internal storage space (as well as within the system area on rooted devices) every so often using something like the Tasker app, remote wipe or something similar?
@steve_77 RAM (at least the RAM we have in phones at the moment) is volatile, meaning it only retains data when powered, therefore there's no need to go to any lengths to wipe it. A reboot will do that. Besides, if any data is being loaded into memory at all in the first place, the NSA probably already have it . Just kidding of course, if you have measure in place already like encryption; I don't think it's possible to retrieve data from memory like that anyway, but I'm no expert.
I understand that the measures mentioned are extreme, but there is already a way to break encryption via reading the keys out of the RAM as outlined in the link provided in the previous post from a German university that was able to do it.
I'm sure this is also not the only type of tools designed to hack into peoples phones and bypass encryption, but if exiting an app does not erase/wipe the RAM allocated to that app, all that data is up for grabs. Sure in this particular case someone would have to physically have your phone, but what if there were some new way, say in the future that could use some sort of exploit to access your data, and what can be done now to mitigate this potential pitfall and make our phones more secure?
Wanted to start a thread on this subject as I have yet to see anything regarding AfW anywhere in these threads.
Does anyone have any information on how the o/s will handle securely wrapping applications and how the o/s creates a second partition/perimeter that is secured from the personal side?
Google Android For Work if you haven't heard about it.
I'm wondering if a rooted device would be able to trick the MDM protected work perimeter to think it has a secure bootrom, recovery partition and valid o/s?
Anyone have a picture of what the filesystem difference looks like?
There's such little information on this, yet it was released with 5.0 lollipop and I'm sure if we reverse engineer the way it functions we could create our own pki enabled MDM open source solution. This would allow end users to freely use there phone without the fear of being snooped on by viruses, corporations for marketing purposes, etc. Overall an open source Mobile Iron solution is what I'm getting to.
Let me know what you guys think.
I'm trying to wrap my head around how Maas360 blocks things for Samsung devices (at least for Android 8.0 and higher). Is it blocked using Knox? Where is the file of whitelisted and/or blacklisted domains? How can you modify it? I would like to fundamentally understand fully how MDMs like Maas360 block websites and domains. I can handle a deep explanation! ?
jordanbw1 said:
I'm trying to wrap my head around how Maas360 blocks things for Samsung devices (at least for Android 8.0 and higher). Is it blocked using Knox? Where is the file of whitelisted and/or blacklisted domains? How can you modify it? I would like to fundamentally understand fully how MDMs like Maas360 block websites and domains. I can handle a deep explanation! ?
Click to expand...
Click to collapse
Well, there could be 2 different things happening. Are you able to use any browser on the device? If so, it may be running through a proxy. Most Maas360 admins utilize the Secure Browser when they supervise devices through the MDM. All traffic is then routed through Maas360. If you aren't restricted to the Secure Browser, and it's a corporate-owned device, they may have set up a proxy filtering connection and routed it through that way.
I used Maas360 for their trial while evaluating content filters for work. Their Secure Browser definitely works well.
This is pertaining to a serious ongoing security issue. Yesterday, while performing my Daily Hard Factory Reset on my Windows 10 Laptop due to continuous unauthorized modifications to PC,including Driver changes, warnings of 3rd party traffic monitoring, frequent service failure,, visual changes to applications GUI without Authorized warning or consent to upgrade said program,applications,services, etc.. More detailed information available in needed. I used a PC for explanation because my Note 20 and several past Android devices mirror above issues. My question is finally: Can a legitimately acquired Development Code Signing Certificate (SSL,Digicert etc) be used in a malicious way to trick OS, Device, End User and Security Software into allowing very dangerous changes? These ATTACKS seem to allow System Compromise to basically be totally Invisible to device and user owner. I believe this tactic if in anyway plausible is being used to cause devastating damage financially, emotionally and all the above. I need to prevent and deture future issues.
Is there a reason you posted this general question in samsubg n20 development thread? also, title is misleading as it looks like u are offering or educating how to sign apps with a signing ceetificate but ur post is more so asking if hacking is possible on android which of course there is, its an electronic device that connects to the internet, there will always be crazy ppl out there exploiting stuff
Hi everyone! It's quite long I'm not on a Samsung phone, but due to some circumstances, here I am with an A52! While on other phones (like my previous OnePlus and Xiaomi) unlocking the bootloader and rooting the phone, changed nothing in terms of system capabilities, I remember that with Samsung phones, the process should trip Knox (I don't even know if it's still a thing) and some functions like fingerprint sensor and Samsung or GPay won't work anymore.
My question is: is this still true? I really want to root my phone, but if I have to renounce to GPay and banking apps, it's not easy to choose.
Many thanks in advance!
Knox efuse is part of the hardware... still.
Knox is still a thing. Here are some things you lose forever, even if you return to stock:
-Samsung Pay
-Samsung Pass
Here are some things you lose but can recover (KnoxPatch is highly recommended for this):
-Secure Folder
-Samsung Health
-Secure WiFi
-Smart View
-Private Share
-Samsung Flow
Things like GPay don't depend on Knox. You can recover that with the universal safetynet fix (MOD) and hiding Magisk well
Banking apps each have their own ways of detecting root, so it's just a matter of properly hiding Magisk and/or Playstore/Safetnet integrity.
You will lose OTA updates of course but those can be recovered by flashing stock and locking your bootloader again.
Thanks for the update!!
You're welcome. All Samsung's should be optimized or they run like sick horses. Be it by rooting then using the new tools/apps available or by working within the stock framework using settings, adb edits or a Package Disabler and 3rd party apps. Either way takes time and effort.
Once you start flashing firmware your taking risks that you don't need to. Android 9 or higher is relatively secure, constant upgrades/updates aren't needed. They will change the playing field, break things, causing you to have to find new work arounds and waste time. A stock Android is almost impossible to crash and burn. If you do the worst that can happen is a factory reset; no lasting damage, limited lost time with a predictable end point.
Rule #1- if the firmware is fast, stable and fulfilling its mission let it be. The current load on this stock N10+ will be 3yo in June, still fast and stable. It's still running on Pie, security simply isn't an issue. Just because it's stock doesn't mean you have to run it stupid... the Android OS can be extremely long lived with only minimal maintenance.