I installed adfree in my nexus 5 but this block some webs and I can't enter in this webs, how can I change this?
That's the intended behavior. Disable Adfree and restart, or use a proxy (e.g. Opera Mini/Off-Road mode) to bypass this.
No, it is block the ads not the web
yeiyei0891 said:
No, it is block the ads not the web
Click to expand...
Click to collapse
You don't understand how it works. A very simple explanation is offered on their website:
http://adfree.bigtincan.com/about.php
Advertising hostnames are simply redirected to the local host (so no "webs" as you so eloquently put it) regardless of where the hostname is being requested from (your browser or your app containing ads.) That's the way the hosts file works (you can Google that for more information if you want.)
There are a few alternatives: you can block internet access for the apps with ads using a firewall (e.g. AFWall+) or use something like xad.
EDIT: Of course, you can just remove the website you want to visit from the hosts file yourself. Some ad blocking apps like AdAway allow you to do that from within the app itself (whitelist.)
Related
Hello all,
I'm looking for a solution that will allow me to manage apps remotely.
I have a closed network (no Internet access) for Android devices that will be accessing an "app store" hosted on a server which, as far as I know, can be a simple web server that hosts .apk files for download.
This is an OK solution but I'm looking for open source or even 3rd party "app stores" that have the capability to manage an Android device from a central server. I'd like it to not only install apps but also automatically push app updates to devices or remove apps remotely.
I'm guessing apps like f-droid could be modified to point to a repository on a local server for users to download apps but this doesn't do much as far as remote management.
Thanks!
Hi Everyone,
I have a question regarding these Ad Blocking programs. I see that they primarily work by adding entries in the Hosts file for IP resolution (usually the loopback address 127.0.0.1) for known Ad addresses. So my question is this... Is it possible for hackers to produce a fake (or partially legit) product that could be used for Phishing? They could inject IP addresses for banking, ecommerce, etc., websites to be directed to their fake sites.
Any thoughts?
Thanks!
Dagoof
You mean do something like redirect Wells Fargo to a copycat site to phish usernames, passwords, CC#'s etc? It's certainly possible. It'd be a pretty limited audience hack though. You'd still probably do better just sending a mass email.
I spoke with the author of Adfree and his program implements checks on the downloaded host files to ensure they only point to 127.0.0.1 unless specified in the options.
esheesle said:
I spoke with the author of Adfree and his program implements checks on the downloaded host files to ensure they only point to 127.0.0.1 unless specified in the options.
Click to expand...
Click to collapse
Yeah... I thought that the easy way to rest assured was to go through the hosts files to be sure all the entries point to the loopback address...
Thanks!!
An ad blocker that uses the hosts file. The hosts file contains a list of mappings between hostnames and IP addresses. When an app requests an ad, that request is directed to 127.0.0.1 which does nothing. There are options to run a web server to respond to blocked hostnames and to direct requests to the IP address of your choosing. You can download hosts files from the app but it is possible to use your own and to add certain sites to the white- and black-lists.
stympy said:
An ad blocker that uses the hosts file. The hosts file contains a list of mappings between hostnames and IP addresses. When an app requests an ad, that request is directed to 127.0.0.1 which does nothing. There are options to run a web server to respond to blocked hostnames and to direct requests to the IP address of your choosing. You can download hosts files from the app but it is possible to use your own and to add certain sites to the white- and black-lists.
Click to expand...
Click to collapse
Does this require root?
Dark_Horse said:
Does this require root?
Click to expand...
Click to collapse
Yes.
Sent from my Lenovo P780
Just what the title says. I can't find much documentation about the security of an in-app browser vs. that of Firefox beefed up with html5, noscript, https everywhere, ublock. Assuming javascript and flash are indeed enabled and there is no option to disable them, could there be a solution similar to AdAway that can block these elements below the app level?
delete
delete
I need to run an app in Genymotion that is used for data entry and upload of the entered data into 3rd party sites. The logins to 3rd party sites are stored in this application (probably encrypted). The application will store multiple logins for my different customers of who need to have the data uploaded into the 3rd party sites. The data into the app will then be entered by other people to whom I outsource the data entry.
So I created Genymotion appliance, installed the app and in this application I entered logins for sites such as ebay. I am looking for suggestions on what can I do to secure the appliance to prevent the data being copied out from it.
I want to prevent the person to whom I outsource data entry to be able to install and load 3rd party other apps, modify system settings, install other apps, copy the system directory, copy the login and password information saved by the application.
Let's assume the worst possible case here when application is well written but the passwords mentioned above (for the ecommerce sites like ebay) is saved in plain text in this application in the internal application directory. What I know about the application is it doesn't support access to SD Card, only can read and write data to the internal memory.
What can I do in Gennymotion to improve the security of my appliance. Genymotion virtual machines are rooted. So I looked at following suggestions:
1. Setup restricted user on Android
2. Set restriction for the restricted user to only be able to use the one application. Disable anything else (including disabled browser, email, youtube etc..)
3. Try to get the restricted user loading on boot of Android. When Android restarts, however, it doesn't allow choice to login into the restricted user or the admin user, sort of like a Windows or MacOS login menu. To get the appliance to always start with restricted user by default, I need to add a script and the scripted will need to start using Tasker or MacroDroid.
However, how do I prevent the user from installing 3rd party apps? Is it good enough to disable all user apps (except that one used for data entry) from the restricted user? Is there any other way the user could abuse the access to the virtual appliance and load something there? Are there any system android apps I need to disable for the restricted user to prevent the user to be able to do anything bad with it?
The application used for data entry can not download any application or data, however, I believe it does use the webview because it loads sites like ebay and fills the forms on those sites. It only interacts with select websites only like Ebay to enter data into Ebay forms..
Is there anything I can do to secure Genymotion appliance any other than what I already mentioned. I would like to send the link to the Genymotion SaaS Android to people who will do data entry for me into Ebay and other sites. So I need to make sure the virtual appliance is secured as much as possible from tinkering with it. I need to make sure somebody doesn't get hand on the stored login details.
Just to clarify for the login credentials:
I am not sure how the user credentials are stored and I will find it out, however, for now, I go from the worst case scenario when the credentials are stored in plain text in the app settings. The user name and password is stored in the application with exception for Ebay because the many other sites do not have API key or any webservices interface, so the application would access those sites simply via a webview, and when it goes to login there it will do that by filling in the login information on the login form (simulates keystrokes). The user name and password is entered into the login form for the site. That's why the login info is stored in the application itself.
This question is not about how to secure the specific application I will be using, but how to secure the actual whole Android appliance from tinkering with.
I am aware I will the risks here, just want to do as much due diligence as I can.
Sources for Genymotion restricted user..
How to set restricted user as default user on reboot?
We would like to have an already added restricted user account be the default when we restart our Samsung SM-T580 tablets. At current we have 2 accounts installed, Admin and User The User is a use...
android.stackexchange.com
Root access - Device image User Guide
docs.genymotion.com
Done some digging so this cannot be done. Neither Genymobile or Appetize or other online Android emulators can offer fine-tuning in terms of user access. The closest is Genymobile because at least allows adding and removing access of users to individual appliances. That is however not resolving the issue with Android and in particular rooted Android, since all online emulators run rooted Android and I am not sure how that is secured against potentially malicious actors who receive access link.
The only easy way to solve it, kind of in a mickey-mousy way is to install Kiosk mode application. That kiosk app will run at every boot and it only shows the specific application. There is always risk of course the malicious user would do something to crash the application and the Kiosk app, but if the application is not a web browser or email client or similar it should be relatively safe.
There are plenty of Kiosk mode apps for Android but none of them is free (don't try to look, no chance to find one), the cheapest cost about 7 USD one-time purchase, the more expensive ones cost 20 per month per device or more and come with remote control etc... Not cheap but kiosk mode apps are almost exlusively used by businesses so that's why there is lack of free apps.
Anyhow I believe this is the closest as I could get to deal with this.