Related
Hey MoPho's - I've been using LBE privacy guard for a few months, and it seems to be working pretty good. I also do have aVast antivirus installed which has its own firewall/permissions, but I have left that disabled to have LBE nanage everything.
Now, my only main concern with LBE is just the uncertainty of how trustworthy or safe in better words the app actually is. A few posts here and there from our boards pound on these concerns of not being able to get in touch with developer, not open source, and if any data is leaking back to wherever (China origin?)
I see that droidwall has been suggested as an alternative, but from some comments - droidwall isn't always consistent in monitoring or loading up prior to app launch or allowing a notification versus manual navigation to droidwall to re-config newly installed apps.
Now, I don't install much and keep on main markets - having something like LBE was awesome to knock off a ton of unecessary permisions... saying that we need to monitor each permission prior to installing is a given, but some of them are just getting out if hand, and thus a permissions manager is so helpful.
I'm not sure of droidwall has improved / there seems to be also another permissions denied app, but haven't digged up on further info.
Thanks for chiming in - running stock OS sprint 2.3.4 with root only.
It would be still great to hear an opinion Posted from a month ago - cheers.
I use it as well and would like to hear some input!
Sent from my Motorola Electrify using Tapatalk 2
Pdroid is open Source and more advanced. But I couldn't try it because im on the cm9. Its only support gingerbread right now. Please test and inform us about it if you are using deodexed gingerbread.
http://forum.xda-developers.com/showthread.php?t=1357056
Ah thanks, yeah unfortunately I am running simply stock sprint rom on the photon with 2.3.5 OS rooted via torpedo method. I clicked on over to the link though - looks great as pdroid was a big one people mention... and it being open source. If there was a way to run it without further modifying the photon stock os, that would have been awesome...
Anyways, if there was an alternate open source to LBE that's easy to install on a stock rooted photon - would be cool. Otherwise, it'd be great to hear that I probably shouldn't be as concerned to this app being closed sourced and to disregard all the questionable threads here on where our data if any, is being collected and sent to wherever. I saw a few posts on reddit.com about this, and nobody was too alarmed when scanning through LBE code... obviously, that's beyond my scope of knowledge - hence asking here
Unfortunately I've uninstalled LBE already as it seems that at this moment it is a dummy program when it comes to blocking other applications to connect to the Internet (the reason I had it installed in the first place).
To test it out I used LBE to block an app that relies on the Internet to work and that other app kept updating with new content nevertheless.
I even restarted my phone (as some apps need a phone restart to fully work) and unfortunately there was no change. LBE doesn't seem to work for that purpose (at least not on my phone) so I was a little suspicious about it and removed it.
To be honest I didn't have much time to tinker with the other options in the app, but if it doesn't seem to be any good at one thing it's supposed to do I have doubts it would do it's job for the remaining functions.
Will be looking for an alternative. Suggestions are welcome.
Update: I've just tried the translated LBE Security Master App and this one seems to work.
Find it here: http://forum.xda-developers.com/showthread.php?t=1422479
Well, I’m sure that it isn’t a secret for anyone, CM7 has been and still is my favorite rom for my Defy(s). I’ve been using it since the day Quarx’s brought IP Tables support to it – hence allowing me to use Droidwall as an Android firewall. I could then selectively allow/deny internet access to any installed app [having internet access permission that is…]. This is a first and important security step, but like anything, this has limitations; apps that do ‘really’ need internet access are then free to send (and receive) whatever their Android permissions allow them to get a hand on. For that, CM7 has a neet feature called ‘permissions management’ that allows you to control each app’s permissions individually. This option works fine BUT the problem is that the apps that you control that way often lose functionalities, stop working altogether or even throw you an error message telling you that the app’s permissions have been altered and that you will not be able to use it unless you reset them.
So how to solve this potentially very critical security flaw without losing apps functionality? ==> PDroid.
Thanks to xda user measel, I’ve just recently discovered this wonderful piece of software and I don’t think that my Defy will ever live without it from now on. The app itself is not really a new one and I’ve decided to create this thread to spread to word around and in the hope that it will be helpful to other Defy owners conscious about their data privacy.
WHAT IT DOES:
• More than just blocking apps Android permissions, it lets you control each individual app’s access to private information (user + system);
• It allows you to block and, in some cases, let you either use random or custom private data;
• It will also (if desired) warn you on any root or privacy info access, all that with an easy to figure out and use user interface [see pics];
• And best of all, applications will not crash when their access to private data is blocked unlike with Permission Denied (using LBE Privacy or alike or with CM7).
Disclaimer: I’m only the messenger and I take no credit or responsibility for anything that you’ll do with your phone from here on.
HOW TO:
Original thread by the dev [go have a read and give your thanks to svyat]
Pre-requisites:
- Make sure that you did not use Titanium Backup to integrate sys Dalvik into the rom [if you don’t know what that means, chances are that you didn’t; ignore it];
- a PC running Windows;
- a CM7-jordan/Jordan-plus build;
- PDroid patcher v1.31 (v1.27 also work but the latest version (v1.32) from the link above doesn’t work for the Defy. So I’m attaching v1.31 here which I’ve found with a little digging through that thread;
- the PDroid.apk itself [Market link] or [Dropbox link from the dev];
=> If you don’t have access to a PC running Windows or just don’t want to go through the trouble of patching process described below, you can head over to measel’s CM7 nightlys | info collection thread and locate the build you are using; he was kind enough to provide us with patches for most of recent Jordan builds. So go and grab your applicable patches and give thanks to him.
=> If you’re running CM9 or CM10, this patcher will not work for you, but there are alternatives - namely: the ‘auto-patcher’ or even the PDroid v2 [I’ll give links to those later]. Just go read the last few pages of the original thread, there are quite a few mentions/redirections to those over there. [please don’t ask me about questions about those as I did not try them just yet]
Note: PDroid is an ongoing but currently ‘on hold’ project [because, like someone said before: devs sometimes have a life outside Android...] which works perfectly fine as it is if you follow the next few steps below.
Zero off: Make a nandroid backup of your current phone setup.
First off: Create the patch for your rom:
To work, PDroid first needs you to mod 3 framework files and push them onto your phone. To do so, all you need to do is to execute the PDroidPatcher.exe. file [extract it from the zip attached] and point it to the CM7 build you are using. Let it do its thing and it will create a CWM recovery flashable zip and an undo (RESTORE) one.
Second: Flash the patch:
Just boot into recovery, wipe cache and dalvik and install the patch and boot up.
Third: Install the apk
That’s it!, you’re now ready to go your list of installed apps and start controlling your privacy accesses.
Warning: again, go read the original thread for a how to on how to backup your PDroid settings and/or use TB to do so.
HOW TO USE:
Well, it’s all pretty obvious and with a bit of common sense, you will easily figure out how and what to set up. By default, nothing is blocked and apps are free to access data. So you’ll have to go through your list of installed apps and set up each individual data access and then try them out. For example, logic would tell us not to block the ‘GPS/Network Location’ data to maps related apps nor block ‘Accounts credentials’ to apps dealing with user IDs and passwords like Email or social apps.
I can’t give you detailed instructions here (it’s not the point of this thread anyway), but if like me you already use Droidwall, you can first leave alone all the apps that you’ve black listed for internet access [pic 2] since they won’t do anything with your private data if they can’t send it back home… There is also an option within the app to ‘hide all the safe apps’ [which do not have an internet permission]; check it to reduce the size of your list of apps to configure.
From experience, I’d also suggest you to keep an eye on the apps requiring a password to run since blocking Device or Subscriber ID might mean that you’ll have to always enter passwords each time you run the app that would otherwise be remembered by those apps. As a rule of thumb, I pretty much choose the ‘use random’ option whenever it is available (just to minimize problems with the app on blocking completely – I’m not even sure this is a valid argument here…) or block everything else when it’s not and finally, I leave ‘Network Info’ allowed since it basically only lets apps know if you connected to internet or not [who cares if they get your wifi’s SSID or not…].
But again, you’ll have to fine tune the whole thing for each and every app and run them to check for full functionalities – but at least they won’t crash on you… Finally, you can pinpoint potential problems/solutions by turning off the general PDroid notifications option and by turning on a specific app’s ones [pic 3].
Happy privacy enhancement!
/AL
As usual!
Quality guides from lovely []AL[]
I don't want a tapatalk sig!
nogoodusername said:
As usual!
Quality guides for lovely []AL[]
Why not move to Android Apps forums?
I don't want a tapatalk sig!
Click to expand...
Click to collapse
"lovely AL" wow! you surely are the first person to tell me anything like this here on xda.
..not sure if I should be flattered or run away by homophobia - hehehe! :laugh:
Well, I didn't mean to make it a guide when I started writing it, but like always I had things
to say and the post got longer and longer.. so I guess that we can call it a sort of guide...
But I truly like the app and believe that along with Droidwall, that should be installed on every phone.
In fact, Google should look at this and incorporate something similar into Android.
OK, I'll go reply to your PM now... cheers!
Edit for your question: because like I wrote in the OP, I'm just the messenger and not the dev of the app.
The app also works mostly for on phones running CM7 and even not all the phones support it either.
So I wouldn't publish this widely without at least asking permission to the dev. But here for Defy owners fellows,
I know it works fine and again, I think that it is pretty much an essential app to have.
9 downloads/1 thank;
Leeches, I see leeches everywhere!
Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.
Excellent app
Arch Linux User ..
KicknGuitar said:
Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.
Click to expand...
Click to collapse
Well... sorry to hear that; I had no clue that it doesn't work with Quarx CM10. It seems to work for some other JB builds/phones... But like I wrote on the OP, I haven't tried any of this on CM9/JB yet. So again, too bad that this thing is a no go for now. I hear that Quarx is very busy outside Android's world as of lately so it might not be a good time to ask him about this - might also be low on his priority...but who knows, someone might read this and find an answer for you.
ps: quite an avatar you got there :silly:
an thanks for the link to the auto-patcher thread; it might be useful to others and it'll save me the search when I update the OP with it and your comment eventually...
juan296 said:
Excellent app
Click to expand...
Click to collapse
Well thanks but again, just I'm just a messenger here and not the dev... :highfive:
Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Arch Linux User ..
juan296 said:
Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Click to expand...
Click to collapse
I still use both...they are quite different apps and don't do the same at all. Droidwall is a firewall that let you control if an app has access to internet or not; PDroid controls what private information each app can access.
Like I wrote on the OP, any app that is blocked by Droidwall doesn't need a PDroid setup, but apps that need internet connection could be free to get private information from your phone if you don't use PDroid...
Basically, PDroid has no way of blocking all internet access; it only blocks apps from reading private info (or scrambles it by returning info like random network location or sim ID#...)
Hello there,
it seems that on the S9+ (and maybe S9, tho users over there report everything is fine) all the VPN-based ad blockers like DNS66, Blokada and the likes do not work correctly. When switching between wifi and mobile, the connection randomly dies, not letting anything through anymore until you restart the phone, or disable the blocker. It is documented in a github issue for DNS66 here. This is annoying, as I found this solution the most user-friendly. I know there is Adhell 3, but a) it's annoying to resign and reinstall every 3 months and apply for new keys and b) it doesn't block everything, not even if I manually feed it with all the hosts files that DNS66 uses. It blocks ads alright, but misses quite some.
Is there any known fix for this, or any other adblock suggestion besides that? I know that rooting and adaway would be best, but I won't root anymore since Samsung here in Europe straight off denies any warranty requests for rooted devices, even if it's got nothing to do with the root itself.
Adguard would a suggestion, but it does use a VPN blocking service for system wide blocking. It's not free and is subscription based. At one time I used adguard over dns66 as adguard worked and dns66 did not (VPN issues with dns66).
For non rooted users there is really no other options. Unless you want to setup a pihole server, somehow get your dns setting on your phone to point to the pihole server and go that route. In the case of dns changes on non-rooted devices it's either a VPN based change or knox. So your options are limited to one or the other. Of course this becomes moot if your plan on only blocking ads when you use a wifi connection.
I've done the pihole route before too, it works but doesn't catch everything. Some ads originate from the same domain as where your visiting, in which case dns adblocking won't work. For those scenarios cosmetic filtering would.
Otherwise I use adhell3 and adblock plus plugin on samsung browser. For practical intents and purposes I steered clear of VPN based setups for a reason. Also I don't mind recompilimg adhell3 once in a while, he's really put a lot of work into making it as simple as possible. I've got my android studio setup so that I just pull the latest changes, build the apk and install.
If adhell3 isn't your cup of tea then the only app I know is Disconnect Pro which costs $24.99 in the galaxy app store. Disconnect Pro functions the same way as Adhell3 does.. as a front end configuration for knox. I've read somewhere that Adhell3 has more features then Disconnect Pro, but I didn't look to much into that to find out what one has over the other.
If I were to suggest something I would suggest adhell3 combined with adblock plus plugin for your browser. combined those work the best for me... some ads might slip through, but dns based ad blocking is not the same as cosmetic ad blocking. Adguard should still do cosmetic filtering, but it's been a while since I used that app.
I am use this one on my S9+, it's free and work fine.
https://block-this.com/
Hi,
Just joined a new company that requires Company Portal to access Outlook email and other apps on my phone.
Evidently even if you manage to hide root from Company Portal, a major requirement is having an encrypted device with Company Portal.
In order to get rooted 2 years ago, I ran Disable_Dm-Verity_ForceEncrypt during the TWRP setup process so my rooted V30 is not encrypted.
Is there any way to restore encryption now without losing my current stock rom settings and data and maintain root?
I see in LG Settings there is an option to Encrypt Phone and SD Card. Will this suffice so I can maintain root?
If not, is there a way to root and install a TWRP LG Pie Rom zip without disabling encryption via Disable_Dm-Verity_ForceEncrypt?
Or is it impossible to root and use Company Portal with the LG V30?
Thanks in advance!
Drew
drewcu said:
Hi,
Just joined a new company that requires Company Portal to access Outlook email and other apps on my phone.
Evidently even if you manage to hide root from Company Portal, a major requirement is having an encrypted device with Company Portal.
In order to get rooted 2 years ago, I ran Disable_Dm-Verity_ForceEncrypt during the TWRP setup process so my rooted V30 is not encrypted.
Is there any way to restore encryption now without losing my current stock rom settings and data and maintain root?
I see in LG Settings there is an option to Encrypt Phone and SD Card. Will this suffice so I can maintain root?
If not, is there a way to root and install a TWRP LG Pie Rom zip without disabling encryption via Disable_Dm-Verity_ForceEncrypt?
Or is it impossible to root and use Company Portal with the LG V30?
Thanks in advance!
Drew
Click to expand...
Click to collapse
My only solution to this problem was to always use webaccess for my Office365 account. They required the portal to use Outlook, and part of that requirement allowed them to wipe my phone whenever they wanted. It's my phone, so I guess I won't use their email on my phone.
Sounds like your company has yet another behind-the-times IT department (like mine). Although mine is also exceptionally incompetent. They left the IMAP server open and available to anyone, so I simply used that with my GMail account instead. It did require me to allow them admin access to the phone to wipe the device (though I think they can only wipe the email) but it worked. They finally got modern and are using 365 so now it doesn't need these extra things. You might want to see if you can wait until they wake up and/or see if there is a server you can connect to. I found mine because, due to their incompetence, they let iPhones use the native mail app via the IMAP server, but forced Android to use some garbage 3rd party software for it instead of GMail. In both cases, the IMAP server was easily seen and setup.
I also have a company phone, so I don't really care if they can wipe it. Again, if I was going to take data from them, I'd do it before I announced I was leaving like any reasonably-intelligent person... so wiping accomplishes nothing. But, again, these IT departments are really dumb and incompetent...
To answer your initial question, I don't know if there's a way to re-enable encryption... but I also don't think that this is something that they can detect anyway. I'm thinking it may be something else they're tripping over. You may consider installing Magisk, and then using it's HIDE feature to see if you can hide the typical "signs" of rooting/etc. It may be good enough to get you working. If it doesn't you simply remove Magisk again (or just stop using it)?
Thanks @ldeveraux and @schwinn8 for the replies!
I know we use Office 365 but I'll have to ask about web access to see if that is possible. It's my phone and supposedly it's "not required" that I install Company Portal/Outlook/Teams on my phone, but I would be the only one at the firm not doing that and I am a new hire so... kind of a bad look so soon. I am not really comfortable with them being able to wipe my phone either, but that wasn't mentioned to me... yet.
Also would have to ask about IMAP, but I doubt it. No company phones either which is fine.
Pretty sure it is the encryption (or lack thereof in my case) that is the issue. I already use Magisk v22 and Hide all signs of Company Portal and pass Safetynet. On another XDA thread where Company Portal is discussed, I followed the suggested steps to no avail:
1) Install Company Portal V5.0.5067.0
2) Magisk Hide ALL of Company Portal checkboxes
3) Reboot
4) Still pass SafetyNet
5) Launch Company Portal
While the app doesn't specify the encryption as to why it cannot get me to the login screen, that's the only conclusion I can reach at the moment.
Did either of you try or look into encryption built into the LG/Android Settings menu? I don't want to do that unless I know of someone with success with it, but am curious if that would allow root via Magisk Hide, encryption, and Company Portal.
Thanks!
Drew
No I stopped carrying when they wanted permission to wipe. If the company was paying for the phone, that's one thing. If I'm using my personal phone for company use, that doesn't fly.
I realize this doesn't answer your question at all, but it's food for thought!
ldeveraux said:
No I stopped carrying when they wanted permission to wipe. If the company was paying for the phone, that's one thing. If I'm using my personal phone for company use, that doesn't fly.
I realize this doesn't answer your question at all, but it's food for thought!
Click to expand...
Click to collapse
Carrying? Or did you mean caring?
drewcu said:
Carrying? Or did you mean caring?
Click to expand...
Click to collapse
Caring. I don't own a firearm.
ldeveraux said:
Caring. I don't own a firearm.
Click to expand...
Click to collapse
Lol got it. Just making sure I understood what you meant.
Assume you didn't look into the LG rom based encryption then?
drewcu said:
Lol got it. Just making sure I understood what you meant.
Assume you didn't look into the LG rom based encryption then?
Click to expand...
Click to collapse
No at that point I gave up
Hopefully you'll get some help here, because I'd still like to be able to actually use Outlook on my phone!
So, a quick search says that there are modules available and other things that need to be tried. One further thing is to hide root from various Google modules. I remember hearing that for some other apps... that you had to hide root from Google services. I also remember hearing that, in some cases, you have to clear data for apps after the hide, because they apparently save the rooted-status in their own data.
Basically, I doubt encryption is the issue... root is usually the problem and can be a bit tricky to hide properly. You just have to try things. I have never seen any app fail to work because encryption is not available... it's always a root-detection issue.
As for the IMAP thing, the point there is to use the settings you find elsewhere to access email. You're not asking IT for permission or info... you just need to find it. Most Microsoft-based IT places I have worked with have zero clue that this is open and offered, so once you find it it's just a matter of plugging in the right info.
As for the web-interface, again, my company (for example) doesn't tell us that we can use the Outlook app, but it works with no tricks whatsoever. Plug in your company account info and it figures out how to connect.
FYI, the module I mentioned above is referenced here: https://forum.xda-developers.com/t/...ne-company-portal-hider-intune-hider.3780451/ - no idea if this is necessary or even the latest version...
schwinn8 said:
So, a quick search says that there are modules available and other things that need to be tried. One further thing is to hide root from various Google modules. I remember hearing that for some other apps... that you had to hide root from Google services. I also remember hearing that, in some cases, you have to clear data for apps after the hide, because they apparently save the rooted-status in their own data.
Basically, I doubt encryption is the issue... root is usually the problem and can be a bit tricky to hide properly. You just have to try things. I have never seen any app fail to work because encryption is not available... it's always a root-detection issue.
As for the IMAP thing, the point there is to use the settings you find elsewhere to access email. You're not asking IT for permission or info... you just need to find it. Most Microsoft-based IT places I have worked with have zero clue that this is open and offered, so once you find it it's just a matter of plugging in the right info.
As for the web-interface, again, my company (for example) doesn't tell us that we can use the Outlook app, but it works with no tricks whatsoever. Plug in your company account info and it figures out how to connect.
FYI, the module I mentioned above is referenced here: https://forum.xda-developers.com/t/...ne-company-portal-hider-intune-hider.3780451/ - no idea if this is necessary or even the latest version...
Click to expand...
Click to collapse
Thanks for the suggestions! I actually have tried different modules without success both for EdXposed (Security Bypass for Company Portal with CP version 5.0.3013.0 and Bypass Exchange Policies). The closest I got was with CP 5.0.3013.0 where I could enter my credentials but then wasn't able to agree to the Terms and Conditions which is a prerequisite and got denied. The module you linked is no longer needed if using Magisk v22 with Magisk Hide according to people in the thread.
Have also tried the Outlook app, Outlook web access, Gmail, IMAP, POP3 -- all smartly locked down tight for compliance reasons by our IT. Just says to enroll with Company Portal after entering credentials.
Pretty sure the Magisk Hide route would work with V5.0.5067.0 if my device was encrypted. Company Portal checks whether your device is encrypted supposedly, so either you have to actually be encrypted or find a way around that. I am willing to be encrypted if I can still be rooted...
Not sure where to go from here to get it working without an encrypted device... but thanks for the post.
As I recall, Xposed is not really working or functional these days. The module I linked to is a Magisk module. Did you follow those directions, because it sounds like you didn't.
It sounds like you don't want to believe me... that's fine. I believe the answers are out there and it's just a root issue. You probably just need to do more reading and searching. I'm going to give up since you don't seem to want to hear it from me, so good luck...
If you find a solution, do let people know on this thread so the matter can be closed/completed.
I remember the other reason I stopped trying to use the Company Portal. They need permission to wipe my phone, which obviously I'm not cool with. Whenever I disable the Company Portal, mail stops working. That's reason enough!
schwinn8 said:
As I recall, Xposed is not really working or functional these days. The module I linked to is a Magisk module. Did you follow those directions, because it sounds like you didn't.
It sounds like you don't want to believe me... that's fine. I believe the answers are out there and it's just a root issue. You probably just need to do more reading and searching. I'm going to give up since you don't seem to want to hear it from me, so good luck...
If you find a solution, do let people know on this thread so the matter can be closed/completed.
Click to expand...
Click to collapse
Yes I am aware that the module you linked is for Magisk. If you go to the OP, all the text is struck through because the module is no longer necessary as I stated previously.
[MODULE] Microsoft Intune Company Portal Hider (Intune Hider)
Introduction: Simple Module To Hide The Root From Microsoft Intune Company Portal. - After The Installation & 1st Reboot, It Hides The Rooting & Disables Itself [P.S. Disabling Itself For Some Versions] - Enabling This Module From Magisk Manager...
forum.xda-developers.com
kb8no said:
It is easy to be confused. The "module" from the OP was needed before but is now obsolete since Magisk has gained the necessary functionality alone without the "module". There is no "module" in Magisk. Now go back and read the past posts over 2 months. First you hide Magisk so it passes safety net. Then you go into superuser MagiskHide, go into the app (eg Portal) and check everything. You need to understand that they updated Portal so you need to downgrade it so Portal will work again. You need to understand to use latest Magisk and Magisk changed. Not surprising you are confused. Now perhaps you have figured out the basics and the details will make sense.
Click to expand...
Click to collapse
So I followed the steps on page 23 of that thread using Intune Company Portal V5.0.5067.0:
[MODULE] Microsoft Intune Company Portal Hider (Intune Hider)
Introduction: Simple Module To Hide The Root From Microsoft Intune Company Portal. - After The Installation & 1st Reboot, It Hides The Rooting & Disables Itself [P.S. Disabling Itself For Some Versions] - Enabling This Module From Magisk Manager...
forum.xda-developers.com
IlyaKol said:
Good call on the GitHub ticket.
For anyone reading, this is the process I followed:
1) Uninstall the existing Intune Company Portal
2) Reboot
3) Install the APK listed above or from another source (I used APK Pure). DO NOT LAUNCH INTUNE!
4) Before launching, go into Magisk and make sure to hide ALL of it as well as all of Outlook, OneNote, OneDrive, Teams, etc. (whatever uses your company credentails)
5) Launch InTune and set it up.
6) Disable auto-updates of the app as he stated in Google Play Store.
7) Profit.
Click to expand...
Click to collapse
The result is I am still stuck on the "Open the Intune App" screen... No other error messages related to rooting, but cannot even get to log in or download Outlook or Teams. Have tried downloading the Intune App from the Play Store and that tells me to open Company Portal... so going in circles... I'm told I need to only use Company Portal from our IT firm.
I went through the same Magisk module thread and found others talking about not having encryption, and they are in the same position as I am -- following the steps or using the Magisk module (before Magisk v22) and still not getting CP to work.
Thus I am 99.9% sure I cannot use CP because I don't have encryption. You don't have to believe me, but I have tried everything I can think of save for using LG's Encrypt Phone feature... Would do it if I got confirmation I could stay rooted, not lose my data/settings, and then use Company Portal.
But yes, I absolutely would post the solution here if I find it!
Thanks anyway.
I'm rooted and have long had corporate email (two different companies) on a paid app called "Nine". First company was Fortune 100 global media company, and 2nd (past 3 years) is smaller but still has aggressive IT policies. Neither paid for my phone. I specifically remember with the first having to agree they could wipe the phone if it was lost -- but I think due to me being rooted they wouldn't be able to.
Nine - Email & Calendar - Apps on Google Play
Nine is a full-fledged and intuitive email app which supports Exchange and IMAP
play.google.com
ChazzMatt said:
I'm rooted and have long had corporate email (two different companies) on a paid app called "Nine". First company was Fortune 100 global media company, and 2nd (past 3 years) is smaller but still has aggressive IT policies. Neither paid for my phone. I specifically remember with the first having to agree they could wipe the phone if it was lost -- but I think due to me being rooted they wouldn't be able to.
Nine - Email & Calendar - Apps on Google Play
Nine is a full-fledged and intuitive email app which supports Exchange and IMAP
play.google.com
Click to expand...
Click to collapse
Just tried Nine and it also tells me after entering my credentials that I need to use Company Portal (just like Outlook and Web Access).
Do these two companies you worked for use Intune Company Portal to manage policies?
drewcu said:
Just tried Nine and it also tells me after entering my credentials that I need to use Company Portal (just like Outlook and Web Access).
Do these two companies you worked for use Intune Company Portal to manage policies?
Click to expand...
Click to collapse
I just installed portal and outlook, added both as admin or whatever it's called, and have a fully functioning inbox. I don't know if I'll leave it like this for the reasons I mentioned, but it works. I have the latest twrp, latest magisk, and adguard installed. I have no clue if I'm encrypted or not, how would I check? But I was trying to use the older version of Portal and it kept looping, so I installed the latest from the play store and we're up and running.
@ChazzMatt do you really think they can't wipe if they so desire? How could we confirm that? I surely don't want to give them that ability considering if you disable their permissions it stops working completely.
ldeveraux said:
I just installed portal and outlook, added both as admin or whatever it's called, and have a fully functioning inbox. I don't know if I'll leave it like this for the reasons I mentioned, but it works. I have the latest twrp, latest magisk, and adguard installed. I have no clue if I'm encrypted or not, how would I check? But I was trying to use the older version of Portal and it kept looping, so I installed the latest from the play store and we're up and running.
@ChazzMatt do you really think they can't wipe if they so desire? How could we confirm that? I surely don't want to give them that ability considering if you disable their permissions it stops working completely.
Click to expand...
Click to collapse
For Nine I only needed the email server name.
For the previous Fortune 100 company I worked for, it was almost 4 years ago so I don't remember all the details but I remember granting them the privilege but I don't remember adding them as an admin.
ldeveraux said:
I just installed portal and outlook, added both as admin or whatever it's called, and have a fully functioning inbox. I don't know if I'll leave it like this for the reasons I mentioned, but it works. I have the latest twrp, latest magisk, and adguard installed. I have no clue if I'm encrypted or not, how would I check? But I was trying to use the older version of Portal and it kept looping, so I installed the latest from the play store and we're up and running.
@ChazzMatt do you really think they can't wipe if they so desire? How could we confirm that? I surely don't want to give them that ability considering if you disable their permissions it stops working completely.
Click to expand...
Click to collapse
Company Portal didn't used to work for you, correct? What changed? Can you please list your steps this time?
I think to check encryption you use Termux and enter 'getprop ro.crypto.state' -- mine says unencrypted.
One other question is what version of Twrp are you using? I'm using one from 2 years ago -- 3.2.3 and never wanted to bother with the Pie one 3.3 or whatever is latest... Might have something to do with it...
I decided to root ky Pixel 6 and found out that i couldn't get around the security from germans banking apps.
simple soloution. have magisk/zygisk installed and set the root mode to "user" in the settings of magisk manager.
then go to your settings and setup a second user (wont have root) install your banking apps and enjoy the ability to use them with an rooted device
edit: this method was tested for Sparkasse app's
• S-Push Tan
• Mobiles Bezahlen
IndubidablyStoned said:
I decided to root ky Pixel 6 and found out that i couldn't get around the security from germans banking apps.
simple soloution. have magisk/zygisk installed and set the root mode to "user" in the settings of magisk manager.
then go to your settings and setup a second user (wont have root) install your banking apps and enjoy the ability to use them with an rooted device
Click to expand...
Click to collapse
I'm not being critical of your choices but why would anyone chance having a banking institution or any financial app including
GPay on a rooted device? Isn't there a much greater chance of being compromised by an app or inadvertent web link? And if the banking institution sees that a bogus user was created what are the chances of recovering funds obtained through fraudulent activity? I understand why people want to root don't get me wrong, but money transfers and transactions on that device seem a little reckless to me. But I could be wrong, just curious of the thinking here.
i Understand, but if you want to have an custom DAC like Viper4Android you kinda need root. my intention isnt to do fraudulent activity, as i mentioned in the Post you dont have Root access on that second user
IndubidablyStoned said:
i Understand, but if you want to have an custom DAC like Viper4Android you kinda need root. my intention isnt to do fraudulent activity, as i mentioned in the Post you dont have Root access on that second user
Click to expand...
Click to collapse
You misunderstood my concern wrt banking activity. I didn't suggest that you were doing anything fraudulent but if you were the victim of fraudulent activity would the bank still cover you with a bogus account you created? I don't know if what you did was entirely proper or not but that was not the issue I thought you might be concerned about.
As I said, I completely understand your desire to root be it V4A or DAC or even ad blocking. I just wonder the benefit vs the exposure if you are using banking apps. Without financial transactions occurring on the phone I doubt there is much to worry about other than what we are all concerned about root or not.
bobby janow said:
I'm not being critical of your choices but why would anyone chance having a banking institution or any financial app including
GPay on a rooted device? Isn't there a much greater chance of being compromised by an app or inadvertent web link? And if the banking institution sees that a bogus user was created what are the chances of recovering funds obtained through fraudulent activity? I understand why people want to root don't get me wrong, but money transfers and transactions on that device seem a little reckless to me. But I could be wrong, just curious of the thinking here.
Click to expand...
Click to collapse
Considering DirtyPipe exists and has not been patched yet (plus how long it already took to even acknowledge the problem in the first place), rooting is the least of our worries when it comes to monetary transactions/banking and android.
Bear in mind that DirtyPipe is only one elevation exploit that we've heard about. And for every disclosed vulnerability there are dozens of others that nobody's aware of. The market for rooted android users is very small compared to the overall android phone-user market. Creating exploits specifically targeting rooted phones would be a waste of time and effort compared to working on privilege escalation on non-rooted devices; from a hacker's perspective you want to hit the largest volume of targets in cases like these.
I've been rooting my phones for 10 years now, and my usage of banking/fintech apps on my devices has increased consistently. Applying common sense opsec/infosec practices can negate a large percentage of the perceived risk that root access exposes you to.
On the other hand, if someone wants to target you specifically, as an individual, you're screwed, root or no root, unless you're aware of the risks that come with technology and the pitfalls of android (iOS can be perceived as more secure but when it comes to individual targeting/attacks, there are expensive tools made by some of the world's top intelligence organizations that can wreck havoc on iOS as well)
TL;DR you're never truly safe, root or no root.
Unfortunately that doesn't worked for me
I tested the following apps:
SecureGo
VR SecureGo
Mobiles bezahlen
Every App doesn't launch. Sparkasse is quitting instantly and SecureGo Apps are stuck with their logo.
On the rootet user I get the Browser-warning (of SecureGo) that my device doesn't meet the security requierements. So far so good, but on the non-rooted uses i would have expect that they're working.
Any Idea? I'm on April Build.
i dont know currently, i dont have root anymore since i had to update to the April Update. i'll update if there is something that can be done
Maybe you could confirm that these Apps launch on April build without root? That could help to research the problem a bit. Thanks!
hanni2301 said:
...but on the non-rooted uses i would have expect that they're working.
Any Idea? I'm on April Build.
Click to expand...
Click to collapse
Maybe these apps are not supporting fully Android 12?
I have an app which, until recently, was freezing when the location was enabled. To be exact, when "Use precise location" was enabled. Only location access the app was not freezing, but couldn't get the coordinates.
Maye this is a similar situation here.
Cheers
Tom
hanni2301 said:
Unfortunately that doesn't worked for me
I tested the following apps:
SecureGo
VR SecureGo
Mobiles bezahlen
Every App doesn't launch. Sparkasse is quitting instantly and SecureGo Apps are stuck with their logo.
On the rootet user I get the Browser-warning (of SecureGo) that my device doesn't meet the security requierements. So far so good, but on the non-rooted uses i would have expect that they're working.
Any Idea? I'm on April Build.
Click to expand...
Click to collapse
I managed to get the VR Secure Go app working by doing the steps in the op plus using ice box and freezing magisk and the bank apps. I'm on April, too and I'm using radioactive kernel. Rooted stock kernel works as well on my device, but I had issues with the bank apps on some other kernels.
So to confirm, you need to freeze magisk on the rooted user and you're able to use the bank apps on the second (non rooted) user?
On which user you would freeze the bank apps? I doesn't have them installed on the rooted user.
Thanks in advance that you can definitely confirm its not the fault of April built.
hanni2301 said:
So to confirm, you need to freeze magisk on the rooted user and you're able to use the bank apps on the second (non rooted) user?
On which user you would freeze the bank apps? I doesn't have them installed on the rooted user.
Thanks in advance that you can definitely confirm its not the fault of April built.
Click to expand...
Click to collapse
I only have one user (the rooted user). I've done the following steps:
1. Configure magisk: activate Zygisk and setup deny list for the banking apps
2. Hide magisk app
3. Freeze magisk and banking apps with Ice Box
ok, that is the normal way which is different to the approach the thread starter has chosen.
I use deny list plus hide my applist and works fine with Sparkasse, s-push and mobil bezahlen no need to freeze or use a second user profile
How do you do that, hide applist?
You can bypass it by
Download App Named Shelter from Play store.
The App will create work profile and you can bypass any bank or app you facing issue with it.
When completed create work profile you can clone Bank App and use if.
As Information, It works out of the Box with Magisk denylist,
You only need to Install Ice Box and hide Magisk Manager, even if it is using a random name, "Mobiles Bezahlen" would detect it.
Magisk + Ice Box is sufficient on latest Miui 13 as well!
Regards!
Not sure but I think island could help not sure though as I'm not rooted the app is made by greenify
Only as info, these 2 Apps, Postbank Finanzassistent and Postbank BestSign working by default on a rooted device.
I like Postbank