Hi there,
Has any one tested the hardware disc encrytion that Samsung touted pre-launch? Are there any white-papers on how this works?
"Samsung has also taken steps to include Enterprise software for business users, that include On Device Encryption, Cisco’s AnyConnect VPN, MDM (Mobile Device Management), Cisco WebEx, Juniper,[28] and secure remote device management from Sybase.[36]"
Source https://secure.wikimedia.org/wikipedia/en/wiki/Samsung_Galaxy_S_II#Bundled_applications
Regards, F.
I asked on the CM forums, and CM does not have any disc encryption, yet. DOes anyone know about Samsung's offering?
BR.
Shame-less bump, in case some one has bought the i9100 by now and found the encryption option. Any one?
I found this gumpf about it. Its a third party product provided by Sophos.
"Antivirus & Firewall Security for Android Devices with Disk Encryption
SophosWith rising security threats and growing demands for the need of end point protection and data security are growing and so does Sophos comes forward and launches a mobile control which is mainly designed and is developed for smart phones like Android. This product comes with Sophos Anti-virus, Sophos Client Firewall and Sophos Disk Encryption which protects from threats and provides the disk encryption.
Basically, the SOPHOS secures the smart phones by centrally configuring all the security settings and then also it enables the lock down of unwanted features. With strong set of password and security policy it can even control the installation of apps, blocking use of cameras, browsers like You Tube etc. Also, additionally you can easily secure the access to the corporate mail by setting up the registered devices to access the mail.
Sophos Mobile control secures the mobile devices by centrally configuring security settings and enabling lock down of unwanted features. The features like strong password policy and lock period, control and installation of applications and blocking usage of cameras and browsers will help in enabling the enforcement of consistent "
Source: hxxp://androidadvices.com/antivirus-firewall-security-for-android-devices-with-disk-encryption/
galaxy s II I9100 has disk encryption built-in but disabled
I went through the files in initramfs and i found :
1) lots of encryption related strings and error messages in the /init executable
2) /init.rc has an event handler "on property:encryption.bootmode=remount"
3) /res/encryption.conftab - a configuration file that maps directories like /data to /dev/mapper/data to /dev/block/<data block device>
important point is that /init executable contains the name of this file and error messages relevant to the processing of this file.
4) /res/images contains images that together are a encryption graphic UI
Conclusion: Block-device level encryption is available and configured through dm_crypt by the init executable and some configuration files. Some flag probably exists somewere to enable this encryption.
Guess: after the flag is flipped the device should ask during boot for encryption password and encrypt /data /efs /cache /sdcard directories. On consecutive re-boots the same password will be asked to be able to mount through the configuration file(s).
Anyone knows how to enable the damn thing? Apparently Sybase have an app called Afaria AES for samsung that enables this functionality. I guess that they are doing it using some unpublished samsung security API. Maybe an extension of the DeviceAdmin class. Anyone know a way to check this?
I configured the standard email client to connect to my exchange server which enforces an encryption policy and then I got prompted to that my SGS2 would then encrypt itself.
I've no idea if there is a way to do it manually or even how to un-encrypt it if I ever remove the exchange account.
dwod said:
I configured the standard email client to connect to my exchange server which enforces an encryption policy and then I got prompted to that my SGS2 would then encrypt itself.
I've no idea if there is a way to do it manually or even how to un-encrypt it if I ever remove the exchange account.
Click to expand...
Click to collapse
Hi, When you say, the SGS would encrypt itself, did you mean that the internal discs would be encrypted, or was this referring only to the connection over Email. I think the latter and if so then this is not the correct thread for this discussion. If the former then this is remarkable.
I am also looking for a way to enable encryption. The ability to use hardware-assisted file encryption was the first thing that caught my eye when they presented the SGS II at MWC.
I have contacted Samsung about this (twice) and they were not really helpful at all. They only replied that you need third party tools to use the SGS II encryption features and that there is no tool included with the handset. They also ignored my inquiry for a documented API which would make it possible to write a little program to switch encryption on.
It seems that Sybase Afaria is one of the solutions with the desired ability, a Microsoft Active Sync server is another, both enterprise level products. The Sophos product mentioned above might be yet another.
If we could only get some information about the API all these products must use to administer the phone!
fryandlaurie
@forgetmyname:
I'm pretty sure that it is about file level encryption: Connecting to a corporate exchange server allows the server (if configured accordingly) to enforce a host of security policies on the phone. One of these policies may well be the encryption of all mail traffic but I doubt that you would be prompted to acknowledge that.
fryandlaurie
It would be great to be able to file encrypt private photos, I don`t think its enough with a program that requirre a password to show the hidden files. As if one have physical access to the phone one can easely get the pictures.
Two options for i9100 Encryption
oleost said:
It would be great to be able to file encrypt private photos, I don`t think its enough with a program that requirre a password to show the hidden files. As if one have physical access to the phone one can easely get the pictures.
Click to expand...
Click to collapse
On Stock Samsung ROMs pre-ICS you can use Galaxy Device Encryption free or pro by hellcat (see google play) for full device encryption, including optional encrypting of the external SD card. Note, it has to be stock rom for this to work on GB and this only works on certain Samsung models that they added the encryption ability to the OS but didn't give the user a way to activate.
ICS supports encryption natively and gives the user access to turn this on without a push from an exchange server or the like, assuming this hasn't been removed/disabled by the developer of the ROM you're using.
Ed
Hi!
In order to automatically switch to Wifi Keyboard as my current input method when plugging my phone (Atrix, Android 2.2.2) into my computer, I am looking to circumvent the security restrictions preventing that. Normally, applications are not given the permission to change input methods due to them being in control of the system, possibly with malicious intent.
Now, my phone is rooted, and root shall be your god, so this must be possible. To further complicate matters, I am trying to acieve this through Tasker (which does not know about root), as it already provides the several other tasks I want to achieve and can trigger them in any context imaginable. It is, however, able to run scripts - so if there is a way to do this by script, I'm set.
Google gave me a link to the developer.android.com reference to InputMethodManager (which I am not allowed to post here yet...), which says, among other things, the following:
The input method manager as expressed by this class is the central point of the system that manages interaction between all other parts. It is expressed as the client-side API here which exists in each application context and communicates with a global system service that manages the interaction across all processes.
An input method (IME) implements a particular interaction model allowing the user to generate text. The system binds to the current input method that is use, causing it to be created and run, and tells it when to hide and show its UI. Only one IME is running at a time.
Multiple client applications arbitrate with the input method manager for input focus and control over the state of the IME. Only one such client is ever active (working with the IME) at a time.
Click to expand...
Click to collapse
Only the system is allowed to directly access an IME's InputMethod interface, via the BIND_INPUT_METHOD permission. This is enforced in the system by not binding to an input method service that does not require this permission, so the system can guarantee no other untrusted clients are accessing the current input method outside of its control.
Click to expand...
Click to collapse
A client application can ask that the system let the user pick a new IME, but can not programmatically switch to one itself. This avoids malicious applications from switching the user to their own IME, which remains running when the user navigates away to another application. An IME, on the other hand, is allowed to programmatically switch the system to another IME, since it already has full control of user input.
Click to expand...
Click to collapse
The identification of the current IME is represented by this:
IBinder imeToken Supplies the identifying token given to an input method when it was started, which allows it to perform this operation on itself.
Click to expand...
Click to collapse
I take from this that I either have to
a) gimme that BIND_INPUT_METHOD permission,
b) remove that whole restriction at least temporarily,
c) impersonate being the currently active IME by taking the imeToken away or
d) tell the IME that it should switch to another one.
Unfortunately, my programming experience is limited to C (on microcontrollers...), Python and PHP, and I have no greater experience with fitting my scripts into lager-scale frameworks, only in small ones for personal or limited use. So, well, I have no idea how to achieve any of these goals.
Could someone tell me if what I want to do is even possible, and if so, how? I don't need the full code, if there is much to it, but rather some directions, altough I certainly would not mind it
Thanks a bunch for any advice in advance!
V
PS: I hope it is not rude for me to ask this in here, but well, it's kinda-sorta dev stuff, and neither Google nor the Forum search turned up anything even close to an answer.
Use "Secure Settings". It will allow you to switch keyboard input using Tasker. It also lets you turn gps on and off as well as some other things.
Sent from my MB860 using xda premium
Hello,
I'm looking for a free app that could enable pattern or code lock for example from 8am-5pm.
I don't want to enter my password every thime I'm home, because I know nobody is gonna take my phone without my knowledge.
I just want to have passord protection while I'm in school.
I already found app Delayed Lock with location plugin but it requires paid version to use this plugin.
The password lock can be based on location whether on time.
Do You know any of such apps that are for free or even trial?
Hey,
There is a big security issue on WPA2 Enterprise (802.1x) configuration in Android. The GUI offers no way to set the sebject_match option for the certificate so it is possible to install an fake Radius server and fish user credentials even there is set a cetificate in the Wifi configuration.
As far as i know it is possible to set the subject match option manual in the wpa_supplicant.conf but this is only possible on rooted devices and not on all rooted devices. I have found out that there is the option in the wifienterpriseconfig.java. The answer of google for that beheavior is "this works as intended".
My question is now, is there a way to write a app to configure wificonnections without root privileges which includes the subject_match option and has anyone experience with that?
Is there an app that can switch between the owner account and guest account (or another user) based on the PIN entered in the lock screen? Using root or not doesn't matter.
And a question to the experienced devs here, if such app doesn't exist, is it possible to create? I understand that the lock screen is independent in each user so that may be hard to implement. Theoretically speaking is it possible to develop such an app?