Better Mobile App

[Q] Bluetooth Networking Project

Hello,
I was wondering if someone could point me in the right direction for a Bluetooth Networking Project I'd like to do.
The ultimate goal:
- Having some sort of bluetooth app with root privileges, which, when walking past someone, would allow some sort of passive communication without the users authorisation nor involvement.
This is similar to the idea on the 3DS called "SpotPass":
(I would have posted the link, but I'm not allowed to)
I do not have much experience on the subject, but suppose it would involve having root permissions to access the bluetooth module, being able to broadcast a message (to other users of this application).
I'm not sure if this might involve creating a completely different driver.
The reason is actually to create a short-distanced-passive-communication application useful for getting short messages or announcements across, with the low power consumption of bluetooth (vs wifi).
If this kind of communication if not possible, could someone please explain why, or at least give me some sort of link with the reason.
Thanks in advance

Root Security

Hi all
I am currently in the planning stages of developing a root security system for Android.
As everyone knows, there are security implications to rooting your phone etc. Untill now, I have used the normal means of controlling this (lock security, disabling ADB, Superuser.apk whitelist), but this is of limitted help if someone physically gets hold of your phone (while unlocked or ADB enabled).
There are a few things I would like to implement, and would like to gather some feedback on whether;
a) It will be of use to anyone but me, and
b) If anyone has any input as to the feasability (or has done any such work in the past)?
There are 3 areas I would like to lock down, somehow. It will not perfect the security, but will go a long way toward improving the overall security on rooted devices. I have not done much reasearch as yet, so some of this may be impossible. These are:
1) CWM recovery: Currently, CWM (and other recovery/pre-android resources) can be used to bypass almost anything you put in place to secure your phone. I would like to implement a password/passcode on CWM to lock out unauthorised changes. My personal preference would be to store this in /data somewhere it would be removed on wipe, and leave the option to wipe without passcode (so you don't end up with a brick if you forget the password), but lock out all security-sensitive operations like flashing. That way, someone could get to recovery, but would have to wipe data to be able to do anything usefull without authorisation.
2) ADB: Currently, even if your phone is locked you can get access to everything through ADB. The only way I currently see to do anything about this is to disable ADB when you are not using it, but this is irritating when you use it as much as I do. What I would like to do instead is either force a popup from Superuser.apk to grant root every time you connect, or implement a password which must be entered on connection. Both could be problematic, but I think forcing a confirmation (or even a check if the dev is unlocked) would be most useable, but my knowledge is limitted here. It may be that neither method is practical and disabling ADB is the only practical solution.
3) Superuser.apk: Everyone knows they should have security set up on their phones and not leave it lying around unlocked, but some don't like the hassle and most will occasionally forget to lock it. I would therefore like to implement securoty on Superuser.apk to stop (at least) new apps from aquiring root. This is the least important IMHO, but would be a further step towards improving security.
So, what does everyone think?

Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums & Read the Forum Rules
Moving to Q&A

lufc said:
Questions or Problems Should Not Be Posted in the Development Forum
Click to expand...
Click to collapse
Sorry. I posted in Dev because this is the beginning stages of some development I plan to do, but fair enough.

I can only really answer the first question... I would be interested in something like this. I've actually taken an interest in mobile security recently, but I've constrained myself to existing products like avast and PDroid to give me some extra protection. When it comes to hardening these other components... I don't know enough about stuff at that level. But I would dig it.
Things like avast handle some things, like disabling debug if you remotely lock it. But it wouldn't solve things like securing CWM if the person simply reboots into recovery.

How do you disable ADB now?

please, do it!
drmouse81
As a poor ex-owner of a lost Samsung Galaxy Ace, I would love to have a password protected CWM recovery ... this would have propably saved my device (an have back my loved photos!)
My device was operator-locked, SIM was pin protected, screen was locked by pattern ... I rang to my lost mobile, taxi driver answered ... spoke with him ... asked him to return my phone I was offering rewarding. He laughted a lot!
Yes, there are apps to locate your terminal, ring loud, etc. But none solves the basic problem of someone that wipes the phone, puts a new bootloader, etc.
Most people do not knkow that IMEI blocking only works in home country of the SIM operator.
On the other hand, there were a lot of past discussions on this topic, but many people seem not to see this as feasible.
If you find a way to solve this, I am sure you will do a lot of money with companies, who are looking for a real solution to information loss on mobile devices.
Requirements: phone should be not functional. thieves would be able to use them only for spares ...
a) require password to make changes to bootloader / wipe (that is, recovery is also blocked)
b) encryption of user data (even in SD)
c) allow to swipe a new SIM, provide pin of the SIM, then block the phone but send SMS with new number and location. Show on screen customizable message (such as -- this phone is property of xxx and has been lost/stolen -- please contact owner at xxx or hand it to police --- )
Is this possible? Why previous discussions shut off this topics?
Best luck - would love to be guinea pig for this ...
CTone.
---------- Post added at 01:00 AM ---------- Previous post was at 12:39 AM ----------
www dot cyanogenmod dot com slash blog slash security-and-you

Hi
I stopped posting here for a couple of reasons, the main one being I have been too busy. I'm still planning to take this on, but it may be a while.
The other problem is that, although it will help, it will not secure the device completely. There will always be ways around it. Manufacturer supplied tools will still bypass it.
As for your phone, did you contact the police? Knowing the taxi driver answered, they should have been able to get it back, or at least prosecute they b#####d!
Sent from my MB860 using xda premium

You actually have a really valid and practical idea...
Have nothing to contribute here, just want to encourage you...
:thumbup:
If personal life does permit you, please do consider working on this
Typed using a small touchscreen

Silent Download APK

I haven't seen this topic and not even sure if its allowed for discussion on here. So I will take a leap and ask it anyways.
Is it possible to install an APK without the person clicking the install or know its being installed?
I know that this is possible on a computer using java. Seeing that apk are java programs. I am wondering if it will work on Android too.
I believe what its called is Java Drive by. I have heard that there is a new trojan or RAT on the net for androids. And see 90% of users don't have an AV on their phone. This program is able to steal your SMS, Pictures, Call logs and Contacts list. There are other key loggers out there that can be installed to capture your passwords. I am just worried about getting hack and 95% of the Android AV's suck and not worth downloading as I have lost files with some or they drain the battery quickly.
If this topic is not allowed here, please for give for asking and please delete it.

TheStrokerace said:
I haven't seen this topic and not even sure if its allowed for discussion on here. So I will take a leap and ask it anyways.
Is it possible to install an APK without the person clicking the install or know its being installed?
I know that this is possible on a computer using java. Seeing that apk are java programs. I am wondering if it will work on Android too.
I believe what its called is Java Drive by. I have heard that there is a new trojan or RAT on the net for androids. And see 90% of users don't have an AV on their phone. This program is able to steal your SMS, Pictures, Call logs and Contacts list. There are other key loggers out there that can be installed to capture your passwords. I am just worried about getting hack and 95% of the Android AV's suck and not worth downloading as I have lost files with some or they drain the battery quickly.
If this topic is not allowed here, please for give for asking and please delete it.
Click to expand...
Click to collapse
don't give them idea's
jk, but apk's can't install without you pressing install, and if you disable unknown sources you can't even install apk's, so don't worry

An hour of time from a custom ROM developer?

First off I do not actually need a custom ROM of any kind built, however I do believe your skillset is needed for a personal project I am currently working on due to needing access to hidden APIs. I am having a lot of difficulty compiling the code as described in this thread http://forum.xda-developers.com/showthread.php?t=2222703 .
I normally do not need someone holding my hand, however due to the time... days spent on it I need to move on with the other aspects of my app. I would still like to send MMS messages however, so if someone could help me successfully compile an app that can send a basic picture, any single picture, even if it is hardcoded that would be a major win for me. I just need something I can work with at this point and I will do the rest.
If someone can help me I will certainly pay you for your time. Please contact me in a private message.

[Q] Security framework aproach (ROM for Kids)? APP or ROM?

Hello.
I am here seeking for help and advice on how to approach the development of a security framework (via APP or via hacked Android ROM to be used by kids, that could be monitored by adults (parents or legal tutors).
The idea would be to develop a (white hat) hacked ROM, that would allow the kids to communicate with their friends, but also would allow their parents to supervise/monitor in real time what their children are doing, who are they communicating with and that way protect their children. The thing is not to spy on our kids, but to be able to check regularly if there is anything wrong going on with our kids (mobbing, insults or harassment). Kids aged (10-14) could be influenced by other kids, adults, or adults simulating being kids, and on some occasions they can be tricked to do things without their parents consent/knowledge that can lead to a tricky situation.
When I was a kid, we had the telephone (wired telephone, of course) on the middle of the hallway, so all our conversations were basically family-public. The truth is that there are not many secret things a 10yo kid could/should talk about, but nowadays, it could be a little bit worrying to lend a smartphone to a kid. I think it's just as letting a kid drive a car; he can do it right, or not be able to evaluate the whole consequences of driving a car.
Talking to other parents around me, they all found very interesting the idea of having a telephone that one could lend to their son, having the kid available all the time, and with the peace of mind that you could know what's going on. Of course the kid should be aware of this, and that the telephone comms are being supervised. I think it's no big deal. "Kid, it's very simple. The telephone is mine, and if you want to use it you have to use it under my terms".
Probably, all of us working for a company, have also our communications supervised, cannot make personal phonecalls with the company's telephones, probably cannot navigate to webs looking for personal content, and we asume those rules (because neither the company's phones nor the computers are ours but our company's). It's basically the same, switching the company-employee role to a father-son one.
So, let's get to the point (technically). I am a tech-geek, linux pro-user, have compiled a few ROMs just for personal use, but don't feel capable enough of starting a project of these magnitude alone. If there is anyone willing to help, opine, or whatever, will be very welcome.
First of all, APP or ROM? I basically think that the ROM is the way to go, but I'm asking just in case someone can convince me on the contrary. I will make a poll on this question.
APP An APP could be easily downloaded and installed but would require a rooted phone, and I don't see it clearly if an APP could resolve all the needed issues (access to communications for example) and could be fairly easily uninstalled too.
ROM On the other hand, a ROM would be trickier to uninstall (basically flashing another ROM) but wouldn't be as easy to install as an APP (though the installer model of cyanogenmod could be kind of a solution). There could be an universal (if possible) independent flashable module, over whatever android ROM, or an entire ROM solution.
Features that I want to develop in this ROM (by the way, I call it 'Vigilante ROM'):
Suitable for as many devices as possible
Web interface for parents available to see device-related information
Some hack-proof measures to avoid kids bypassing the ROM's security
Alerts triggered on some events (offensive words, whatever)
Position of the mobile -just in case-
Suitable for as many devices as possible
The first thing I though was what platform should be used for this ROM. To select Android over others (iOS, Blackberry, W7) was a no-brainer. Now, the question is should we use pure Android or make a CyanogenMod fork?
In my opinion, even though every phone maker has to supply their ROM sources publicly, they usually introduce so many modifications (HTC Sense, Samsung Touchwizz and so on) that it looks more difficult to develop a common security framework over each manufacturer's version of Android, rather than using a more standardized one like CyanogenMod.
CyanogenMod already works with a wide number of devices (and a wider one if you count the unofficial supported devices), I think CyanogenMod should be the base of this ROM. If all the 'things' needed could be flash on top of any Android device, would be even better, but technically I need help with this one.
I understand that basically there should be an internal proxy setup, so that all the communications go through this internal proxy, and based on the kind of communication, we could log whatever we need. For example:
Visited URLs
Whatsapp or other messaging apps should be decrypted
Incoming/Outgoing calls/SMS
Social network activity
I know the Whatsapp protocol because I'm familiar with a project called WhatAPI. The key point to be able to intercept whatsapp messaging is a key generated and exchanged during the app install (although there are ways to later ask the Whatsapp server to renegotiate this keyword) and that's used later to encrypt all the messages between the phone and the whatsapp server.
Web interface for parents available to see device-related information
Behind every kid with a smartphone there should be a responsible adult supervising the kid -even if it's remotely-. In my idea, logs of messaging activity, incoming/outgoing calls/SMS and even the position should be available to the supervisor through a web interface.
Some hack-proof measures to avoid kids bypassing the ROM's security
That's an easy one. CRC checks on some keyfiles would guarantee that the device is not being 'counter-hacked'. Some kids are also very techie, and we should make some defences against kids trying to hack (counter-hack?) the phone.
Alerts triggered on some events (offensive words, whatever)
It could be interesting if somehow the supervisor could receive a notification whenever the kid sends/receives and offensive word, or tries to enter some special tagged website.