With the introduction of Android 4.2, we now have native multi-user support. This is a great feature for those of us who have multiple people using one device, but I'd like to go one further:
What about those of us who want to enable a 'guest' account, so anyone can use our tablets?
What I'd like to see is an app/script I could install to the root account that would:
A) Lock the guest account out of settings (including "App Info" from the recents menu)
B) Disable rebooting into recovery and bootloader for the guest account
C) Disable USB Debugging and force WiFi on for the guest account (to prevent modifying and preserve anti-theft measures)
D) Allow the root user to configure a list of apps [on the guest account] whose data will be erased each time the guest account is logged in/unlocked (like facebook, chrome, twitter, instagram, etc)
E) Allow the root user to select apps (like the Play Store, GMail, or anything else that uses Android's native Google accounts) which can be password/pin locked to avoid Android native accounts (anything that adds to "Accounts" in settings) being added to the profile, or at least the ability to remove them at each login.
I'd be willing to pay for an app/script like this, and I can't be alone...
Jay Aristide said:
With the introduction of Android 4.2, we now have native multi-user support. This is a great feature for those of us who have multiple people using one device, but I'd like to go one further:
What about those of us who want to enable a 'guest' account, so anyone can use our tablets?
What I'd like to see is an app/script I could install to the root account that would:
A) Lock the guest account out of settings (including "App Info" from the recents menu)
B) Disable rebooting into recovery and bootloader for the guest account
C) Disable USB Debugging and force WiFi on for the guest account (to prevent modifying and preserve anti-theft measures)
D) Allow the root user to configure a list of apps [on the guest account] whose data will be erased each time the guest account is logged in/unlocked (like facebook, chrome, twitter, instagram, etc)
E) Allow the root user to select apps (like the Play Store, GMail, or anything else that uses Android's native Google accounts) which can be password/pin locked to avoid Android native accounts (anything that adds to "Accounts" in settings) being added to the profile, or at least the ability to remove them at each login.
I'd be willing to pay for an app/script like this, and I can't be alone...
Click to expand...
Click to collapse
I also thought that but i wish Google did this.
A. might be doable i will look into after core is done.(see below)
B. requires rom modification
C. may be doable but require root, turning wifi on is possible and automatically turning on if turned off is
D. I have auto enabling installed apps working, auto erase may be possible, Manuel is
E. wont be an issue cause you dont need to sign in with gapps, possible to disable but requires root
at this point i have the ability to enable any app installed on the primary user on a secondary user, all without root give me a few days to flesh out an app
aaronpoweruser said:
A. might be doable i will look into after core is done.(see below)
B. requires rom modification
C. may be doable but require root, turning wifi on is possible and automatically turning on if turned off is
D. I have auto enabling installed apps working, auto erase may be possible, Manuel is
E. wont be an issue cause you dont need to sign in with gapps, possible to disable but requires root
at this point i have the ability to enable any app installed on the primary user on a secondary user, all without root give me a few days to flesh out an app
Click to expand...
Click to collapse
You know...
If you cooked all of this into PA, it would be a) the *only* rom in existance with a true guest account, and b) a feature that would actually bring a wider audience and realm of attention to PA...
ok, started on an app turns out it needs root, thought about it but its going to be a stand alone app for all users, might be paid tho.
aaronpoweruser said:
ok, started on an app turns out it needs root, thought about it but its going to be a stand alone app for all users, might be paid tho.
Click to expand...
Click to collapse
Given the level of control over apps and data it would need to create a true guest environment, I figured it would be root only. If you need an alpha/beta teater, I'll happily volunteer
Jay Aristide said:
Given the level of control over apps and data it would need to create a true guest environment, I figured it would be root only. If you need an alpha/beta teater, I'll happily volunteer
Click to expand...
Click to collapse
this is an amazing idea, im up for alpha/beta testing as well.
Alpha/beta tester
I am looking for something like this as well, and will happily alpha/beta test it.
Hey,
There is a big security issue on WPA2 Enterprise (802.1x) configuration in Android. The GUI offers no way to set the sebject_match option for the certificate so it is possible to install an fake Radius server and fish user credentials even there is set a cetificate in the Wifi configuration.
As far as i know it is possible to set the subject match option manual in the wpa_supplicant.conf but this is only possible on rooted devices and not on all rooted devices. I have found out that there is the option in the wifienterpriseconfig.java. The answer of google for that beheavior is "this works as intended".
My question is now, is there a way to write a app to configure wificonnections without root privileges which includes the subject_match option and has anyone experience with that?
Hello,
for my scenario i would like to know if there is a possibility to restrict the wifi usage for "restricted user" profiles.
The "restricted user" should not be able use or add a non predefined wifi-network.
Also the user should be not allowed to access the usb-port or use usb-network devices.
Since i don't want to use 3rd party apps it would be interesting to know if there is a build "switch" or config file
can flick to restrict the "restricted user" and not letting him add ne wifi-network connections.
My system is a Nexus7 (2013) and the latest CM 12.1
With CM 13 i lately experienced some difficulties.
Thanks in advance!
Say I wanted to have the most secure Sony Xperia Z Ultra possible (without "too much" sacrifice of useability).
In the context of this thread I define security as broadly anything barring network anonymity ie. hiding your device public IP address.
So I want security from network attackers (eg. drive-by download, WiFi attacks), physical device attackers (eg. customs searching devices for IP violations ... no really, that's about to become a thing apparently, GF and/or mistresses) .
How would you do it?
Could you please use sections of
Code:
firmware
phone settings
app settings
behavior
because I want to curate the best answers from users in this post for the good of the forum.
My thoughts so far are:
Firmware:
Root is disabled
Bootloader should be locked.
^^ These I'm not sure about - see if we don't have root then we don't have iptable firewall and hosts level server blocking.
One recovery should be used
Honestly I'm not sure which ROM is more secure than another but I'm assuming the latest and greatest is more secure so that would be MM atm. No idea if Sony is more secure than another flavour of ZU Android.
Phone settings:
Developer options off
Sideload apps off
Do not connect to unknown WiFi
NFC Off by default
Bluetooth Off by default
PIN unlock required
Auto-lock ON
App settings: (this includes apps you should have/not have and their settings)
I figure every additional app that I don't use is a needless attack surface so start with no apps at all - uninstall everything. Only install what you use ... for which you need root unless the ROM is premade like this.
Firewall app (Netguard no-root Firewall, DroidWall if we have root)
Adblock (if we have root)
AV - honestly most mobile AV seems pathetic at being secure and not acting like malware (notifications, popup windows etc) but Avast at least seems to not hog resources.
-Auto update every app
User behaviour:
NEVER:
-install apps from anywhere other than Google Play. Or possibly FDroid
-let another person use your device
I'd like to hear your suggestions, critique and everything else, cheers!
So you're not gonna install from other than google play, then what ad blocker are you going to use? Where is adblocker connecting to?
You're talking about still having a lot of apps connecting through servers that you don't control.
morestupidemailnames said:
You're talking about still having a lot of apps connecting through servers that you don't control.
Click to expand...
Click to collapse
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G
panyan said:
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G
Click to expand...
Click to collapse
Exactly my point.
The op is a long winded question that leaves you with more questions.
Probably why there's been such a landslide of security tips here
My plan is to modify permissions for almost every app on my phone including system apps.
There will be 2 categories:
1. Apps that need to be able to phone home (Internet access, I guess).
(For those I want to block access to all my personal information / data.)
2. Apps that don't need to phone home.
(For those I just want to make sure the apps can't leak my data/information.)
Now let's say I want to prevent an app from accessing the Internet:
Is it enough to just tap the according check box? Because some of the 'functions' listed under that category don't get a check mark by default. Which of these functions do actually make sending/receiving data over the Internet possible?
I'm not an Android developer, so I don't know what all the 'functions' can potentially do/expose. What is your advice for people like me? Should I just disable all functions under a category that I want to restrict and see if it works? Or am I truly expected to become an Android developer and understand every single class member listed in the app? It would be nice to have a short explanation and assessment for each function.