[Q] Owner/User/Password Question - Nexus 9 Q&A, Help & Troubleshooting

I was attracted to the Nexus 9 by the facility to have individual password protected user accounts. However it would appear that if the unit is turned off or battery goes flat whilst in possession of a user it require the owner's password to get back in? This sort of negates the benefit of the separate password protected accounts or have I set it up incorrectly or otherwise doing something wrong? Many thanks

RaymondScrott said:
I was attracted to the Nexus 9 by the facility to have individual password protected user accounts. However it would appear that if the unit is turned off or battery goes flat whilst in possession of a user it require the owner's password to get back in? This sort of negates the benefit of the separate password protected accounts or have I set it up incorrectly or otherwise doing something wrong? Many thanks
Click to expand...
Click to collapse
HTC Support have now confirmed "Unfortunately there is not function to allow you to do that, it will always go back to the main account holder when the battery dies or turns off."

Related

[Q] sync office files to encrypted folder?

I work for an IT firm, and often when we go onsite we end up having to retrieve user passwords for various reasons. Right now our options are to:
A) Print out the site's password sheet and take it with us
B) RDP back to our company network and lookup each password as needed
The first solution is rife with security concerns, while the second is a pain in the butt.
What I would like to do is set up a background wifi sync at the office with my android tablet, so every time I leave the building I automagically have up-to-date files with me. But also store them in an encrypted folder or format, so if the tablet gets lost we don't have to reset many hundreds of client passwords. I am not at all opposed to buying an app, or more than one if this can be accomplished in a convenient and secure way. Any ideas?
Dropbox? Preferably combined with storing the passwords in an encrytped database such as keepass?
Really, you want confirmed sign off from your management here. ****ing up with a customer password database (say you lost your phone) is a Career Limiting Move.
Sent from my GT-I9100 using Tapatalk

[Q] Exchange/ActiveSync on Android Permissions -- Options?

I asked this in XDA Android Q&A; posting to this Rezound Q&A as well in case there are any Rezound specific options that can be explored:
I've been debating configuring my personal phone to access my employer's Exchange server; I would be checking it on occasion-- more of a convenience thing to know what's up before I head in for the day.
Using the default Android Mail client and choosing ActiveSync and doing the setup, I inevitably reach a screen with the following:
Activate security policies?
Exchange security policies
Your IT administrator requires that you activate these security policies in order to sync with your Exchange Server.
Activating this administrator will allow the application Mail to perform the following operations:
! Erase all data
Perform a factory reset, which deletes all of your data without any confirmation.
! Set password rules
Restrict the types of passwords that you are allowed to use.
! Monitor screen-unlock attempts
Monitor failed attempts to log into your device.
! Lock the screen
Control when your device locks, requiring that you re-enter your password.
! Device function limitation
Restrict some function on device like Wifi, Bluetooth, Camera etc.
Click to expand...
Click to collapse
Needless to say, this is highly unappealing for my personal phone-- way too much power for the Mail application.
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
vprasad1 said:
Needless to say, this is highly unappealing for my personal phone-- way too much power for the Mail application.
Click to expand...
Click to collapse
It is designed to protect corp data. If you don't want your personal phone under that control, then don't connect it. That is the choice you have.
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
Click to expand...
Click to collapse
Nope. The policy is from the Exchange servers policies.
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
Click to expand...
Click to collapse
Not sure how you would do this.
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
Click to expand...
Click to collapse
When you connect, if they have issued the wipe command, it wipes. Distance is not relative. Wipe is wipe.
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
Click to expand...
Click to collapse
No. they could have a different policy setup for different groups of users and have you into that group, but you would have to ask the administrator though.
The exchange policies are part of the requirements of connecting to that exchange server. The policies can be changed by the administrator by putting you into another group, but I doubt they will do that. They are there to protect corp data.
There are other ways that policies can be setup, but that needs to be done again by the administrator.
These types of policies are becoming more and more common as companies realize their contacts, email and attachments are valuable and need to be protected. A lot of people use two phones, one for corp and one for personal, not mixing the two.
Remote wipe and all is a feature of activesync, not necessarily exchange. So, according to what I'm reading, you can find an email client that supports exchange but not eactivesync and get around the permissions.
I am also interested in how far the wipe can extend. It says reset to factory, which would leave your SD card intact.
gthing said:
Remote wipe and all is a feature of activesync, not necessarily exchange. So, according to what I'm reading, you can find an email client that supports exchange but not eactivesync and get around the permissions.
I am also interested in how far the wipe can extend. It says reset to factory, which would leave your SD card intact.
Click to expand...
Click to collapse
As far as I am aware, the Exchange server CAN initiate a full wipe, if your company is on Exchange 2010. The wipe command can be found in OWA settings. The only way you can get around the permissions is to login to OWA via your browser. The security settings are there for a reason, as mentioned above.
Microsoft works very hard with its partners to provide the best security possible. I do not think using Touchdown or another email client will allow you to circumvent security policies enforced by the Exchange server.
Sent from my Dell Streak 7 using Tapatalk 2
vprasad1 said:
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
Click to expand...
Click to collapse
I use TouchDown for my work e-mail, and while I have never had any administrators use remote wipe, I will let you know my experiences:
-There is an option in the settings screen for "Clean SD card on remote wipe." It's unchecked by default. I assume a remote wipe will only clear TouchDown related data, but am not 100% sure of it. At the very least this option implies that it won't normally wipe your SD card as well.
-TouchDown will ask for the same permissions. However, unlike the default mail application, which will force your whole phone to be pin locked, TouchDown will only force you to enter a pin when you open the application. This feature is nice if you don't want to always enter in a pin to unlock your phone but also want Exchange e-mail.
-As the policies are set on the ActiveSync server, there's no way to get around revoking the permissions.
If you search for it enough, you can probably find a modified mail app that doesn't require these security permissions. I know I've seen one that works with CleanRom and I use it on ICS Business Sense. No lockscreen pin required either and no device administrator.
http://forum.xda-developers.com/showthread.php?t=1456425
Sent from my ADR6425LVW using XDA
Just created the account to reply to this thread.
I am too looking for a solution to avoid giving my employer the access rights to wipe my phone, and I just wanted to comment that IMO, theorically it is not because this setting is on server side that it can't be avoided.
Android can give whatever permissions the server asks for then totally ignore the commands when they eventually come. That would probably require some coding to simulate executing the command without actually doing it, and it would definitely require root access to do this, but I do not see how that would be impossible on Android or on one of its mods.
Now obviously this is not something I'm going to waste time on. if it can't be done, my pro account will not be on my phone. That was me trying to do something for my employer, but if they don't want me to see my mails on weekends, I won't be fool enough to complain.
I'm in a similar situation. With ICS, at least it gave me the ability to only have to enter a PIN after 15 minutes or something when your phone is locked. Prior to that with GB, every screen unlock required the PIN.
I do use a modified Mail.apk, but in a sense, I'm contributing to the problem of my company not allowing android phones on their network, because there are just so many workarounds like this.
LBE Security Guard may be able to inhibit the permissions, though I wouldn't want to have to depend on that as a last line of defense right before my device is potentially WIPED!
There has to be some better solutions to control it on the client side...
My admins at work say they will not change the exchange policy.
They said it comes with Exchange Server 2010 as the default settings, but they won't change it. They have actually tested the remote wipe and it works instantly. They claim they can remote 'unwipe' it as well, but I gave an analogy about formatting drives (quick format vs. full format) that they couldn't answer.
I told them I'm concerned about anyone having that much power over personal "BYOD" phones, and the possibility of someone accidentally or maliciously wiping my device.
They said the policy will not be changed.
Does anyone know of other 3rd party mail OR calendar programs that will update my calendar without allowing these INSANE permissions? Thanks.
I've recently bought a new phone and found these ridiculous permissions when I went to sync with my work exchange.
There must be apps available or possible to develop because the email app on my old phone doesn't ask for these permissions. Unfortunately it isn't available to download, just the default app with that phone.
worldheroes said:
I've recently bought a new phone and found these ridiculous permissions when I went to sync with my work exchange.
There must be apps available or possible to develop because the email app on my old phone doesn't ask for these permissions. Unfortunately it isn't available to download, just the default app with that phone.
Click to expand...
Click to collapse
There are several mail programs in the Google Play store, if you search for 'exchange email'
I saw:
k-9 mail
touchdown
exchange exmail
maildroid
and so on...
k-9 had the best ratings and is open source so I tried it, but it couldn't connect to my exchange server. I got an error during setup:
'Setup could not finish, cannot connect to server. (ioexception)'
Please let me know if you have better luck with any exchange program!
The best choice for you is to install OWA from the play store (outlook web) and that will get you contacts, push mail and calendars without having to accept the exchange policies. All you have to do is point it to your companies webmail page and login.
I searched for OWA in the Play store but didn't find the one you mentioned. (see attachment) Is it a free app?
I have the first one by WWO. It gets the job done. 5 bucks well spent. I'm sure it can be side loaded if you'd like to test the functionality first.
Daistaar said:
I have the first one by WWO. It gets the job done. 5 bucks well spent. I'm sure it can be side loaded if you'd like to test the functionality first.
Click to expand...
Click to collapse
At the risk of asking a silly question - how would I get it to test it?
might want to try this:
http://forum.xda-developers.com/showthread.php?t=1965468
Thanks - the link to the ICS Email APK with Exchange Security removed was exactly what I needed!
I wish that app would be maintained with the current version and be put in the google play store!
If I activate the device administration can I undo it? Can I deactivate it and go back to life as usual?
quarksurfer said:
If I activate the device administration can I undo it? Can I deactivate it and go back to life as usual?
Click to expand...
Click to collapse
Yes, delete the account in question.

Email app that doesn't store email password

Can anyone recommend an email client that requires you to put in your email account password each time you connect?
I want to use it specifically for my banking and nothing else/no other email accounts.
I don't really want the app to save my password, because I don't routinely password-protect my phone (too much hassle for too little benefit), and I want to know that my bank details/emails are safe if I ever lost my phone.
I don't know the answer to your question off the top of my head, but there are apps which will password-protect other apps (there are many, app lock, app protector, etc.).
Yeah, I did think of that, but since I'm paranoid and my phone is rooted/not password protected, I figure that anyone with a clue could get past that if they got hold of my phone. So I really want to not store the email password on the phone at all. I guess if I can't find an app then I'll just have to use the browser...
If you're paranoid, why do you stay rooted and not password protected? You could set a pattern lock, or at least unroot.
post-mortem said:
If you're paranoid, why do you stay rooted and not password protected? You could set a pattern lock, or at least unroot.
Click to expand...
Click to collapse
Convenience. I have several apps that require root permissions, and I flash a new ROM quite regularly.
As for the pattern/password protection on my device - I don't want to do that because it will involve several hundred inputs a week, whereas I only really intend on checking this specific email account a couple of times a week at most, so I'd really rather have to input the email password at that point.
There's nothing else sensitive on my phone that I would care about anyone getting their hands on.
Bump. Any ideas, anyone?

Possible Concern for Exchange ActiveSync users

Hey everyone, this thread is both to let everyone know of a possible issue in Android M and to poll the community to see if this issue is isolated or if we will all be seeing it. First a bit of background on how the security policies work in Exchange ActiveSync as I understand it:
- When you assign an Exchange policy for ActiveSync devices you can basically tell it to require a password or not, encryption, etc. From there the OS of the device determines what that means. For example in Android if you are set to require a password it disables Pattern, Swipe and Face Unlock as choices for securing your phone. It assigns each a security level something like: Swipe = Not secure, Pattern = Weak security, Face Unlock = Medium Security (those are just examples.... I'm not saying thats what they are actually are) and the OS decides what level of security is acceptable when the password requirement is set. It also disables features like Smart Lock for trusted locations/bluetooth devices
As one of the admins of my own network I long ago set my policy to NOT require a password but I still do configure and use a PIN to secure my phone. The reason I set my device to not require a password was solely for the Smart Lock feature.
So the other day I flashed a 6.0 ROM on my Nexus 4 (no factory images available obviously). So I joined my phone to my Exchange server before I had setup any security and shockingly it said that it required I have a PIN. I double-checked my policy on the server and I am most definitely set to not require a password still. So now even with that policy set I am not able to use my phone without a PIN and am not able to use the Smart Lock feature and my fear is that this will also include not being able to unlock my phone with the fingerprint sensor (ouch!)
I'm sure many of you are thinking exactly what I did and that it was an issue with the ROM since it was a port. So with that in mind I setup my Exchange account on my freshly factory imaged Nexus 9 tablet and the exact same issue happens with it.
So either Google jacked up the security settings when connecting an Exchange account or there is a bug that causes the requirement of a PIN even if your policy is set not to.
Anyone else running Android 6.0 connected to an Exchange server that previously did not require a password and now does? One of the things I was most looking forward to was being able to secure my phone using my fingerprint instead of a PIN so this is a big bummer for me
If I am not mistaken, requiring a PIN is the policy of android pay, which comes default with Marshmallow, and is also a device manager. This makes sense, because Google wouldn't want someone draining your bank account in addition to stealing your phone.
rajendra82 said:
If I am not mistaken, requiring a PIN is the policy of android pay, which comes default with Marshmallow. This makes sense, because you wouldn't want someone draining your bank account in addition to stealing your phone.
Click to expand...
Click to collapse
If I dont join my Exchange server I can set any type of security I want so its not related to that
Wow, that's pretty upsetting. I too run my own Exchange Server. I always use PIN but I like the Smart Lock feature. And of course I had expected to use the fingerprint sensor. I wonder if rooting and using a combination of Tasker and the Secure Settings plug-in would allow you to get around it.
I currently have an HTC M8 and 6.0 is supposed to be out for it before the end of the month. I guess I'll load that and see how it works.
My Nexus 6 had been on M since the previews. I have a pin and I use smartlock with my moto 360. It's mostly unlocked and exchange works fine. My servers are set to require passwords and everyone at work has iphones with finger print and they work with that also.
Sent from my Nexus 6 using XDA Free mobile app
SymbioticGenius said:
My Nexus 6 had been on M since the previews. I have a pin and I use smartlock with my moto 360. It's mostly unlocked and exchange works fine. My servers are set to require passwords and everyone at work has iphones with finger print and they work with that also.
Sent from my Nexus 6 using XDA Free mobile app
Click to expand...
Click to collapse
What version of Exchange? We are running the latest 2013. My Smart Lock menu is completely greyed out and says "Disabled by administrator"
I am using Exchange 2013 and have no issues with my Nexus 5x. I am using smartlock with my Huawei Watch, location, and facelock. Maybe I'm confused about the issue here.
hollowlog said:
I am using Exchange 2013 and have no issues with my Nexus 5x. I am using smartlock with my Huawei Watch, location, and facelock. Maybe I'm confused about the issue here.
Click to expand...
Click to collapse
Nope you are understanding. I flashed 6.0 then activated my phone on my Exchange server and now it says my Smart Lock is disabled by administrator despite my policy not even requiring a password.... very odd
I use mobimail through the OWA instead of going through the Exchange Server Active Sync
I am using Nine as my exchange email client, that allows me to set a Pin on the email itself instead of needing it on the phone. Our company requires a PIN or a Password for mobile usage.
I'm using touchdown and a hosted exchange, no phone pin, nexus 5, Android 6.0 and no issues
I have used Nine before. It's not bad. Touchdown (the last time I used it) was complete garbage.
Anyone using the Gmail app that can still use smart lock in M?
I use touchdown so it's independent of my OS therefore i can set it only on the app.
WoodroweBones said:
I have used Nine before. It's not bad. Touchdown (the last time I used it) was complete garbage.
Anyone using the Gmail app that can still use smart lock in M?
Click to expand...
Click to collapse
I must admit it's got worse since symantec bought it..... but i paid for it when it was cheap and it still works so may as well make use of it.
can you post the exchange server-side security settings here? i wouldn't be surprised if google did something to "up" the security of their exchange apk. also - testing with a third party app would be a valid test as well. remove all exchange accounts from your device, confirm your basic security is re-enabled and then try an app (like nine). if the app requires security configuration, it's server-based.
640k said:
can you post the exchange server-side security settings here? i wouldn't be surprised if google did something to "up" the security of their exchange apk. also - testing with a third party app would be a valid test as well. remove all exchange accounts from your device, confirm your basic security is re-enabled and then try an app (like nine). if the app requires security configuration, it's server-based.
Click to expand...
Click to collapse
Attached
Just an update to this....
I went ahead and removed my Exchange account and immediately was able to access those other features that were previously greyed out. I then installed Nine and setup my account there and it allows me to use it without any security at all. Very odd
EDIT: Wow... Nine has improved! I might go this route anyway. I also like having my work account in a separate app as there has been a few times when I've sent a work email from my gmail account
Ok and not only does Nine have a Dark theme but it has a "True Black" option which I'm guessing was made specifically for AMOLED.... too good not to use!
kumarshah said:
I am using Nine as my exchange email client, that allows me to set a Pin on the email itself instead of needing it on the phone. Our company requires a PIN or a Password for mobile usage.
Click to expand...
Click to collapse
I use Nine as well, love it.
My company requires a pin or password, but I'm also able to use a pattern, which is much better than a pin or password for ease of use. Your fingerprint scanner on the new Nexus will be an option in addition to pin or password. No worries, it will all work.
WoodroweBones said:
Ok and not only does Nine have a Dark theme but it has a "True Black" option which I'm guessing was made specifically for AMOLED.... too good not to use!
Click to expand...
Click to collapse
also - you can change the notification icon from their little circle thingy to something that actually looks like a mail icon.
640k said:
also - you can change the notification icon from their little circle thingy to something that actually looks like a mail icon.
Click to expand...
Click to collapse
Very nice! It also does per folder notification which is just about the only reason I rooted my phone previously....

Moving accounts from one device to another?

In a bit of a bad situation, and it is an oversight on my part but also from a legitimate amnesia issue so be gentle
I am moving from an S4 to a new phone but a lot of accounts (an email, twitter, instagram.. some others) are linked to a dead email (a domain I had and let drop), and I've lost the password (to both the accounts and the emails), and I'll lose them forever if I can't move them to my new one.
Horrible issue but I need to turn my old phone in to AT*T within the week so I don't have time to contact sites for support on this. If I can maintain temporary access through a move to my new phone I'll be content and finally work with contacting these sites to update the information on these.
Does Androids Tap & Go move accounts like that without requiring password re-entry? What do I do?
I do have root on my S4 if Titanium Backup is the way to go.
Still looking for help..

Categories

Resources