Fingerprint data question - Xperia Z5 Compact Q&A, Help & Troubleshooting

Hi All,
You might call me paranoid but I am concerned about where my fingerprint (the data) is stored when I use this feature om my Z5(compact). Is it saved on the phone only? Is it secure/encrypted? ect.
I seem to be the only one asking this question because i can't find anything about it. I also tweeted Sony's xperia account but they are not replying.
I find it weird that when apple came out with there fingerprint scanner there was a lot of controversy surrounding this topic but it seems forgotten now that more phones have a scanner. I still find this a very important question though, as my fingerprint is something i would only like to use securely.
You can state of course that if you don't trust it, you shouldn't use it... Which is fair enough, but I still find that this kind of info should be available.

FloggingHank said:
Hi All,
You might call me paranoia but I am concerned about where my fingerprint (the data) is stored when I use this feature om my Z5(compact). Is it saved on the phone only? Is it secure/encrypted? ect.
I seem to be the only one asking this question because i can't find anything about it. I also tweeted Sony's xperia account but they are not replying.
I find it weird that when apple came out with there fingerprint scanner there was a lot of controversy surrounding this topic but it seems forgotten now that more phones have a scanner. I still find this a very important question though, as my fingerprint is something i would only like to use securely.
You can state of course that if you don't trust it, you shouldn't use it... Which is fair enough, but I still find that this kind of info should be available.
Click to expand...
Click to collapse
FWIW, under Marshmallow, fingerprint data is stored in a secured area of the phone. It is never uploaded to the cloud.
http://www.androidpolice.com/2015/1...ments-for-fingerprint-sensors-in-android-6-0/
I've no idea how Sony do it under Lollipop.

thedosbox said:
FWIW, under Marshmallow, fingerprint data is stored in a secured area of the phone. It is never uploaded to the cloud.
http://www.androidpolice.com/2015/1...ments-for-fingerprint-sensors-in-android-6-0/
I've no idea how Sony do it under Lollipop.
Click to expand...
Click to collapse
Tnx for your reply. This was partly the source of my concern. Because Google made sure to let users know this and in the case of Sony here we can only guess.

Related

Bluesnarfing

Does anyone know how to do it on the Droid?
Is there a single honorable reason why you would be interested in doing this?
I sure can't think of one.
well as soon as wifi packet injection works on android i am switching.
¿GotJazz? said:
Is there a single honorable reason why you would be interested in doing this?
I sure can't think of one.
Click to expand...
Click to collapse
Vulnerability testing... an auditor who wants to do bluetooth related pen test with his/her phone?
archangelugp said:
Vulnerability testing... an auditor who wants to do bluetooth related pen test with his/her phone?
Click to expand...
Click to collapse
Lets go with that . So I'm guessing theres no way yet?
alienware777 said:
Lets go with that . So I'm guessing theres no way yet?
Click to expand...
Click to collapse
Nope. Not yet.
I don't see why it matters to anyone why someone wants this.
I want this too. I don't have to explain to anyone as to why I want it. Because, it is absolutely none of your business. If you don't know how to implement it, then don't post.
Lol. This is a public forum. Of course you don't have to explain why you want something. Equally, if someone who could help doesn't want to, because they suspect you're up to no good, they don't have to justify their actions either, let alone help you. Blessed be.
cauli said:
Lol. This is a public forum. Of course you don't have to explain why you want something. Equally, if someone who could help doesn't want to, because they suspect you're up to no good, they don't have to justify their actions either, let alone help you. Blessed be.
Click to expand...
Click to collapse
Touché. I'll admit it. The main reason I want this is to mess with my friends. Nothing actually detrimental. Same reason I like sms bombers, and caller id fakers.
But still, this would be great to add on to my list
This would be so awesome..just from a security standpoint to be able to show and explain to friends and family to not there guards down when it comes to cyber theft and to turn off your radios when not in use
I never quite understand answers like this. This forum is for the exchange of information, not personal opinions. People that think their some kind of 'ethics police' need not be on this type of site. This site is for the exploration, hacking and development of our phones. Rooting & custom firmware is frowned upon by security researchers and manufacturers alike, but because your into it, it's morally correct?
supern0va said:
I never quite understand answers like this. This forum is for the exchange of information, not personal opinions. People that think their some kind of 'ethics police' need not be on this type of site. This site is for the exploration, hacking and development of our phones. Rooting & custom firmware is frowned upon by security researchers and manufacturers alike, but because your into it, it's morally correct?
Click to expand...
Click to collapse
Yep, one man's "not needed" is another man's necessity. This is no less needed than say someone thinking they need a ps3 controller (or wiimote) working with their phone, but no one really complains about that.
here's a very legitimate reason for you so if you know how PM me
Hi,
A friend of mine has an older mobile with a broken touchscreen - the phone no longer has a SIM or a RAM card and is in "Music Sync" mode when it connects to a PC via USB.
They are currently in a court case and need to get their old SMS's off the broken phone - all the "forensic" mobile software out there (from $500 up to $5000!!!) require that the phone is in PC-Suite (or PC-Sync) mode. This can't be changed on the phone as the touchscreen doesn't work.
The only way to get to the SMS's is by Bluesnarfing, so if you know of a PC program or a WinMo 6.5 program that will let me access their phone PM me.
Thanks.
Why is there always that one person that offers no assistance, takes up bandwidth questioning your motives...
For those that don't know:
"Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages. Bluesnarfing is much more serious in relation to Bluejacking, although both exploit others’ Bluetooth connections without their knowledge. Any device with its Bluetooth connection turned on and set to “discoverable” (able to be found by other Bluetooth devices in range) can be attacked. By turning off this feature you can be protected from the possibility of being Bluesnarfed. Since it is an invasion of privacy, Bluesnarfing is illegal in many countries."
Thread closed

[Q] Fingerprint Files

Does anyone know where the fingerprint files are stored on the Atrix?
This is a good Q for the Q&A.
jeffc said:
Does anyone know where the fingerprint files are stored on the Atrix?
Click to expand...
Click to collapse
Looking forward to your Development release
Pretty sure they are encrypted. Otherwise fingerprint security would be pointless.
On topic though, look for the android fingerprint service location.
Sent from my Motorola Atrix 4G on the network with the most backhaul, whatever that is
Thread moved.
Mgamerz said:
Pretty sure they are encrypted. Otherwise fingerprint security would be pointless.
On topic though, look for the android fingerprint service location.
Sent from my Motorola Atrix 4G on the network with the most backhaul, whatever that is
Click to expand...
Click to collapse
I'm sure they are encrypted. Couldn't do much with them anyway without the api because of the fingerprint algorithm. I'm already trying to get access to that with Moto. One thing I'm trying to accomplish is to find the files to see how large they are and to possibly build a manager of some sort for shared phones so users can pass off the phone to another user and not have to resample fingerprints every time. Its common in some industries my company works with to have a 'work phone' or 'on call phone' that is passed around.
That does sound likens good idea. But I think some other revs looked into the api, and someone who worked for fingerprint company said that it is most likely never going to be released beacise of the proprietary nature. Motorola most likely has a licence on where the fingerprint scanner can be used.
Having a fingerprint reader to unlock a password letting would be nice.
Sent from my Motorola Atrix 4G on the network with the most backhaul, whatever that is

How much does a older version matter?

So I have a Huawai g630. It does everything that I need a phone to do but im sure It will never get a update past 4.3 and there is no rom support that I know of.
So my question is this. How big of a deal is this? I don't care that much about feature, its cheap enough that I can replace it in a year but I do care about security.
I don't download from other places than the play store and I of course update chrome, so how big a deal is this?
Should I replace it with something that has more support?
thx in advance.
Edit: Sorry maybe I have asked this question in the wrong place.
JollyDrifter said:
So I have a Huawai g630. It does everything that I need a phone to do but im sure It will never get a update past 4.3 and there is no rom support that I know of.
So my question is this. How big of a deal is this? I don't care that much about feature, its cheap enough that I can replace it in a year but I do care about security.
I don't download from other places than the play store and I of course update chrome, so how big a deal is this?
Should I replace it with something that has more support?
thx in advance.
Edit: Sorry maybe I have asked this question in the wrong place.
Click to expand...
Click to collapse
Considering the majority of phones are using some version of Jelly Bean, most likely there won't be any significant issues with keeping it for another year or so. As long as you are on at least ICS, and it does everything you need it to then that's the most important thing. As far as security, sounds like you have the right idea. Just paying attention to what you put on the phone is the most important security thing.

Question how do i stop the pixel asking me to get a google account?

got the pixel 6 today, rooted with magisk and im just starting to play with it..
but it keeps asking my to finish setup and get a google account. i dont want a google account or need one
( yep im going to install everything manually or from aroura store)
how do i get the pixel to stop asking me? ( so far i can only have ask again tommorow)
nutpants said:
got the pixel 6 today, rooted with magisk and im just starting to play with it..
but it keeps asking my to finish setup and get a google account. i dont want a google account or need one
( yep im going to install everything manually or from aroura store)
how do i get the pixel to stop asking me? ( so far i can only have ask again tommorow)
Click to expand...
Click to collapse
Why not install a different rom? I think some don't even use gapps or can sandbox them.
edit: Here's a new thread maybe that could be a good starting point.
[CLOSED] I'm done with XDA
MOD EDIT: Since the OP has deleted the original contents of the post, thread closed.
forum.xda-developers.com
i plan to test the factory rom for a few weeks so i have a baseline to compare to other roms
nutpants said:
i plan to test the factory rom for a few weeks so i have a baseline to compare to other roms
Click to expand...
Click to collapse
Then compare it as designed. Log in. Otherwise you're not doing the factory rom justice.
if by justice you mean features that require internet and my personal information and habits, those are features that i dont need or will ever use.
if you are talking general speed and battery usage and functioning with the apps i use the most, then logging into google on my phone is not needed.
the phone might have the power to calculate the need parameters to build a space ship and put a man on mars, but using that power to smooth out my crows feet, socialize online looking for 5000 likes and 2 millions followers , is not a improvement in tech use.
nutpants said:
if by justice you mean features that require internet and my personal information and habits, those are features that i dont need or will ever use.
if you are talking general speed and battery usage and functioning with the apps i use the most, then logging into google on my phone is not needed.
the phone might have the power to calculate the need parameters to build a space ship and put a man on mars, but using that power to smooth out my crows feet, socialize online looking for 5000 likes and 2 millions followers , is not a improvement in tech use.
Click to expand...
Click to collapse
If you know what you're doing you can log in with a Google account and not give out all the information you mentioned. There are a lot of privacy concerns these days all you need to do is some research. I'm sure you can figure something out that will accomplish your goals. Good luck.
Try freezing Google systems and Play services.
There are different apps that can do this, but you will need root.
nutpants said:
if by justice you mean features that require internet and my personal information and habits, those are features that i dont need or will ever use.
Click to expand...
Click to collapse
I think he means not cutting off your nose to spite your face. Google credentials are needed for Play Store, like for keeping Carrier Services and whatnot updated. It's possible to push back against data harvesters while using stock Android, especially with root access. But it sounds like you'd rather take your concerns to the next level with something like CalyxOS and a Play Store alternative.
the only thing i dont want is to log into anything to use what i paid for.
the device is not crippled, its rooted and i have already installed 150 apps and disabled everything google i can disable.
i dont want the google experience, i want to experience the device i bought.,
nutpants said:
the only thing i dont want is to log into anything to use what i paid for.
the device is not crippled, its rooted and i have already installed 150 apps and disabled everything google i can disable.
i dont want the google experience, i want to experience the device i bought.,
Click to expand...
Click to collapse
So, you don't want the Google experience yet you bought a Google-branded phone? Just a bit of an oxymoron there. Seriously, while I could ask why you bought a Google phone if you don't intend to use Google services, it would be a pointless waste of time and energy.
Install a custom ROM that doesn't use Google services and don't look back. Just don't complain when you can't take advantage of a Google-exclusive feature as a result.
Strephon Alkhalikoi said:
So, you don't want the Google experience yet you bought a Google-branded phone? Just a bit of an oxymoron there. Seriously, while I could ask why you bought a Google phone if you don't intend to use Google services, it would be a pointless waste of time and energy.
Install a custom ROM that doesn't use Google services and don't look back. Just don't complain when you can't take advantage of a Google-exclusive feature as a result.
Click to expand...
Click to collapse
so you did not bother to read a damn word i wrote but felt that you just had to tell me how stupid i am to not give a **** about the google experience..
how many times do people tell you to **** off?
i am just wondering.
nutpants said:
if by justice you mean features that require internet and my personal information and habits, those are features that i dont need or will ever use.
if you are talking general speed and battery usage and functioning with the apps i use the most, then logging into google on my phone is not needed.
the phone might have the power to calculate the need parameters to build a space ship and put a man on mars, but using that power to smooth out my crows feet, socialize online looking for 5000 likes and 2 millions followers , is not a improvement in tech use.
Click to expand...
Click to collapse
I truly do not understand people like you.
> Buys flagship phone from company with newest OS tuned to run as best as the company can to represent itself and its product.
> Tries to not have an email address because tracking
You do realize that as a society we are all walking around with computers thousands of time faster than we had sitting on our desks 20 years ago. That have dozens of sensors, connected to wireless networks, that can cover nearly every inch of the surface of the planet. What you're worried about is what we (the collective nerds/geeks/privacy advocates) were screaming at the top of our lungs back in the 90s...before it was too late.
It's too late son, That ship sailed, sank, was resurfaced, and put into a museum so younger generations could see what it was like in the way back when before times.
Good luck with your quest to use factory google pixel phone and rom without a Gmail account. That's surly the only way they are tracking you.
nutpants said:
so you did not bother to read a damn word i wrote but felt that you just had to tell me how stupid i am to not give a **** about the google experience..
how many times do people tell you to **** off?
i am just wondering.
Click to expand...
Click to collapse
Everyone read what you wrote don't be a martyr. The fact remains you didn't get an answer yet you continue to berate members here trying to guide you in a direction that is concurrent with reality. You seem to be delusional and contrary, simply looking for an argument and to make your voice heard over reasonable discussion. It's not working. We tried to help but you will have none of it. So perhaps it's time to find another place where your diatribe will matter. As I said before, good luck.
bobby janow said:
Everyone read what you wrote don't be a martyr. The fact remains you didn't get an answer yet you continue to berate members here trying to guide you in a direction that is concurrent with reality. You seem to be delusional and contrary, simply looking for an argument and to make your voice heard over reasonable discussion. It's not working. We tried to help but you will have none of it. So perhaps it's time to find another place where your diatribe will matter. As I said before, good luck.
Click to expand...
Click to collapse
no having people post just to insult my choices is not something i ignore. that jack ass was the first person to insult me, and i dont roll over and accept insults.
i have zero problem with getting no answer, but a huge problem with jackasses that post only to insult me.
no one should ever feel they need to put up with **** like that
erktheerk said:
I truly do not understand people like you.
> Buys flagship phone from company with newest OS tuned to run as best as the company can to represent itself and its product.
> Tries to not have an email address because tracking
You do realize that as a society we are all walking around with computers thousands of time faster than we had sitting on our desks 20 years ago. That have dozens of sensors, connected to wireless networks, that can cover nearly every inch of the surface of the planet. What you're worried about is what we (the collective nerds/geeks/privacy advocates) were screaming at the top of our lungs back in the 90s...before it was too late.
It's too late son, That ship sailed, sank, was resurfaced, and put into a museum so younger generations could see what it was like in the way back when before times.
Good luck with your quest to use factory google pixel phone and rom without a Gmail account. That's surly the only way they are tracking you.
Click to expand...
Click to collapse
let me guess you have nothing better to do but try ****ting on people. maybe you should go to reddit and not be someplace people try to learn about their device and what you can customize.
nutpants said:
no having people post just to insult my choices is not something i ignore. that jack ass was the first person to insult me, and i dont roll over and accept insults.
i have zero problem with getting no answer, but a huge problem with jackasses that post only to insult me.
no one should ever feel they need to put up with **** like that
Click to expand...
Click to collapse
Then perhaps it's time to move on don't you think? This thread is really not productive.
bobby janow said:
Then perhaps it's time to move on don't you think? This thread is really not productive.
Click to expand...
Click to collapse
its not productive because of **** nuts that want to piss on other peoples choices.
im not going anywhere. the the useless ****s can move on while i wait for someone with the desire and skill to customize the pixel 6 who might have an answer
nutpants said:
got the pixel 6 today, rooted with magisk and im just starting to play with it..
but it keeps asking my to finish setup and get a google account. i dont want a google account or need one
( yep im going to install everything manually or from aroura store)
how do i get the pixel to stop asking me? ( so far i can only have ask again tommorow)
Click to expand...
Click to collapse
Try this: Settings>Apps>See All Apps>3 dot menu "Show System">Android Setup>Disable that app
Lughnasadh said:
Try this: Settings>Apps>See All Apps>3 dot menu "Show System">Android Setup>Disable that app
Click to expand...
Click to collapse
thank you
that is one i missed while disabling many others.
bobby janow said:
Then perhaps it's time to move on don't you think? This thread is really not productive.
Click to expand...
Click to collapse
It wasn't productive from the first post. It simply is an excuse for him to rant and rave about how Google is a data whore and all that. I can understand that, as I once was like him. Perhaps I am in the wrong here for being so blasé over Google's data collection, but I stopped worrying years ago about it. I figured the benefits outweighed the liabilities.
It's rather entitled to expect to have all the benefits of a smartphone while having none of the liabilities. I think if I were truly that worried about data collection to rant about it in a public forum I wouldn't be using a phone at all. After all, every phone made today, from the most expensive smartphone to the cheapest dumbphone, has sensors in it that can track you, even when the phone is off.
To the OP, TANSTAAFL.

Question I have been totally hacked for 9 months

We have been through five phones -Samsung Galaxy, then Motorola, two internet providers two cell phone providers, made so many calls I have lost count. He uses Chromebook and a Motorola Droid phone. He has even hacked my old home phone, tv, you name it, he has tried to own it . Oh, I forgot-my home security and ring doorbells also. I can change an app permission and I can see him go right in and change it back. I am sure he lives close in the neighborhood How do I get rid of this horrible person?
He grays out permissions, default apps, etc., Which keeps me from being able to delete an app, or change someone being able to access in the background. He has confiscated our emails (Gmail), prevents us from sending or receiving ones he doesn't like. He uses email for email on the web, advertising, chat, and many other things. He listens to phone calls steals all photos, maps addresses to companies or people in contacts, uses maps for ?? Xxx an anyone help me, or at least tell me how to reverse graying out on apps? This has become unbearable! Thank you!
How do you know it's a he?
It's always the girl next door.
Lol! I cannot prove it, but the big gamers nextdoor moved in when this started happening. Their best friend is an experienced IT guy who only appears when I have gone in and changed things. In those days, new changes happen, such as Ring doorbells hacker, etc. Not blaming, but coincidence?
blackhawk said:
How do you know it's a he?
It's always the girl next door.
Click to expand...
Click to collapse
Sorry. See reply in post.
Bro, I'm so sorry. My husband has been going through this VERY thing for the past year. They don't mess with mine. I just wanted to let you know even though I don't have any resolve for you, I hear you and know that it's not phony and we totally feel for you. Seriously, maybe you and my hubby can talk. I'm so sorry that you're going through it. Feel free to message me.
This sounds like a great fan fiction and will bookmark this to see how the story develops. Thank you for putting this in Moto G Power section right where it belongs!
Sounds like you might need to invest in a router with better security features.
Moosetears said:
This sounds like a great fan fiction and will bookmark this to see how the story develops. Thank you for putting this in Moto G Power section right where it belongs!
Sounds like you might need to invest in a router with better security features.
Click to expand...
Click to collapse
Definitely not fiction. It is a nightmare and could REALLY use some advice!
gunnshot81488 said:
Bro, I'm so sorry. My husband has been going through this VERY thing for the past year. They don't mess with mine. I just wanted to let you know even though I don't have any resolve for you, I hear you and know that it's not phony and we totally feel for you. Seriously, maybe you and my hubby can talk. I'm so sorry that you're going through it. Feel free to message me.
Click to expand...
Click to collapse
It has been a nightmare! They started with mine, and have now invaded my husband's phone also.
Scammed said:
It has been a nightmare! They started with mine, and have now invaded my husband's phone also.
Click to expand...
Click to collapse
Why are you posting on XDA? If you are this convinced that someone has unauthorized access to your devices, you need to be talking to law enforcement. The best advice we can offer you is to change all your passwords immediately, enable 2 factor authentication, and if possible seek a restraining order. XDA is a smart device hacking and development community, not a private investigation service.
V0latyle said:
Why are you posting on XDA? If you are this convinced that someone has unauthorized access to your devices, you need to be talking to law enforcement. The best advice we can offer you is to change all your passwords immediately, enable 2 factor authentication, and if possible seek a restraining order. XDA is a smart device hacking and development community, not a private investigation service.
Click to expand...
Click to collapse
I didn't think you were a p.i. firm. Obviously, I am not tech savvy. A little kindness please? I simply want to know how to ungray grayed out app permissions. I have searched on my own and cannot find the answer. I have reported it to local police, state police, Motorola, Samsung, Verizon, Xfinity, metronet, on and on and on. No help from anyone. I don't have $2,500.00 to just put down a retainer for a p.i. I knew someone on this forum would know the answer I am searching for and might kindly tell me. Thank you.
Scammed said:
I didn't think you were a p.i. firm. Obviously, I am not tech savvy. A little kindness please? I simply want to know how to ungray grayed out app permissions. I have searched on my own and cannot find the answer. I have reported it to local police, state police, Motorola, Samsung, Verizon, Xfinity, metronet, on and on and on. No help from anyone. I don't have $2,500.00 to just put down a retainer for a p.i. I knew someone on this forum would know the answer I am searching for and might kindly tell me. Thank you.
Click to expand...
Click to collapse
Well, it can be hard to distinguish the difference between reasonable concern over privacy violations vs unwarranted paranoia, and you aren't the only one who's come to XDA with this type of story. Most of your assumptions are likely mistaken and can be simply explained by the nature of Android itself.
Remote intrusion of mobile devices is actually pretty rare. The most common ways bad actors get ahold of sensitive user information are: phishing, user-approved permissions on questionable apps such as TikTok, and "connected" social media accounts, where users allow websites and apps access to their social media profiles, or use their social media as a login.
Regardless, to the technical point of the matter, grayed out app permissions are not the result of hacking or surreptitious malfeasance, but rather the nature of the "rules" inherent to Android - you can't remove system apps or disable system-controlled permissions without root.
If you still think you have reasons for concern, this is my only suggestion:
Change your phone number
Immediately change all relevant passwords - minimum 10 characters, a mix of upper case, lower case, numbers, and special characters, do not reuse them
Enable 2 factor authentication on all accounts, ensuring your 2nd factor is something that you and only you have access to
Once done, sign out all devices signed into those accounts
Perform a factory reset on your device; even better, reflash factory firmware. Keep bootloader locked.
Do not use questionable apps

Categories

Resources