Hi guys,
I attached a screenshot of a permission request that popped up when I was first setting this thing up. I believe it only appeared after I got an account with a carrier and had a SIM card inserted (I signed up with Cricket). Some kind of app called "Cell information" was requesting permissions for things. In addition to the attached screenshot, there were 2 other separate requests from the same source, asking for permission to manage phone calls and I forgot the third one -- maybe contacts?
I'm just curious what this means and what this "Cell information" thing is and why it needs those permissions and what would happen if I denied the request. I ended up accepting all 3. I'm assuming it's harmless but I'm curious... and can't find anything online about this.
I think you should ask Cricket customer support, looks like custom carrier stuff.
Related
I am getting killed with spam calls today from a 956 area code, all Mexican.
I add them to my reject list, I am them to an Unwanted contact as well... but they keep coming as different numbers.
Anyone else have some suggestions? I do not have any crap apps... not sure what's causing this.
Call T-Mo, they should be able to block the calls for you
T-Mobile does not block individual numbers. Your options to avoid any calls are family allowances, which you will need to block the individual numbers for, or changing your number.
So far I've added 8 numbers to my reject list. Jesus.
anyone know of an app that will prevent your phone from ringing, IF there is a call from a certain area code?
If not, someone willing to make it? You would make bank.
Lol that's crazy, good luck.
Sent from my SGH-T959 using XDA App
As some predicted, T-Mobile could not do anything, but they did give me more minutes (not needed, but nice gesture).
I think I am going to try and make my first app.... anyone know if it's even possible to have the phone just block an area code before I spend so much time trying to make an app (my first one, o Jesus).
I just checked the market for "Call Block", and there seem to be several apps for it already. At least one (for $2) includes the ability to filter the calls based on area code (example shows block toll free numbers as 800-NNN-NNNN). So yes, it appears to be possible.
s15274n said:
anyone know of an app that will prevent your phone from ringing, IF there is a call from a certain area code?
If not, someone willing to make it? You would make bank.
Click to expand...
Click to collapse
GBlocker will do it. It's a pay app & I don't remember what it cost originally, but I love it.
I use it to block all numbers not in my contact list (if they're important, they'll leave a message & I'll add them to my contact list)
EDIT: I just looked on Appbrain & they apparently have a trial version. I dunno if anythings removed, but might be worth your time to give it a look
Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?
The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.
chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.
Any updates on this? I'm curious as to how to guard against ufed.
I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass
If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.
If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2
I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later
A lot of people always question why I don't have any security measures in place after swiping my screen. I personally just don't see the benefit of typing in a password every single time I unlock, versus the risk of actually losing my phone.
I also feel that if the worst did happen, I could change my Gmail and Facebook passwords and that would basically cover all bases. In fact, all I'd have to do is revoke two-step authorization for Gmail and that would basically do it too. I don't have any financial information stored to the phone if I think about it (with exception of maybe Fandango).
One time, I found an non-password protected iPhone in a cab. There was no password lock on the phone, and we were able to return the phone to the owner by finding the last person he called. He happened to be with the person who picked up.
How do most people here feel about it?
It's really up to you. If you're comfortable with no password, just have a plan in case you lose it. Which, it sounds like you do. Also think about backing up things like pictures from time to time.
I use the face recognition feature. Works pretty well once you train it. And I have my name on the swipe screen before that, so maybe I'll get it back if someone I know finds it.
And, while I haven't tried it on this phone yet, Seekdroid is another option. Lets you remotely lock and wipe the phone from any web browser.
Sent from my SCH-I535 using Tapatalk
dunderball said:
A lot of people always question why I don't have any security measures in place after swiping my screen. I personally just don't see the benefit of typing in a password every single time I unlock, versus the risk of actually losing my phone.
I also feel that if the worst did happen, I could change my Gmail and Facebook passwords and that would basically cover all bases. In fact, all I'd have to do is revoke two-step authorization for Gmail and that would basically do it too. I don't have any financial information stored to the phone if I think about it (with exception of maybe Fandango).
One time, I found an non-password protected iPhone in a cab. There was no password lock on the phone, and we were able to return the phone to the owner by finding the last person he called. He happened to be with the person who picked up.
How do most people here feel about it?
Click to expand...
Click to collapse
I prefer at-least a simple password. Also, under Security -> Owner information - I have a message for any potential finders of my phone: "If this phone is lost please email ma at [email protected]". That message scrolls across the screen even when locked.
Hi all,
Today my Nexus 6 (shamu) on T-Mo running the factory Project Fi image (rooted LVY48C, 5.1.1) auto downloaded and installed "T-Mobile My Account" app. I promptly took a screenshot of it having been installed and then uninstalled it. I have since spoken to T-Mobile, Motorola, and Google tech support looking for answers, like, who initiated this install? How did it install without my consent? etc. But nobody can answer these questions. T-Mobile claimed they have no possible process for auto-installing this specific package (it's not an OTA package). Motorola pointed me back at T-Mobile. Google, oddly, has so far claimed they "cant answer that for you unfortunately".
This is unacceptable -- that an app (with so many access permissions ie phone ID, contacts, GPS, SMS, phone logs, microphone, etc) can be installed without my consent.
What I would like help with is finding my own answers to these questions. As [email protected] via an ADB shell, running logcat, it appears that history only goes back about 2 hours. I did not run logcat until several hours later. It appears that Android does not have capable logging mechanisms. I also was not able to find any references to "t-mobile" or "tmobile" in a Root Explorer search.
Can you please help me investigate? Where should I look?
Cheers!
Yesterday I downloaded an apk from this thread https://forum.xda-developers.com/showthread.php?t=714116, I thought it should be relatively safe as it was from 2010 and no one said anything in that thread regarding it, but as soon as I installed it I received a confirmation code from Google for authentication on another phone as this wasn't my main phone.
The apk I downloaded was the one posted by "kokenjr" on 18th October 2010, the 5th reply on that page, for "extracting the full shazam database of tags".
Could anyone investigate that apk and see what is actually inside it? I didn't know it was possible for it to get the password for the account on the phone, but it seems it instantly got it and sent it somewhere and a login was immediately attempted. And a lot of people downloaded that apk. I tried scanning the file online for viruses but it returned nothing so I think it may be something undetected.
Also what was strange is that I received a Duo voice call about half an hour later from "[email protected]" which I'm fairly confident is related to this as I never received duo calls from unknown sources.
Another question I would have is, should a factory reset of the phone clear it out or could it still be there? Also, if someone investigates it, I'm interested in what it was able to do and if I should be worried about it getting in the google cloud stuff.
I'm not really sure how severe this virus is, but as it's still there on the page and someone is listening and trying to hack accounts with it and maybe many others, someone should look into it
Thank you very much
p.s. I used this account to post as I created it a long while ago to download something from here.
@Thisthename
I looked inside the APK
The app in question is just a SQLite database viewer: the database it works on is stored as
/data/data/com.shazam.android/databases/library.db - I think
jwoegerbauer said:
@Thisthename
I looked inside the APK
The app in question is just a SQLite database viewer: the database it works on is stored as
/data/data/com.shazam.android/databases/library.db - I think
Click to expand...
Click to collapse
@jwoegerbauer I really don't expect the cause to be anything else, as I mentioned above, the minute I saved the app on the phone and installed it, that is when I received the Google verification code and I didn't do anything regarding my google account or something like that, only browsing some websites to see how to extract the shazam tags, nothing shady and nothing else that I think could have an impact on this. And the coincidence is just insane.
Also, technically, even if it was something a factory reset should have most likely solved it right?