Android 7.1 Restricted Accounts - Android Q&A, Help & Troubleshooting

I am looking to move to an android phone and I need one that has the ability to have restricted accounts, similar to what was introduced on tablets with 4.2 or what iphones have, where you have a password protected way of enabling or disabling different applications. I have seen a program called applock on Android that attempted this, but it had a severe flaw that made it easy to bypass. Is anyone aware of a custom rom that enables this, or perhaps a modification to build.prop that would enable it?

webbwbb said:
I am looking to move to an android phone and I need one that has the ability to have restricted accounts, similar to what was introduced on tablets with 4.2 or what iphones have, where you have a password protected way of enabling or disabling different applications. I have seen a program called applock on Android that attempted this, but it had a severe flaw that made it easy to bypass. Is anyone aware of a custom rom that enables this, or perhaps a modification to build.prop that would enable it?
Click to expand...
Click to collapse
Try MIUI ROM.

randomx1 said:
Try MIUI ROM.
Click to expand...
Click to collapse
Does it allow you to disable things like the play store and system browser? I am trying to get a good, child proofed phone.

Related

google apps: what do they send, which ones are safe ?

Hi,
after reading THIS (How is Google uploading my WLAN passwords to their servers ?)
i wondered what google apps are safe.
Fortunately some Roms allow to install the GAPPS seperately, so i wanted to know how to block the unsafe ones, which are sending (what) data to google.
Id like to upgrade to an ICS based ROM, but wanted to make sure i understand before i do so .
Thank you in advance for helping me out.
Well, just using android is potentially dangerous. Google has total control over your system as long as you are connected to the internet. They can remotely install apps, remove apps lock your phone and MORE.
So why so paranoid, just get over it or buy another OS phone....which in fact does the same. It's the world we live in - it's unavoidable.
retsam88 said:
Well, just using android is potentially dangerous. Google has total control over your system as long as you are connected to the internet. They can remotely install apps, remove apps lock your phone and MORE.
So why so paranoid, just get over it or buy another OS phone....which in fact does the same. It's the world we live in - it's unavoidable.
Click to expand...
Click to collapse
That's not entirely true!
To kick out Google, you don't need to switch OS. Google is just a major player of OHA. It doesn't simply own Android.
You can always remove all Google's apps from system (if you are rooted). Remove even Play Store and use alternative Market apps. Or, don't use a Market app at all (install apps manually).
As an example, you can see Android-powered Kindle Fire. There's no dominance of Google over it.
---------- Post added at 05:17 AM ---------- Previous post was at 05:06 AM ----------
derolleheinz said:
Hi,
after reading THIS (How is Google uploading my WLAN passwords to their servers ?)
i wondered what google apps are safe.
Fortunately some Roms allow to install the GAPPS seperately, so i wanted to know how to block the unsafe ones, which are sending (what) data to google.
Id like to upgrade to an ICS based ROM, but wanted to make sure i understand before i do so .
Thank you in advance for helping me out.
Click to expand...
Click to collapse
The best practice: Encrypt your Internet Traffic.
There are many ways to do this. Use L2TP VPN (with encryption support) if you aren't rooted. If you're rooted, use OpenVPN.
I use SSH Tunnel app with socks proxy option checked (for dynamic port forwarding). With this, my internet traffic flows through a powerful encrypted tunnel. This method is easiest one because there's no need to configure anything on server. You just need a server with root access (or, full SSH access) running somewhere on internet.
All true, but theres something you don't know. Google has killswitch. How to disable it is beyond my imagination.
retsam88 said:
So why so paranoid, just get over it or buy another OS phone....which in fact does the same. It's the world we live in - it's unavoidable.
Click to expand...
Click to collapse
I don't think it unavoidable at all. I think it is pretty easy.
Just put Cyanogenmod on your phone. Don't install Gapps. And get all your apps from 3rd party markets like f-droid.org
You may try "LBE Privacy Guard" application that is available on Google Play.
It allows to control permissions of all installed applications including system and Google ones.
Root is required though it is always required if you want to control something on your phone.
P.S. I am using it since I rooted my phone and initially I rooted my phone just to install this app :victory:
retsam88 said:
Well, just using android is potentially dangerous. Google has total control over your system as long as you are connected to the internet. They can remotely install apps, remove apps lock your phone and MORE.
So why so paranoid, just get over it or buy another OS phone....which in fact does the same. It's the world we live in - it's unavoidable.
Click to expand...
Click to collapse
To be fair ios and wp7 can also remotely delete apps etcetera too.
Dave
( http://www.google.com/producer/editions/CAownKXmAQ/bigfatuniverse )
Sent from my LG P920 using Tapatalk 2

[Q] IOS like restrictions for android (restricted profiles suck)

Is there an app available which provides similar features to ios restrictions, such as being able to prevent changes to accounts and contacts, meaning for apps such as hangouts or messenger i can prevent my brother from only contacting existing contacts and prevent him from adding random people (hes autistic...) Im currently using Norton parental controls and this allows me to block certain websites and send me usage reports, however i would like for him to be able to actually contact his family on the tablet, however being able to add people is a big no-no as he can become abusive to people. I managed this perfectly fine on his Ipod as within Ios restrictions you can simply turn on the option to prevent changes to accounts...
I'am quite an advanced android user and i cant seem to find a way to do this... i also cant believe people are praising the restricted profiles in android 4.4.2... i think it is awful only allowing you to block apps... there are numerous apps available to do this anyway.
Another issue i have is with the play store not asking for a password for apps even though this option is selected in 4.4.2. I know this is a reported issue as i have found a forum on the issue however no one had a solution.
Any help would be appreciated

Custom ROM survey

Hi everyone,
We are conducting a survey on the current usage of custom ROMs and user interests and I'd like as many users as possible to answer the very few questions: https://bit.ly/2gM1Ntv (survey is closed now)
Why all this?
We believe that the current custom ROM world and choice is not very nice. We basically have a single large player and a few smaller ones providing official builds and then there are many "homemade" ROMs of doubtful trust. Newbies that care about privacy and free software are scared of homemade ROMs, don't like CM and usually have a device not officially supported by the smaller ROMs. We are thus discussing if we should start a whole new ROM (maybe robbing some hardware code from CM) or contribute to an existing one. Our focus is on security and privacy and some of our ideas might be hard to achieve inside the currently existing ROMs.
We don't want to re-invent the wheel if it's not necessary, a ROM that nobody wants to use is just a waste of time.
To know if our ideas of a custom ROM are supported by the community, we need to know what you think about custom ROMs and our ideas on it.
If you want to discuss this further or want to give your opinion on this publicly, fill this thread up with whatever you want. We don't bite.
Thank you for your time,
Marvin
Personally I would like a ROM based on CyanogenMod (since I like 90% of the ROM) with:
- microG included
- Integrated XPrivacy (but rewritten inside the ROM without Xposed)
- Ability to hide root to specific apps on-the-fly without restart (with the code included inside the ROM impossible to detect)
- Ability to simulate other phones to specific apps on-the-fly without restart
- ARMv7 to ARMv6 software emulation for apps that support only ARMv7 on ARMv6 phones (probably slow but better than anything, ARMv7 to x86 emulation already exist)
ale5000 said:
Personally I would like a ROM based on CyanogenMod (since I like 90% of the ROM) with:
Click to expand...
Click to collapse
Problem with CM base is that it is partly proprietary (contains some google libraries). Read about freecyngn for details.
ale5000 said:
microG included
Click to expand...
Click to collapse
Plan is a sort of "setup wizard" that allows to install microG and of course the required patches as part of the ROM.
ale5000 said:
Integrated XPrivacy (but rewritten inside the ROM without Xposed)
Click to expand...
Click to collapse
Three-state deny/spoof/allow is already on our wishlist as well as extending the permission model to be more fine-grained.
ale5000 said:
Ability to hide root to specific apps on-the-fly without restart (with the code included inside the ROM impossible to detect)
Click to expand...
Click to collapse
The idea is to have a root system that works the opposite to what some su hiding tools do: the su binary is only available to certain apps the user preselected. This will also hide it to apps that should not see it. This way we can't have a nice "grant root permissions" dialog, but these are insecure nonetheless.
ale5000 said:
Ability to simulate other phones to specific apps on-the-fly without restart
Click to expand...
Click to collapse
What exactly do you want to simulate. The device name as returned by Build.MODEL? Note that it is technically impossible to simulate a whole other device in a way that can't be recognized
ale5000 said:
ARMv7 to ARMv6 software emulation for apps that support only ARMv7 on ARMv6 phones (probably slow but better than anything, ARMv7 to x86 emulation already exist)
Click to expand...
Click to collapse
Which device is still ARMv6 nowadays? joke aside, the x86 emulation was developed by Intel (so that their processor can compete on the smartphone market), a similar software is very unlikely to be written for armv6. It might be possible to use user-mode qemu to run armv7 libraries on armv6, but this will be terribly slow and for most apps the reason to use native code is that it should be faster than Java code, which will not be the case with such an emulation approach...
MaR-V-iN said:
The idea is to have a root system that works the opposite to what some su hiding tools do: the su binary is only available to certain apps the user preselected. This will also hide it to apps that should not see it. This way we can't have a nice "grant root permissions" dialog, but these are insecure nonetheless..
Click to expand...
Click to collapse
Although it is more secure it will kill user-friendliness and it will probably cause compatibility problems with old apps.
I sometime use also apps no longer updated and it wouldn't be nice to not be able to use them.
I think it would be better to support both modes and allow user to choose.
MaR-V-iN said:
What exactly do you want to simulate. The device name as returned by Build.MODEL? Note that it is technically impossible to simulate a whole other device in a way that can't be recognized
Click to expand...
Click to collapse
My intent is just to run apps that do run only on specific phones without change the app itself, I don't think they use a type of detection hard to bypass but I don't really know.
MaR-V-iN said:
Which device is still ARMv6 nowadays? joke aside, the x86 emulation was developed by Intel (so that their processor can compete on the smartphone market), a similar software is very unlikely to be written for armv6. It might be possible to use user-mode qemu to run armv7 libraries on armv6, but this will be terribly slow and for most apps the reason to use native code is that it should be faster than Java code, which will not be the case with such an emulation approach...
Click to expand...
Click to collapse
I know that it will be really slow but it still would be better than an app that crash at startup.
PS: Also it would be nice to have compatibility with cSploit.
ale5000 said:
Although it is more secure it will kill user-friendliness and it will probably cause compatibility problems with old apps.
I sometime use also apps no longer updated and it wouldn't be nice to not be able to use them.
I think it would be better to support both modes and allow user to choose.
Click to expand...
Click to collapse
For apps this will look as if you don't have root if you did not grant permission in advance through the system settings. The applications should not break because of this (but maybe just show you a message). Yes, it will be less user-friendly, but opening a critical hole in the security system should be nothing that is user-friendly. You usually do not have a lot of apps that require root access and to activate those manually in the system settings is not a huge problem. We would like to add features to the ROM like app data backup so that you need even less.
Well, for a normal user yes, but a normal user do not usually install a custom ROM.
I personally use a lot of apps that require root access.
Although it is probably not so easy I think it is possible to implement a dialog with tapjacking protection that ask if allow or deny root access.
ale5000 said:
Well, for a normal user yes, but a normal user do not usually install a custom ROM.
I personally use a lot of apps that require root access.
Although it is probably not so easy I think it is possible to implement a dialog with tapjacking protection that ask if allow or deny root access.
Click to expand...
Click to collapse
Even with all tapjacking techniques that are possible in Android (which would include a certain delay for the root usage confirmation to be tap-able), you can still use invoke keystrokes. This would allow a privilege escalation. When talking about security, don't argue with "I know what I do", it's not about you knowing what you do, it's about attackers knowing it as well.
The only effective way to protect against any type of tapjacking/input injection is to put everything completely aside (e.g. in the settings app) and protect it by requiring the user to enter his/her lockscreen key (or use fingerprint) before being able to change anything. While the ask about permission approach might be good enough for classic permissions (contacts/calender), it is not a good idea for something like root access, because it requires extreme caution.
Can you list the apps that require root which you are using? This would help a lot in finding out how important the root feature really is.

Secure personal and work spaces.

Hi,
I'm looking to get a secured space where I can launch some android apps with my personal data.
That a way I can separate personal data of work data.
I know samsung provide "knox" which is the best solution, but it's not working in others brand device.
Earlier, I had on my Nexus tab, the possibility to use an owner account and to swype to an "guess" account which can also a solution,
but it seems to not be available on recent release of android.
So anyone can give me some solution availabe ?
Cheers?
donete said:
Hi,
I'm looking to get a secured space where I can launch some android apps with my personal data.
That a way I can separate personal data of work data.
I know samsung provide "knox" which is the best solution, but it's not working in others brand device.
Earlier, I had on my Nexus tab, the possibility to use an owner account and to swype to an "guess" account which can also a solution,
but it seems to not be available on recent release of android.
So anyone can give me some solution availabe ?
Cheers?
Click to expand...
Click to collapse
Which version of Android are you using? I have android n stock and there is the user option if you go to the settings app, there you can find the guest option and other options as well.
Well, I didn't find it on android 6 on my Xperia M4 Aqua.
On my Samsung S6, there're android 7, after many research I dind't find it. This phone is a very good device with knox but after a falling ugrade
the knox count rise to 1, so knox saw that as a security issue and it can't still running on.
So are are you sure it's always remains on android 6 and 7 ?

General about GrapheneOS

Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
I too would be interested to hear about anyones experience regarding this OS
johndoe118 said:
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
Click to expand...
Click to collapse
I'm interested in this ROM too. I have a Pixel 3a. I haven't flashed it yet because I'm trying to find out what people's experiences are first. There doesn't seem to be a lot of posts about it. Did you ever flash it? Also, what do you mean by "hardcoded Google domains"?
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi. That was one reason why I lost interest in the ROM. The other was the limited device support and missing root access. I absolutely need access to the iptables. As a one-man show, the ROM can be adjusted at any time.
johndoe118 said:
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi.
Click to expand...
Click to collapse
Do you have some kind of reference for that? I'm using it now and would really like some proof to bring up in their subreddit as a WTF.
graphene seems great, no root does not
I don't want the bootloader locked.
I want Magisk extensions
I need root for LP _only_ to remove ads. Is there something like LP that allows (interactively) disabling app activities?
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network.
HTTPS: https://www.google.com/generate_204
HTTP: http://connectivitycheck.gstatic.com/generate_204
HTTP fallback: http://www.google.com/gen_204
HTTP other fallback: http://play.googleapis.com/generate_204
Click to expand...
Click to collapse
nay_ said:
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
Click to expand...
Click to collapse
Thanks, right from there
I have Graphene OS taimen-factory-2020.07.06.20.zip on my Pixel 2 XL.Under "System update settings" is "Check for updates" but nothing happens if I tap.Only the field becomes darker.Has someone experience with this?
Update with adb sideloading to 2020.08.03.22 works.
OTA update from 2020.08.03.22 to 2020.08.07.01 likewise.
I'm personally not a fan of these kinds of projects, they aren't really all that 'secure', you're still using proprietary vendor blobs and such
help please
Hello! In the description
I pointed out that you can change servers just not through the GUI.
Has anyone tried this?
```
Providing a toggle in the Settings app for using connectivitycheck.grapheneos.org as an alternative is planned. The option to blend into the crowd with the standard URLs is important and must remain supported for people who need to be able to blend in rather than getting the nice feeling that comes from using GrapheneOS servers. It's possible to use connectivitycheck.grapheneos.org already, but not via the GUI.
```
captive portal leak + location services data leak
Few points:
1. General idea is that privacy/security oriented OS (as graphene is advertised) should limit network activity as much as possible, and not ping google using captive portal service every few seconds providing perfect IP-based location to google
It is possible to switch it off, but should be off by default
2. Connections of android location services to get GPS constellations were shown before to send sim card imsi and connected cellular tower id to provider (qualcom/google):
"blog.wirelessmoves.com/2014/08/supl-reveals-my-identity-and-location-to-google.html"
Graphene still allows those connections (check their FAQ on website)
W/O root no way to switch this off. Even some devices ignore config files and still leak data (on the level of cellular modem most probably)
3. Android services make other weird connections. Example: AOSP dialler app is querying phone numbers against online database leaking all contacts to google. How was this taken care of in graphene? Are all AOSP services/apps security-verified to not leak any data?
w/o root no way to install afwall to block everything
Is graphene built-in firewall capable of blocking system services from network access?

Categories

Resources