Dear all,
I'm searching for some help regarding system certificates on Android.
First of all, a little bit of context : I'm in charge of the migration of mobile devices from one Airwatch server to another. All devices are managed by MDM (Airwatch MDM Agent) that allows deployment of configuration profiles and apps. One of those profiles is called "CertAuth" and pushes some certificates that are needed to access internal ressources.
A few months ago, we have discoverd that one of the system certificates (Thawte Primary Root G3) was missing on some devices, mainly old versions of Android.
So we decided to push this certificate through the "CertAuth" profile.
Now the problem whith that method is that once the devices are unenrolled from the first server, profile "CertAuth", all corporate content and apps are removed (normal behavior). As Thawte Primary Root G3 certificate is part of the system certificates, it cannot be removed. So it is simply disabled.
This certificate is needed to access the target server, so once devices try to enroll, they receive some error message "cannot connect to host". Connection is simply refused due to the disabled Thawte G3.
Of course it can be manually enabled, but as you all may know, basic users are not always able to find the correct option in the device settings...
So (finally) my question is : is there any way to remotely enable this system certificate (little swich OFF/ON) in order to void manual action on more than 5000 devices?
By using a script or something that would be deployed on devices as third-party content/not removable content?
Related
I am a n00b with Android and have the following question. Are EVDO authorization credentials such as MIP/PPP username and password are set within OS, i.e. built-in into PPP daemon? If so, then rooting is required to modify those settings (for example, to use the firmware with another Carrier).
Or are they stored separately, outside of- and external to Android OS? If, so rooting neither required, nor helpful for modifying EVDO authorization credentials
Hello to all;
I have came across the app. Pdroid (for managing security settings in my phone); and I´m really interested into installing it; even thou I didn´t catch exactly what to do (even with the patch creator for Windows).
My fear resides into the use of Gingerreal 1.4 Rom, so here´s my question...
Does anyone using Gingerreal 1.4 for Ace have compiled the patch ?
If yes, would you care to share it or at least give me more instructions into how to create the patch myself ?
This is the link to the app:
http://forum.xda-developers.com/showthread.php?t=1357056
Thanks a lot for the support.
Some help... ?
Hello to All;
I have obtained help from user "frsp2" on the Pdroid Topic, here is the link:
http://forum.xda-developers.com/showthread.php?t=1357056&page=65
He help creating a patch to install Pdroid in my Ace and the Gingerreal 1.4 ROM.
So here are the links for the patch
Im using Ginger Real 1.4
SGA-GR-1.4_GINGERBREAD.XWKPW
http://www.mediafire.com/?qjpbq5bt0xanmpw - patch
http://www.mediafire.com/?ooc9wd8bwg9lw50 - reverse patch
And here some desctiption of Pdroid:
PDroid allows blocking access for any installed application to the following data separately:
Device ID (IMEI/MEID/ESN)
Subscriber ID (IMSI)
SIM serial (ICCID)
Phone and mailbox number
Incoming call number
Outgoing call number
GPS location
Network location
List of accounts (including your google e-mail address)
Account auth tokens
Contacts
Call logs
Calendar
SMS
MMS
Browser bookmarks and history
System logs
SIM info (operator, country)
Network info (operator, country)
For device ID, phone and mailbox number, SIM serial, subscriber ID and device location it also allows supplying custom or random values.
Why you would want to use it:
Applicaitons do NOT crash when access to private data is blocked (unlike with Permissions Denied or CM)
Fine-grained tuning of access to private data
No background service needed
Very small memory footprint (~700KB)
No impact on battery life
No impact on performance (5ms overhead on access to private data; yes, that's 0.005s)
100% reliable unlike ROOT applications (LBE), which need to start their background service on boot (see android underground to learn why this is an issue)
No ROOT required for the app to run
No Android permissions required for the app to run
Open-source
I have found that many apps require permissions even when not open... so I´m very happy with this tool, hopefully can be useful to others.
Hi
I've followed the instructions from Nexus offical guide and installed my personal certificate stored in a pfx file (PKCS#12) in my Google Nexus (ICS 4.0.4). At this point I faced a little problem: the new certificate is not listed in "User" tab in "Credentials". It works anyway because I can use it in web pages.
But the big problem IMHO, is the way Android protects your certificates. It only requests the user to set a pattern, PIN, or password to unlock the screen. I'm missing a password-protected access to my credentials like IE does in Windows, for instance every time your certificate is requested by a web site.
Is there a method to enhance security of your certificates in ICS and set a password for accessing certificates storage?
Thank you
I've installed the OpenVPN client on my Moto G, and imported the pkcs#12 file into the Keychain, as recommended in the doc.. Where did the file actually go - I expected it to appear in Settings -> Security -> Trusted Credentials, but it isn't there?
In Trusted Credentials under the User tab there's an entry 'Myhome changeme'. It appears to require me to do something - to change it in some way. Do I actually need to do something?
Is there an 'Idiot's Guide' to Trusted Credentials and the Keystore/Keychain for Android, that someone can point me to, please?
Jim
I am researching how feasible it is to develop a custom user authentication system for Android. Not at the application level but at the operating system level where many users can login into a device with a user name and password and log out. The user profile should be pulled from a repository not already provisioned on the device. This would be similar to how users log onto a PC using Windows Active Directory. Has anyone seen this accomplished?
Thanks