Hi,
Where can I get the source code related to specific Android feature such as Smart Lock which works with Trusted Places, i.e., automatic unlock the device at a predefined trusted place (not Smart Lock for Passwords). Is it implemented as an app with apk?
Please let me know how can I get the source code.
Thanks in advance!
Best regards,
Vincent
https://www.reddit.com/r/Android/comments/72tj6u/psa_google_have_quietly_removed_nfc_smart_unlock/
Judging how they could gracefully remove it kind-of universally, I regret to tell you this feature is likely inside gapps (also makes sense since otherwise where would voice unlock come from?)
On the other hand, you could check No Lock Home xposed module that implement such kind of functionality.
EDIT: custom trust agents (outside of com.google.android.gms/.auth.trustagent.GoogleTrustAgent) can seemingly be added
Related
Now this is a application development / dev question.
I won't lie and say I'm a professional and just spacing out on what the proper method of extracting the code bits from the Android OS's are, but I am currently in need of a method of doing so;
I'm looking to extract the code bits and use them in a battery saving application in which upon checking certain radiobuttons and turning on and off the ON/OFF button will allow the features to enable and disable, ex: gps, sync, wifi, etc.
If any application developer or any ROM dev would be able to assist me or let me know a method or the proper method rather to extracting the code that turns off AOS's features would be much appreciated!
TL;DR: I'm making an app and I need to know how to turn off features like Sync/GPS/WiFi/Etc, basically I am looking for the code that I can use with radiobuttons to check which features I wish to turn off.
Thanks!
Bump.
Would like it if a dev could assist me rather than letting my thread become a grave.
I am very excited to have access to bio-metric security on my new phone. However, for those of us in the U.S., there is one security exception that you should consider.
While its generally understood that no one, by law, may compel you to reveal a password; fingerprints themselves are NOT legally protected by the 5th amendment. There is precedence set that interprets the legal right for law enforcement to collect blood and DNA samples as evidence clearly extending to fingerprints.
If you want to fact check that, just google 'forced to fingerprint unlock' and you can pick from sources you trust the most:good:
Therefore, I want to know what XDA has to say about this. We have the phones now.What can we do?
My idea involved allowing the user to use fingerprints to authorize actions within the OS for speed(Ie Android pay,play-store purchases,access to contacts, etc), however disallowing fingerprint authentication for device unlocking and rely on PIN only. I think that is the best way to balance ease of use and security that a fingerprint reader adds while also avoiding the general lack of control over the authentication method used( fingerprints).
Even Google admits in the documentation, and I quote, "A physical copy of your fingerprint could be used to unlock your phone. You leave fingerprints on many things you touch, including your phone."(https://support.google.com/nexus/answer/6285273).
Therefore a third party having control over your fingerprints is admittedly a valid concern. Therefore Nexus imprint is NOT a secure authentication method UNLESS paired with a pin code. I think Two-Factor authentication is required here. We want to make sure that no one has both factors. 1 isn't enough here. They tell us that a PIN is better. Why not a fusion of both? Why cant I do TRUE 2-Factor and do PIN+print unlocks?
My questions to the community are these:
1. Do you really care about this?
2. Is there some sort of built-in way to implement this functionality with Nexus imprint already? I haven't found it yet.
3. Would you be interested in a application or system modification that did this?
It sort of already has a build in workaround. The phone requires pin after boot, so if you are about to be arrested.. shut down the phone.
Also if you use any third party app to lock the device, it needs pin to unlock (e.g. Nova double tap to lock screen).
1. No.
I see imprint as a convenience, not another factor. It improves security for me by allowing me to keep my phone locked with a strong password, without the inconvenience of having to enter it every time I pick up my phone.
A pin/password to unlock and in each app's "App info" settings dialog a switch where you could toggle Imprint/Voice/Face does sound ideal. This way the user is not left hoping the app developer implements these features. My banking app does Face/voice/pin, and I assume they'll eventually add Imprint, but I'd prefer the operating system gave me, the user, this power in much the same way they've given us granular control over some permissions & notification access. This actually seems like the logical next step to Screen Pinning.
We are a company based in France and we provide sources code for its modifications to allow us having open platform for smart glasses to behaves as a standalone platform to allow customers using their own application and to push Google Play app on the menu
Detail description of the problem:
We have an embedded android system 4.3 applied for android glasses, with a solution of Ingenic M200.
The system works with all camera, sensors and display
However, the system is limited. It is modified for the wearable devices (Camera glasses), using cards UI, scroll or click control uniquely by a touch pad, menu uncompleted
It disconnects automatically when we install an application, even we can push the apk by ‘adb push’ it doesn’t support well because of lack of gesture of touch, card input instead of a keyboard standard.
The menu and setting are not completed, only have configuration of wifi,Bluetooth and Gps. We need to have access to all setting features. This Menu is an application and need to be standard as any platform of phone or tablet
We would like to find a cooperative help us to modify it. We have in hands the sources code that we’ll provide for modification.
Please contact us at the following email. Our request is urgent:
Email: [email protected]
Hi all
I a searching for someone who is very experienced in making a secure custom rom for Android.
I have given some example links as a reference.
Create Custom ROM for Android —* which phones do you recommend ?
I have a recent Huawei. I would like to avoid spending many hundreds of euros on phones if possible
I would like a custom Secure firmware, that will be*
-*Protection from zero-days viruses
-*Hardened kernel
-*Stronger sandboxing and isolation for apps & services
-*Firewall & network hardening -**MAC Randomization
-*Security-centric user experience changes
-*Man in the middle doctor* —* Protection from SS7 attacks
-*IMSI catcher decor
-*Verifiable Source Code
-*Protection from silent sms
-*Protect your contacts and call history from unauthorised access
- How to change phone identifiers if I wanted to*
An example of phone software that I would like to emulate as much as possible.
sorry I had to remove the links as its my 1st post. It will be easy to find with this info.
esdcryptophone cryptophone-600g
esdcryptophone comparison
Thank you all for taking time to read my request
Felix
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
I too would be interested to hear about anyones experience regarding this OS
johndoe118 said:
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
Click to expand...
Click to collapse
I'm interested in this ROM too. I have a Pixel 3a. I haven't flashed it yet because I'm trying to find out what people's experiences are first. There doesn't seem to be a lot of posts about it. Did you ever flash it? Also, what do you mean by "hardcoded Google domains"?
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi. That was one reason why I lost interest in the ROM. The other was the limited device support and missing root access. I absolutely need access to the iptables. As a one-man show, the ROM can be adjusted at any time.
johndoe118 said:
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi.
Click to expand...
Click to collapse
Do you have some kind of reference for that? I'm using it now and would really like some proof to bring up in their subreddit as a WTF.
graphene seems great, no root does not
I don't want the bootloader locked.
I want Magisk extensions
I need root for LP _only_ to remove ads. Is there something like LP that allows (interactively) disabling app activities?
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network.
HTTPS: https://www.google.com/generate_204
HTTP: http://connectivitycheck.gstatic.com/generate_204
HTTP fallback: http://www.google.com/gen_204
HTTP other fallback: http://play.googleapis.com/generate_204
Click to expand...
Click to collapse
nay_ said:
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
Click to expand...
Click to collapse
Thanks, right from there
I have Graphene OS taimen-factory-2020.07.06.20.zip on my Pixel 2 XL.Under "System update settings" is "Check for updates" but nothing happens if I tap.Only the field becomes darker.Has someone experience with this?
Update with adb sideloading to 2020.08.03.22 works.
OTA update from 2020.08.03.22 to 2020.08.07.01 likewise.
I'm personally not a fan of these kinds of projects, they aren't really all that 'secure', you're still using proprietary vendor blobs and such
help please
Hello! In the description
I pointed out that you can change servers just not through the GUI.
Has anyone tried this?
```
Providing a toggle in the Settings app for using connectivitycheck.grapheneos.org as an alternative is planned. The option to blend into the crowd with the standard URLs is important and must remain supported for people who need to be able to blend in rather than getting the nice feeling that comes from using GrapheneOS servers. It's possible to use connectivitycheck.grapheneos.org already, but not via the GUI.
```
captive portal leak + location services data leak
Few points:
1. General idea is that privacy/security oriented OS (as graphene is advertised) should limit network activity as much as possible, and not ping google using captive portal service every few seconds providing perfect IP-based location to google
It is possible to switch it off, but should be off by default
2. Connections of android location services to get GPS constellations were shown before to send sim card imsi and connected cellular tower id to provider (qualcom/google):
"blog.wirelessmoves.com/2014/08/supl-reveals-my-identity-and-location-to-google.html"
Graphene still allows those connections (check their FAQ on website)
W/O root no way to switch this off. Even some devices ignore config files and still leak data (on the level of cellular modem most probably)
3. Android services make other weird connections. Example: AOSP dialler app is querying phone numbers against online database leaking all contacts to google. How was this taken care of in graphene? Are all AOSP services/apps security-verified to not leak any data?
w/o root no way to install afwall to block everything
Is graphene built-in firewall capable of blocking system services from network access?