Is it possible to encrypt app data on rooted phone? - Android Q&A, Help & Troubleshooting

Dear experts,
I have a Samsung Galaxy S7, rooted with Superman Rom v2.7 (Android N) installed. I was very sad when I found out, that it is impossible to have device encryption enabled on a rooted Android N phone. I do not want to go without root any more - too many benefits (Titanium etc) and I also do not want to revert to a former Android version. But I definitely also want to be sure, that if my phone gets lost or stolen, my personal data are not accessible by unauthorized third parties (other than Google and NSA). Without device encryption, this is a real challenge. A thief could simply boot into recovery mode and pull all my data. Even if this is rather unlikely to happen, as thiefs in general are not that interested in personal data, I want to eliminate this threat as far as possible.
So I made up a list of all my data persistent on my device, which I do not want to be accessible by thiefs:
Calendar (i.e. my google calendar app data)
Tasks (i.e. my tasks app data)
Contacts
E-Mails (i.e. my K-9 app data)
SMS messages
WhatsApp messages
Browser history and bookmarks (i.e. my Firefox app data)
Passwords (i.e. my password manager app data)
Access credentials from banking, cloud and social media apps
Photos
So far so good. My passwords are stored encrypted safely by my password manager app - so this point is done. WhatsApp only stores backups of its database encrypted (though they also can be decrypted with some programming skills) - the app data itself (and thus the messages) is stored unencrypted. I am rather sure that access credentials from banking, cloud and social media (Facebook) apps are stored encrypted. And as of my photos, they are just files and I found the tool EMS Lite, capable of putting all my sensible files into an encrypted container, simmilar to TrueCrypt. So what is left are calendar, tasks, contacts, K-9 data, Whatsapp messages, sms messages, Firefox data.
So my question to you is: How to encrypt these data (or parts of it) so that thiefs cannot simply access it by pulling it from my phone? Is there an app, capable of encrypting other apps data?
It must be possible, especially with root. Titanium is capable of encrypting other apps data. The workflow for making it impossible to access an app's data with Titanium would be this:
Enable Titanium encryption in the settings and set a key
Backup the app data
Wipe the app data
This way, a thief has no chance to access the app data without your password. To reaccess the data, one has to restore it via Titanium and provide the key. Of course, this workflow is not practicable to do every time I want to reaccess one of these apps, but theoretically it should work.
Long story short: Is it possible to encrypt specific app's data? If no, do you have any other tips for me to protect my data (or parts of it) from beeing accessed by possible thiefs (other than not loosing my phone)?
Thank you very much!

blaukraut said:
Dear experts, I have a Samsung Galaxy S7, rooted with Superman Rom v2.7 (Android N) installed. I was very sad when I found out, that it is impossible to have device encryption enabled on a rooted Android N phone...
Click to expand...
Click to collapse
I don't have this device but, your best bet is to post this question within the following Q&A thread that's specific to your device.
https://forum.xda-developers.com/showthread.php?t=3341138
Good Luck!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.

Thanks, I already asked that question in the Superman Rom specific thread, without success. And since my question applys to ALL rooted Nougat devices (not just the SGS7), I thought this is the place where I will most likely get a good answer.
However, I will do as you said and ask my question in the SGS7 Q&A thread too.
Thanks!

--- unintentional double post. sorry but my post did not appear after posting.

Related

[Q] Exchange/ActiveSync on Android Permissions -- Options?

I asked this in XDA Android Q&A; posting to this Rezound Q&A as well in case there are any Rezound specific options that can be explored:
I've been debating configuring my personal phone to access my employer's Exchange server; I would be checking it on occasion-- more of a convenience thing to know what's up before I head in for the day.
Using the default Android Mail client and choosing ActiveSync and doing the setup, I inevitably reach a screen with the following:
Activate security policies?
Exchange security policies
Your IT administrator requires that you activate these security policies in order to sync with your Exchange Server.
Activating this administrator will allow the application Mail to perform the following operations:
! Erase all data
Perform a factory reset, which deletes all of your data without any confirmation.
! Set password rules
Restrict the types of passwords that you are allowed to use.
! Monitor screen-unlock attempts
Monitor failed attempts to log into your device.
! Lock the screen
Control when your device locks, requiring that you re-enter your password.
! Device function limitation
Restrict some function on device like Wifi, Bluetooth, Camera etc.
Click to expand...
Click to collapse
Needless to say, this is highly unappealing for my personal phone-- way too much power for the Mail application.
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
vprasad1 said:
Needless to say, this is highly unappealing for my personal phone-- way too much power for the Mail application.
Click to expand...
Click to collapse
It is designed to protect corp data. If you don't want your personal phone under that control, then don't connect it. That is the choice you have.
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
Click to expand...
Click to collapse
Nope. The policy is from the Exchange servers policies.
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
Click to expand...
Click to collapse
Not sure how you would do this.
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
Click to expand...
Click to collapse
When you connect, if they have issued the wipe command, it wipes. Distance is not relative. Wipe is wipe.
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
Click to expand...
Click to collapse
No. they could have a different policy setup for different groups of users and have you into that group, but you would have to ask the administrator though.
The exchange policies are part of the requirements of connecting to that exchange server. The policies can be changed by the administrator by putting you into another group, but I doubt they will do that. They are there to protect corp data.
There are other ways that policies can be setup, but that needs to be done again by the administrator.
These types of policies are becoming more and more common as companies realize their contacts, email and attachments are valuable and need to be protected. A lot of people use two phones, one for corp and one for personal, not mixing the two.
Remote wipe and all is a feature of activesync, not necessarily exchange. So, according to what I'm reading, you can find an email client that supports exchange but not eactivesync and get around the permissions.
I am also interested in how far the wipe can extend. It says reset to factory, which would leave your SD card intact.
gthing said:
Remote wipe and all is a feature of activesync, not necessarily exchange. So, according to what I'm reading, you can find an email client that supports exchange but not eactivesync and get around the permissions.
I am also interested in how far the wipe can extend. It says reset to factory, which would leave your SD card intact.
Click to expand...
Click to collapse
As far as I am aware, the Exchange server CAN initiate a full wipe, if your company is on Exchange 2010. The wipe command can be found in OWA settings. The only way you can get around the permissions is to login to OWA via your browser. The security settings are there for a reason, as mentioned above.
Microsoft works very hard with its partners to provide the best security possible. I do not think using Touchdown or another email client will allow you to circumvent security policies enforced by the Exchange server.
Sent from my Dell Streak 7 using Tapatalk 2
vprasad1 said:
So my questions-- what are my options?
-would a different Exchange connectivity application like Touchdown request those same permissions for access?
-would I be better off setting up ActiveSync on an alternate ROM and booting into that when I want to check work mail (not as frequently as some other users)?
-How far does that remote wipe control extend? Could they wipe the entire phone, including bootloader? Or is it just reference to internal storage? Could they wipe the external SD card?
-is there a way to revoke those permissions from the Mail application while retaining the ability to connect to the Exchange server?
Click to expand...
Click to collapse
I use TouchDown for my work e-mail, and while I have never had any administrators use remote wipe, I will let you know my experiences:
-There is an option in the settings screen for "Clean SD card on remote wipe." It's unchecked by default. I assume a remote wipe will only clear TouchDown related data, but am not 100% sure of it. At the very least this option implies that it won't normally wipe your SD card as well.
-TouchDown will ask for the same permissions. However, unlike the default mail application, which will force your whole phone to be pin locked, TouchDown will only force you to enter a pin when you open the application. This feature is nice if you don't want to always enter in a pin to unlock your phone but also want Exchange e-mail.
-As the policies are set on the ActiveSync server, there's no way to get around revoking the permissions.
If you search for it enough, you can probably find a modified mail app that doesn't require these security permissions. I know I've seen one that works with CleanRom and I use it on ICS Business Sense. No lockscreen pin required either and no device administrator.
http://forum.xda-developers.com/showthread.php?t=1456425
Sent from my ADR6425LVW using XDA
Just created the account to reply to this thread.
I am too looking for a solution to avoid giving my employer the access rights to wipe my phone, and I just wanted to comment that IMO, theorically it is not because this setting is on server side that it can't be avoided.
Android can give whatever permissions the server asks for then totally ignore the commands when they eventually come. That would probably require some coding to simulate executing the command without actually doing it, and it would definitely require root access to do this, but I do not see how that would be impossible on Android or on one of its mods.
Now obviously this is not something I'm going to waste time on. if it can't be done, my pro account will not be on my phone. That was me trying to do something for my employer, but if they don't want me to see my mails on weekends, I won't be fool enough to complain.
I'm in a similar situation. With ICS, at least it gave me the ability to only have to enter a PIN after 15 minutes or something when your phone is locked. Prior to that with GB, every screen unlock required the PIN.
I do use a modified Mail.apk, but in a sense, I'm contributing to the problem of my company not allowing android phones on their network, because there are just so many workarounds like this.
LBE Security Guard may be able to inhibit the permissions, though I wouldn't want to have to depend on that as a last line of defense right before my device is potentially WIPED!
There has to be some better solutions to control it on the client side...
My admins at work say they will not change the exchange policy.
They said it comes with Exchange Server 2010 as the default settings, but they won't change it. They have actually tested the remote wipe and it works instantly. They claim they can remote 'unwipe' it as well, but I gave an analogy about formatting drives (quick format vs. full format) that they couldn't answer.
I told them I'm concerned about anyone having that much power over personal "BYOD" phones, and the possibility of someone accidentally or maliciously wiping my device.
They said the policy will not be changed.
Does anyone know of other 3rd party mail OR calendar programs that will update my calendar without allowing these INSANE permissions? Thanks.
I've recently bought a new phone and found these ridiculous permissions when I went to sync with my work exchange.
There must be apps available or possible to develop because the email app on my old phone doesn't ask for these permissions. Unfortunately it isn't available to download, just the default app with that phone.
worldheroes said:
I've recently bought a new phone and found these ridiculous permissions when I went to sync with my work exchange.
There must be apps available or possible to develop because the email app on my old phone doesn't ask for these permissions. Unfortunately it isn't available to download, just the default app with that phone.
Click to expand...
Click to collapse
There are several mail programs in the Google Play store, if you search for 'exchange email'
I saw:
k-9 mail
touchdown
exchange exmail
maildroid
and so on...
k-9 had the best ratings and is open source so I tried it, but it couldn't connect to my exchange server. I got an error during setup:
'Setup could not finish, cannot connect to server. (ioexception)'
Please let me know if you have better luck with any exchange program!
The best choice for you is to install OWA from the play store (outlook web) and that will get you contacts, push mail and calendars without having to accept the exchange policies. All you have to do is point it to your companies webmail page and login.
I searched for OWA in the Play store but didn't find the one you mentioned. (see attachment) Is it a free app?
I have the first one by WWO. It gets the job done. 5 bucks well spent. I'm sure it can be side loaded if you'd like to test the functionality first.
Daistaar said:
I have the first one by WWO. It gets the job done. 5 bucks well spent. I'm sure it can be side loaded if you'd like to test the functionality first.
Click to expand...
Click to collapse
At the risk of asking a silly question - how would I get it to test it?
might want to try this:
http://forum.xda-developers.com/showthread.php?t=1965468
Thanks - the link to the ICS Email APK with Exchange Security removed was exactly what I needed!
I wish that app would be maintained with the current version and be put in the google play store!
If I activate the device administration can I undo it? Can I deactivate it and go back to life as usual?
quarksurfer said:
If I activate the device administration can I undo it? Can I deactivate it and go back to life as usual?
Click to expand...
Click to collapse
Yes, delete the account in question.

[app]Vault-Hide SMS ,Pics & Videos

Vault—the Ultimate in Privacy Protection
Vault hides your confidential SMS messages, contacts, call logs, pictures and videos. It’s the BEST app for Android users to hide SMS messages and call history from prying eyes! It keeps your private stuff hidden, giving you complete control over your privacy and security.
With Vault, you can:
1. NEW in 2.0! Monitor who’s trying to see what’s on your phone and photograph them in the act. This feature requires an Android 2.3 (or higher) device with a front-facing camera.
2. NEW in 2.0! Hide your photos and videos so only you can see them. They’ll be encrypted and only viewable in Vault when you enter the correct password.
3. Import your sensitive SMS text messages to Vault. Strong encryption and password protection ensures they’ll be hidden from everyone but you.
4. Make your private contacts invisible. Simply add a number to Vault and any calls or messages from this number will only appear in Vault. They’ll no longer appear in your phone's native SMS folder and call logs.
TIP: We recommend adding your most commonly used contacts to
Vault. If your phone is lost or stolen, you won’t have to worry about anyone accessing your contacts or messages.
5. Protect your real Vault by creating one or more “fake” vaults. If someone insists that you give them your password and display your secret messages, you can show them the “fake” vault. Problem solved!
Check it on market Market link
Send me a PM for download link
theme
what's this theme on the screenshots?
This app lost all of my contacts that I stored in it and since it deletes them from your android contacts I can't get them back. Photo/video seems to work but definitely would not recommend this app for anything you wouldn't want lost.
despotisminc said:
This app lost all of my contacts that I stored in it and since it deletes them from your android contacts I can't get them back. Photo/video seems to work but definitely would not recommend this app for anything you wouldn't want lost.
Click to expand...
Click to collapse
you must return to your settings before uninstall the app... i did the same mistake first time but my luck was that i chose to hide only the videos... so before uninstalling turn back to show contacts, videos, and other things that you selected to hide
I think you have a folder on your sdcard (the app folder) and there must be the things that you chose to hide.. cheek it
i have format my hp without backup my file on vault 1st...then after format i install vault back...my old file cannot open...please help me to recover back my file...
Does anyone know of an app that can actually hide other apps?
Sent from my SAMSUNG-SGH-I717 using XDA Premium App
free cannot, premium may offer additional feature
Needs a file explorer. I have videos that I need hidden, but the app can't find them.
Help
I accidently cleared the Data of this app… I've reinstalled it, but it doesn't show the previous ones :'(
What should I do ?
I've searched that long time
Thanks a lot

[Q] Is it “safe” to install Android Device Administration apps in terms of privacy?

Is it "safe" to install Android Device Administration applications on my personal device? Can my company read my private data with that application? What if it also requires Google account privilege?
My company recently adopted a policy to install an enterprise application on each employee's smartphone. The application should be installed from 3rd party market that is operated by the comapny, and requires Device Administration privilege and Google account privilege.
Even though the application does not require 'root' privilege, and Device Administration API is not related to reading data inside the phone, I'm still not sure that my personal data is safe to my company.
FYI, the API includes changing password, wipe out data, disable camera, and so on.
Please share your knowledge or opinions.
Thanks.
When ever you install any app it asks all permissions before installation...
So first of all you have to get knowledge about each and every permissions.
If any app asks for read contact data
Read sensitive log data
It can access your personal data..
So just read all permissions carefully and Google for each and every permissions to know about them in detail..
Than you go
It is better to press thanks rather saying
Good day

[Q] Webmail app...?

My apologies if I am posting this in the wrong area, but I seem to be looking for something that is difficult to find. Either that or I REALLY don't know how to ask/search for that which I am looking.
I need an app on my phone [android - Samsung Galaxy S4] for my emails, however I don't want the messages stored on the phone. So I guess I am looking for an app-etized webmail interface. Important features:
The ability to have a formatted signature (bolding, etc). The ability to add a logo would be nice, but not required
The ability to send formatted messages (HTML?)
The ability to use Templates
The ability to send/manage multiple attachments
Those are the biggies that I can think of at the moment.
Every time I find something it seems to want to save/manage the messages locally, and I am just REALLY paranoid about having business emails on something as easily lost/stolen as a phone (regardless of the ability to remote wipe)
Would anyone happen to know of a good solution? Doesn't have to be free, but reasonably-priced is a plus.
Many thanks (and a few beers) in advance!

LG G5 - Need help to free space and update whatsapp

Hi Guys,
this is the problem:
my mother owns an LG G5 E610v. For some time I have bought her a new phone (an iPhone). She (on the old LG) has some very important chats with messages, photos and videos of her granddaughters. I wish I could transfer the chats to the new phone. But to do that I would have to update Whatsapp. Unfortunately, however, when I try to update, phone tells me that it is impossible because there is no space. There are many applications that I could delete (Google, Youtube, Gmail, Hangouts, Google play Books, etc ...) but I can't delete them because they seem to be pre-installed and there is no way to delete them. Unfortunately I don't know well the android environment and neither the phone.
How can I go about solving this problem?
The phone software is an LG G5 E610v (European) with fw v4.1.2
Thanks in advance
You may not like my thoughts but she needs to backup her photos and vids independently of WhatsApp or they will likely be lost, sooner or later.
I won't allow WhatsApp or any social media app to be installed on any of my phones. They are a big fat security risk especially for those that aren't tech savvy. WhatsApp is a mecca for scammers and hackers, easy pickens.
If I can't login and use a site completely via browser I don't use it. A browser like Brave provides a buffer zone.
All critical data needs to be redundantly backup to at least 2 hdds that are physically and electronically isolated from each other and the PC. Never encrypt, clone or compress media backup data drives. Verify backup by folder count, data size and that the data is readable.
Regular critical data backup and good security practices are the only ways to help prevent data lose. After it happens will be too late...
A phone with an SD card slot would give her all the memory she needs. The SD card is then used as a data drive. It in turn is then redundantly backed up.
Address her backup plan asap if you haven't already...
Clearing app and system caches will free more space. Check the largest disk users of the 3rd party user installed apps to determine if they are really needed, uninstall to free space.

Categories

Resources