Hello,
Due to some heavy sleuthing, I found out that multiple android devices are trying to access "cnhv.co" (a known bit coin mining website that usurps cpu resources while running in the background) on my home wifi network. Thankfully the domain is blocked on my router, but I would like to know which apps on my devices are trying to access this domain. Is there a way pinpoint which app/process is trying to access this domain specifically on my phone? Just fyi, I have an unrooted Moto G5 Plus running Nougat 7.0.
Related
Hi guys,
My company has recently opened up an internal wifi network for mobile devices. Of course they started with Apple and have finally allowed Android devices as well.
However there seems to be an issue. Like many big companies, we have a "many-to-one" NAT arrangement. This appears to be fine for Apple as the Apple users can access all functions like iTunes, AppStore, mail apps, etc.
But the Android users cannot. Web browsing is fine - but anything through the Gmail app, Google Play Marketplace, weather widgets, all fails and has "no connection".
Speaking to the team managing our mobile device access, they said they think it's to do with Android and how it works with a "many-to-one" NAT setup as the Apple devices run through the same network without issue.
Is anyone familiar with this? Is there something in Android or how it communicates outward? If there's anything anyone can tell me, it would help as I'd like to get this solved. I don't see why Android would behave diff to iOS in this case.
Ok... I am Software Engineer and I have been developing mostly for Windows environments, but recently started getting into Android. I want to get more into the Operating System from a lower level. I am looking to build a custom ROM that must meet certain requirements to be used.
What I would like to do for a specific device:
1) Strip stock ROM of bloatware
2) Use SSH Tunnel for all data traffic (3G/4G, WiFi, etc.)
- This will have to be an embedded setup so that the device will always be using the SSH Tunnel to encrypt data accessing from company resources.
- If at all possible, block sites that are normally blocked when on the physical network.
3) Company Email, Contacts, and Calendar information to be synced from Lotus Notes to native android applications using only the SSH Tunnel connection.
4) Enforce password requirement for phone lock screen.
5) Change the OTA Device Update server to create my own.
- Insight as to how I would host my own on my internal network would be appreciated, if it is at all possible.
6) Detect company secure WiFi Access Points and only permit automatic switching to these sources for data, others (unsecured) will need to manually connected.
Now, I know how to make a custom ROM, where I am stripping bloatware and pre-rooting and such so I don't need help with requirement 1.
However, I have no clue where to start with the security aspect of this. Is it possible to embed all the settings into the OS configuration for routing data over a secure and encrypted source? This is an absolutely imperative thing, where Corporate Security mandates that the syncing of emails and such must be done over an encrypted connection. If SSH tunneling is not the best solution, perhaps VPN? Our company currently deploys Cisco AnyConnect for VPN from company laptops. Again, this has to be built into the configuration of the device. The user cannot have the ability to turn off/on this feature (unless the root or do various other violations to corporate policy). Speed is not a concern, these are work devices and only need to be reliable in accessing work resources.
As for requirement 4, is there any way to force a password lock on the device? Maybe deploy the ROM in some sort of initial setup mode (similar to Microsoft's OOBE for windows), where they are prompted to create there phone password and enter various other credentials to setup the email syncing with the native email client?
For requirement 5 & 6, well these are just pipe dreams. If they could be done, and not require a UI to manage them, then it would be great. However, I figure this would be not so easy to do.
The reason why this all has to be built in and configured, is because the user cannot be given the option to disable these features with a simple UI. Also, the phones can not receive carrier specific OTA updates, that would wipe this system configurations. The update server has to be possible, as all the carriers currently host there own. There has to be a way to build my own and deploy my ROM as an official release to the device without having to have a custom recovery or root.
Any insight into any of this would be great. For the most part I am looking for the built in network access features that I discussed above and insight on how to accomplish this if at all possible. Everything else could just be whatever input you are willing to provide. I realize this is a big project, but the result will be a phenomenal step in securing and expanding company resources. I realize there may be enterprise solutions out there that will already accomplish most of this, but I am looking to stay away from those options.
mkruluts said:
Also, the phones can not receive carrier specific OTA updates, that would wipe this system configurations. The update server has to be possible, as all the carriers currently host there own.
Click to expand...
Click to collapse
Hello mkruluts,
where did you get that the carriers host their own servers?
I would seriously be interested.
Optimally, do you have a link?
I read on this forum that even the branded updates come from a manufacturer's server:
http://forum.xda-developers.com/showpost.php?p=43915102&postcount=574
"HTC gets the go ahead to push it OTA from their servers"
http://forum.xda-developers.com/showpost.php?p=8525999&postcount=141
"The vendor's servers are tied to the carrier network."
--Droiderino
I have scoured the interwebs for a solution, yet found only obsolete and empirically ineffectual methods, aka "setprop net.dsn1" etc., none of which persist, neither immediately after the issued command nor, especially, after a reboot.
Please allow me to make it clear, that I find it perverse and loathsome that an "app" would be necessary to accomplish this feat. The indolent '"app" mentality', which is the sadly presumed remedy for nearly every action other than involuntary motion, is a contract with the assassin of freedom – and I abhor it venomously.
I have owned an Android (presently with CM11 ROM installed, with TWRP recovery) device for two weeks. It is the first Android device (or smart, tablet, etc.) I've ever owned or dared t fuss with. I particularly purchased the Samsung Galaxy Tab Pro 8.4 because it was supported by CM. I am normally a Linux user and value my liberties of hack-ability. Oddly, I was able to successfully configure my DNS via a terminal emulator within my Android device, but recent updates seem to have thwarted my efforts. Apparently, resolv.conf no longer exists and some fundamental changes have been implemented, though this is all new to me and I ain't sure.
I believe that a user should be able to configure their own DNS (amongst other things) and therefore request assistance from the wizards of xda. Google is simply unacceptable, and Verizon hijacking plain makes me mad.
Show me the way, to 208.67.222.222!
Hi everyone!
My friends and I are working on a custom AOSP based ROM for Nexus and Pixel devices which is targeting children as main users. The idea is to have a remote controllable, bloatware free, pure AOSP ROM that would allow parents to track their kids mobile usage. Some of the features would be:
Location tracking (constant or on request)
Block applications (block install, uninstall, running)
Internet access firewall per app (Mobile data and/or Wifi)
Restrict access to various settings and controls (camera, airplane mode...)
Panic mode: activated by the kid which locks the device and starts emitting location via SMS and to controlling app
Lock mode: activated by the parent so that the child can focus on other things (school, play time, night time...)
Mobile app for parents to control the phone
Peer to peer communication (via pubnub or ably) with data encryption (no data stored on servers, all on parents and child's device) between the ROM and the controlling app
No root access (of course)
Ad blocking and inappropriate web site restrictions via hosts file (later via proxy)
Since all features are system integrated, nothing can be overridden by the child
We are in a finishing phase of implementing this ROM and I would like to ask all of you parents who are thinking of giving their kids a phone to help us out in determining if this is something that they would use. Would be great if you could put in comments which device would you prefer or if you any other comment regarding the idea or ROM itself. We are targeting Nexus and Pixel phones since AOSP runs smoothly on them and there are no hardware related issues because we all know how kids get frustrated with a non-working phone
Thanks in advance!
Hi All, I used to play around with SSL certs and openssl and all that stuff... so I have a bit of knowledge on the topic but am by no means an expert... please give me a bit of leeway if I misspeak...
I have a Nexus 10 that I still like and that I still use.... yes I'm a cheapskate! It runs Android 5.1.1... my Nexus 6 (yes I still use that one too!) runs Android 7.1.1. That fact will be made relevant below... There are a lot of us cheapskates around and we do like to extend the life of our stuff for as long as possible.
The Question: If I have an OLD android device trying to connect to a website with a browser... or trying use an app against a server with a cert that is signed by a CA that my truststore does not have, in principle, all I need to do is get that CA installed (yes/no/maybe?)
The Reason I ask:
So I saw an Android Police item today: "Many websites will stop working on older android versions in 2021" This story says that thanks to the fact that "Let's Encrypt" will stop cross signing their certificates with the DST CA X3 certificate... Evidently any device running 7.1 or earlier will start having issues. The DST cert has been around for some time... but "Let's Encrypt" has their "ISRG Root X1" CA. According to the AP article, this "cross-signing" made it possible for devices on Android 7.1 or earlier to connect to SSL-enabled sites. After January 2021 they are NOT going to do this anymore so your chrome brower (which unlike FireFox does not have capability to use a separate truststore) will not work with some websites... and of course this has ramifications for apps that rely on ssl as well.
So again, my question is, assuming the apps I have use the basic device's trust store, shouldn't I just have to install the ISRG Root X1 into my device's truststore and I can then be fat, dumb, and happy again? My limited knowledge on SSL suggests the answer is "yes that would work" but I'm not sure (of much!) these days.