Keep OTP App when upgrading system - Android Q&A, Help & Troubleshooting

I have a monthly appointment to update my LineageOS phones. However, the time has come to upgrade the major version, which means manually overwriting system. But one of my phones has an OTP app (FreeOTP) that I use for Two-Factor authentication. I need to know if that app will continue to work if I back it up using Titanium. Part of me has this feeling that it uses something unique to this OS in order to generate the codes. And since several sites are dependent on TFA, that would leave me in a very bad place.
So, anybody knows how I can safely upgrade my phone without losing access to the OTP generator?

FreeOTP+ (a.k.a. FreeOTPPlus) has backup/import/export capabilities. Migrating is a cinch:
FreeOTP: Export Secrets and Migrate to FreeOTPPlus
Photo by Markus Spiske on Pexels.com This article is about the android app(s) which can be used as 2FA, MFA with TOTP. The original FreeOTP app for android was developed by RedHat, but had no optio…
externalmem.wordpress.com

Related

[Q] How to configure and deploy a large scale android installation (2.3.3.)

Hi,
I am about to assist in deploying a large amount of android device. The requirement is, that the devices (700+) need to be charged, configured and provisioned with the relevant applications for the end-users before delivery.
Device info:
Android 2.3.3
Samsung Galaxy SII
This is not windows mobile, so I am unsure if I can code/design a solution to avoid this enormous manual task.
Is it possible to code something for an sd-card that will be automatically triggered on insertion (as on WM)? This would then provision the device etc.
Is it possible to bypass the initial prompts - To my knowledge you will be prompted for entering the info for your google accounts?
If above is not possible, do I then need to create 700+ google accounts?
Hope someone can help
Brgds
It can also be via an active sync (ish) connection using a computer du provision the device?
A suggestion I received from another forum, was that I could: Make an update.zip for apps .Copy on SD card .Boot in recovery . Apply update.zip.
Would this be a feasible way to go?
odaugaard said:
A suggestion I received from another forum, was that I could: Make an update.zip for apps .Copy on SD card .Boot in recovery . Apply update.zip.
Would this be a feasible way to go?
Click to expand...
Click to collapse
We just deployed 100 EVO 4G's prior to the deployment we sent a mass email requesting the users create their own Google account and email us the info so we could setup their new phone with email and corporate email access. It took awhile to setup 100 android devices but it went smooth.
Sent from my PC36100 using Tapatalk
You can use SureMDM from 42Gears for mass provisioning, application deployment and password policy enforcement on Android devices, including smartphones and tablets.
It does not require Google accounts. Install the agent directly on the devices and then use the web-based console to perform all of the above actions from one place. For e.g. you can push an apk on hundreds of devices with a single click.
On non-rooted phones installation of .apks will prompt the user to continue the action.
Free trial is available on the website 42Gears dot com
Similar situation here and am fielding any suggestions or ideas if things have changed in the last several months regarding deployment.
Scenerio:
Deploying approx 200 Asus Transformers in an educational setting
Wish List:
Setup all units using the same Google account, populate static name on the lockscreen, install 3 specific apps on each and the ability to identify each one individually on the market for individual app install by an "administrator".
Currently we are doing each unit manually and then having to wait a few minutes for the Market to populate the new unit and then changing the nickname to the bldg/room number. If we don't wait for the Market to refresh for the new device they will all show as Asus Transformer TF101 and obviously we will not know which device to send specific apps to when they are requested.
There just has to be a better way! I checked out SureMDM and it has a lot of features that we really don't need and it doesn't appear to accomplish what we do need.
Any suggestions or comments would be greatly appreciated!
I know this is an old thread, but what about rooting and building a custom ROM for each unique device to let it do what you want? I'm thinking of doing something similar at the moment.
stephendt0 said:
I know this is an old thread, but what about rooting and building a custom ROM for each unique device to let it do what you want? I'm thinking of doing something similar at the moment.
Click to expand...
Click to collapse
Probably would work although Google now has a way to streamline deployment:
unfortunately I cannot post the direct link but goto developer dot android dot com/edu

How to Push Information to My App

We've had some people develop and application for us. For now, our application uses static data that requires a manual update each time this data changes. Our plan in the future is to have this data updated automatically the instant this new data is available.
For now, is there a way like through some online cloud that I can link the application to? So, that way when I put the data online in this service thing, the application whenever it has a data connection or Wi-Fi pulls the new data?
For the future, what's the best way to set up this automated updates?
You could just host the update on the server u run the app from ...
Sent from my HTC Sensation using xda premium
Right, what if buying a physical server was really not a preferred option at this point, what else could be done?
You could add the Dropbox SDK or Amazon S3 SDK to your project.
For example with Dropbox you could create a folder for your account dedicated towards this application. With the correct code you can then have the application download / synchronize the files in this project folder with your device.
That may be the easiest solution if you don't want to get down and dirty with your own server.
nraboy said:
You could add the Dropbox SDK or Amazon S3 SDK to your project.
For example with Dropbox you could create a folder for your account dedicated towards this application. With the correct code you can then have the application download / synchronize the files in this project folder with your device.
That may be the easiest solution if you don't want to get down and dirty with your own server.
Click to expand...
Click to collapse
Okay... Thank you. This helps.
In response to the message you sent me.
Yes you can use Excel files. You can use whatever you'd like, but you just have to worry about how you plan to use the data when you receive it.
For example, maybe you've got an Excel file that has 10 rows of data initially and you want to update it to a newer version that has 20 rows of data. Using one of these cloud services SDK you would be able to update this file on your device. This is not the most efficient way to do business, but it is certainly an option.
The cloud SDK approach would be a better solution if for example you wanted to add levels to a game without forcing the user to upload through the marketplace. If you are worried about updating information data you may want to write some sort of script that will transfer information from an SQL database online to a SQLite database on your phone.
Both the SDK options and SQL options are for the most part compatible with all the types of devices so if you plan to make an iOS or RIM application it should be possible.
I hope this helps.

TOP 11 Tips To Secure Your Xperia

You have got the Android phone and have all your personal data stored in that which includes your passwords and all personal information which is too sensitive. Just like you think your Android phone is a precious belonging to you, same is the case with the data it holds. So what if your phone is stolen or hacked by someone or it is lost?
Each day, you like some app and try to get it for your Android phone. Well that is nice but even that lets your security to lose a bit of ground. To secure your Android phone’s data, you need to have a good knowledge about enhancing the security options. Also, you got to implement some things that shield you in the times when you can get your data to fall in some stranger’s basket. Learn how you secure it.
1. Use SE Android OS
When you get some app downloaded to your phone then you give it some or more access as well. This lessens up your security. To help you National Security Agency (NSA) has created a new SE Android OS. This is a version of Android OS which is much secure and locks your phone and data exploitation by the unknown.
2. Lock your Android phone
You can lock your Android phone by setting a passcode. To do so, go to the ‘settings menu’ and tap on ‘location and security’. You will see there an option to ‘set unlock pattern’. By locking your phone properly none can use it without your prior permission and your data stays secured and intact.
3. Advanced security options
MobileDefense, TenCube and WaveSecure are few good advanced security options that you can choose from. If you lose your phone or it is stolen away then in that case you get an option to wipe off all the personal data by using these kinds of app only.
4. Apps that secure your Android phone
Get your Android phone protected from web intruders by selecting powerful anti-malware apps like Lookout. With such an app you can be rest assured that your security will remain intact when you are browsing, using your Android phone.
5. SIM card lock
In an addition to the prior phone lock mentioned in this article, you must choose for a SIM card lock by setting up a PIN code. This will secure all your contact information and the data usually stored in a SIM.
6. Third party protection
Programs and software like AVG, Norton, Trend Micro help you in securing your data in various many ways. It is better to get the premium protection cover rather than going for the free ones because a premium one provides you with a complete protection cover.
7. Full device backup
There are apps like Titanium Backup which can help you in getting a clone or backup of your phone onto the hard disk of your computer. In the case of theft or severe physical damage to your phone, backup helps you to get everything as it was.
8. Dropbox
Dropbox is cloud storage software which works with Android OS and then gives you complete access over your data on the go. One has to sign up for a Dropbox account and then save all essential and needy files in it. Without a Dropbox, you cannot thing of the backup of your data.
9. How Google helps in securing
When you have an Android phone that means, everything you use from an email to apps and contact information; all this stays with your [email protected] account and address. Simply add that to your new phone and import everything from there to the new device.
10. Secure data with AndroidLost
Go to the Android Market and search there for AndroidLost. When you find this application, install it to your Android phone (this is free for all Android gadgets and devices). By logging in with your Google account to the AndroidLost website you have full command over your data, even when the phone is not with you.
11.MY XPERIA
If you happen to misplace your Xperia™ device, the my Xperia service helps you to find it and protect private information by locking your device or even deleting all information on your device. The my Xperia service is offered by Sony Mobile Communications free of charge.
The my Xperia service uses the Google account on your device. If you are using several Google accounts on your device, you can sign in with any of them. You can connect several devices to my Xperia, using the same Google account.
For the my Xperia service to work, your smartphone or tablet must be turned on and has to have a working data connection.:angel:​
Nice tips to get a bond phone
Can u elaborate first point??
drsanket_xperia_u said:
Nice tips to get a bond phone
Can u elaborate first point??
Click to expand...
Click to collapse
defn by wiki-
What is SE for Android?
Security Enhancements for Android™ (SE for Android) is a project to identify and address critical gaps in the security of Android. Initially, the project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the project is not limited to SELinux.
SE for Android also refers to the reference implementation produced by the project. The current reference implementation provides a worked example of how to enable and apply SELinux at the lower layers of the Android software stack and provides a working demonstration of the value provided by SELinux in confining various root exploits and application vulnerabilities.
hope it helped....
is there an easy way to see if youre phone is getting hacked/virus? like a tools. because sometimes after 2-3 months my phone become slower and slower (need to reflash it again) and i use the phone just for daily basis like call, internet, messaging.
noel_din said:
is there an easy way to see if youre phone is getting hacked/virus? like a tools. because sometimes after 2-3 months my phone become slower and slower (need to reflash it again) and i use the phone just for daily basis like call, internet, messaging.
Click to expand...
Click to collapse
it shoud nt hapn if rooted use avast security..:angel:
C00ldUdE8655 said:
it shoud nt hapn if rooted use avast security..:angel:
Click to expand...
Click to collapse
rooted use avast security? protect with avast you mean? i do that, but my sola will slow down to the point i want to hit a wall with it :laugh:
Great tips man...like it
Sent From C6603 Using xda premium
Encang_Rojali said:
Great tips man...like it
Sent From C6603 Using xda premium
Click to expand...
Click to collapse
liked it..prezz **THANKS**
C00ldUdE8655 said:
You have got the Android phone and have all your personal data stored in that which includes your passwords and all personal information which is too sensitive. Just like you think your Android phone is a precious belonging to you, same is the case with the data it holds. So what if your phone is stolen or hacked by someone or it is lost?
Each day, you like some app and try to get it for your Android phone. Well that is nice but even that lets your security to lose a bit of ground. To secure your Android phone’s data, you need to have a good knowledge about enhancing the security options. Also, you got to implement some things that shield you in the times when you can get your data to fall in some stranger’s basket. Learn how you secure it.
1. Use SE Android OS
When you get some app downloaded to your phone then you give it some or more access as well. This lessens up your security. To help you National Security Agency (NSA) has created a new SE Android OS. This is a version of Android OS which is much secure and locks your phone and data exploitation by the unknown.
2. Lock your Android phone
You can lock your Android phone by setting a passcode. To do so, go to the ‘settings menu’ and tap on ‘location and security’. You will see there an option to ‘set unlock pattern’. By locking your phone properly none can use it without your prior permission and your data stays secured and intact.
3. Advanced security options
MobileDefense, TenCube and WaveSecure are few good advanced security options that you can choose from. If you lose your phone or it is stolen away then in that case you get an option to wipe off all the personal data by using these kinds of app only.
4. Apps that secure your Android phone
Get your Android phone protected from web intruders by selecting powerful anti-malware apps like Lookout. With such an app you can be rest assured that your security will remain intact when you are browsing, using your Android phone.
5. SIM card lock
In an addition to the prior phone lock mentioned in this article, you must choose for a SIM card lock by setting up a PIN code. This will secure all your contact information and the data usually stored in a SIM.
6. Third party protection
Programs and software like AVG, Norton, Trend Micro help you in securing your data in various many ways. It is better to get the premium protection cover rather than going for the free ones because a premium one provides you with a complete protection cover.
7. Full device backup
There are apps like Titanium Backup which can help you in getting a clone or backup of your phone onto the hard disk of your computer. In the case of theft or severe physical damage to your phone, backup helps you to get everything as it was.
8. Dropbox
Dropbox is cloud storage software which works with Android OS and then gives you complete access over your data on the go. One has to sign up for a Dropbox account and then save all essential and needy files in it. Without a Dropbox, you cannot thing of the backup of your data.
9. How Google helps in securing
When you have an Android phone that means, everything you use from an email to apps and contact information; all this stays with your [email protected] account and address. Simply add that to your new phone and import everything from there to the new device.
10. Secure data with AndroidLost
Go to the Android Market and search there for AndroidLost. When you find this application, install it to your Android phone (this is free for all Android gadgets and devices). By logging in with your Google account to the AndroidLost website you have full command over your data, even when the phone is not with you.
11.MY XPERIA
If you happen to misplace your Xperia™ device, the my Xperia service helps you to find it and protect private information by locking your device or even deleting all information on your device. The my Xperia service is offered by Sony Mobile Communications free of charge.
The my Xperia service uses the Google account on your device. If you are using several Google accounts on your device, you can sign in with any of them. You can connect several devices to my Xperia, using the same Google account.
For the my Xperia service to work, your smartphone or tablet must be turned on and has to have a working data connection.:angel:​
Click to expand...
Click to collapse
OK, a good comprehensive list...can you give a poiner to start working with SELinux...something that will help me start developing policies or something?
please add the source. ive read the same post somewhere
Nice tips bro, like it!

[Q] Custom Rom For Enterprise Deployment

Ok... I am Software Engineer and I have been developing mostly for Windows environments, but recently started getting into Android. I want to get more into the Operating System from a lower level. I am looking to build a custom ROM that must meet certain requirements to be used.
What I would like to do for a specific device:
1) Strip stock ROM of bloatware
2) Use SSH Tunnel for all data traffic (3G/4G, WiFi, etc.)
- This will have to be an embedded setup so that the device will always be using the SSH Tunnel to encrypt data accessing from company resources.
- If at all possible, block sites that are normally blocked when on the physical network.
3) Company Email, Contacts, and Calendar information to be synced from Lotus Notes to native android applications using only the SSH Tunnel connection.
4) Enforce password requirement for phone lock screen.
5) Change the OTA Device Update server to create my own.
- Insight as to how I would host my own on my internal network would be appreciated, if it is at all possible.
6) Detect company secure WiFi Access Points and only permit automatic switching to these sources for data, others (unsecured) will need to manually connected.
Now, I know how to make a custom ROM, where I am stripping bloatware and pre-rooting and such so I don't need help with requirement 1.
However, I have no clue where to start with the security aspect of this. Is it possible to embed all the settings into the OS configuration for routing data over a secure and encrypted source? This is an absolutely imperative thing, where Corporate Security mandates that the syncing of emails and such must be done over an encrypted connection. If SSH tunneling is not the best solution, perhaps VPN? Our company currently deploys Cisco AnyConnect for VPN from company laptops. Again, this has to be built into the configuration of the device. The user cannot have the ability to turn off/on this feature (unless the root or do various other violations to corporate policy). Speed is not a concern, these are work devices and only need to be reliable in accessing work resources.
As for requirement 4, is there any way to force a password lock on the device? Maybe deploy the ROM in some sort of initial setup mode (similar to Microsoft's OOBE for windows), where they are prompted to create there phone password and enter various other credentials to setup the email syncing with the native email client?
For requirement 5 & 6, well these are just pipe dreams. If they could be done, and not require a UI to manage them, then it would be great. However, I figure this would be not so easy to do.
The reason why this all has to be built in and configured, is because the user cannot be given the option to disable these features with a simple UI. Also, the phones can not receive carrier specific OTA updates, that would wipe this system configurations. The update server has to be possible, as all the carriers currently host there own. There has to be a way to build my own and deploy my ROM as an official release to the device without having to have a custom recovery or root.
Any insight into any of this would be great. For the most part I am looking for the built in network access features that I discussed above and insight on how to accomplish this if at all possible. Everything else could just be whatever input you are willing to provide. I realize this is a big project, but the result will be a phenomenal step in securing and expanding company resources. I realize there may be enterprise solutions out there that will already accomplish most of this, but I am looking to stay away from those options.
mkruluts said:
Also, the phones can not receive carrier specific OTA updates, that would wipe this system configurations. The update server has to be possible, as all the carriers currently host there own.
Click to expand...
Click to collapse
Hello mkruluts,
where did you get that the carriers host their own servers?
I would seriously be interested.
Optimally, do you have a link?
I read on this forum that even the branded updates come from a manufacturer's server:
http://forum.xda-developers.com/showpost.php?p=43915102&postcount=574
"HTC gets the go ahead to push it OTA from their servers"
http://forum.xda-developers.com/showpost.php?p=8525999&postcount=141
"The vendor's servers are tied to the carrier network."
--Droiderino

Overwriting existing apps, a high level business dilemma

Hi guys, not sure if this is the right place to do this but i've got a question i hope i can get clarified here with you experts
I am a PM that is in charge of a managing the delivery and development of a business's mobile application. Recently the company is looking to get rid of the incumbent developer due to unprofessional-ism and exorbitant fees. The other technology partner i am directly engaging with is a newly appointed development house and is tasked to clone the app and add additional features the incumbent refuses to add on.
Come launch date, the business requires the new app to replace the old app. To the existing customer base, the goal is to ensure that the transition is as seamless as possible. They are hoping that when existing users open the app, they will be prompted to install an update where the old one is then replaced with the old one. As such, is it possible for the new technology partners to this? What are the necessary steps required? I am trying to ensure that all necessary precautions and dependencies are covered to ensure any potential backlash / fallout. Is it as simple as obtaining the app certificate and ensuring the apk is named exactly the same? Any advice would be helpful.
The worst case scenario here would be to get the users to reinstall the app entirely or treat it as a completely separate app. :crying:
You need the signature keys of your first developer to sign the new APK which needs to have the same package name. And access to the dev console. Then you can upload the new app which will be treated as every other update by Google Play. Without changing the first app you won't be able to force the users to update AFAIK.
Fellhuhn said:
You need the signature keys of your first developer to sign the new APK which needs to have the same package name. And access to the dev console. Then you can upload the new app which will be treated as every other update by Google Play. Without changing the first app you won't be able to force the users to update AFAIK.
Click to expand...
Click to collapse
Hi thanks for the reply. Much appreciated! Would this be similar for iOS as well?
Relating to the last statement. What do you mean by "without changing the first app.."
androFRUST said:
Hi thanks for the reply. Much appreciated! Would this be similar for iOS as well?
Click to expand...
Click to collapse
I don't have enough experience with iOS to comment on that.
Relating to the last statement. What do you mean by "without changing the first app.."
Click to expand...
Click to collapse
While you can upload a new version of the same app the users would still have to manually (or automatically if their device is configured that way) download it. Google released a "forced update" API a while ago. If that is included in your old app that might help. Otherwise you would have to add it manually which would require access to the source code. But then the users would have to manually update too so it would be quite useless.
So one way to force them to update is to disable all APIs the app might use but that might alienate the users as they have no clue why it stopped working. So as long as you have no notification system that is working right now you have to depend on your users updating.

Categories

Resources