Related
Hi All,
I have my device SGS2 synchronized with our corporate network. Our corp uses Zenprise for MDM solution which has me running this ****ty app zenprise for employees always running on my device.
Also, when I configured the inbuilt email app - it asked me all sort of privileges and became an admin for my device.
now the question - when I rooted my device, somehow corporate admins knew about it and I got an email from them that it has been detected that I am running rooted device and I should remove the root or take it to the service station.
How do they find THIS out? Is it zenprice MDM that reports rooted device or is it Exchange Security policies???
Now this time - after a flash I did install the zenprise MDM but I have not configured email . I simply used Touchdown and now I dont have to use PIN on my device lock and I doubt how many exchange SPs are enforced anyways. But I really do not know if I should try rooting again.
So, is it the exchange or is it the MDM which detected if the device is rooted? Any ideas?
Check out the web page for Zenprice: http://www.zenprise.com/solutions/android-management
It says "Block jailbroken or rooted devices".
And,
"Maintain hardware inventory, including asset details; report on device statistics"
"Report on service details such as roaming, location, user inactivity, and expenses"
If you own the device, you should hit them up about monitoring this information about your private phone, if it's not in your corporate mobile usage policy.
awojtas said:
Check out the web page for Zenprice: http://www.zenprise.com/solutions/android-management
It says "Block jailbroken or rooted devices".
And,
"Maintain hardware inventory, including asset details; report on device statistics"
"Report on service details such as roaming, location, user inactivity, and expenses"
If you own the device, you should hit them up about monitoring this information about your private phone, if it's not in your corporate mobile usage policy.
Click to expand...
Click to collapse
I know this is an old post but I wanted to add to it.
I'm an MDM administrator and I run Zenprise for MDM. Yes it is the Zenprise agent that detects whether or not a device is rooted. While the device belongs to you, you are connecting it to company resources which requires certain levels of security. In this case they block rooted devices. They can also record your screen and more. By connecting your phone to your company resources you are agreeing to their security policy. Ignorance of the policy is your fault and not theirs.
Hope this helps those of you who hate Zenprise. Being on the other side of it, I love it.
Well, but Zenprise is not differentiating between rooted and unlocked AT ALL. Unless Im misunderstanding something, this is a huge flaw in their detection mechanism which then leads to a false vilification of Android phones. In my case, I purchased a Samsung SIII aka S3 GTi9300 World Phone, so I can travel abroad and use different SIMS, so it is unlocked but NOT ROOTED. I installed the Zenprise aka Citrix Connect for Samsung app, and when it tries to login it quickly fails and reports back that "Connection failed due to a security policy". The Zenprise admins say my device is rooted, and it is not, so they dismiss it and say that well it doesnt matter from a Zenprise perspective it sees unlocked and rooted phones the same. This is so backwards I dont even know where to start. Nevermind Zenprise seems to be Apple-centric (just about every device it manages is an Apple, Androids seem despised), but getting support to care or do something about this difference in phone status (unlocked vs. rooted) is like asking a brick wall to care.
What can be done about this, what is the right setting to get Zenprise to accept a legitimate phone, or how can it be tricked into doing so. Thanks.
There's an app module called XPrivacy for the Xposed Framework, it could possibly help you guys hide your rooted and unlocked status as it is designed to feed bogus information for different permissions like for example you can spoof your mac address, imei bla bla yada yada, a little talk and contribution to the dev will possibly get you any missing features too.
P. S We can also set our desired info too for most relevant permissions or allow any specific information, and I agree with one thing privacy is too underestimated now. Orbot app can be used for connecting your device to the Tor Network thereby hiding your Internet presence to the whole world, the only thing you're admin will see is you being connected to a single IP which is random and could be anybody or anything.
Sent from my GT-I9100 using xda app-developers app
---------- Post added at 12:51 AM ---------- Previous post was at 12:37 AM ----------
goinovr said:
I know this is an old post but I wanted to add to it.
I'm an MDM administrator and I run Zenprise for MDM. Yes it is the Zenprise agent that detects whether or not a device is rooted. While the device belongs to you, you are connecting it to company resources which requires certain levels of security. In this case they block rooted devices. They can also record your screen and more. By connecting your phone to your company resources you are agreeing to their security policy. Ignorance of the policy is your fault and not theirs.
Hope this helps those of you who hate Zenprise. Being on the other side of it, I love it.
Click to expand...
Click to collapse
First of all don't easily and directly specify the root of the problem when you guy's are trying to cause the problem if a little modding and changing the apk is too difficult there will always be workarounds to virtually hide everything, lol you guy's wouldn't even understand when a security issue rises.
Sent from my GT-I9100 using xda app-developers app
We do not allow discussions regarding spoofing IMEI on xda so a few posts have been deleted.
E.Cadro said:
We do not allow discussions regarding spoofing IMEI on xda so a few posts have been deleted.
Click to expand...
Click to collapse
Understood, thanks for pointing it out, but anybody who knows a little about Xposed Framework can modify, spoof or do anything related to code level modification.
Sent from my GT-I9100 using xda app-developers app
E.Cadro said:
We do not allow discussions regarding spoofing IMEI on xda so a few posts have been deleted.
Click to expand...
Click to collapse
Yes point taken. Sorry
They check SU binaries. There are serval ways to hide it. Check for hide root on Google play.
Yours,
Amiroslo
Not any more. The new version (Worx) see su even hiden...
Sysadmins & tech support guys know everything. No hiding anything from them (except maybe the lazy ones).
So I've tested around this a good bit. The latest Citrix Worx doesn't only check for su binary. Even when you use hide root on say SuperSu it doesn't work. Even a hide my root won't work. After days of testing and tinkering I found what it does look for. It looks for both su binary AND busybox. So what I did was delete the busybox and all the symlinks to it in xbin. Then used the hide root on SuperSu and it worked. So that seems to be the fix for now. Hope that helps anyone.
Dixit
dixit said:
So I've tested around this a good bit. The latest Citrix Worx doesn't only check for su binary. Even when you use hide root on say SuperSu it doesn't work. Even a hide my root won't work. After days of testing and tinkering I found what it does look for. It looks for both su binary AND busybox. So what I did was delete the busybox and all the symlinks to it in xbin. Then used the hide root on SuperSu and it worked. So that seems to be the fix for now. Hope that helps anyone.
Dixit
Click to expand...
Click to collapse
Do you mind elaborating on this a bit? My company is running the latest version of Citrix Xenmobile (worx) and I'd like to accomplish this so I can use it but also keep root obviously.
cowman4000 said:
Do you mind elaborating on this a bit? My company is running the latest version of Citrix Xenmobile (worx) and I'd like to accomplish this so I can use it but also keep root obviously.
Click to expand...
Click to collapse
I explained it fairly well. You have to delete Busybox, the app itself. Then using file explorer like tool like maybe root explorer you need to go to Xbin and remove all the symlinks that pointed to busybox that may have been left behind. Only delete the ones that pointed to busybox.
Sorry cant be of more help on this as I don't have this device anymore, I have a Note4 which I cannot root so I cant test this further.
Dixit
Love it when old threads like this pop up. These were the good time's on Xda....shame pretty much all my Post's was removed lol.
Good time's... Great people.
Hi guys, not sure if this is the right place to do this but i've got a question i hope i can get clarified here with you experts
I am a PM that is in charge of a managing the delivery and development of a business's mobile application. Recently the company is looking to get rid of the incumbent developer due to unprofessional-ism and exorbitant fees. The other technology partner i am directly engaging with is a newly appointed development house and is tasked to clone the app and add additional features the incumbent refuses to add on.
Come launch date, the business requires the new app to replace the old app. To the existing customer base, the goal is to ensure that the transition is as seamless as possible. They are hoping that when existing users open the app, they will be prompted to install an update where the old one is then replaced with the old one. As such, is it possible for the new technology partners to this? What are the necessary steps required? I am trying to ensure that all necessary precautions and dependencies are covered to ensure any potential backlash / fallout. Is it as simple as obtaining the app certificate and ensuring the apk is named exactly the same? Any advice would be helpful.
The worst case scenario here would be to get the users to reinstall the app entirely or treat it as a completely separate app. :crying:
You need the signature keys of your first developer to sign the new APK which needs to have the same package name. And access to the dev console. Then you can upload the new app which will be treated as every other update by Google Play. Without changing the first app you won't be able to force the users to update AFAIK.
Fellhuhn said:
You need the signature keys of your first developer to sign the new APK which needs to have the same package name. And access to the dev console. Then you can upload the new app which will be treated as every other update by Google Play. Without changing the first app you won't be able to force the users to update AFAIK.
Click to expand...
Click to collapse
Hi thanks for the reply. Much appreciated! Would this be similar for iOS as well?
Relating to the last statement. What do you mean by "without changing the first app.."
androFRUST said:
Hi thanks for the reply. Much appreciated! Would this be similar for iOS as well?
Click to expand...
Click to collapse
I don't have enough experience with iOS to comment on that.
Relating to the last statement. What do you mean by "without changing the first app.."
Click to expand...
Click to collapse
While you can upload a new version of the same app the users would still have to manually (or automatically if their device is configured that way) download it. Google released a "forced update" API a while ago. If that is included in your old app that might help. Otherwise you would have to add it manually which would require access to the source code. But then the users would have to manually update too so it would be quite useless.
So one way to force them to update is to disable all APIs the app might use but that might alienate the users as they have no clue why it stopped working. So as long as you have no notification system that is working right now you have to depend on your users updating.
Hi,
Just joined a new company that requires Company Portal to access Outlook email and other apps on my phone.
Evidently even if you manage to hide root from Company Portal, a major requirement is having an encrypted device with Company Portal.
In order to get rooted 2 years ago, I ran Disable_Dm-Verity_ForceEncrypt during the TWRP setup process so my rooted V30 is not encrypted.
Is there any way to restore encryption now without losing my current stock rom settings and data and maintain root?
I see in LG Settings there is an option to Encrypt Phone and SD Card. Will this suffice so I can maintain root?
If not, is there a way to root and install a TWRP LG Pie Rom zip without disabling encryption via Disable_Dm-Verity_ForceEncrypt?
Or is it impossible to root and use Company Portal with the LG V30?
Thanks in advance!
Drew
drewcu said:
Hi,
Just joined a new company that requires Company Portal to access Outlook email and other apps on my phone.
Evidently even if you manage to hide root from Company Portal, a major requirement is having an encrypted device with Company Portal.
In order to get rooted 2 years ago, I ran Disable_Dm-Verity_ForceEncrypt during the TWRP setup process so my rooted V30 is not encrypted.
Is there any way to restore encryption now without losing my current stock rom settings and data and maintain root?
I see in LG Settings there is an option to Encrypt Phone and SD Card. Will this suffice so I can maintain root?
If not, is there a way to root and install a TWRP LG Pie Rom zip without disabling encryption via Disable_Dm-Verity_ForceEncrypt?
Or is it impossible to root and use Company Portal with the LG V30?
Thanks in advance!
Drew
Click to expand...
Click to collapse
My only solution to this problem was to always use webaccess for my Office365 account. They required the portal to use Outlook, and part of that requirement allowed them to wipe my phone whenever they wanted. It's my phone, so I guess I won't use their email on my phone.
Sounds like your company has yet another behind-the-times IT department (like mine). Although mine is also exceptionally incompetent. They left the IMAP server open and available to anyone, so I simply used that with my GMail account instead. It did require me to allow them admin access to the phone to wipe the device (though I think they can only wipe the email) but it worked. They finally got modern and are using 365 so now it doesn't need these extra things. You might want to see if you can wait until they wake up and/or see if there is a server you can connect to. I found mine because, due to their incompetence, they let iPhones use the native mail app via the IMAP server, but forced Android to use some garbage 3rd party software for it instead of GMail. In both cases, the IMAP server was easily seen and setup.
I also have a company phone, so I don't really care if they can wipe it. Again, if I was going to take data from them, I'd do it before I announced I was leaving like any reasonably-intelligent person... so wiping accomplishes nothing. But, again, these IT departments are really dumb and incompetent...
To answer your initial question, I don't know if there's a way to re-enable encryption... but I also don't think that this is something that they can detect anyway. I'm thinking it may be something else they're tripping over. You may consider installing Magisk, and then using it's HIDE feature to see if you can hide the typical "signs" of rooting/etc. It may be good enough to get you working. If it doesn't you simply remove Magisk again (or just stop using it)?
Thanks @ldeveraux and @schwinn8 for the replies!
I know we use Office 365 but I'll have to ask about web access to see if that is possible. It's my phone and supposedly it's "not required" that I install Company Portal/Outlook/Teams on my phone, but I would be the only one at the firm not doing that and I am a new hire so... kind of a bad look so soon. I am not really comfortable with them being able to wipe my phone either, but that wasn't mentioned to me... yet.
Also would have to ask about IMAP, but I doubt it. No company phones either which is fine.
Pretty sure it is the encryption (or lack thereof in my case) that is the issue. I already use Magisk v22 and Hide all signs of Company Portal and pass Safetynet. On another XDA thread where Company Portal is discussed, I followed the suggested steps to no avail:
1) Install Company Portal V5.0.5067.0
2) Magisk Hide ALL of Company Portal checkboxes
3) Reboot
4) Still pass SafetyNet
5) Launch Company Portal
While the app doesn't specify the encryption as to why it cannot get me to the login screen, that's the only conclusion I can reach at the moment.
Did either of you try or look into encryption built into the LG/Android Settings menu? I don't want to do that unless I know of someone with success with it, but am curious if that would allow root via Magisk Hide, encryption, and Company Portal.
Thanks!
Drew
No I stopped carrying when they wanted permission to wipe. If the company was paying for the phone, that's one thing. If I'm using my personal phone for company use, that doesn't fly.
I realize this doesn't answer your question at all, but it's food for thought!
ldeveraux said:
No I stopped carrying when they wanted permission to wipe. If the company was paying for the phone, that's one thing. If I'm using my personal phone for company use, that doesn't fly.
I realize this doesn't answer your question at all, but it's food for thought!
Click to expand...
Click to collapse
Carrying? Or did you mean caring?
drewcu said:
Carrying? Or did you mean caring?
Click to expand...
Click to collapse
Caring. I don't own a firearm.
ldeveraux said:
Caring. I don't own a firearm.
Click to expand...
Click to collapse
Lol got it. Just making sure I understood what you meant.
Assume you didn't look into the LG rom based encryption then?
drewcu said:
Lol got it. Just making sure I understood what you meant.
Assume you didn't look into the LG rom based encryption then?
Click to expand...
Click to collapse
No at that point I gave up
Hopefully you'll get some help here, because I'd still like to be able to actually use Outlook on my phone!
So, a quick search says that there are modules available and other things that need to be tried. One further thing is to hide root from various Google modules. I remember hearing that for some other apps... that you had to hide root from Google services. I also remember hearing that, in some cases, you have to clear data for apps after the hide, because they apparently save the rooted-status in their own data.
Basically, I doubt encryption is the issue... root is usually the problem and can be a bit tricky to hide properly. You just have to try things. I have never seen any app fail to work because encryption is not available... it's always a root-detection issue.
As for the IMAP thing, the point there is to use the settings you find elsewhere to access email. You're not asking IT for permission or info... you just need to find it. Most Microsoft-based IT places I have worked with have zero clue that this is open and offered, so once you find it it's just a matter of plugging in the right info.
As for the web-interface, again, my company (for example) doesn't tell us that we can use the Outlook app, but it works with no tricks whatsoever. Plug in your company account info and it figures out how to connect.
FYI, the module I mentioned above is referenced here: https://forum.xda-developers.com/t/...ne-company-portal-hider-intune-hider.3780451/ - no idea if this is necessary or even the latest version...
schwinn8 said:
So, a quick search says that there are modules available and other things that need to be tried. One further thing is to hide root from various Google modules. I remember hearing that for some other apps... that you had to hide root from Google services. I also remember hearing that, in some cases, you have to clear data for apps after the hide, because they apparently save the rooted-status in their own data.
Basically, I doubt encryption is the issue... root is usually the problem and can be a bit tricky to hide properly. You just have to try things. I have never seen any app fail to work because encryption is not available... it's always a root-detection issue.
As for the IMAP thing, the point there is to use the settings you find elsewhere to access email. You're not asking IT for permission or info... you just need to find it. Most Microsoft-based IT places I have worked with have zero clue that this is open and offered, so once you find it it's just a matter of plugging in the right info.
As for the web-interface, again, my company (for example) doesn't tell us that we can use the Outlook app, but it works with no tricks whatsoever. Plug in your company account info and it figures out how to connect.
FYI, the module I mentioned above is referenced here: https://forum.xda-developers.com/t/...ne-company-portal-hider-intune-hider.3780451/ - no idea if this is necessary or even the latest version...
Click to expand...
Click to collapse
Thanks for the suggestions! I actually have tried different modules without success both for EdXposed (Security Bypass for Company Portal with CP version 5.0.3013.0 and Bypass Exchange Policies). The closest I got was with CP 5.0.3013.0 where I could enter my credentials but then wasn't able to agree to the Terms and Conditions which is a prerequisite and got denied. The module you linked is no longer needed if using Magisk v22 with Magisk Hide according to people in the thread.
Have also tried the Outlook app, Outlook web access, Gmail, IMAP, POP3 -- all smartly locked down tight for compliance reasons by our IT. Just says to enroll with Company Portal after entering credentials.
Pretty sure the Magisk Hide route would work with V5.0.5067.0 if my device was encrypted. Company Portal checks whether your device is encrypted supposedly, so either you have to actually be encrypted or find a way around that. I am willing to be encrypted if I can still be rooted...
Not sure where to go from here to get it working without an encrypted device... but thanks for the post.
As I recall, Xposed is not really working or functional these days. The module I linked to is a Magisk module. Did you follow those directions, because it sounds like you didn't.
It sounds like you don't want to believe me... that's fine. I believe the answers are out there and it's just a root issue. You probably just need to do more reading and searching. I'm going to give up since you don't seem to want to hear it from me, so good luck...
If you find a solution, do let people know on this thread so the matter can be closed/completed.
I remember the other reason I stopped trying to use the Company Portal. They need permission to wipe my phone, which obviously I'm not cool with. Whenever I disable the Company Portal, mail stops working. That's reason enough!
schwinn8 said:
As I recall, Xposed is not really working or functional these days. The module I linked to is a Magisk module. Did you follow those directions, because it sounds like you didn't.
It sounds like you don't want to believe me... that's fine. I believe the answers are out there and it's just a root issue. You probably just need to do more reading and searching. I'm going to give up since you don't seem to want to hear it from me, so good luck...
If you find a solution, do let people know on this thread so the matter can be closed/completed.
Click to expand...
Click to collapse
Yes I am aware that the module you linked is for Magisk. If you go to the OP, all the text is struck through because the module is no longer necessary as I stated previously.
[MODULE] Microsoft Intune Company Portal Hider (Intune Hider)
Introduction: Simple Module To Hide The Root From Microsoft Intune Company Portal. - After The Installation & 1st Reboot, It Hides The Rooting & Disables Itself [P.S. Disabling Itself For Some Versions] - Enabling This Module From Magisk Manager...
forum.xda-developers.com
kb8no said:
It is easy to be confused. The "module" from the OP was needed before but is now obsolete since Magisk has gained the necessary functionality alone without the "module". There is no "module" in Magisk. Now go back and read the past posts over 2 months. First you hide Magisk so it passes safety net. Then you go into superuser MagiskHide, go into the app (eg Portal) and check everything. You need to understand that they updated Portal so you need to downgrade it so Portal will work again. You need to understand to use latest Magisk and Magisk changed. Not surprising you are confused. Now perhaps you have figured out the basics and the details will make sense.
Click to expand...
Click to collapse
So I followed the steps on page 23 of that thread using Intune Company Portal V5.0.5067.0:
[MODULE] Microsoft Intune Company Portal Hider (Intune Hider)
Introduction: Simple Module To Hide The Root From Microsoft Intune Company Portal. - After The Installation & 1st Reboot, It Hides The Rooting & Disables Itself [P.S. Disabling Itself For Some Versions] - Enabling This Module From Magisk Manager...
forum.xda-developers.com
IlyaKol said:
Good call on the GitHub ticket.
For anyone reading, this is the process I followed:
1) Uninstall the existing Intune Company Portal
2) Reboot
3) Install the APK listed above or from another source (I used APK Pure). DO NOT LAUNCH INTUNE!
4) Before launching, go into Magisk and make sure to hide ALL of it as well as all of Outlook, OneNote, OneDrive, Teams, etc. (whatever uses your company credentails)
5) Launch InTune and set it up.
6) Disable auto-updates of the app as he stated in Google Play Store.
7) Profit.
Click to expand...
Click to collapse
The result is I am still stuck on the "Open the Intune App" screen... No other error messages related to rooting, but cannot even get to log in or download Outlook or Teams. Have tried downloading the Intune App from the Play Store and that tells me to open Company Portal... so going in circles... I'm told I need to only use Company Portal from our IT firm.
I went through the same Magisk module thread and found others talking about not having encryption, and they are in the same position as I am -- following the steps or using the Magisk module (before Magisk v22) and still not getting CP to work.
Thus I am 99.9% sure I cannot use CP because I don't have encryption. You don't have to believe me, but I have tried everything I can think of save for using LG's Encrypt Phone feature... Would do it if I got confirmation I could stay rooted, not lose my data/settings, and then use Company Portal.
But yes, I absolutely would post the solution here if I find it!
Thanks anyway.
I'm rooted and have long had corporate email (two different companies) on a paid app called "Nine". First company was Fortune 100 global media company, and 2nd (past 3 years) is smaller but still has aggressive IT policies. Neither paid for my phone. I specifically remember with the first having to agree they could wipe the phone if it was lost -- but I think due to me being rooted they wouldn't be able to.
Nine - Email & Calendar - Apps on Google Play
Nine is a full-fledged and intuitive email app which supports Exchange and IMAP
play.google.com
ChazzMatt said:
I'm rooted and have long had corporate email (two different companies) on a paid app called "Nine". First company was Fortune 100 global media company, and 2nd (past 3 years) is smaller but still has aggressive IT policies. Neither paid for my phone. I specifically remember with the first having to agree they could wipe the phone if it was lost -- but I think due to me being rooted they wouldn't be able to.
Nine - Email & Calendar - Apps on Google Play
Nine is a full-fledged and intuitive email app which supports Exchange and IMAP
play.google.com
Click to expand...
Click to collapse
Just tried Nine and it also tells me after entering my credentials that I need to use Company Portal (just like Outlook and Web Access).
Do these two companies you worked for use Intune Company Portal to manage policies?
drewcu said:
Just tried Nine and it also tells me after entering my credentials that I need to use Company Portal (just like Outlook and Web Access).
Do these two companies you worked for use Intune Company Portal to manage policies?
Click to expand...
Click to collapse
I just installed portal and outlook, added both as admin or whatever it's called, and have a fully functioning inbox. I don't know if I'll leave it like this for the reasons I mentioned, but it works. I have the latest twrp, latest magisk, and adguard installed. I have no clue if I'm encrypted or not, how would I check? But I was trying to use the older version of Portal and it kept looping, so I installed the latest from the play store and we're up and running.
@ChazzMatt do you really think they can't wipe if they so desire? How could we confirm that? I surely don't want to give them that ability considering if you disable their permissions it stops working completely.
ldeveraux said:
I just installed portal and outlook, added both as admin or whatever it's called, and have a fully functioning inbox. I don't know if I'll leave it like this for the reasons I mentioned, but it works. I have the latest twrp, latest magisk, and adguard installed. I have no clue if I'm encrypted or not, how would I check? But I was trying to use the older version of Portal and it kept looping, so I installed the latest from the play store and we're up and running.
@ChazzMatt do you really think they can't wipe if they so desire? How could we confirm that? I surely don't want to give them that ability considering if you disable their permissions it stops working completely.
Click to expand...
Click to collapse
For Nine I only needed the email server name.
For the previous Fortune 100 company I worked for, it was almost 4 years ago so I don't remember all the details but I remember granting them the privilege but I don't remember adding them as an admin.
ldeveraux said:
I just installed portal and outlook, added both as admin or whatever it's called, and have a fully functioning inbox. I don't know if I'll leave it like this for the reasons I mentioned, but it works. I have the latest twrp, latest magisk, and adguard installed. I have no clue if I'm encrypted or not, how would I check? But I was trying to use the older version of Portal and it kept looping, so I installed the latest from the play store and we're up and running.
@ChazzMatt do you really think they can't wipe if they so desire? How could we confirm that? I surely don't want to give them that ability considering if you disable their permissions it stops working completely.
Click to expand...
Click to collapse
Company Portal didn't used to work for you, correct? What changed? Can you please list your steps this time?
I think to check encryption you use Termux and enter 'getprop ro.crypto.state' -- mine says unencrypted.
One other question is what version of Twrp are you using? I'm using one from 2 years ago -- 3.2.3 and never wanted to bother with the Pie one 3.3 or whatever is latest... Might have something to do with it...
i recently bought a used device and when i tried to create a new jodel account, the app said i was perm banned. How come? Since i have root acces, i tried to change my device id / spoof my mc adress. But im still banned. So, how does jodel identify my device?
jodel: https://play.google.com/store/apps/details?id=com.tellm.android.app&hl=de&gl=US
thanks in advance
IMO you have to investigate app's source code to find it out.
dont know how. pls help
You use an APK de-compiler. Some online de-compilers exist but do only handle APKs < 50 MB hence not useable in your case.
More info here:
48 Best APK Decompilers 2023 (Ranked and Reviewed) - Edopedia
As a programmer, we frequently come across interesting apps and games on the Play Store. And we wish that there would be some magical software that can
www.edopedia.com
i dont know how to use that. i just need to know, how jodel identifiys my device.
whre does it say what data they use to identify my device
@anonuser14 Here you find a review of Jodel written in German. As you're obviously using Jodel, I assume you speak German otherwise please use a machine translator. I'm convinced you'll find the answers to your questions about the absolutely privacy related desaster application.
yes, im german. first thing i did was reading the privacy note from jodel and i even asked the support. all they said was, they use my devide id, which is obvisly not the whole truth. im not a developer or something, all i know is how to flash a rom & root a device. so, all i need is an expert looking into this case and helping me. ( I attached the anwers from jodel)
If you're rooted and using Xposed (in whatever version) I suggest to spoof your device ID with XPrivacy Lua by @M66B like I do.
[CLOSED][APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager [UNSUPPORTED]
XPrivacyLua Really simple to use privacy manager for Android 6.0 Marshmallow and later (successor of XPrivacy). Revoking Android permissions from apps often let apps crash or malfunction. XPrivacyLua solves this by feeding apps fake data...
forum.xda-developers.com
so what now?
A Jodel account is tied to Device ID of phone it 1st time was installed on. Hence you can't use Jodel on another phone.
Also Jodel doesn't allow you to create multiple accounts, as you tried to do.
like i said, i bought a used phone, i did not try to create multiple accounts, and most important, its not tied to the device id, at least not tied to just the device id. i tried reinstalling the app, used privicy lua, changed the phone id, but jodel still can identify my device.
how?
what if i pay 10$ for giving me a solution?
pls help
anonuser14 said:
what if i pay 10$ for giving me a solution?
Click to expand...
Click to collapse
In Germany, the legal minimum wage per hour is currently 9.60€ ( 11.35$ ).
jwoegerbauer said:
In Germany, the legal minimum wage per hour is currently 9.60€ ( 11.35$ ).
Click to expand...
Click to collapse
so, can u help me?
Could but don't want to because it requires to install some GBs of apps on PC what are only needed once.
just tell me how, and ill try.
until now, nobody seems to know, how jodel identifies a device
@anonuser14 As far as I remember, Mike Kuketz has briefly reviewed that app about two years ago. Here's a shortened quotation of his conclusion (German-English translation by https://www.deepl.com:
Yodel is a good example of how just starting an app is enough to get an impression of how privacy-friendly it is. My impression: miserable.
At least the information in the privacy policy is relatively transparent - privacy-sensitive users will therefore probably not use Yodel.
Click to expand...
Click to collapse
If interested consider to search the web for that post.
Oswald Boelcke said:
@anonuser14 As far as I remember, Mike Kuketz has briefly reviewed that app about two years ago. Here's a shortened quotation of his conclusion (German-English translation by https://www.deepl.com:
If interested consider to search the web for that post.
Click to expand...
Click to collapse
jodel had severel updates. 2yo article are not valide anymore.
how does jodel identify a device?
I decided to root ky Pixel 6 and found out that i couldn't get around the security from germans banking apps.
simple soloution. have magisk/zygisk installed and set the root mode to "user" in the settings of magisk manager.
then go to your settings and setup a second user (wont have root) install your banking apps and enjoy the ability to use them with an rooted device
edit: this method was tested for Sparkasse app's
• S-Push Tan
• Mobiles Bezahlen
IndubidablyStoned said:
I decided to root ky Pixel 6 and found out that i couldn't get around the security from germans banking apps.
simple soloution. have magisk/zygisk installed and set the root mode to "user" in the settings of magisk manager.
then go to your settings and setup a second user (wont have root) install your banking apps and enjoy the ability to use them with an rooted device
Click to expand...
Click to collapse
I'm not being critical of your choices but why would anyone chance having a banking institution or any financial app including
GPay on a rooted device? Isn't there a much greater chance of being compromised by an app or inadvertent web link? And if the banking institution sees that a bogus user was created what are the chances of recovering funds obtained through fraudulent activity? I understand why people want to root don't get me wrong, but money transfers and transactions on that device seem a little reckless to me. But I could be wrong, just curious of the thinking here.
i Understand, but if you want to have an custom DAC like Viper4Android you kinda need root. my intention isnt to do fraudulent activity, as i mentioned in the Post you dont have Root access on that second user
IndubidablyStoned said:
i Understand, but if you want to have an custom DAC like Viper4Android you kinda need root. my intention isnt to do fraudulent activity, as i mentioned in the Post you dont have Root access on that second user
Click to expand...
Click to collapse
You misunderstood my concern wrt banking activity. I didn't suggest that you were doing anything fraudulent but if you were the victim of fraudulent activity would the bank still cover you with a bogus account you created? I don't know if what you did was entirely proper or not but that was not the issue I thought you might be concerned about.
As I said, I completely understand your desire to root be it V4A or DAC or even ad blocking. I just wonder the benefit vs the exposure if you are using banking apps. Without financial transactions occurring on the phone I doubt there is much to worry about other than what we are all concerned about root or not.
bobby janow said:
I'm not being critical of your choices but why would anyone chance having a banking institution or any financial app including
GPay on a rooted device? Isn't there a much greater chance of being compromised by an app or inadvertent web link? And if the banking institution sees that a bogus user was created what are the chances of recovering funds obtained through fraudulent activity? I understand why people want to root don't get me wrong, but money transfers and transactions on that device seem a little reckless to me. But I could be wrong, just curious of the thinking here.
Click to expand...
Click to collapse
Considering DirtyPipe exists and has not been patched yet (plus how long it already took to even acknowledge the problem in the first place), rooting is the least of our worries when it comes to monetary transactions/banking and android.
Bear in mind that DirtyPipe is only one elevation exploit that we've heard about. And for every disclosed vulnerability there are dozens of others that nobody's aware of. The market for rooted android users is very small compared to the overall android phone-user market. Creating exploits specifically targeting rooted phones would be a waste of time and effort compared to working on privilege escalation on non-rooted devices; from a hacker's perspective you want to hit the largest volume of targets in cases like these.
I've been rooting my phones for 10 years now, and my usage of banking/fintech apps on my devices has increased consistently. Applying common sense opsec/infosec practices can negate a large percentage of the perceived risk that root access exposes you to.
On the other hand, if someone wants to target you specifically, as an individual, you're screwed, root or no root, unless you're aware of the risks that come with technology and the pitfalls of android (iOS can be perceived as more secure but when it comes to individual targeting/attacks, there are expensive tools made by some of the world's top intelligence organizations that can wreck havoc on iOS as well)
TL;DR you're never truly safe, root or no root.
Unfortunately that doesn't worked for me
I tested the following apps:
SecureGo
VR SecureGo
Mobiles bezahlen
Every App doesn't launch. Sparkasse is quitting instantly and SecureGo Apps are stuck with their logo.
On the rootet user I get the Browser-warning (of SecureGo) that my device doesn't meet the security requierements. So far so good, but on the non-rooted uses i would have expect that they're working.
Any Idea? I'm on April Build.
i dont know currently, i dont have root anymore since i had to update to the April Update. i'll update if there is something that can be done
Maybe you could confirm that these Apps launch on April build without root? That could help to research the problem a bit. Thanks!
hanni2301 said:
...but on the non-rooted uses i would have expect that they're working.
Any Idea? I'm on April Build.
Click to expand...
Click to collapse
Maybe these apps are not supporting fully Android 12?
I have an app which, until recently, was freezing when the location was enabled. To be exact, when "Use precise location" was enabled. Only location access the app was not freezing, but couldn't get the coordinates.
Maye this is a similar situation here.
Cheers
Tom
hanni2301 said:
Unfortunately that doesn't worked for me
I tested the following apps:
SecureGo
VR SecureGo
Mobiles bezahlen
Every App doesn't launch. Sparkasse is quitting instantly and SecureGo Apps are stuck with their logo.
On the rootet user I get the Browser-warning (of SecureGo) that my device doesn't meet the security requierements. So far so good, but on the non-rooted uses i would have expect that they're working.
Any Idea? I'm on April Build.
Click to expand...
Click to collapse
I managed to get the VR Secure Go app working by doing the steps in the op plus using ice box and freezing magisk and the bank apps. I'm on April, too and I'm using radioactive kernel. Rooted stock kernel works as well on my device, but I had issues with the bank apps on some other kernels.
So to confirm, you need to freeze magisk on the rooted user and you're able to use the bank apps on the second (non rooted) user?
On which user you would freeze the bank apps? I doesn't have them installed on the rooted user.
Thanks in advance that you can definitely confirm its not the fault of April built.
hanni2301 said:
So to confirm, you need to freeze magisk on the rooted user and you're able to use the bank apps on the second (non rooted) user?
On which user you would freeze the bank apps? I doesn't have them installed on the rooted user.
Thanks in advance that you can definitely confirm its not the fault of April built.
Click to expand...
Click to collapse
I only have one user (the rooted user). I've done the following steps:
1. Configure magisk: activate Zygisk and setup deny list for the banking apps
2. Hide magisk app
3. Freeze magisk and banking apps with Ice Box
ok, that is the normal way which is different to the approach the thread starter has chosen.
I use deny list plus hide my applist and works fine with Sparkasse, s-push and mobil bezahlen no need to freeze or use a second user profile
How do you do that, hide applist?
You can bypass it by
Download App Named Shelter from Play store.
The App will create work profile and you can bypass any bank or app you facing issue with it.
When completed create work profile you can clone Bank App and use if.
As Information, It works out of the Box with Magisk denylist,
You only need to Install Ice Box and hide Magisk Manager, even if it is using a random name, "Mobiles Bezahlen" would detect it.
Magisk + Ice Box is sufficient on latest Miui 13 as well!
Regards!
Not sure but I think island could help not sure though as I'm not rooted the app is made by greenify
Only as info, these 2 Apps, Postbank Finanzassistent and Postbank BestSign working by default on a rooted device.
I like Postbank