Related
Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?
The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.
chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.
Any updates on this? I'm curious as to how to guard against ufed.
I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass
If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.
If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2
I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later
Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
phoenix79802 said:
Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
Click to expand...
Click to collapse
I do strongly advice you to do a full factory reset or go to the nearest technician if you don't know how to do it, to flash the phone from scratch inmediatly. Also try the best security app for android once you setup your device again. That's enough.
Enviado desde mi SM-G550T1 mediante Tapatalk
---------- Post added at 12:58 PM ---------- Previous post was at 12:52 PM ----------
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Enviado desde mi SM-G550T1 mediante Tapatalk
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
davidzam said:
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Click to expand...
Click to collapse
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure.
As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it.
For example
I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH
now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH
mix it up with some upper case and lower case (names)=1h4dwniH&Ilh
you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH]
now you have a random easy to remember password. This password is the basis for all the security on android (at the current time) so even if you use a code it still unlocks with this and encrypts.
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Thanks for clarifying that fact for me.
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Zep0th said:
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
Click to expand...
Click to collapse
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
phoenix79802 said:
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
Click to expand...
Click to collapse
If your knox is still working and not tripped then that would be a good idea. However understand that the way to get in and out of knox still relies on encryption methods see CVE-2016-1919 as well as the kernel level security CVE-2016-6584 see also https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html, this means that if the key or encryption method is faulty you can get around it and the kernel is more complicated but will also do the same thing. The last way is to access a shared resource such as a clipboard that has access to both places a example of this is CVE-2016-3996. And CVE-2018-9142. Granted most of these are 2017 and 2018 and a quick look at the samsung CVA at https://www.cvedetails.com/vulnerability-list/vendor_id-822/Samsung.html does not have anything for Oreo this can be since until recently only the 9s' had it. But their is a recurring theme that the CVAs' are repeated out of the last 5 4 are repeated and some are simple mistakes (look at Googles project zero above in KALSAR). The question is is this enough and the answer is probably but a security orientated Rom might be a better bet. (I know this is not fair since they do not have CVAs). But a full wipe and fresh install should be enough. Add in a firewall too if you did not have that already.
phoenix79802 said:
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Click to expand...
Click to collapse
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Zep0th said:
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Click to expand...
Click to collapse
Look this depends on your perspective
FACT: knox is a hardware based security system which is unique to Samsung
FACT: Samsung phones are the most sold
FACT: The maker of the hardware has the resources to secure it better
Therefore Samsung knox is more secure and yes more users using the phone make it more advantageous to crack it. However Samsung to their credit does try to increase security in other ways such as using the TrustZone more and SEAndroid policy strengthening. Lineage is a great choice however knox which will be tripped and ever if not it needs custom software to run AFAIK. Also samsung is DoD approved see DoD list and news article. This is not necessarily a good indication of overall security but it dos put things in a good perspective (DoD do not patch themselves rather rely on the developers and stay on top of things) Really high security Android OS such as copperhead also have such improvements as Knox (way better if you look carefully) but they are limited on what phones it will work on. Also Android 8 is a lot more secure but fact of the matter is the best party that can secure a Samsung phone is Samsung but I am not saying they do. I would recommend Stock Samsung but if you need a custom rom lineage is a good choice this is true also in terms of power (used to be snapdragon charging on a rooted phone is only up to 80% but I think there is a fix) but in versatility a custom rom always wins and power saver settings can be better than the original.
Hi everyone! This is my first post, but I have used the search tool already without success. I am just a user, not developer and quite noob regarding mobiles and security.
Situation
1. I've got hacked, total control (photos, emails, camera, contacts, whatsapp, screen etc) of my unrooted android phone (xiaomi redmi note 7).
It was a targetted attack, no manual app installed, no unsafe 3rd party apps allowed. Attackers only had my gmail account (linked to android) and telephone number. I know them personally, and they leaked personal information to people at work (who enjoy it between them but won't help me at all).
No high consumption of battery/data. Just leeching information, launching some apps eventually, and few interactions with the screen minimizing etc.
2. I Installed antimalware (e.g malwarebytes), antivirus (avg, esset etc). No positive results. I also installed "Noroot firewall" to control programs accessing internet, nothing strange.
3. I've changed emails(new), SIM + Telephone. Got hacked again. I suspect my own wifi was compromised.
Additionally, added 2 step verification to emails, changed passwords, encrypted the device etc. I have found no IP from them in the emails log, nor alert from gmail. Only once a session from Linux device (not mine). I believe they have accessed through the device.
4. I want to restore the device somehow and avoid getting hacked again.
One of the problems I face is taht that now I'm not in the same circle of people from which I gathered most of the info on the leaked information, so I can't get to know if the actions I am taking got rid of the hack, besides some punctual actions they may do (launch app etc). So I have to act quite paranoid and do the most secure action.
Question
1. Any idea on how they managed to do that? how can I prevent it or prove it? a reset would get rid of any proof, but I kinda prefer it if it is once and for all.
2. A hard reset only formats one partition (user data), so if there is a trojan located in /system it would be pointless. With an unrooted device I can only get rid of /cache and /data.
Should I install another ROM?(my phone has always been unrooted) which one? (restoring the stack ROM would probably be pointless if the vulnerability is due to android...
3. Is there any other measure I could take?
I'd appreciate any help.
Thank you!
I just switched from a pixel 3 XL to the v60.
I didn't need a work profile on my pixel. All my Gmail and drive apps worked with it.
Now that I have the v60, it forces me to make a work profile when I add my work email to drive or Gmail.
It makes it so I must use a screen lock. I just want to hit the power button to unlock. It blocks those options. In order to have 1 Gmail, 1 drive app, and disable screen lock, I have to delete the work profile, thus losing access to my work stuff.
Is there a way to have it like it was on my pixel? Just one app, and not be blocked from disabling screen lock?
TIA
As somebody on the IT team, I would wipe and blacklist your phone if I find out you're trying circumvent our security measures, and you wouldn't be the first. (When you log in to the portal, it tells us every single device that are out of compliance, so it doesn't even take serious effort to find out.) Then we would report what you did and how we responded to our c level exec.
But hey, that's just me protecting my company from security risks like you. You do you
jd254 said:
As somebody on the IT team, I would wipe and blacklist your phone if I find out you're trying circumvent our security measures, and you wouldn't be the first. (When you log in to the portal, it tells us every single device that are out of compliance, so it doesn't even take serious effort to find out.) Then we would report what you did and how we responded to our c level exec.
But hey, that's just me protecting my company from security risks like you. You do you
Click to expand...
Click to collapse
That's not how it works at all. IT admin has the ability to wipe the device if a separate work profile is not installed. A separate work profile prevents the user's personal data from being wiped.
OP- I'm the admin at my company, and I don't enforce a work profile for this reason, it's wonky and works like **** since inception. I came here hoping to see a workaround but it looks like that's a fail. This thing is getting traded as soon as T-Mobile gets a comparable replacement.
idefiler6 said:
OP- I'm the admin at my company, and I don't enforce a work profile for this reason, it's wonky and works like **** since inception. I came here hoping to see a workaround but it looks like that's a fail. This thing is getting traded as soon as T-Mobile gets a comparable replacement.
Click to expand...
Click to collapse
I was discussing this with someone on another forum the other day, and it sounds like this is tied to g-suite. I don't know all the ins and outs of it (I don't need a work profile for my job), but it sounds like companies can set up a bring your own device policy in g-suite for your company email address. When you log that email address on to your phone, Google detects it and forces you to set up the work profile. From my understanding, this is a Google issue/feature, not LG's doing. I wouldn't be surprised if you had the same problem on other phones when adding your corporate email address.
Mr_Mooncatt said:
I was discussing this with someone on another forum the other day, and it sounds like this is tied to g-suite. I don't know all the ins and outs of it (I don't need a work profile for my job), but it sounds like companies can set up a bring your own device policy in g-suite for your company email address. When you log that email address on to your phone, Google detects it and forces you to set up the work profile. From my understanding, this is a Google issue/feature, not LG's doing. I wouldn't be surprised if you had the same problem on other phones when adding your corporate email address.
Click to expand...
Click to collapse
Actually I have work profiles set for opt-in only. When I had this happen yesterday, I checked the admin panel of our gsuite account.
Funny thing is, I returned my v60 and reactivated my wiped OP8, and it now requires a work profile too.
This leads me to believe it's not enforced by gsuite, but by android in some recent update. I didn't need a work profile on this same phone yesterday, but had the account logged in since I had the phone so it must have grandfathered it in somehow until I factory reset it.
Kind of sucks that I can't combine calendar widgets and whatnot but I guess I'll deal with it since I have no choice....as the admin even lmao.
idefiler6 said:
Actually I have work profiles set for opt-in only. When I had this happen yesterday, I checked the admin panel of our gsuite account.
Funny thing is, I returned my v60 and reactivated my wiped OP8, and it now requires a work profile too.
This leads me to believe it's not enforced by gsuite, but by android in some recent update. I didn't need a work profile on this same phone yesterday, but had the account logged in since I had the phone so it must have grandfathered it in somehow until I factory reset it.
Kind of sucks that I can't combine calendar widgets and whatnot but I guess I'll deal with it since I have no choice....as the admin even lmao.
Click to expand...
Click to collapse
I can understand the frustration, but this sort of functionality makes sense to me. Keeping the work profile sandboxed protects corporate info.
Mr_Mooncatt said:
I can understand the frustration, but this sort of functionality makes sense to me. Keeping the work profile sandboxed protects corporate info.
Click to expand...
Click to collapse
Again, that's not the case. Device Policy protects corporate info. That's enforced with or without the work profile. The work profile protects personal info from being erased in the case of separation from the company.
I am having this exact problem with my new LG Velvet... my pixel 2XL and pixel 3a had no problem. I am also the company owner/admin/janitor/sales assistant.... switching profiles to check my six email accounts is a giant pain. Sooooo Aside from the, not helpful, justification for this supposed new " feature" does anyone have any suggestions?
I have asked my company about this. They have not set anything like this up. So, it's not on their side. I have no info that private. So it's automatic. Something on LGs side. Maybe this thread will get some attention. Hoping for a fix.
Mr_Mooncatt said:
I was discussing this with someone on another forum the other day, and it sounds like this is tied to g-suite. I don't know all the ins and outs of it (I don't need a work profile for my job), but it sounds like companies can set up a bring your own device policy in g-suite for your company email address. When you log that email address on to your phone, Google detects it and forces you to set up the work profile. From my understanding, this is a Google issue/feature, not LG's doing. I wouldn't be surprised if you had the same problem on other phones when adding your corporate email address.
Click to expand...
Click to collapse
I agree it's a Gsuite thing... I tried opt-in and then I completely disabled work profiles in my gsuite admin and waited the recommended 24 hours. I have also factory reset the phone AFTER said changes. I added my primary (personal) Gmail no issue but as soon as I added the gsuite one I'm back in the same "Google Play services requires account action" loop. when I click on that it wants to add a work profile.
God67 said:
I agree it's a Gsuite thing... I tried opt-in and then I completely disabled work profiles in my gsuite admin and waited the recommended 24 hours. I have also factory reset the phone AFTER said changes. I added my primary (personal) Gmail no issue but as soon as I added the gsuite one I'm back in the same "Google Play services requires account action" loop. when I click on that it wants to add a work profile.
Click to expand...
Click to collapse
I don't think it's g suite. Bc my pixel did not do this.
This work profiles thing is such a garbage solution to the problem. Google is shooting themselves in the Android foot by doing this. Seriously? BYOD means using multiple email apps and multiple calendar widgets and me buying an iPhone? Seems to be the simplest solution. Thanks.
any day google can increase the security more and more... i think even if you get it working this time, it might not last long. its a huge pain and now i just access work emails via mobile browsers and i believe Firefox beta can load office365 and gsuit apps or most of them.
Not sure 1) if this is the right place to ask or 2) where I am going wrong here.
Had my phone (poco F1) just fine using some variant of PE9. I like to have both my work and personal profiles 'merged' on the device so that I can select between them using the profile image top right in google apps. Also merging personal and private contact lists which I keep separated. I have a vague memory a long time back when setting up the phone or adding the work account there was a question similar to 'is this your device or supplied by your organisation' and when you said it was yours you could refuse a work profile ?? I should also point out I am the organisation admin and can change any organisation wide settings for the device policy etc for the work / org profile.
Due to some creeping odd issues I did a factory reset (to the PE9 IIRC ROM), and it demanded I encrypt the partition, did so, added my personal profile but adding the work profile demanded I again encrypt.. This also came with the annoying PIN on boot. I have since updated TWRP and did a full factory reset and think this encryption has gone but maybe worth mentioning it. This resulted in the outcome of a work profile and a personal profile and an inability to 'in app switch' them. This is the result I dont want !!
I have since done an update to PE10 Plus (same outcome) and a factory reset trying multiple ways (personal account first, corp account first) and none of them result in the setup I desire.
I dont know if this is a PE issue, an Android Q issue, a corporate device policy setting I need to change, or an on device setting. Whatever it is its annoying the hell out of me.
Why is it so hard to simply let me decide what account I want to use in which app ??