Security of Samsung Secure folder - Android Q&A, Help & Troubleshooting

Hello,
I've a question about security of Samsung Secure Folder in Android 11 - stock software, phone is not rooted.
I always thought that the Secure Folder is a container that is totally isolated from the rest of the system, until I found out that installing an app within secure folder (in this case Kasperky Internet Security) gives the app the following permissions:
1. Kaspersky app can automatically start with the system. After restarting the phone without entering Secure Folder password, somehow Kaspersky manages to autostart itself even though the Secure Folder wasn't unlocked after starting the system. I can see it as the app is displaying its banners. How is it able to start automatically with the secure folder being locked?
2. The Kaspersky app that should run only within secure folder is able to scan system-wide settings outside of secure folder. The app has a feature called weak settings scan and it's somehow able to detect a lot of system-wide settings - like password visibility, developer options being enabled etc.It's also able to read the main, non-secure folder Google account used for the phone. How does it do this?
The above permissions given to the apparently secure folder-installed app indicates that there's a very limited isolation provided by Secure Folder.
Could you please clarify how the app is able to do the above things?
Is secure folder really secure? Would installing a malicious app in SF limit the infection to SF only?
Thanks,
Jonah

Related

[Q] Which Is the Best Security App: ES Security Manager or Perfect Applock?

I have a Dell Streak 5 and would like to know which of these two security apps are the best or provide the best options:
ES Security Manager
Perfect AppLock
Also, is there a security app that will let me put a password at a folder level? Say if I have a My Docs folder on my SDCard and i set a sub folder to move some docs and dont want anyone having access to that folder . IS there a security app that goes to this level of password protection?

[Q] Security question - network access / streamhunter.tv

I accidentally installed what I think is malware from this site - streamhunter.tv (BE CAREFUL!)
I did a scan (using lookout) of the apk that automatically downloads when you visit that site but there doesn't appear to be obvious damaging characteristics to the file.
Now, that apk file requested full internet access. I suppose the question is - can an application that only has internet access also read your files etc on your phone? Should I change all my passwords just in case?
Thanks

Enable system certificate on Android

Dear all,
I'm searching for some help regarding system certificates on Android.
First of all, a little bit of context : I'm in charge of the migration of mobile devices from one Airwatch server to another. All devices are managed by MDM (Airwatch MDM Agent) that allows deployment of configuration profiles and apps. One of those profiles is called "CertAuth" and pushes some certificates that are needed to access internal ressources.
A few months ago, we have discoverd that one of the system certificates (Thawte Primary Root G3) was missing on some devices, mainly old versions of Android.
So we decided to push this certificate through the "CertAuth" profile.
Now the problem whith that method is that once the devices are unenrolled from the first server, profile "CertAuth", all corporate content and apps are removed (normal behavior). As Thawte Primary Root G3 certificate is part of the system certificates, it cannot be removed. So it is simply disabled.
This certificate is needed to access the target server, so once devices try to enroll, they receive some error message "cannot connect to host". Connection is simply refused due to the disabled Thawte G3.
Of course it can be manually enabled, but as you all may know, basic users are not always able to find the correct option in the device settings...
So (finally) my question is : is there any way to remotely enable this system certificate (little swich OFF/ON) in order to void manual action on more than 5000 devices?
By using a script or something that would be deployed on devices as third-party content/not removable content?

Hybrid Device running Android 6.0 Security Question

This device is a network radio/smartphone built in to a UHF transceiver. My question only pertains to the Android aspect of the device.
Here's the issue: I updated the Sophos AV app to the newest version today via the Play store. The app is now called 'Intercept X' and it boasts a revamped interface. After updating, I ran a scan of the device's file system and the results identified the presence of 1 threat. The previous version of the app always rendered clean scan results. The threat identified was shown to be contained in a system app called com.example.gui.myapplication but it gave no file system location and provided no options to remove it. I thus installed Malwarebytes for Android and ran a system scan. Malwarebytes also hit on the threat and pointed to the following file: /system/priv-app/remotekill/remotekill.apk
When I tapped on the 'Remove' option in Malwarebytes, it generated a dialog that instructed me to disable the file and displayed a statement that the file would be ignored during subsequent scans. I disabled the file as instructed. The next MB scan reported clean results. Btw, the original MB scan log result entry (containing the hit) shows "Threats removed: 0 of 1" in red font.
This device is not rooted. As such, I'm not sure that I can remove the file. And I'm not even sure that doing so is necessary or would be advisable. MB shows it as a trojan called Android/Trojan.Agent.nr but I can't seem to find much about how to deal with it. I'm wondering whether this is a false positive? Is that at all possible even with the hits from both MB and Sophos Intercept X? Could the remotekill.apk be a legitimate Google remote kill file? Is leaving the file disabled an acceptable practice? Those are some of my questions.
If anyone has thoughts on this please let me know.
Thanks

stop all logging or net logging

I have a Samsung A10, IMEI has been patched, and due to a bug in the OS (which I cannot do anything since I'm overseas on an army base without access to a computer) I noticed I run out of space every few hours and I got to reboot my phone, I dial *#9900# and delete dumpstate to recover space.
How can I stop my Android from logging logcat/dumpstate and most important network? Because if the phone stays in air plane mode it doesnt run out of space.
Any app i could install to disable network loggin?
In phone's SysDump menu set Debug Level is Disabled/LOW and Silent Log is turned Off
BTW: Whether LogCat service should run or not is defined in Android's system file named build.prop. Phone's Android must be rooted in order to edit this file.

Categories

Resources