Samsung Secure Folder = Sandbox? - Samsung Galaxy S21 Questions

I'm just wondering how secure Samsung's Secure Folder is if I use it as a Sandbox for those high-risk or untrustworthy app (like some from China).
I was told it's supposed to be a sandbox for it doesn't allow any access to the data outside the Secure Folder, but I'm not sure how permissions works in it (like access to GPS/ Phone Call or other hardware). I suppose they couldn't have any access to my phone call or GPS location if I'm not inside the Secure Folder (how about if it's in background)? But on the other hand, access to bluetooth or camera are inevitable when some apps might need it.
If those apps within secure folder can have access to my phone call then I would be much worried about those high-risk app monitoring phone conversation.
I might be wrong. Any insight or elaboration would be great

last i checked secure folder is where you can store notes....images....and apps(i guess)
you store them and only you have access to them through pin.
its not a sandbox bro....its just a secure folder

Related

[Q] is Camera 360 Ultimate safe?

seems to many permissons...
THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
HARDWARE CONTROLS
TAKE PICTURES AND VIDEOS
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.
YOUR LOCATION
COARSE (NETWORK-BASED) LOCATION
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
Hide
HARDWARE CONTROLS
CONTROL VIBRATOR
Allows the application to control the vibrator.
NETWORK COMMUNICATION
VIEW NETWORK STATE
Allows an application to view the state of all networks.
VIEW WI-FI STATE
Allows an application to view the information about the state of Wi-Fi.
ksoze11 said:
seems to many permissons...
THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
HARDWARE CONTROLS
TAKE PICTURES AND VIDEOS
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.
YOUR LOCATION
COARSE (NETWORK-BASED) LOCATION
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
Hide
HARDWARE CONTROLS
CONTROL VIBRATOR
Allows the application to control the vibrator.
NETWORK COMMUNICATION
VIEW NETWORK STATE
Allows an application to view the state of all networks.
VIEW WI-FI STATE
Allows an application to view the information about the state of Wi-Fi.
Click to expand...
Click to collapse
Yes it is safe, it needs the permissions for geotagging, letting you share pics online, save pics to sd card, keep phone awake while using app etc. Not sure about the log permission though, it might be to read and send them error reports.
Dave
Sent from my LG P920 using Tapatalk
Camera 360 privacy concern
I still suspect it... Why in the heavens would it need these 3:
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
I just ran it and it only tried using two things, one was gps and one was imei.
The location is for geotagging and I would think it uses imei to identify you have right to use it as it was a paid for app originally and this permission may have been left in.
I use lbe privacy guard and these permissions were all it tried using, blocked both with lbe and app still works so maybe you could try that if your concerned.
Dave
Sent from my LG P920 using Tapatalk
Thanks! I'll try both that privacy guard and the app.
does this blocking thing work with trektrak mobile security as well?

Permissions management noob trying to understand android permissions better

Hi I am trying to understand permissions management a bit better, primarily what all the different things you can block etc are. Some of the things such as Call logs, Calendar, SMS etc are self explanatory, but other things (what they are and implications of access to) such as:
Device ID
Subscriber ID
SIM serial
Phone and mailbox number
Incoming call number
Outgoing call number
Network location
List of accounts
Account auth tokens
SIM info
Network info
Is there an FAQ/Guide that explains these things in detail that someone could point me to?
Thanks,
-Gaiko
Make phone calls
Services that cost you money
This permission is of moderate to high importance. This could let an application call a 1-900 number and charge you money. However, this is not as common a way to cheat people in today's world as it used to be. Legitimate applications that use this include: Google Voice and Google Maps.
Another important point to note here is that any app can launch the phone screen and pre-fill a number for you. However, in order to make the call, you would need to press [Send] or [Call] yourself. The difference with this permission is that an app could make the entire process automatic and hidden.
Send SMS or MMS
Services that cost you money
This permission is of moderate to high importance. This could let an application send an SMS on your behalf, and much like the phone call permission, it could cost you money by sending SMS to for-pay numbers. Certain SMS numbers work much like 1-900 numbers and automatically charge your phone company money when you send them an SMS.
Modify/delete SD card contents
Storage
This permission is of high importance. This will allow applications to read, write, and delete anything stored on your phone's SD card. This includes pictures, videos, mp3s, documents and even data written to your SD card by other applications. However, there are many legitimate uses for this permission. Many people want their applications to store data on the SD card, and any application that stores information on the SD card will need this permission. You will have to use your own judgment and be cautious with this permission knowing it is very powerful but very, very commonly used by legitimate applications. Applications that typically need this permission include (but are not limited to) camera applications, audio/video applications, document applications
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT and you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
Read contact data, write contact data
Your personal information
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. Legitimate exceptions include typing or note taking applications, quick-dial type applications and possibly social networking apps. Some might require your contact information to help make suggestions to you as you type. Typical applications that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
Read calendar data, write calendar data
Your personal information
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access. Additionally, it's good to keep in mind that calendar events can, and often do contain contact information.
Read/write Browser history and bookmarks
Your personal information
This permission is of medium-high importance. Browsing habits are often tracked through regular computers, but with this permission you'd be giving access to more than just browsing habits. There are also legitimate uses for this permission such as apps that sync or backup your data, and possibly certain social apps.
Read logs / Read sensitive logs
Your personal information / Development Tools
This permission is of very high importance. This allows the application to read what any other applications have written as debugging/logging code. This can reveal some very sensitive information. There are almost no reasons an applications needs this permission. The only apps I might grant this permission to would be Google apps. The name of this permission recently changed as it came to light how important and dangerous this permission can be. Both the old name and category and the new name and category are listed above.
Read phone state and identity
Phone calls
This permission is of moderate to high importance. Unfortunately this permission seems to be a bit of a mixed bag. While it's perfectly normal for an application to want to know if you are on the phone or getting a call, this permission also gives an application access to 2 unique numbers that can identify your phone. The numbers are the IMEI, and IMSI. Many software developers legitimately use these numbers as a means of tracking piracy though. This permission also gives an application to the phone numbers for incoming and outgoing calls.
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT. And you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
(see image above)
Fine (GPS) location
Your location
While not a danger for stealing any of your personal information, this will allow an application to track where you are. Typical applications that might need this include (but are not limited to) restaurant directories, movie theater finders, and mapping applications. This can sometimes be used for location based services and advertising.
Coarse (network-based) location
Your location
This setting is almost identical to the above GPS location permission, except that it is slightly less precise when tracking your location. This can sometimes be used for location based services and advertising.
Create Bluetooth connection
Network Communication
Bluetooth (Wikipedia: Bluetooth) is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-Fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices. Typical applications that would need bluetooth access include: Sharing applications, file transfer apps, apps that connect to headset out wireless speakers.
Full internet access
Network Communication
This is probably the most important permission you will want to pay attention to. Many apps will request this but not all need it. For any malware to truly be effective it needs a means by which to transfer data off of your phone; this is one of the settings it would definitely have to ask for.
However, in this day and age of cloud computing and always-on internet connectivity, many, many legitimate applications also request this.
You will have to be very careful with this setting and use your judgment. It should always pique your interest to think about whether your application needs this permission. Typical applications that would use this include but are not limited to: web browsers, social networking applications, internet radio, cloud computing applications, weather widgets, and many, many more. This permission can also be used to serve Advertising, and to validate that your app is licensed. (Wikipedia article on DRM).
View network state / Wi-Fi state
Network communication
This permission is of low importance as it will only allow an application to tell if you are connected to the internet via 3G or Wi-Fi
Discover Known Accounts
Your accounts
This permission is of moderate-high importance. This allows the application to read what accounts you have and the usernames associated with them. It allows the app to interact with permission related to that account. An example would be an app that was restoring your contact, would discover your Google account then send you to Google's login screen. It doesn't actually get to see your password, but it gets to work with the account. This is also legitimately used by applications to add contacts to your accounts, such as dialer replacements and contact managers/backup/sync/etc.
Manage Accounts
Your accounts
This permission is of high importance. This allows the application to manage the accounts on your phone. For instance it would be used by a service like Facebook to add an account to your accounts list. It seems at this time unclear if this permission allows an app to delete accounts.
Use Credentials
Your accounts
This permission is of high importance. This will allow an application authorization to use your accounts. They do this typically by giving what's called an AuthToken depending on what account you use (Google/Facebook/Yahoo/Last.fm/Microsoft/etc.). It's not as scary as it sounds however, it does typically protect your password from being seen by the application. However, it's still a very important permission you should give only with great caution.
Read/modify Gmail
Your messages
This permission is of high importance. Few apps should need access to your Gmail or email account. Email is also a prime method for managing accounts with other companies and services. For example, someone with control over your email could request a new password from your bank. While this is the worst case scenario, and there are various legitimate uses for this permission, it's still best to treat all email related permissions with extreme care.
Install Packages
System tools
This permission is of critical importance. This allows an application to install other applications on your system. This can be exploited by virus writers to install adware and malware on your system without your knowledge. It is a very, very dangerous permission and should almost NEVER be granted to a typical app. The only legitimate uses for this permission are for Market-like apps such as the Amazon AppStore or the Android Market.
Prevent phone from sleeping
System tools
This is almost always harmless. Sometimes an application doesn't expect the user to interact with the phone directly, and therefore may need to keep the phone from going to sleep. Many applications will often request this permission. Typical applications that use this are: Video players, e-readers, alarm clock 'dock' views and many more.
Modify global system settings
System tools
This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android's main 'settings' window. However, a lot of these settings may be perfectly reasonable for an application to change. Typical applications that use this include: volume control widgets, notification widgets, settings widgets, Wi-Fi utilities, or GPS utilities. Most apps needing this permission will fall under the "widget" or "utility" categories/types.
Read sync settings
System tools
This permission is of low impact. It merely allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.
Restart other applications
System tools
This permission is of low to moderate impact. It will allow an application to tell Android to 'kill' the process of another application. However, any app that is killed will likely get restarted by the Android OS itself.
Retrieve running applications
System tools
This permission is of moderate impact. It will allow an application to find out what other applications are running on your phone. While not a danger in and of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets.
Control Vibrator
Hardware controls
This permission is of low importance. As it states, it lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
Take Pictures & Video
Hardware controls
This permission is of moderate importance. As it states, it lets an app control the camera function on your phone. In theory this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras.
wow, thats perfect thanx!

[Q] This application has access to the following

my phone is motorola backflip
Hello there AppMakr folks,
Just some feedback - it would appear that the application permissions that the beta app requests are so invasive that it is scaring a lot of my users away. I had at least 40 of my installs leave me with some very pointed emails accompanying them. Can we get the permissions toned down? Here's what my install asks users for:
Permissions
This application has access to the following:
Hardware controls
take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.
record audio
Allows application to access the audio record path.
change your audio settings
Allows application to modify global audio settings such as volume and routing.
Your location
coarse (network-based) location
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
fine (GPS) location
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
Your messages
receive SMS
Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.
Network communication
full Internet access
Allows an application to create network sockets.
Your personal information
read contact data
Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
write contact data
Allows an application to modify the contact (address) data stored on your device. Malicious applications can use this to erase or modify your contact data.
Phone calls
read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
Storage
modify/delete USB storage contents modify/delete SD card contents
Allows an application to write to the USB storage. Allows an application to write to the SD card.
Show all
Hardware controls
control vibrator
Allows the application to control the vibrator.
Your location
access extra location provider commands
Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Network communication
view network state
Allows an application to view the state of all networks.

How to locate phone

I'm looking for a way to locate phone if lost or stolen. I've used Cerberus for years with good luck, but my paid account has been mysteriously deleted? The key features would be:
1. Locate phone with gps and wifi triangulation
2. Take front and rear photos on command
3. Ability to hide app (root is OK)
I've done some searching, but most threads are very old. Thanks in advance.
Hey, my Cerberus account is gone as well and I've been looking for forum posts reviewing alternatives, but haven't found that many, so decided to mention the best ones I've found myself:
Prey Anti Theft - This app can track the location of your phone using GPS, Wi-Fi, and cell towers. You can also remotely take photos and lock your phone. Prey can be hidden from the app drawer and disguised as a system app to prevent it from being uninstalled.
Lost Android - This app allows you to remotely control your phone via text messages from another phone. You can locate your phone, take photos, lock your phone, and wipe your phone's data. Lost Android also has a stealth mode that hides the app icon and prevents uninstallation.
Avast Mobile Security - This app offers anti-theft protection, malware protection, and a VPN. You can track your phone's location, remotely lock it, and take photos and videos. Avast can also hide itself from the app drawer and disguised as a system app.
Lookout Security & Antivirus - This app provides anti-theft protection, malware protection, and identity theft protection. You can track your phone's location, remotely lock it, and take photos and videos. Lookout can also hide itself from the app drawer and disguised as a system app.
Most of these are paid though, but if someone needs a free alternative there are few options as well.

Need to lock Genymotion SaaS appliance to run only 1 app in restricted user by default and prevent install 3rd party apps and access to settings

I need to run an app in Genymotion that is used for data entry and upload of the entered data into 3rd party sites. The logins to 3rd party sites are stored in this application (probably encrypted). The application will store multiple logins for my different customers of who need to have the data uploaded into the 3rd party sites. The data into the app will then be entered by other people to whom I outsource the data entry.
So I created Genymotion appliance, installed the app and in this application I entered logins for sites such as ebay. I am looking for suggestions on what can I do to secure the appliance to prevent the data being copied out from it.
I want to prevent the person to whom I outsource data entry to be able to install and load 3rd party other apps, modify system settings, install other apps, copy the system directory, copy the login and password information saved by the application.
Let's assume the worst possible case here when application is well written but the passwords mentioned above (for the ecommerce sites like ebay) is saved in plain text in this application in the internal application directory. What I know about the application is it doesn't support access to SD Card, only can read and write data to the internal memory.
What can I do in Gennymotion to improve the security of my appliance. Genymotion virtual machines are rooted. So I looked at following suggestions:
1. Setup restricted user on Android
2. Set restriction for the restricted user to only be able to use the one application. Disable anything else (including disabled browser, email, youtube etc..)
3. Try to get the restricted user loading on boot of Android. When Android restarts, however, it doesn't allow choice to login into the restricted user or the admin user, sort of like a Windows or MacOS login menu. To get the appliance to always start with restricted user by default, I need to add a script and the scripted will need to start using Tasker or MacroDroid.
However, how do I prevent the user from installing 3rd party apps? Is it good enough to disable all user apps (except that one used for data entry) from the restricted user? Is there any other way the user could abuse the access to the virtual appliance and load something there? Are there any system android apps I need to disable for the restricted user to prevent the user to be able to do anything bad with it?
The application used for data entry can not download any application or data, however, I believe it does use the webview because it loads sites like ebay and fills the forms on those sites. It only interacts with select websites only like Ebay to enter data into Ebay forms..
Is there anything I can do to secure Genymotion appliance any other than what I already mentioned. I would like to send the link to the Genymotion SaaS Android to people who will do data entry for me into Ebay and other sites. So I need to make sure the virtual appliance is secured as much as possible from tinkering with it. I need to make sure somebody doesn't get hand on the stored login details.
Just to clarify for the login credentials:
I am not sure how the user credentials are stored and I will find it out, however, for now, I go from the worst case scenario when the credentials are stored in plain text in the app settings. The user name and password is stored in the application with exception for Ebay because the many other sites do not have API key or any webservices interface, so the application would access those sites simply via a webview, and when it goes to login there it will do that by filling in the login information on the login form (simulates keystrokes). The user name and password is entered into the login form for the site. That's why the login info is stored in the application itself.
This question is not about how to secure the specific application I will be using, but how to secure the actual whole Android appliance from tinkering with.
I am aware I will the risks here, just want to do as much due diligence as I can.
Sources for Genymotion restricted user..
How to set restricted user as default user on reboot?
We would like to have an already added restricted user account be the default when we restart our Samsung SM-T580 tablets. At current we have 2 accounts installed, Admin and User The User is a use...
android.stackexchange.com
Root access - Device image User Guide
docs.genymotion.com
Done some digging so this cannot be done. Neither Genymobile or Appetize or other online Android emulators can offer fine-tuning in terms of user access. The closest is Genymobile because at least allows adding and removing access of users to individual appliances. That is however not resolving the issue with Android and in particular rooted Android, since all online emulators run rooted Android and I am not sure how that is secured against potentially malicious actors who receive access link.
The only easy way to solve it, kind of in a mickey-mousy way is to install Kiosk mode application. That kiosk app will run at every boot and it only shows the specific application. There is always risk of course the malicious user would do something to crash the application and the Kiosk app, but if the application is not a web browser or email client or similar it should be relatively safe.
There are plenty of Kiosk mode apps for Android but none of them is free (don't try to look, no chance to find one), the cheapest cost about 7 USD one-time purchase, the more expensive ones cost 20 per month per device or more and come with remote control etc... Not cheap but kiosk mode apps are almost exlusively used by businesses so that's why there is lack of free apps.
Anyhow I believe this is the closest as I could get to deal with this.

Categories

Resources