Related
These look like they would be fun to have:
http://www.htc.com/www/accessories/htc-fetch/
If they start approaching US$25, I'll probably grab one.
ive got one. its a nifty little gadget.
marctronixx said:
ive got one. its a nifty little gadget.
Click to expand...
Click to collapse
Mine arrived from Best Buy today. Does anyone know if there's a way to keep the proximity functionality without having the notification always show in the notification bar? I went to app settings, and it's not allowing me to disable it.
in the stock config, the icon is there when activated, just like the nfc icon.
marctronixx said:
ive got one. its a nifty little gadget.
Click to expand...
Click to collapse
marctronixx, I think I recognize you from a few previous phone forums. :good:
This device sounds like it wold be an ideal 'Trusted Device' along the lines of the Moto-X implementation where the phone lowers its security barriers when paired with a specific Bluetooth device. I've even suggested as much to HTC.
I'm wondering... Have you tried it with any of the myriad of tasker-like apps out there to try to replicate the feature?
hey!
ive only used it as directed, but if you pose a scenario i can experiment with, perhaps i can help you answer your question?
@marctronixx
Big apologies for long delay.
Here is a scenario... There is an app called Pebble Locker that although designed for a Pebble watch, allows any BT device to act as a trusted connection and automatically disables PIN lock. If no Pebble or other trusted device is conected, PIN lock returns. (Unfortunately it doesn't work with pattern lock or fingerprint scan). The idea is that if you have a separate device near the phone, it lowers the barrier. If you leave the device, the barrier rises again. I'm hoping the Fetch would work for that as it would almost always be in my pocket or nearby.
Of course, it would be better if it was something built in to HTC devices. Some time ago I stumbled across their SDK and it seems to be pretty powerful but I'm not a programmer so...
-Separate note: I've seen some discussions that the KitKat update on the HTC One's breaks Fetch. Not too many confirmations, but no denials either.
Hello! I have 2 Fetchs. One for the One Max and One for the One m7. My Fetch works great with One m7 on Kitkat.
Cannot find the discussions... I´m curious
HelloBoy26 said:
Hello! I have 2 Fetchs. One for the One Max and One for the One m7. My Fetch works great with One m7 on Kitkat.
Cannot find the discussions... I´m curious
Click to expand...
Click to collapse
Glad to hear it. I found a couple of places where two or three people reported problems.
http://androidandme.com/2014/02/news/sprint-htc-one-android-4-4-2-update-available-for-manual-pull/
http://htcsource.com/2014/02/sprint-releases-htc-one-android-4-4-2-update/
Just search 'fetch' within the threads. I found them today by Googling 'HTC Fetch KitKat not working'
@Faxman, thank you. No Problems here. Fetch and Kitkat does the job. Pi pi pi pi pi pi pi pi
Looks like Best Buy US is starting to sell the Fetch for $29. Looks like I'll be owning one soon.
I got my Fetch from BestBuy (see above) and it works as advertised. Only 75% battery charge out of the box.
It indeed showed up as a Bluetooth device in Pebble Locker (see farther above) so I am able to set the phone to remain unlocked while in range of the Fetch and PIN lock if not.
Now, for all you actual developers out there, here's a link to the SDK for the Fetch. Let the fun begin.
I installed the Sprint OTA KitKat update yesterday and the fetch continues to work... sort of. I've found that if I turn the fetch off I have to go in and find it again and pair again.
I also noticed and downloaded the HTC Fetch app in the app store.
It has a nicer interface and apparently a couple of additional features (including the ability to connect to other BT 4 devices)
It apparently connects differently as you can run it without it being paired in regular BT settings and it doesn't retain the annoying Fetch icon in the notification area. BUT, since it no longer shows as a BT device, the Pebble Unlocker app that I use to simulate 'trusted device' doesn't see it and doesn't keep the phone unlocked.
I'm hoping there will be some interest in the developer community because I think there are some enhancements that can and should be made to either or both of the apps.
For one, I'd like to be able to disable change the tone or somehow further delay the alarms that go off when out of range. I do that far too often. However, when that feature is disabled, it also disconnects the BT connection and as above defeats the trusted device functionality mentioned above.
I mostly want to use it so my phone is secure if I'm not nearby and occasionally use the separation alarm feature if I am in a situation where one or the other might be left behind.
i have not noticed any issues with fetch after the sprint 4.x update. im stock non rooted.
thanks for the heads up on a fetch app. ill go smoke it over...
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Sent from my GT-I9301I using XDA Forums Pro.
mihai.apostu98 said:
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Sent from my GT-I9301I using XDA Forums Pro.
Click to expand...
Click to collapse
Heres some useful info:
http://www.cnet.com/news/researcher-finds-mother-of-all-android-vulnerabilities/
That's some info, but not really anything useful. Does this mean Google has a patch, will they be pushing that our or will there be ways to patch custom ROMs sooner even? These are all unanswered, though would be nice to know...
"As soon as the malicious text is received, features built into Stagefright to reduce lag time for viewing videos process the video to prepare it for viewing. That processing apparently is enough for bad guys to get their hooks into the platform and take control." - cnet
I see it like this:
1. MMS with video arrives
2. Messaging app loads the video in Stagefright where it will processed for better playback.
3. Video is ready for playing.
As I figure out from Google's Android site about Stagefright, it is a service that take care of video/audio/other media related stuff offline and local.
How can hackers connect with Stagefright if Stagefright is an offline service? And anyway how can an media service recive code to execute as an remote command execution for whole system?
Sorry but I just don't get it at all.
mihai.apostu98 said:
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Click to expand...
Click to collapse
Here's further info. Google has apparently already sent the patches, 7 in all, to the various phone manufacturers.
Because of fragmentation, though, some of them may never send out these fixes. Since these have assumedly been committed to the source code online, they should theoretically be available for download at some point as well. However, you'd (likely) need to be rooted to apply them.
In the meantime, go into your SMS application (usually Hangouts these days) and turn off automatic MMS retrieval. Then, do not accept any photos or videos from anyone you don't know. I am not sure, but I worry it's also possible you might get it from someone do know who is already infected, so just operate with an abundance of caution overall, I guess. And keep an eye out for news here, because it will probably be one of the first places they become available.
mihai.apostu98 said:
"As soon as the malicious text is received, features built into Stagefright to reduce lag time for viewing videos process the video to prepare it for viewing. That processing apparently is enough for bad guys to get their hooks into the platform and take control." - cnet
I see it like this:
1. MMS with video arrives
2. Messaging app loads the video in Stagefright where it will processed for better playback.
3. Video is ready for playing.
As I figure out from Google's Android site about Stagefright, it is a service that take care of video/audio/other media related stuff offline and local.
How can hackers connect with Stagefright if Stagefright is an offline service? And anyway how can an media service recive code to execute as an remote command execution for whole system?
Sorry but I just don't get it at all.
Click to expand...
Click to collapse
People connect with Stagefright by sending you the malicious code contained within the MMS. Once that code gets (usually automatically) processed by the Stagefright service already locally present, it exploits security vulnerabilities to hand control of your device over to whomever is waiting on the other end. As for a media service being able to control the whole system, think of how Flash (a media service) and Microsoft had those zero-day UaE bugs that would allow someone to take over your PC. The logistics may be different, but the concept is the same.
If I remember correctly, there are ways to turn stagefright on/off by editing your build.prop file (easily found on XDA). I don't know if there is another subservice or what that could be running, and I haven't devved since Android 4 dropped, so don't get your hopes up.
Hope that helps.
I gather that Google has a patch. Has it been pushed out to Nexus devices?
pomeroythomas said:
If I remember correctly, there are ways to turn stagefright on/off by editing your build.prop file (easily found on XDA). I don't know if there is another subservice or what that could be running, and I haven't devved since Android 4 dropped, so don't get your hopes up.
Click to expand...
Click to collapse
Excellent idea, +thanks. Et voilà, what appears to b-e in my KitKat:
media.stagefright.enable-player=false
media.stagefright.enable-meta=false
media.stagefright.enable-scan=false
media.stagefright.enable-http=false
media.stagefright.enable-rtsp=false
media.stagefright.enable-record=false
Now, this can break all kinds of things if you don't know what you're doing. Use a build.prop editor from the Play Store.
I don't know that they all need to be false to plug this hole. But those are the relevant lines.*
UPDATE [10 Aug 2015]: This doesn't affect what the Zimperium scanner says is vulnerable, which may indicate the edit won't protect you. It's unclear at this point.... read the latest posts in this thread for possible info. You can turn off auto-retrieve in MMS, but SF exists at other levels of the operating system. I suppose it couldn't hurt to do the build.prop, but don't rely on it.
voxluna said:
Excellent idea, +thanks. Et voilà:
media.stagefright.enable-player=false
media.stagefright.enable-meta=false
media.stagefright.enable-scan=false
media.stagefright.enable-http=false
media.stagefright.enable-rtsp=false
media.stagefright.enable-record=false
Now, this will probably break all kinds of things, and I don't know that they all need to be false to plug this hole. But those are the relevant lines.
Click to expand...
Click to collapse
Thanks for the thanks!
You probably won't break much of anything; 90% of today's phones are powerful enough that you don't REALLY need Stagefright handling the media unless you're playing very intensive games on your device. The most you'll likely experience is not-quite-as-good benchmarking numbers.
pomeroythomas said:
Thanks for the thanks!
You probably won't break much of anything; 90% of today's phones are powerful enough that you don't REALLY need Stagefright handling the media unless you're playing very intensive games on your device. The most you'll likely experience is not-quite-as-good benchmarking numbers.
Click to expand...
Click to collapse
I had honestly never heard of StageFright, and I've been using Android since the very first device came out. But if it's possible to run all the usual media, just with a performance penalty, I'm going to change it right now (I did, and this happened).
Also, I just read an article claiming that fragmentation is not so much of an issue these days, because Google Play Services is mandatory. I wonder if it can proactively change something like this, on its own?
voxluna said:
I had honestly never heard of StageFright, and I've been using Android since the very first device came out. But if it's possible to run all the usual media, just with a performance penalty, I'm going to change it right now.
Click to expand...
Click to collapse
The only reason I even know about Stagefright is because my very first, 550MHz, resistive touchscreen Kyocera Zio shipped with Stagefright disabled by default. Haha.
Also, I just read an article claiming that fragmentation is not so much of an issue these days, because Google Play Services is mandatory. I wonder if it can proactively change something like this, on its own?
Click to expand...
Click to collapse
I would assume it's possible (this is just an arbitrary code execution issue, I think), but having had that vulnerability built into pretty much every ROM for the last 5 years could be a problem in that I'm not 100% sure that Google Play Services has the access to shut down the Stagefright service (no root access, etc), so I'm pretty sure Google Play Services would be less of a fix than a piece of software that actively tries to mitigate the breach.
I could be wrong, though; I'm basically guessing as I haven't looked into the malicious code.
Xposed Android will no doubt have either a module for this or existing bugfix modules will be updated to include this vulnerability in the coming days, and due to the nature of Xposed modules taking over services the ROM is trying to run without actually messing with your ROM, I'm sure it'll be a universal fix.
Personally, I just shut off the Stagefright service using my build.prop and am patiently awaiting someone more skilled than I to create a fix.
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Morlok8k said:
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Click to expand...
Click to collapse
Here's hoping!
Morlok8k said:
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Click to expand...
Click to collapse
pomeroythomas said:
I'm not 100% sure that Google Play Services has the access to shut down the Stagefright service (no root access, etc), so I'm pretty sure Google Play Services would be less of a fix than a piece of software that actively tries to mitigate the breach.
Click to expand...
Click to collapse
Come to think of it, if this exploit allows any kind of root, I suppose it'd be possible for Services itself to use that hole, and therefore be able to patch StageFright. A weird workaround, but entirely possible. Something tells me they won't use it, though, as technically feasable as it may be. I'm really hoping for that Xposed fix, just like GravityBox can patch FakeID. Which, indeed, Services eventually mitigated (for the most part).
commits on android.googlesource.com
Has anyone tracked any commits in android.googlesource.com related to stagefright?
Is this really a viable fix for this? I copied it from another website
If you turn off the following settings in your messaging app/apps on your device:
Auto-retrieve MMS. Check to automatically retrieve multimedia messages that you receive. If auto-retrieve is unchecked in your Messenger MMS settings, you must touch Download to view the message.
Roaming auto-retrieve. Check to automatically retrieve multimedia messages while roaming.
Then when you receive the text with this exploit it will not download to your phone unless you hit the download button. So looks like this can be turned off without a patch but patches are needed cause not everyone is smart enough to turn these off.
iverson3-1 said:
Is this really a viable fix for this? I copied it from another website
Auto-retrieve MMS. Check to automatically retrieve multimedia messages that you receive. If auto-retrieve is unchecked in your Messenger MMS settings, you must touch Download to view the message.
Roaming auto-retrieve. Check to automatically retrieve multimedia messages while roaming.
Then when you receive the text with this exploit it will not download to your phone unless you hit the download button. So looks like this can be turned off without a patch but patches are needed cause not everyone is smart enough to turn these off.
Click to expand...
Click to collapse
That should be one way to disable the hack. It's unclear from what I've read if it only affects Hangouts, or all SMS clients. What I've done is disable any auto MMS retrieve in my own messaging app, which in my case is mySMS. I suppose it couldn't hurt to do it in Hangouts as well.
This should cover it, but I think you still run the risk of someone you know sending (probably without their knowledge) an infected video -- much like trojans that take over a PC, and use the internal contact list to send mail as though they were your friend, they could exploit your trust.
Patching the build.prop theoretically protects from this, which I've personally done, but it's not for the faint of heart. If you screw it up, you could render your phone a mess. I wish I knew more about app development, because I would write something that did all this stuff automagically.
voxluna said:
Patching the build.prop theoretically protects from this, which I've personally done, but it's not for the faint of heart. If you screw it up, you could render your phone a mess.
Click to expand...
Click to collapse
Aaaaaand that's what I just did. I'm in a boot loop after changing the build.prop file. This is going to be really fun with an encrypted data partition that holds the backup I just made.
Be warned.
UPDATE: I had to reflash the ROM, and the entire experience took about 2.5 hours because I couldn't get a KDZ to work. I decided that since it was going to be a full wipe, at least I would upgrade to Lollipop, but I'll have to set up the entire phone all over again. I suspect the problem was that I didn't pay attention to the permissions of that file when I edited and transferred it from another machine. Ugh. I just went back and put warnings on all my posts about the build.prop lines.... and it would be better to just wait for patches, IMO. This thread is progressing quickly now.
i tried tracking the fix on android source repo. but the only recent commit against libstagefright is on July 7th.
Fix global-buffer-overflow in voAWB_Copy.
Copy() in frameworks/av/media/libstagefright/codecs/amrwbenc/src/util.c always
overreads the buffer by 4 bytes to the right, which, if we are very unlucky,
can even hit an unmapped memory page (in this case it is just a global
variable).
Click to expand...
Click to collapse
Hi all,
in my case, as I plainly don't use the MMS feature, I simpl deleted the MMS apn. Is this a possible workaround for this problem (at least, until it gets fixed somehow)?
Hello Fellow Community Members
There are three things we should do :
1> Make a list of all annoying bugs .. there are many i can assure you about that.
2> Tweet the link to LG ..Like all of us should do that. LG is being elusive in responding to user requests and putting forth the information. They need to know customer / community power.
3> Also Tweet to them to confirm about Marshmallow update (As to when is it coming), what good is a premium priced Flagship device if it does not get all the updates for atleast 2-3 years and this one was released just now. Two screen implementation would be different for Cyanogen and other AOSP based ROMs to implement so we should push LG.
Here is their twitter handle @LGUSAMobile
You all can use this thread. Post your bugs and i will compile those in the next reserved post.
Regards
1> WiFI Roaming access issues.
2> Easily peeling off of back cover (Build quality problem)
No issues here..... V10 is great.
marked, let's see how it goes then...
Low res incoming photos!
I can't believe I haven't heard more complaints about this...am I doing something wrong?
All photos received through MMS are low resolution. Well below acceptable standards. Also downloading photos through websites are all low resolution.
I am on verizon. My Samsung S4 that I just traded in didn't have this issue.
Anyone else having this issue?
WhatheF said:
I can't believe I haven't heard more complaints about this...am I doing something wrong?
All photos received through MMS are low resolution. Well below acceptable standards. Also downloading photos through websites are all low resolution.
I am on verizon. My Samsung S4 that I just traded in didn't have this issue.
Anyone else having this issue?
Click to expand...
Click to collapse
The service provider handles the image compression for MMS.
Fingerprint scanner. Shouldn't have to wait for second screen to turn on to unlock device. (would be nice if option for just touching sensor to unlock and turn on device was available.)
Notification panel. Should be pull down once only shows notifications. Pull down again for quick settings.
All good so far can't complain other then I wish they don't wait to long for marshmallow update
knifedroid said:
Fingerprint scanner. Shouldn't have to wait for second screen to turn on to unlock device. (would be nice if option for just touching sensor to unlock and turn on device was available.)
Notification panel. Should be pull down once only shows notifications. Pull down again for quick settings.
Click to expand...
Click to collapse
+1
Sent from my Android LG V10
Bugs:
-Youtube video playback at 1440p freezes after ~1min of play while audio keeps going. If you skip to a later point in the video it will resume play then freeze again after ~1min of play all the while audio has no issues. We have multiple threads for it here.
-Cases killing fingerprint detection that affects certain variants of the V10 without the new patch.
-FM radio antenna activation.
Update wishes:
-Ability to customize the Vol shortcut keys to more than Capture+ and Camera.
-Ability to change the DPI settings so the UI isn't so huge.
-A system UI tuner like the one found in Marshmallow.
-More options for the second screen such as a dedicated notifications panel that has a ticker style display and also the ability to swipe off/clear notifications from the second screen.
It's a damn shame it's taken a full week for these people just to know what my issue is they respond 1 time a day at 11 a.m.........this has to be full blown blow up lg thing......not a sometime 1 person thing....they respond when they feel like it....they wanna swim with the big sharks like samsung and apple.....they need to be held accountable for half assin a product to the consumers as if its filet mignon, but really the motha****a is a skirt steak
Sent from my LG-H901 using XDA Free mobile app
I dont have a Twitter account but if some body may post this issue:
Verizon LG V10 VS990. Problem with Bluetooth connection( 2 V10 same issue ,after a week working like a charm a bluetooth connection lost and message on screen "Unfortunately Bluetooth stop working", LG respond to my email and told me to do a hard reset but it is not solve a problem.
Thank you
Oh, yeah. We desperately need the ability to set our own auto-dim thresholds.
Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
phoenix79802 said:
Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
Click to expand...
Click to collapse
I do strongly advice you to do a full factory reset or go to the nearest technician if you don't know how to do it, to flash the phone from scratch inmediatly. Also try the best security app for android once you setup your device again. That's enough.
Enviado desde mi SM-G550T1 mediante Tapatalk
---------- Post added at 12:58 PM ---------- Previous post was at 12:52 PM ----------
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Enviado desde mi SM-G550T1 mediante Tapatalk
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
davidzam said:
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Click to expand...
Click to collapse
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure.
As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it.
For example
I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH
now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH
mix it up with some upper case and lower case (names)=1h4dwniH&Ilh
you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH]
now you have a random easy to remember password. This password is the basis for all the security on android (at the current time) so even if you use a code it still unlocks with this and encrypts.
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Thanks for clarifying that fact for me.
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Zep0th said:
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
Click to expand...
Click to collapse
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
phoenix79802 said:
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
Click to expand...
Click to collapse
If your knox is still working and not tripped then that would be a good idea. However understand that the way to get in and out of knox still relies on encryption methods see CVE-2016-1919 as well as the kernel level security CVE-2016-6584 see also https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html, this means that if the key or encryption method is faulty you can get around it and the kernel is more complicated but will also do the same thing. The last way is to access a shared resource such as a clipboard that has access to both places a example of this is CVE-2016-3996. And CVE-2018-9142. Granted most of these are 2017 and 2018 and a quick look at the samsung CVA at https://www.cvedetails.com/vulnerability-list/vendor_id-822/Samsung.html does not have anything for Oreo this can be since until recently only the 9s' had it. But their is a recurring theme that the CVAs' are repeated out of the last 5 4 are repeated and some are simple mistakes (look at Googles project zero above in KALSAR). The question is is this enough and the answer is probably but a security orientated Rom might be a better bet. (I know this is not fair since they do not have CVAs). But a full wipe and fresh install should be enough. Add in a firewall too if you did not have that already.
phoenix79802 said:
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Click to expand...
Click to collapse
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Zep0th said:
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Click to expand...
Click to collapse
Look this depends on your perspective
FACT: knox is a hardware based security system which is unique to Samsung
FACT: Samsung phones are the most sold
FACT: The maker of the hardware has the resources to secure it better
Therefore Samsung knox is more secure and yes more users using the phone make it more advantageous to crack it. However Samsung to their credit does try to increase security in other ways such as using the TrustZone more and SEAndroid policy strengthening. Lineage is a great choice however knox which will be tripped and ever if not it needs custom software to run AFAIK. Also samsung is DoD approved see DoD list and news article. This is not necessarily a good indication of overall security but it dos put things in a good perspective (DoD do not patch themselves rather rely on the developers and stay on top of things) Really high security Android OS such as copperhead also have such improvements as Knox (way better if you look carefully) but they are limited on what phones it will work on. Also Android 8 is a lot more secure but fact of the matter is the best party that can secure a Samsung phone is Samsung but I am not saying they do. I would recommend Stock Samsung but if you need a custom rom lineage is a good choice this is true also in terms of power (used to be snapdragon charging on a rooted phone is only up to 80% but I think there is a fix) but in versatility a custom rom always wins and power saver settings can be better than the original.
Hi everyone, I'm a potential Mate20 Pro customer, but I need more information on the features:
1. Is it possible to temporarily disable the face unlock, similar to the iPhone X?
Here is how Apple implements mechanism to disable it: https://mic.com/articles/191653/heres-how-iphone-users-can-disable-face-id#.GFGUiwnJH
2. Is it possible to geolock Face Unlock, so it works in your own home, but is disabled in other places?
Thank you.
Anyone?
Not understanding why you'd do that. Probably just set screen lock delay in settings. I never had geolock
leo72793 said:
Not understanding why you'd do that. Probably just set screen lock delay in settings. I never had geolock
Click to expand...
Click to collapse
The reason is in the article I linked above: To protect yourself against anyone (such as a bad police officer) who might try to hold your phone up to your face to unlock without permission. Apple has a solution.
As for geolocks, some phones can already disable or downgrade their security when you are in a trusted zone. (My mom's old LG G4 from 2015 does this.) It would be nice to only allow face unlock in my own home or office.
oops double post
Bamboo-Toolkit said:
The reason is in the article I linked above: To protect yourself against anyone (such as a bad police officer) who might try to hold your phone up to your face to unlock without permission. Apple has a solution.
As for geolocks, some phones can already disable or downgrade their security when you are in a trusted zone. (My mom's old LG G4 from 2015 does this.) It would be nice to only allow face unlock in my own home or office.
Click to expand...
Click to collapse
well for the "geolock" id expect it to need location and or wifi access. which if off wont allow it to work. 2nd, what are you tryingh to hide from cops lol
Dunno about geo locking (that might need a 3rd party app) but there is an option to require the eyes to be open.
Might be useful for those people living in such Police states that may infringe on your civil and constitutional rights as you simply need to keep your eyes shut
Unless that is the LEO is carrying matchsticks
---------- Post added at 07:06 AM ---------- Previous post was at 06:09 AM ----------
Actually now that I've woken up, if someone is that paranoid they're worried about a LEO holding the phone to the face to unlock then maybe they should just disable face and fingerprint unlock all together and only use a PIN with a very short screen off time
With smart unlock you can tell the phone to unlock without code or anything at certain places (ie at Home). Outside of that place you would need your PIN or password (if you chose one of these options). At home you would have no security for unlocking but I think it's the closest thing to what you want (if you want to beef up your security for certain apps you can chose a pin or face unlock for every single app so nobody could use them even if they got hold of your phone at home).
Hope that helps
leo72793 said:
well for the "geolock" id expect it to need location and or wifi access. which if off wont allow it to work. 2nd, what are you tryingh to hide from cops lol
Click to expand...
Click to collapse
I'm just security-conscious.
Just because you're paranoid doesn't mean anyone is actually chasing you! :silly:
panman1964 said:
Might be useful for those people living in such Police states that may infringe on your civil and constitutional rights as you simply need to keep your eyes shut
[/COLOR]Actually now that I've woken up, if someone is that paranoid they're worried about a LEO holding the phone to the face to unlock then maybe they should just disable face and fingerprint unlock all together and only use a PIN with a very short screen off time
Click to expand...
Click to collapse
In China, the police can just arrest anyone and hold them forever until they give up their phone PW. That's police states for you!
Here in the Western world, PIN unlocks often have different legal protections than biometric unlocks, hence Apple's solution. But you do have a point about disabling Face / Fingerprint unlock.
AndiThebassman said:
With smart unlock you can tell the phone to unlock without code or anything at certain places (ie at Home). Outside of that place you would need your PIN or password (if you chose one of these options). At home you would have no security for unlocking but I think it's the closest thing to what you want (if you want to beef up your security for certain apps you can chose a pin or face unlock for every single app so nobody could use them even if they got hold of your phone at home).
Hope that helps
Click to expand...
Click to collapse
Thanks, this is helpful.
For Huawei go to secure lock settings and enable "Show lockdown button on power off screen", when you try to power off your phone there will be an extra option called lockdown when you select this your phone can only be unclocked by PIN (if you've set it)
Bamboo-Toolkit said:
I'm just security-conscious.
Just because you're paranoid doesn't mean anyone is actually chasing you! :silly:
In China, the police can just arrest anyone and hold them forever until they give up their phone PW. That's police states for you!
Here in the Western world, PIN unlocks often have different legal protections than biometric unlocks, hence Apple's solution. But you do have a point about disabling Face / Fingerprint unlock.
Thanks, this is helpful.
Click to expand...
Click to collapse
huawei offer privacy area in secuirty&privacy. use 2nd passoword enter privacy mode. told them your main password and hide your 2nd password. DO NOT BELIEVE IN MOVIES, YOU UNABLE TO RESIST TORTURE. this is right to protect yourself and your date. but in privacy mode use phone sim card 2. you keep sim card out.