Question Can't create work profile because policy prevents custom OS... - Samsung Galaxy Tab A7 Lite

I've rooted my t225 tab, thanks to @xbt{thread} and @starkprime74{thread}.
I created a work profile following this guide but I can't remove knox enrollment as insular restricts adb.
Is there a way to create and manage Insular / Island / Shelter work profile on custom os? Is security policy removable or modifiable?
For more reference I'm copying some texts from this thread...
Samsung Galaxy Tab A7 Lite was distributed by our state government for promoting technology in the state. (JUST ELECTION THINGS)
Anyways, the Tabs are coming with Samsung Knox security which cannot be uninstalled, disabled, debloated with adb. The Tabs also come with restrictions by software to change wallpaper of lockscreen / homescreen and probably many other restrictions. (tracking and other stuffs)
This thread is different from the one in this forum providing fix for similar problem. So I request mods not to close it...

Related

Secure personal and work spaces.

Hi,
I'm looking to get a secured space where I can launch some android apps with my personal data.
That a way I can separate personal data of work data.
I know samsung provide "knox" which is the best solution, but it's not working in others brand device.
Earlier, I had on my Nexus tab, the possibility to use an owner account and to swype to an "guess" account which can also a solution,
but it seems to not be available on recent release of android.
So anyone can give me some solution availabe ?
Cheers?
donete said:
Hi,
I'm looking to get a secured space where I can launch some android apps with my personal data.
That a way I can separate personal data of work data.
I know samsung provide "knox" which is the best solution, but it's not working in others brand device.
Earlier, I had on my Nexus tab, the possibility to use an owner account and to swype to an "guess" account which can also a solution,
but it seems to not be available on recent release of android.
So anyone can give me some solution availabe ?
Cheers?
Click to expand...
Click to collapse
Which version of Android are you using? I have android n stock and there is the user option if you go to the settings app, there you can find the guest option and other options as well.
Well, I didn't find it on android 6 on my Xperia M4 Aqua.
On my Samsung S6, there're android 7, after many research I dind't find it. This phone is a very good device with knox but after a falling ugrade
the knox count rise to 1, so knox saw that as a security issue and it can't still running on.
So are are you sure it's always remains on android 6 and 7 ?

XCover 4 - need to restrict users

Hi,
we need to do the following:
We have a fire department with medical emergency staff. Each Car (Fire, Rescue etc) needs a new phone. We used to have simple Caterpillar "ruggedized" phones but they dont fit our needs anymore for various reasons.
We now have some sample devices of the Samsung Xcover 4.
What we need to do is to restrict the phones for everyday use, which is not supported by Samsung by default.
We can NOT root the phones or install any custom ROMs for obviuos security reasons.
So we would need a software which allows to control the phone: We would like a state where nothing can be changed. The only thing which must work would be making phone calls (dialing and phonebook). We do not want any apps installed, we do not want wifi or mobile data or people changing ringtones, wallpapers etc (and they'll do)...
Is there a software for android which can provide such a limited profile?
Thanks a lot!

I would like a custom rom made focused on security

Hi all
I a searching for someone who is very experienced in making a secure custom rom for Android.
I have given some example links as a reference.
Create Custom ROM for Android —* which phones do you recommend ?
I have a recent Huawei. I would like to avoid spending many hundreds of euros on phones if possible
I would like a custom Secure firmware, that will be*
-*Protection from zero-days viruses
-*Hardened kernel
-*Stronger sandboxing and isolation for apps & services
-*Firewall & network hardening -**MAC Randomization
-*Security-centric user experience changes
-*Man in the middle doctor* —* Protection from SS7 attacks
-*IMSI catcher decor
-*Verifiable Source Code
-*Protection from silent sms
-*Protect your contacts and call history from unauthorised access
- How to change phone identifiers if I wanted to*
An example of phone software that I would like to emulate as much as possible.
sorry I had to remove the links as its my 1st post. It will be easy to find with this info.
esdcryptophone cryptophone-600g
esdcryptophone comparison
Thank you all for taking time to read my request
Felix

is there a way to change backup settings for android COBO fully managed with html?

Hi,
I am testing corporate owned business only devices for deployment, as most MDM platforms do not support COPE yet.
I am managing android devices using an MDM, but Cobo devices have as default policy backup disabled.
For a fully managed scenario, the MDM creates, as usual, an account 432433324324or another [email protected] , but backups are disabled and look grayed out in settings even if you add a second google account
this MDM does not have the option to enable it but some others do.
hence my question, before I have used Apple devices and you can change whatever default policy you want applying a profile from apple configurator, is there something similar for android? is it possible to change the default so backup is enabled for android fully managed devices? a tool to create profiles? (samsung droids btw)

General about GrapheneOS

Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
I too would be interested to hear about anyones experience regarding this OS
johndoe118 said:
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
Click to expand...
Click to collapse
I'm interested in this ROM too. I have a Pixel 3a. I haven't flashed it yet because I'm trying to find out what people's experiences are first. There doesn't seem to be a lot of posts about it. Did you ever flash it? Also, what do you mean by "hardcoded Google domains"?
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi. That was one reason why I lost interest in the ROM. The other was the limited device support and missing root access. I absolutely need access to the iptables. As a one-man show, the ROM can be adjusted at any time.
johndoe118 said:
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi.
Click to expand...
Click to collapse
Do you have some kind of reference for that? I'm using it now and would really like some proof to bring up in their subreddit as a WTF.
graphene seems great, no root does not
I don't want the bootloader locked.
I want Magisk extensions
I need root for LP _only_ to remove ads. Is there something like LP that allows (interactively) disabling app activities?
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network.
HTTPS: https://www.google.com/generate_204
HTTP: http://connectivitycheck.gstatic.com/generate_204
HTTP fallback: http://www.google.com/gen_204
HTTP other fallback: http://play.googleapis.com/generate_204
Click to expand...
Click to collapse
nay_ said:
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
Click to expand...
Click to collapse
Thanks, right from there
I have Graphene OS taimen-factory-2020.07.06.20.zip on my Pixel 2 XL.Under "System update settings" is "Check for updates" but nothing happens if I tap.Only the field becomes darker.Has someone experience with this?
Update with adb sideloading to 2020.08.03.22 works.
OTA update from 2020.08.03.22 to 2020.08.07.01 likewise.
I'm personally not a fan of these kinds of projects, they aren't really all that 'secure', you're still using proprietary vendor blobs and such
help please
Hello! In the description
I pointed out that you can change servers just not through the GUI.
Has anyone tried this?
```
Providing a toggle in the Settings app for using connectivitycheck.grapheneos.org as an alternative is planned. The option to blend into the crowd with the standard URLs is important and must remain supported for people who need to be able to blend in rather than getting the nice feeling that comes from using GrapheneOS servers. It's possible to use connectivitycheck.grapheneos.org already, but not via the GUI.
```
captive portal leak + location services data leak
Few points:
1. General idea is that privacy/security oriented OS (as graphene is advertised) should limit network activity as much as possible, and not ping google using captive portal service every few seconds providing perfect IP-based location to google
It is possible to switch it off, but should be off by default
2. Connections of android location services to get GPS constellations were shown before to send sim card imsi and connected cellular tower id to provider (qualcom/google):
"blog.wirelessmoves.com/2014/08/supl-reveals-my-identity-and-location-to-google.html"
Graphene still allows those connections (check their FAQ on website)
W/O root no way to switch this off. Even some devices ignore config files and still leak data (on the level of cellular modem most probably)
3. Android services make other weird connections. Example: AOSP dialler app is querying phone numbers against online database leaking all contacts to google. How was this taken care of in graphene? Are all AOSP services/apps security-verified to not leak any data?
w/o root no way to install afwall to block everything
Is graphene built-in firewall capable of blocking system services from network access?

Categories

Resources