This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
looking for something kinda like this, but useful...
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
If the app seems fishy don't download it you can allways get lookout from the market it will pull your phone up on the gps and tell you exactly where it is I've tested you can also make it chirp real loud as for them accessing your phone put the pattern lock on in stead most thiefs are not hackers so they probably won't be able to access your phone even if you hard reset you still have to draw the pattern I mean unless they full root the phone and wipe it in petty sure you will be ok hope that helped
Sent from my PC36100 using XDA App
Lookout kinda falls into the same category at Good or Wave. (at least to me thus far). All appear to be fine and yet somehow free products. I'm looking for a corporate solution, not end user solution. a free solution would be swell, so long as trust can be established.
i am looking at this from a corporate IT security perspective. not a young person, a enthusiast nor regular end user. heck, if I could get all of my users to actually know what is meant by "if the app seems fishy don't use it", most of my job would be completed. but to be honest, i'm still trying to get a grasp on that myself in the android world, hence the question about access levels in last paragraph of original post.
the zigzag is nifty and should protect from casual access. Froyo will provide an interface that a secured Exchange server would prefer to have. that will help.
( BTW ... if anyone knows how to make the red line not appear when you mess up the pattern lock...you'd be my personal hero for the day)
its not thieves that I'm worried about...it's my own end users that have to be protected from themselves. if a device was left in a bar or cab and did end up in the wrong hands....data could be sold, deals could be lost, people could be embarrassed, with the type of data that 'can very easily' exist on these devices...network security itself can be compromised. and sadly, i must assume that a good many end users will disable security if they are able to. for the same reason they ***** at automatic screenlocks on their desktop/laptop computers.
would you rather your IT team "hope/pray/expect the device will be picked up by some incompetent/benign/lawabiding citizen" or the opposite?
i choose to prepare for the worst...hope for the best. not the other way around. hence, my questions.
Isn't remote wipe being built into froyo somehow? Thought I read that somewhere.
I have my exchange email set up on my device and it requires me to use a passcode. I cannot disable it.
Sent from my PC36100 using XDA App
As for wiping data remotely wave secure will do that it might be close to what you need or something for the time being hopefully this will help
Sent from my PC36100 using XDA App
This is kinda sorta what I'm lookn for.
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
I'm sure we're all waiting for the 'proper' navigation software to arrive for WP7 (anyone any ideas when Orange Maps will go live?)
But in the meantime, I could do with a very simple GPS tracking app that will allow me to go walking out in the forest, and find my way back to the car.
I've downloaded most of the free or trial apps from Zune, but they all seem to require access to a data connection to display a map. I understand that the alternative is a local cached map (like TomTom) which is a problem, but I need something where the map is optional.
There is very patchy data coverage out in the forest around here (to be honest, the coverage is not great in the villages), but GPS is generally pretty good. I don't see why the app couldn't show your location, and either a plot of your route, or simply a direction and distance back to a saved location (i.e. where your car is). regardless of a map.
I've looked at many 'GPS' apps and 'Where's my car' apps, but all seem to require a data connection (apart from one GPS app that doesn't, but it requires you to enter your target location in degrees mins and secs, and doesn't give you an option to 'save' a current location).
There's one called 'Smartrunner' that looks possible, but all the reviews say it's crap and doesn't actually run on Wp7
Also, I'm guessing that it's the developer's choice to include a trial version of paid software (as not all of them do) - I'm very reluctant to pay for anything at this stage (as so many of the apps don't seem to work that well on all phones). - What does eveeryone else think?
DroidSheep is an Android application that demonstrates security weaknesses (not using https) and is capturing facebook, twitter, linkedin , yahoo, and other accounts.
PS> this is NOT my work, nor do i intend it to be taken as my work, I just wanted to share with the community!
NOTE FROM THE GERMAN DEVELOPER:
DroidSheep was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
Now>
WHAT DO YOU NEED?
1. A rooted phone (no, it will for sure not work without root)
2. The App installed on the phone (latest build attached to the present post)
3. A WIFI network to test it on
How do you use it?
DroidSheeps main intention is to demonstrate how EASY it can be, to take over nearly any internet account. Using DroidSheep any user – even without technical experience – can check if his websession can be attacked or not. For these users it is hard to determine, if the data is sent using HTTPS or not, specially in case of using apps. DroidSheep makes it easy to check this.
This video demonstrates what DroidSheep can do:
http://droidsheep.de/?page_id=14
How does it work?
As already announced DroidsSheep supports almost every website – also “big” webservices like facebook and Yahoo.
How does that work this simple?
There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.
Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.
http://droidsheep.de/?page_id=424
How can I protect myself?
The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.
The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), you also want to use this and the site does not offer HTTPS though?
You can use a VPN-connection
For this the computer sets up an encrypted channel to a confidential computer which again transfers the data to the website.
You can also install DroidSheep Guard from the Market:
https://play.google.com/store/apps/details?id=de.trier.infsec.koch.droidsheep.guard.free&hl=en
A very interesting feature is the possibility to save cookies!!
Source> http://droidsheep.de
Imagine the possibilities....
This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.
backfromthestorm said:
This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.
Click to expand...
Click to collapse
-what exactly "isn´t good" ?
Ok you are correct, yes, WIFI (as any other electromagnetic wave) can also be transmitted through vacuum, so yes there is no need of "air"
Re-ported to a MOD I don't think this should be shown or talked about on XDA this isn't an hacking site like you might think for taking advantage of other peoples accounts.
XDA is a hacking community for the good like Rooting.
This app has been on XDA for quite a while http://forum.xda-developers.com/showthread.php?t=1593990
Even a portal article about it http://www.xda-developers.com/android/droidsheep-undresses-network-security-and-shows-how-its-done/
Please use the main thread to discuss this app, not this one.
@ shankly1985, we appreciate your concern, but people need to know how insecure important accounts can be. Thus enabling them to make the changes to fix them.
Thread Closed.
Hi All,
I've been scouring the interwebs for the last week or so trying to find SOME kind of hint as to what the BeaconManager app does on this phone (SM-N920A). The app icon looks A LOT like the "Quick Connect" app which I think allows you to cast media to supported devices (like other Samsung televisions, etc). The only semi-useful results I've found have been that the BeaconManager app (com.samsung.android.beaconmanager - which is installed as a system app and apparently gets updated by the Galaxy App Store) was on the list of "what we think is bloatware so disable it" list. Of course, there are HUNDREDS of other pages that basically just plagiarize this one page and countless threads on this forum where the same list is just copypasta'd with no explanation at all.
So, I turn to you my faithful Note 5 peers who probably know more about these things than I do.....does anyone have an EFFING clue as to what the hell this thing does? My only REAL lead is the app icon, but even then I'm not entirely sure what function this is supposed to serve.....
So, thanks in advance....
--Q
Not sure exactly, but may be this http://beekn.net/2014/11/samsung-makes-move-beacons-android-app-required/
kamce said:
Not sure exactly, but may be this http://beekn.net/2014/11/samsung-makes-move-beacons-android-app-required/
Click to expand...
Click to collapse
Yeah, I found that page also....I don't think it's related...at least, not specifically. I did a bit of an experiment and I'll give you my theory.....
The link you provided is actually about an actual physical beacon retailers can place in their brick & mortar stores....think a mall or a department store....so that when your device gets close to it (proximity), it can push a message directly to the consumer's phone like coupons, or deals nearby, etc. The beauty in that system is that it can bypass the need for the user to have their GPS/location sharing turned on AND bypasses the need for the user to have a specific app installed on their phone to receive these notifications.
Now, I decided I was going to uninstall the BeaconManager app, but of course, there's a system-level app on there as well, the Downloaded app, was just an updated. So, I'm back to original/stock version of the BeaconManager app, and since it shares the same icon as the Quickconnect feature on the phone, I thought to launch QuickConnect and connect to my Samsung TV (which is hooked up to my LAN). Sure enough, the app said there was an update for me to install before it would connect to any of my local LAN devices that it found, so I agreed to the update, and sure enough, there was BeaconManager after I installed the update. Same version as before I uninstalled the update.
I think that this app serves both to function as a means of communicating with these proximity beacons Samsung is developing AS WELL AS support the Quickconnect functions, which are probably built on the same tech (to some degree) as these beacons......
Hopefully someone can chime in and add their 2¢ and let us know if we're on the right track....
anyone....?
TIA!
--Q
Hey. Just found out that this beacon manager stoppedigree my air view from working. Something that I have been trying to fix since the 6.0.1 update. I have turned this off so does anyone know if I have stopped something important here or not?
Please advise me
Diane
https://altbeacon.github.io/android-beacon-library/battery_manager.html
I disabled it us package disabller. Seems like Samsung is getting aggressive. I have an s7. Found this thread when searching the topic.
Beacon is what tracks you
This is the application is that when you are in a retail store and using their Wi-Fi system they literally can track where you move in the store and what areas you tend to linger in so that they can formulate with an algorithm what advertisements to push to you in order to maximize your shopping experience. The beacons are locations that use this type of shopper habit identification service. It's definitely an app to disable and I've deleted it on mine with no trouble just be sure to erase the data and clear the cache before doing so so there's no tracks left behind this is a truly Big Brother built on retail application.... talk about complete privacy invasion
progreen82 said:
This is the application is that when you are in a retail store and using their Wi-Fi system they literally can track where you move in the store and what areas you tend to linger in so that they can formulate with an algorithm what advertisements to push to you in order to maximize your shopping experience. The beacons are locations that use this type of shopper habit identification service. It's definitely an app to disable and I've deleted it on mine with no trouble just be sure to erase the data and clear the cache before doing so so there's no tracks left behind this is a truly Big Brother built on retail application.... talk about complete privacy invasion
Click to expand...
Click to collapse
Sorry dude but not even close. GPS is accurate enough. Anyways beacon manager on lollipop is tied to quick connect and should be safe to remove. I have mine frozen with no effects.
quordandis said:
Hi All,
I've been scouring the interwebs for the last week or so trying to find SOME kind of hint as to what the BeaconManager app does on this phone (SM-N920A). The app icon looks A LOT like the "Quick Connect" app which I think allows you to cast media to supported devices (like other Samsung televisions, etc). The only semi-useful results I've found have been that the BeaconManager app (com.samsung.android.beaconmanager - which is installed as a system app and apparently gets updated by the Galaxy App Store) was on the list of "what we think is bloatware so disable it" list. Of course, there are HUNDREDS of other pages that basically just plagiarize this one page and countless threads on this forum where the same list is just copypasta'd with no explanation at all.
So, I turn to you my faithful Note 5 peers who probably know more about these things than I do.....does anyone have an EFFING clue as to what the hell this thing does? My only REAL lead is the app icon, but even then I'm not entirely sure what function this is supposed to serve.....
So, thanks in advance....
--Q
Click to expand...
Click to collapse
Read :
https://altbeacon.github.io/android-beacon-library/battery_manager.html
Clicking from far, far away in Galaxy 7 Edge
Norbarb.. Tyvvm.! Finally.. A USEFUL post linking clear concise detailed info on exactly the subjet matter! Woohoo
What is a Beacon?
Beacons are low-cost, low-powered transmitters equipped with Bluetooth Low Energy or BLE (also called Bluetooth 4.0 or Bluetooth Smart) that can be used to deliver proximity-based, context-aware messages.
A beacon transmits signals which allows another device to determine its proximity to the broadcaster. In a store, a beacon lets a customer’s app determine that it’s close to a particular aisle, or in a particular department. The beacon doesn’t transmit content, it simply transmits a signal that lets a user’s phone or tablet figure out what its proximity is to the beacon.
---------- Post added at 01:52 PM ---------- Previous post was at 01:47 PM ----------
Beacons are low-cost, low-powered transmitters equipped with Bluetooth Low Energy or BLE (also called Bluetooth 4.0 or Bluetooth Smart) that can be used to deliver proximity-based, context-aware messages.
A beacon transmits signals which allows another device to determine its proximity to the broadcaster. In a store, a beacon lets a customer's app determine that it's close to a particular aisle, or in a particular department. The beacon doesn't transmit content, it simply transmits a signal that lets a user's phone or tablet figure out what its proximity is to the beacon.
How do I get rid of beacon and ither unwanted Samsung apps. They clutter up the system on both my phone and tablet. As a newbie, I need some help in how to clean house or maybe change houses?
slm789 said:
What is a Beacon?
Beacons are low-cost, low-powered transmitters equipped with Bluetooth Low Energy or BLE (also called Bluetooth 4.0 or Bluetooth Smart) that can be used to deliver proximity-based, context-aware messages.
A beacon transmits signals which allows another device to determine its proximity to the broadcaster. In a store, a beacon lets a customer's app determine that it's close to a particular aisle, or in a particular department. The beacon doesn't transmit content, it simply transmits a signal that lets a user's phone or tablet figure out what its proximity is to the beacon.
Click to expand...
Click to collapse
Very interesting info. Now, what's the use of such a beacon for the phone-holder in that shop?
---------- Post added at 12:41 AM ---------- Previous post was at 12:39 AM ----------
TechNyne66 said:
Sorry dude but not even close. GPS is accurate enough. Anyways beacon manager on lollipop is tied to quick connect and should be safe to remove. I have mine frozen with no effects.
Click to expand...
Click to collapse
More often than not, GPS can't determine your position inside a building, dude.
zogoibi said:
Very interesting info. Now, what's the use of such a beacon for the phone-holder in that shop?
---------- Post added at 12:41 AM ---------- Previous post was at 12:39 AM ----------
More often than not, GPS can't determine your position inside a building, dude.
Click to expand...
Click to collapse
Your phone uses cell towers in a triangle to determine location, half the time your phone doesn't even use it's g0s chip unless you set locations to gps only
TechNyne66 said:
Your phone uses cell towers in a triangle to determine location, half the time your phone doesn't even use it's g0s chip unless you set locations to gps only
Click to expand...
Click to collapse
Then, it's not "GPS being accurate enough", right?
As to GSM triangulation, I'm now in the middle of a city with plenty of cell towers around, "coarse location ON" (no GPS) in my device, and it's "finding" me one mile away from here, as the crow flies. In other words: it doesn't have a clue where I am, and probably just wild-guesses from my last accurate position.
So, no, definitely GSM location doesn't suffice for a precise positioning inside a store, and GPS arguably could do it.
Which, anyway, doesn't answer my main question "what's the use to a mobile holder for a Beaconservice?". I've frozen it, just in case.
TechNyne66 said:
Sorry dude but not even close. GPS is accurate enough. Anyways beacon manager on lollipop is tied to quick connect and should be safe to remove. I have mine frozen with no effects.
Click to expand...
Click to collapse
You're so wrong. GPS doesn't work properly in buildings that why they track using Bluetooth and WIFI beacons.
Source
Thanks for reviving a dead thread for this dumb answer. GPS in the note 5 was good enough alone to work inside. It also had LTE assistant.