Remember that Google Wallet exploit from a few days ago? The one that would allow*'brute-force' PIN attacks, but only on*rooted*Android devices? Well, another PIN-related security hole was discovered soon after, putting even non-rooted Androids at risk. As*Android Central points out, should your phone make its way into the wrong hands, your Google Wallet PIN number could be reassigned, allowing access to the prepaid account attached to the phone itself --*yikes. As such, the folks at Mountain View have taken action, shuttering provisions to prepaid cards until it finds a permanent fix for the problem. Despite the troubles, Google is sticking by its original tune, stating that Google Wallet offers multiples levels of protection (when used on*official*builds of Android) that go beyond traditional plastic cards, including your phone's lock screen. There's no estimate on when things will be back to normal, but you'll find Google's assessments and assurances about this situation at the source link below.
http://m.engadget.com/default/artic...n-related-securi/&category=classic&postPage=1
Via :*Android CentralSource :*Google*
Sent from my SAMSUNG-SGH-I727 using xda premium
Sigh, and if you lose your wallet what happens?
Anyone using their phone to make payments SURELY has a pin or pattern lock to protect their phones data... Right?
Would this be why I couldnt' use my "Wallet" tonight? Said it couldn't connect to the bank to get my account number. (the guy at McDonald's sure was looking at me funning trying to pay with my phone LOL)
Broken said:
Sigh, and if you lose your wallet what happens?
Click to expand...
Click to collapse
Exactly
Sent from my Nexus S 4G using xda premium
That second exploit has been posted in tons of forums almost since day one. Nothing new to report.
Sent from the third terrestrial planet in the system Solar from an electronic communications device.
Broken said:
Sigh, and if you lose your wallet what happens?
Click to expand...
Click to collapse
I rather lose my phone than my wallet.
Sent from my Galaxy Nexus using Tapatalk
it appears the the bank in charge of the prepaid cards has pulled its authorizations, just tried to set my wife's Wallet up on her phone and got the message:
"Prepaid is unavailable at this time. Please try again soon."
swiping my card is much more faster than turn on, unlock, tap, enter pin, tap, and then hit sent.
chevihemi said:
it appears the the bank in charge of the prepaid cards has pulled its authorizations, just tried to set my wife's Wallet up on her phone and got the message:
"Prepaid is unavailable at this time. Please try again soon."
Click to expand...
Click to collapse
Yeah, when I sign in to my wallet account it says "Cannot contact bank" under "user id"
*sigh*
of course there are attacks for this. they should make pinning your phone mandatory for wallet. just like when you encrypt your device, it forces you to use either pin, password, or pattern, no slide or face. just copy that...
zeke1988 said:
swiping my card is much more faster than turn on, unlock, tap, enter pin, tap, and then hit sent.
Click to expand...
Click to collapse
I just fully enjoy the look on the cashier's faces when paying with phone, not all that convenient but quite entertaining. Its the small things in life that bring joy, right??
hacky486 said:
they should make pinning your phone mandatory for wallet. just like when you encrypt your device, it forces you to use either pin, password, or pattern, no slide or face. just copy that...
Click to expand...
Click to collapse
Absolutely. If I am forced to use a pattern/pin/password lockscreen in order to store my VPN credentials, Wallet should require the same - in addition to any security within the app.
codesplice said:
Absolutely. If I am forced to use a pattern/pin/password lockscreen in order to store my VPN credentials, Wallet should require the same - in addition to any security within the app.
Click to expand...
Click to collapse
Google's lockscreen PIN setup sucks. There should be an option to automatically unlock the phone once the correct PIN has been entered, without having to press OK.
Evangelion01 said:
Google's lockscreen PIN setup sucks. There should be an option to automatically unlock the phone once the correct PIN has been entered, without having to press OK.
Click to expand...
Click to collapse
That is an option on most community ROMs... but then you would be rooted and breaking the First Rule of Wallet -whoops!
I use the pattern anyway. Works just like a PIN (think of the grid as a number pad) and sliding a finger across the screen is almost as quick as slide-to-unlock.
Come on, Google, let me use Wallet again!
Gotta love having money online that you can't use, access, or transfer. I just transferred a nice chunk of my paycheck onto google wallet right before this happened.
thunder2132 said:
Gotta love having money online that you can't use, access, or transfer. I just transferred a nice chunk of my paycheck onto google wallet right before this happened.
Click to expand...
Click to collapse
yea this is a serious annoyance. luckily i only have like 12 bucks left on my prepaid card but I dont have a citi master card so its rather bs
codesplice said:
That is an option on most community ROMs... but then you would be rooted and breaking the First Rule of Wallet -whoops!
I use the pattern anyway. Works just like a PIN (think of the grid as a number pad) and sliding a finger across the screen is almost as quick as slide-to-unlock.
Click to expand...
Click to collapse
Remove the root, relock bootloader. When you feel the need to update, do an adb backup, unlock and flash, restore backup, lock.
chirea.mircea said:
Remove the root, relock bootloader. When you feel the need to update, do an adb backup, unlock and flash, restore backup, lock.
Click to expand...
Click to collapse
Me, I'd rather just keep the root. That's kind of the point of a Nexus device to me
Related
Hi everyone. I recently got a T989 from Telus, to which I used an Ebay unlocked. Now first things first....I have never had my email account or any account hacked. My computers in my home are virus free, so I have eliminated them. Within a week of using my T989 with Mobilicity, my gmail account (which my phone knows the password to) was hacked and logged in by someone in the U.S (Gmail shows IP logins) and they spammed my entire contact list. Now I am trying to think of ways this could have happened, but I honestly think the phone may have a keylogger or something on it.
Here are the steps they had me carry out (and it did unlock the phone immediately).
Download and install necessary files
http://www.UnlockClient.com/SAMSUNG_USB_Driver.exe
http://www.UnlockClient.com/dotNetFx40_Full_setup.exe
Very simple procedure:
1. Enter your paypal email or start in demo mode
2. Type *#7284# and select USB - Modem
3. Type *#9090# and select [1] USB
4. Exit service menu and reboot the phone
5. Once phone rebooted connect the phone and computer
6. Wait until all drivers are installed
7. Click "Unlock" button
8. Enter 00000000
Here is the auction for this unlock I got. http://www.ebay.ca/itm/280852210909?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1497.l2649
Is there anything there that I should worry about? Or is there any possibility they have someone routed everything I do on my phone through them? I am seriously worried about my online banking information and such. Thank you very much in advance.
not sure if serious?
- taz b.
Why wouldn't I be serious? Isn't this a legitimate conclusion? I don't have a lot of posts but I have been lurking for years. I am serious however.
Unlocking phone is really a matter of entering a simple code in one step. All your steps there including entering your PayPal account, connecting USB?? and installing drivers are unneccesary and sketchy at best.
I've seen some reputable phone unlocking sites but definitely never seen something like that from eBay.
If I were you I would try a darkside full wipe and go back to whatever was at a safe state before.
Sent from my SAMSUNG-SGH-T989 using XDA
Oh I have wiped many times. The problem is that I don't think any of that wipe stuff will go back to factory settings in those *# menus or for the modem settings etc.
I know an unlock code is all that is needed, but I bought from a website that couldn't find the code. This one offered and instant unlock by a program (like the ones shops use) to unlock.
I am also not dumb, the paypal account doesn't require a password or anything it is just a way to identify your keys.
wy2sl0 said:
Oh I have wiped many times. The problem is that I don't think any of that wipe stuff will go back to factory settings in those *# menus or for the modem settings etc.
I know an unlock code is all that is needed, but I bought from a website that couldn't find the code. This one offered and instant unlock by a program (like the ones shops use) to unlock.
I am also not dumb, the paypal account doesn't require a password or anything it is just a way to identify your keys.
Click to expand...
Click to collapse
And did you test your phone with a different sim card? Everything is functional?
As far as I know, the legitimate way and the only way to unlock a phone is through the codes generated by the datebase. All the reputable sites that unlock phones that I know of, all use codes to unlock. When I had bought my telus g2sx the store unlocked it using the code.
Something like a keylogger would be app level, not modem info or hardware level. Also, something transmitting every keystroke would use a LOT of data and battery.
First thing I would do, personally, is check my battery stats to see if any app was using a suspicious amount of battery.
In my opinion, it wouldn't make sense for a company who already got your money for an unlock service to install a key logger to spam your Gmail contacts.
Just my two cents. It would take a tremendous amount of technology to track everyone who used the service. Not to mention man hours in sifting through collected data.
Check the battery stats. Settings>About Phone>Battery Use.
Hope this helps in any way. Hacked accounts are always a bummer man.
Wierd, I used that site a week or two ago and nothing like that happened to me. Makes me worried now.
I didn't use ebay though, I did it directly from the site. You could always re-flash your phone to stock then update it, that would eliminate any possibility of odd software.
In step 1, did you run a program on your computer, on the phone or both?
anomy13 said:
Unlocking phone is really a matter of entering a simple code in one step. All your steps there including entering your PayPal account, connecting USB?? and installing drivers are unneccesary and sketchy at best.
I've seen some reputable phone unlocking sites but definitely never seen something like that from eBay.
If I were you I would try a darkside full wipe and go back to whatever was at a safe state before.
Sent from my SAMSUNG-SGH-T989 using XDA
Click to expand...
Click to collapse
If you want your phone as clean as possible then do this in recovery
go to mounts and storage format /data format /system format /cache format/emmc. Then flash the super wipe followed by the rom but remember doing it this way deletes everything from your phone.
Sent from my SGH-T989 using Tapatalk 2
probably had nothing to do with the unlock, but more likely you had soem one arp attack your wifi on an open hotspot and they just nabbed your password.
I fiddle with this in coffee shops all the time and i always leave with a list of facebook, youtube, gmail hotmail and other passwords.
I'm not a spammer, i just like to see how insecure things are and if any one is intelligent to use ssl... even though ssl can be stripped from a packet now lol
-Mr. X- said:
probably had nothing to do with the unlock, but more likely you had soem one arp attack your wifi on an open hotspot and they just nabbed your password.
I fiddle with this in coffee shops all the time and i always leave with a list of facebook, youtube, gmail hotmail and other passwords.
Click to expand...
Click to collapse
Isn't GMail SSL now?
Joe USer said:
Isn't GMail SSL now?
Click to expand...
Click to collapse
and ssl can be stripped from packets now. Intercept the packet and then use it to sign in. then profit.
an app to play with if you want to try it out for your self is faceniff for andorid.
-Mr. X- said:
probably had nothing to do with the unlock, but more likely you had soem one arp attack your wifi on an open hotspot and they just nabbed your password.
I fiddle with this in coffee shops all the time and i always leave with a list of facebook, youtube, gmail hotmail and other passwords.
I'm not a spammer, i just like to see how insecure things are and if any one is intelligent to use ssl... even though ssl can be stripped from a packet now lol
Click to expand...
Click to collapse
Any recommendations to protect yourself then?
sent from the darkside of the galaxy
Z-Man™ said:
Any recommendations to protect yourself then?
sent from the darkside of the galaxy
Click to expand...
Click to collapse
dont use open hotspots at coffee shops and stuff like that. look for the shady nerd in the corner, and i think there is an app that can detect if your wifi is being arp spoofed.
https://play.google.com/store/apps/details?id=com.gurkedev.wifiprotector&hl=en
i think there may be free ones too, i dont know. but that app will detect if your being attack by a man in the middle/arp spoofing
I don't use Wi-Fi hotspots since I have unlimited data on my phone. I really don't understand how this could've happened.
wy2sl0 said:
I don't use Wi-Fi hotspots since I have unlimited data on my phone. I really don't understand how this could've happened.
Click to expand...
Click to collapse
its not just your phone that is at risk for these attacks. anything you sign on with is if some one does the man in the middle attack, among other attacks.
Other reasons besides your phone unlocking are the root cause of your issue. It's unfortunate none the less but man in the middle password sniffing and fishing are the leading causes i see at work for your spamming hijacking. i work with this stuff daily.
wy2sl0 said:
I don't use Wi-Fi hotspots since I have unlimited data on my phone. I really don't understand how this could've happened.
Click to expand...
Click to collapse
Did you ever figured out if unlockclient.com had injected some malware in your device.
Has anyone on this site had problem with them or any developper had a chance to check what they are doing ?
so i just my new galaxy nexus and to check my work email (through an app called lotus), it checks my phone to make sure i have a 10char+ complicated password set. as you can imagine, having to enter a 10char+ complicated password everytime you want to get to your phone is annoying. is there a way to bypass this? i am rooted...
The password is thought, to kep the phone safe. Just make an easy password, and leave it be. And why not just use the mail app, that is shipped? It's good enough.
familyguy59 said:
The password is thought, to kep the phone safe. Just make an easy password, and leave it be. And why not just use the mail app, that is shipped? It's good enough.
Click to expand...
Click to collapse
company requires us use lotus and requires password to be extra strong
unknown00 said:
company requires us use lotus and requires password to be extra strong
Click to expand...
Click to collapse
So let me make sure this is clear: You are asking for help on bypassing security enforced by your employer, without discussing it with the administrative/tech support team? You are aware that many businesses have clauses that if you bypass their security, you can loose your job over it.
Honestly, I would attack this problem from the other end. Go to your manager and put a business case on why having such a strong password on a mobile device is not needed. Do your research and go in detail about how secure different passwords can be, look at the app, see if there is an auto-wipe for # of incorrect password attempts (if you can't brute force it, then a weaker password might just be as good). Mention the enhanced security the nexus device has (full device encryption), etc etc etc.
If you do it right, you will get recognition for being a forward thinker, for following the rules, and if successful, for saving the company money on their bottom line.
I do IT support and if one of my users by-passes my security, I'm talking to their boss and will SEVERELY restrict anything they do down to the bare minimum needed for the job.
It's also possible that you are in a position where you e-mail is highly sensitive and the risk of having that e-mail fall into a competitors hand is so great, that these security needs are required.
You can set the timeout b4 you are asked to enter your password again. I did it when i was on 4.0.2, but I can't remember where or how i did it though.
manager hates the pw requirement too and wants to get rid of it. it's something corporate put up that everyone complains about. there is nothing i can do personally as the company is too large. i just want to figure a way around it if possible
Herman76 said:
You can set the timeout b4 you are asked to enter your password again. I did it when i was on 4.0.2, but I can't remember where or how i did it though.
Click to expand...
Click to collapse
Bump, in case you missed it since we answered simultaniously.
unknown00 said:
there is nothing i can do personally as the company is too large.
Click to expand...
Click to collapse
And it's that attitude that will prevent any changes from occurring.
Personally, I worked at a company of about 100,000 people that has an international presence. I was successful with a BPI project where we licensed an application to manage multiple monitors (this is before win7) I had to show that the increased productivity offset the cost of the application.
Matridom said:
And it's that attitude that will prevent any changes from occurring.
Personally, I worked at a company of about 100,000 people that has an international presence. I was successful with a BPI project where we licensed an application to manage multiple monitors (this is before win7) I had to show that the increased productivity offset the cost of the application.
Click to expand...
Click to collapse
i work in a company of 400000+ internationally and is one of the largest IT companies in the entire world (take a guess ) but in all seriousness, it's not possible that 1 person can get rid of pw requirement. sry, don't argue that point
Figured it out. If you set security to pin (I only tested it with pin), you will get an option to choose timeout b4 you will get asked for pin again.
Combined with short timeout for screen off, I think this will be a good workaround.
Sent from my Galaxy Nexus using Tapatalk 2
Herman76 said:
Figured it out. If you set security to pin (I only tested it with pin), you will get an option to choose timeout b4 you will get asked for pin again.
Combined with short timeout for screen off, I think this will be a good workaround.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
i understand this is a "workaround" that may work but i'm looking for a permanent fix to get rid of it as a whole
I recently thought I had lost my phone but I had just misplaced it at home. Because I had powered it off I was unable to locate it by making it ring and I thought it had been stolen.
Unfortunately, I hadn't set a lockscreen pin or installed a security app to help locate and control my phone remotely so my phone was totally unprepared for the situation.
I hurridly set about changing sensitive passwords using my laptop then I tried to remotely install a security app called "Android Lost" and when I eventually found my phone the app was automatically installed but did not work because it needs to be run and activated.
So, I have learned my lesson from this experience and I have now set a lockscreen password PIN and installed and registered "Android Lost".
Now if I really lose my phone I am not completely helpless and I will not power it off unless it is on charge.
I hope my experience acts as a warning to others who have not taken phone security precautions.
Yeah that's basically the first thing I did with the Nexus 4, I ended up going with Cerberus which was about $4aud for a account which I can use on my two previous phones and tablet should I decide to take it away since the Nexus doesn't have USB OTG support.
Does basically everything, my most wanted feature was the invalid pin/pattern photo, where if you put the wrong pin/pattern in it'll take a photo & Email it to me.
Thankfully haven't needed to put it into action but I make sure to test it after each ROM upgrade just in case it doesn't work.
I think the app "Plan B" will work in that situation. Never tried before though.
Using "Wheres my droid" myself.
parker09 said:
Yeah that's basically the first thing I did with the Nexus 4, I ended up going with Cerberus which was about $4aud for a account which I can use on my two previous phones and tablet should I decide to take it away since the Nexus doesn't have USB OTG support.
Does basically everything, my most wanted feature was the invalid pin/pattern photo, where if you put the wrong pin/pattern in it'll take a photo & Email it to me.
Thankfully haven't needed to put it into action but I make sure to test it after each ROM upgrade just in case it doesn't work.
Click to expand...
Click to collapse
Thanks for your informative reply. I've switched from "Android Lost" to Cerberus which looks better.
Cerebus, Android lost or where's my droid?
I tried Cerberus because of all the positive comments I had seen on xda. I can personally say it is by far the best one out there. I've used seek droid, where's my droid and nearly all of them but Cerberus just seems to do more
Sent from my Nexus 4
ltylty123 said:
I think the app "Plan B" will work in that situation. Never tried before though.
Using "Wheres my droid" myself.
Click to expand...
Click to collapse
Plan B doesn't work on 4.0+
I use Cerberus.
parker09 said:
Yeah that's basically the first thing I did with the Nexus 4, I ended up going with Cerberus which was about $4aud for a account which I can use on my two previous phones and tablet should I decide to take it away since the Nexus doesn't have USB OTG support.
Does basically everything, my most wanted feature was the invalid pin/pattern photo, where if you put the wrong pin/pattern in it'll take a photo & Email it to me.
Thankfully haven't needed to put it into action but I make sure to test it after each ROM upgrade just in case it doesn't work.
Click to expand...
Click to collapse
Yeah, I use Cerberus as well (got it for free quite some time back when the developer was having a "free for life" weekend special). Also, it's worth mentioning that once bought you can use it on up to 5 devices (which is great if you have multiple phones).
In addition to doing what is quoted above it also lets you do all kinds of things in the web interface. From locking the SIM to tracking the phone's location over a given time period to being able to pull up call and text logs. All of that in addition to the usual features of locating your phone (via GPS) and setting off an alarm (that is insanely, and occasionally scary, loud).
I highly recommend it to my friends and family members. Definitely think you should give it a go. If I hadn't gotten it for free I would gladly have paid for it. Never had to use it (beyond showing off its capabilities to people looking for a security app), but it gives me peace of mind knowing it just works (and does so after ROM flashing).
Also, if you have root and enable it as a device administrator it'll do quite a bit more. From locking your phone to remote wipes to uninstallation protection (of course a complete wipe from recovery will beat that, but there's only so much you can do or not do in that case).
I like the way Cerberus can take a picture of someone trying to crack the lock screen pin and email it. I wonder how difficult it is to get past a screen lock pin?
How big is the impact of Cerberus on battery life guys?
Lexus fan said:
How big is the impact of Cerberus on battery life guys?
Click to expand...
Click to collapse
Almost no impact at all
Anyone using avast?
I just got my Nexus 4 and have yet to setup a security app. I used Prey on my last phone and it seemed pretty good. Anyone know how it compares to these other apps?
Lexus fan said:
How big is the impact of Cerberus on battery life guys?
Click to expand...
Click to collapse
No impact at all. Since the app doesn't run until you manually send commands from the web interface. And even then the app doesn't really "run" per se. There's no visibility at all it's even there, minus the icon in the app drawer. (And you can even hide the app and make it so it's only accessible by dialing a certain code from the phone dialer.)
i want to install these 'lost my phone' apps but dont they really drain the battery and you have to turn on gps and location settings on? also if the thief who steals your phone will read up on how to reflash and wipe the phone? it will render these apps useless
I've been using Cerberus for some time now and it's absolutely perfect! Every part of it functions just as it's intended to and the app has practically no impact on battery life. Great stuff!
elbel86 said:
I just got my Nexus 4 and have yet to setup a security app. I used Prey on my last phone and it seemed pretty good. Anyone know how it compares to these other apps?
Click to expand...
Click to collapse
I was using prey, but thanks to this thread I just switched to Cerberus - much better deal, interface, and functionality - plus a couple extra features if rooted. Totally worth the USD4.
Sent from my Nexus 4 using xda premium
I am not an Apple Fanboy. I do not own an iPhone, ever.
But seeing Apple Pay in video, I think Apple really understand what it takes to use NFC. Having to unlock your phone and/or enter a pin before tapping the phone to the NFC reader is more hassle then swiping a credit card and sign.
Yes thanks for the troll!
Oh and you really want anyone that gets their hands on your phone to also be able to spend your cash?
Sent from my SM-G900F using XDA Free mobile app
curioct said:
Yes thanks for the troll!
Oh and you really want anyone that gets their hands on your phone to also be able to spend your cash?
Click to expand...
Click to collapse
No trolling. I don't own and not planning to buy any iPhone, iPod, iPad, AppleTV nor Apple Watch.
There has to be a better way to authorize an NFC transaction then entering a PIN. Face unlock, voice signature comes to mind.
I like the security of entering a pin before authorizing the transaction. If someone steals my phone, they can go tapping all over town spending my money.
pcdebb said:
I like the security of entering a pin before authorizing the transaction. If someone steals my phone, they can go tapping all over town spending my money.
Click to expand...
Click to collapse
How about having the security yet not have to enter a PIN on a bright 5-inch screen in front of strangers?
IMO,
1. NFC on Android should work without having to unlock, like checking-in.
2. Wallet service should allow easier yet secure authentication. Like face unlock, voice recognition, even tap code!
nookin said:
How about having the security yet not have to enter a PIN on a bright 5-inch screen in front of strangers?
IMO,
1. NFC on Android should work without having to unlock, like checking-in.
2. Wallet service should allow easier yet secure authentication. Like face unlock, voice recognition, even tap code!
Click to expand...
Click to collapse
Strangers should not be that close to me in line to see me enter my code, whether it's the PIN pad at the register or my phone. Period. Shouldn't be that close anyway if I'm doing something on my phone, it's none of anybody's business to be snooping. That's considered my personal space, and you will get some F-bombs for being too close.
The idea of not having to authenticate without having to enter something is just not secure to me. And I sure as heck don't want to use voice recognition to tell everyone within earshot what my authentication code or whatever is.
pcdebb said:
Strangers should not be that close to me in line to see me enter my code, whether it's the PIN pad at the register or my phone. Period. Shouldn't be that close anyway if I'm doing something on my phone, it's none of anybody's business to be snooping. That's considered my personal space, and you will get some F-bombs for being too close.
The idea of not having to authenticate without having to enter something is just not secure to me. And I sure as heck don't want to use voice recognition to tell everyone within earshot what my authentication code or whatever is.
Click to expand...
Click to collapse
Then we get a newer version of google glass with sensors on the earpieces that press against your head and takes brainwaves. You "Think" of the code or passphrase, it gets then taken in by the sensor, encrypted, sent wirelessly to your device, decrypted, authenticated and you pay. As fast as a "thought", well some might have problems but that's another story.
Who will know your code then?... Well atleast until you find some or other method to read peoples minds.
pcdebb said:
Strangers should not be that close to me in line to see me enter my code, whether it's the PIN pad at the register or my phone. Period. Shouldn't be that close anyway if I'm doing something on my phone, it's none of anybody's business to be snooping. That's considered my personal space, and you will get some F-bombs for being too close.
Click to expand...
Click to collapse
There is a reason the pin pad on check out line has a small barrier. People can see what you type from the side. I can easily see the pattern or the PIN other people use to unlock their phone from a distance because their screen is so large and bright. Well outside of their "personal space". This is because PIN entry has a dilemma, it must display the pin pad that the user can see and large enough for the user's fat finger to touch.
The idea of not having to authenticate without having to enter something is just not secure to me. And I sure as heck don't want to use voice recognition to tell everyone within earshot what my authentication code or whatever is.
Click to expand...
Click to collapse
No one suggested authentication is not needed. Voice recognition is not the same as voice signature. Say, the phone can display a random word and you read it to the phone. The phone knows your voice. This is better than entering the same PIN over and over again.
We should be able to configure our own restrictions.
I'd make $20 and below work without unlocking or entering a PIN. and only twice in an hour. Anything over $20 would need my PIN.
PIN Settings
You can set your pin to have a timeout of 15 minutes, 1 day, or never in Google Wallet. This seems like a good compromise. If you have it at one day, you can enter it before you leave your house, or your car, etc...
Biometrics
Biometrics really need hardware integration to be both convenient and secure. The reason Apple added the fingerprint reader in the iPhone 5s is that Apple makes you authenticate for EVERYTHING. In order to store keychain passwords on the iPhone requires that you use a pin on the unlock screen, and from there it's a combo of pin and password for every single thing. Download an app? Password. Change security settings? pin. Download a song? password. Without both a pin and a password for a secured iPhone you never have access to the whole thing but it's a huge pain in the ass.
Enter touch ID- you can register up to 5 finger prints to unlock it and purchase apps and songs- the most common tasks- and now to use NFC pay. It turns the previously annoying security into a simple tap-to-unlock affair. It's silent, it's instantaneous and it is completely private, and it still doesn't give you access to the whole phone. You still have to put in the PIN every time it restarts, and password for certain things. And even if someone gets a hold of the phone, the PIN, the password and the fingerprints, the owner can brick the device remotely with find my iPhone and have it beam its location to Apple until the battery runs out and blacklist its ESN. - I think that's what the OP is talking about when he says that only Apple "gets" NFC Payment- a ****pot worth of security made totally effortless.
I hate to say it but NFC- especially payments- on Android makes me nervous as hell. I like Android for its openness and the ability to customize it and get root access if I want to and make full use of my phone- but I and a lot of other people don't have time to take the security precautions that are necessary for NFC. Apple kind of bubble wraps its users and when it comes to paying for stuff with my phone and that huge unknown, as of now, I'd prefer to be bubble wrapped and pay for stuff with a couple of highly secure taps. Even with voice or face recognition locks- things that can be accomplished in software, without standardizing hardware, it requires a certain locking down of the OS and negates a lot of the appeal of Android.
Yes
nookin said:
How about having the security yet not have to enter a PIN on a bright 5-inch screen in front of strangers?
Click to expand...
Click to collapse
You don't have to. Wallet allows setting the Wallet relock timeout to be as long as 24 hours.
IMHO Apple's implementation of Biometrics is the best so far. That, coupled with the ease of Apple pay makes it the most safe and elegant implementation so far. If nfc payments have to take off, this is the way to do it!
Sent from my Nexus 5 using Tapatalk
nookin said:
There is a reason the pin pad on check out line has a small barrier. People can see what you type from the side. I can easily see the pattern or the PIN other people use to unlock their phone from a distance because their screen is so large and bright. Well outside of their "personal space". This is because PIN entry has a dilemma, it must display the pin pad that the user can see and large enough for the user's fat finger to touch.
No one suggested authentication is not needed. Voice recognition is not the same as voice signature. Say, the phone can display a random word and you read it to the phone. The phone knows your voice. This is better than entering the same PIN over and over again.
Click to expand...
Click to collapse
What if the place you're using it in is very noisy or has a lot of background chatter? How will it be able to recognize your voice under those conditions? Also voice signature sounds a lot like something that would have an annoyingly high failure rate.
AppleCultApostate said:
What if the place you're using it in is very noisy or has a lot of background chatter? How will it be able to recognize your voice under those conditions? Also voice signature sounds a lot like something that would have an annoyingly high failure rate.
Click to expand...
Click to collapse
It is similar to what you do when voice dialing does not work. You can always fall back to PIN entry.
Entropy512 said:
You don't have to. Wallet allows setting the Wallet relock timeout to be as long as 24 hours.
Click to expand...
Click to collapse
That is a very bad workaround. You are essentially giving up security. It is like you are tired of using key to unlock a door that you decided to leave the door unlocked, for 24 hours.
I think you're all taking this security thing a little too seriously. I've been using paypass contactless credit card for years now, and I love that it doesn't need any authentication up to $20. Above that it needs the PIN. I think this is the way to go, fingerprint is not bad either.
Well that may be the case but you have to remember that nfc is still new technology. Android has been using if for years (android phones). In all of that time it took apple like 5 years to make a iphone that has specs even worth mentioning. Also android has google wallet a nfc payment system like apple pay. So really it comes down to who can have more features in the long run. On samsung phones theres samsung wallet and im pretty sure on the s5 it uses fingerprint as well.
Hey everyone. Does anyone know how I can store a fingerprint on this but NOT use it to unlock the phone?
I want to be able to use it for apps like LastPass, or payments, but I do not want it able to unlock my phone. Can someone please tell me how to set that up? Thanks!
I don't have a solution for you, but I am very curious why you don't want it to unlock the phone?
skaforey said:
I don't have a solution for you, but I am very curious why you don't want it to unlock the phone?
Click to expand...
Click to collapse
Because of Security / privacy. Police or government personnel are allowed to force you to unlock your phone if it is only locked with a finger print.
However, if you lock your phone with only a pin or password (Something you KNOW), it is protected by the 5th Amendment, and they can't make you open your phone.
Drashnar said:
Because of Security / privacy. Police or government personnel are allowed to force you to unlock your phone if it is only locked with a finger print.
However, if you lock your phone with only a pin or password (Something you KNOW), it is protected by the 5th Amendment, and they can't make you open your phone.
Click to expand...
Click to collapse
This is not true at all. Also when you use a fingerprint you still have a passcode or pin that has to be set up.
Either way is it THAT big of a deal. What kind of situation would you get into that the police would ever want to get into your phone?? Even if they did.. what's on your phone that you would care if they saw...
I don't get people.
skaforey said:
I don't have a solution for you, but I am very curious why you don't want it to unlock the phone?
Click to expand...
Click to collapse
aholeinthewor1d said:
This is not true at all. Also when you use a fingerprint you still have a passcode or pin that has to be set up.
Either way is it THAT big of a deal. What kind of situation would you get into that the police would ever want to get into your phone?? Even if they did.. what's on your phone that you would care if they saw...
I don't get people.
Click to expand...
Click to collapse
Yes, you set a pin. But as long as you have your fingerprint, it no longer requires that pin to be used.
And it isn't a matter of what a person does or doesn't have on their phone. It's a matter of I don't want them on my phone without my permission, period.
As for it being true, it IS true. In addition to various court rulings, I was taught when I went for my CISSP Cert.
http://gizmodo.com/cops-can-make-you-fingerprint-unlock-your-phone-and-th-1653984192
http://www.latimes.com/local/california/la-me-iphones-fingerprints-20160430-story.html
------------------------
Anyway, this thread can be locked / deleted.
I used the support / chat feature on the phone to speak with a Google Rep. The functionality I want isn't present, but being of a security/privacy nature, has been escalated for inclusion in a future build. Thanks everyone.
This thread is to discuss how to accomplish the requested, not a discussion on whether or not you should be able to from a moral/legal standpoint.
That being said, I would love to know how to do this, but for a different reason entirely.
The closest thing I can offer is to reboot the phone if you have reason to believe you might be in a situation where the fingerprint could be used against you. When the phone boots, the PIN is required the first time instead of the fingerprint. If you press and hold the power button for about 10 seconds or long press for 1-2 seconds and tap restart, there are no other steps to reboot. It doesn't prompt or confirm the reboot.
I don't use fingerprint security at all.
But Doesn't Google have access to our pin codes and passwords.
That have to be used with biometric security?
If so a simple court order gets that done quickly.
Drashnar said:
Yes, you set a pin. But as long as you have your fingerprint, it no longer requires that pin to be used.
And it isn't a matter of what a person does or doesn't have on their phone. It's a matter of I don't want them on my phone without my permission, period.
As for it being true, it IS true. In addition to various court rulings, I was taught when I went for my CISSP Cert.
http://gizmodo.com/cops-can-make-you-fingerprint-unlock-your-phone-and-th-1653984192
http://www.latimes.com/local/california/la-me-iphones-fingerprints-20160430-story.html
------------------------
Anyway, this thread can be locked / deleted.
I used the support / chat feature on the phone to speak with a Google Rep. The functionality I want isn't present, but being of a security/privacy nature, has been escalated for inclusion in a future build. Thanks everyone.
Click to expand...
Click to collapse
When the police bist in just reset the phone... First login has to be a pin or password not a fingerprint.
If you're don't want you're phone used against you then take the ultimate plunge and smash that on the ground.
Or don't use the fingerprint scanner. Lol