Develop Bugs

What exactly does encryping encrypt? Any point?

Since I'm totally new to Android. When you select encrypt internal memory what exactly is going on? What does it encrypt exactly? Contacts? Memos? Messages?
Are there any know exploits / gaping security holes?
If my phone is lost or stolen is encrypted going to prevent any data theft?
Is it possible to have a separate (more secure) password that is just for device encryption other than the screen lock password? seems redundant that I must put in a password for device access and use the same password to unlock the home screen. Can two passwords be used?
Last question would be password. Is there a recommended minimum length? Don't want to type in a paragraph every time I unlock my phone.
Thank you for any info,
BR

bob_ross said:
Since I'm totally new to Android. When you select encrypt internal memory what exactly is going on? What does it encrypt exactly? Contacts? Memos? Messages?
Click to expand...
Click to collapse
It encrypts your entire drive, at least /data and /sdcard, not individual files.
Are there any know exploits / gaping security holes?
Click to expand...
Click to collapse
It uses AES-256 encryption. Not even the NSA (or any other government agency, or anyone without a supercomputer) can crack it.
If my phone is lost or stolen is encrypted going to prevent any data theft?
Click to expand...
Click to collapse
Supposedly, yes. But only if: 1.) You use a pattern/password/pin/face unlock on your lockscreen or 2.) You leave your phone off. If someone finds your phone, and you use only the slide lock and you leave it on, encryption is worthless.
Is it possible to have a separate (more secure) password that is just for device encryption other than the screen lock password? seems redundant that I must put in a password for device access and use the same password to unlock the home screen. Can two passwords be used?
Click to expand...
Click to collapse
I haven't used encryption, but I would have assumed that it would use a different password than the one for your Android user account. I'm assuming by your question that that's not how it works, in which case, that's kind of stupid.
Last question would be password. Is there a recommended minimum length? Don't want to type in a paragraph every time I unlock my phone.
Click to expand...
Click to collapse
Same rules apply to any password you create anywhere ever. A good mix of numbers and letters, no dictionary words, and probably 10 chars +. Use mnemonic devices to remember without making the password too obvious.
Thank you for any info,
BR
Click to expand...
Click to collapse
I should mention that you should also only bother encrypting if you will remain stock. If you plan on flashing ROMs, you'll just have to re-encrypt constantly. Plus, I'm pretty sure CWM and TWRP would be unable to wipe or install anything unless you unencrypt first anyway.

EndlessDissent said:
It uses AES-256 encryption. Not even the NSA (or any other government agency, or anyone without a supercomputer) can crack it.
Click to expand...
Click to collapse
Eh, I wouldn't be so sure. If I can build a device for like $3k that uses an array of consumer grade graphics cards to test 30B+ hashes per second the NSA probably has some insane computing power. Not saying it's cheap, but if they want to decrypt something of very high importance I bet they can do it, even for 256-bit AES.

advancedbasic said:
Eh, I wouldn't be so sure. If I can build a device for like $3k that uses an array of consumer grade graphics cards to test 30B+ hashes per second the NSA probably has some insane computing power. Not saying it's cheap, but if they want to decrypt something of very high importance I bet they can do it, even for 256-bit AES.
Click to expand...
Click to collapse
Thanks. I hadn't read about AES-256 since I encrypted my laptop several months ago. I looked it up again, and the part about the NSA was that they approved AES-256 as their own encryption model for top secret documents. The NSA must trust AES-256 at least marginally.

Can't unlock phone on boot

Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...

greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
You can search that but might as wipe in the meantime. Get yourself a working phone.

bobby janow said:
You can search that but might as wipe in the meantime. Get yourself a working phone.
Click to expand...
Click to collapse
Thanks for the reply. Going through the post-wipe setup now. Grrrr. It's just that I entered the password a bunch of times, and it always worked. Just on reboot from recovery it didnt. Now I'm afraid to go back into twrp...
Anyone know if this could be caused by some android security feature that doesnt like systemless root, xposed, etc.

greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
After restoring the nandroid, boot into twrp and then delete /data/sytem/locksettings.db. If that doesn't fix it, delete the locksettings.db-shm and locksettings.db-wal in the same location. If that doesn't fix it either, delete gatekeeper.password.key and gatekeeper.pattern.key in the same location.
Click to expand...
Click to collapse

KennyG123 said:
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
Click to expand...
Click to collapse
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!

greves1 said:
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!
Click to expand...
Click to collapse
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.

KennyG123 said:
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.
Click to expand...
Click to collapse
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?

greves1 said:
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?
Click to expand...
Click to collapse
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.

KennyG123 said:
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.
Click to expand...
Click to collapse
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.

greves1 said:
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.
Click to expand...
Click to collapse
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.

KennyG123 said:
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.
Click to expand...
Click to collapse
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...

greves1 said:
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...
Click to expand...
Click to collapse
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.

KennyG123 said:
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.
Click to expand...
Click to collapse
Ah, great to know. Thanks.

greves1 said:
Ah, great to know. Thanks.
Click to expand...
Click to collapse
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.

KennyG123 said:
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.
Click to expand...
Click to collapse
Real word use shows that android pay does not ask for an additional fingerprint at the time of use. It's just as the instructions say, as long as your phone is unlocked at the time it is held up to the scanner, androidpay will work. I kind of wish they allowed for the additional security of an at-scan fingerprint read, but oh well. I have yet to test if the password/pin can be removed by the methods discussed in this thread, and androidpay working after defeating this security. If it does, then this is obviously a major security vulnerability of having an unlocked phone and using androidpay at the same time. Probably not more dangerous in terms of protecting against CC thieves, since they can just swipe a card stolen from your wallet at a terminal, but you probably wouldn't want to keep too many cards on your phone. Again, I haven't tested this out, if a fingerprint is still required to get in after a password database defeat, but someone should do this test.

If you have your phone lost or stolen just cancel your cards as if it happened to your wallet. Simple no?

How to store fingerprint, but not to unlock phone. HELP!

Hey everyone. Does anyone know how I can store a fingerprint on this but NOT use it to unlock the phone?
I want to be able to use it for apps like LastPass, or payments, but I do not want it able to unlock my phone. Can someone please tell me how to set that up? Thanks!

I don't have a solution for you, but I am very curious why you don't want it to unlock the phone?

skaforey said:
I don't have a solution for you, but I am very curious why you don't want it to unlock the phone?
Click to expand...
Click to collapse
Because of Security / privacy. Police or government personnel are allowed to force you to unlock your phone if it is only locked with a finger print.
However, if you lock your phone with only a pin or password (Something you KNOW), it is protected by the 5th Amendment, and they can't make you open your phone.

Drashnar said:
Because of Security / privacy. Police or government personnel are allowed to force you to unlock your phone if it is only locked with a finger print.
However, if you lock your phone with only a pin or password (Something you KNOW), it is protected by the 5th Amendment, and they can't make you open your phone.
Click to expand...
Click to collapse
This is not true at all. Also when you use a fingerprint you still have a passcode or pin that has to be set up.
Either way is it THAT big of a deal. What kind of situation would you get into that the police would ever want to get into your phone?? Even if they did.. what's on your phone that you would care if they saw...
I don't get people.

skaforey said:
I don't have a solution for you, but I am very curious why you don't want it to unlock the phone?
Click to expand...
Click to collapse
aholeinthewor1d said:
This is not true at all. Also when you use a fingerprint you still have a passcode or pin that has to be set up.
Either way is it THAT big of a deal. What kind of situation would you get into that the police would ever want to get into your phone?? Even if they did.. what's on your phone that you would care if they saw...
I don't get people.
Click to expand...
Click to collapse
Yes, you set a pin. But as long as you have your fingerprint, it no longer requires that pin to be used.
And it isn't a matter of what a person does or doesn't have on their phone. It's a matter of I don't want them on my phone without my permission, period.
As for it being true, it IS true. In addition to various court rulings, I was taught when I went for my CISSP Cert.
http://gizmodo.com/cops-can-make-you-fingerprint-unlock-your-phone-and-th-1653984192
http://www.latimes.com/local/california/la-me-iphones-fingerprints-20160430-story.html
------------------------
Anyway, this thread can be locked / deleted.
I used the support / chat feature on the phone to speak with a Google Rep. The functionality I want isn't present, but being of a security/privacy nature, has been escalated for inclusion in a future build. Thanks everyone.

This thread is to discuss how to accomplish the requested, not a discussion on whether or not you should be able to from a moral/legal standpoint.
That being said, I would love to know how to do this, but for a different reason entirely.

The closest thing I can offer is to reboot the phone if you have reason to believe you might be in a situation where the fingerprint could be used against you. When the phone boots, the PIN is required the first time instead of the fingerprint. If you press and hold the power button for about 10 seconds or long press for 1-2 seconds and tap restart, there are no other steps to reboot. It doesn't prompt or confirm the reboot.

I don't use fingerprint security at all.
But Doesn't Google have access to our pin codes and passwords.
That have to be used with biometric security?
If so a simple court order gets that done quickly.

Drashnar said:
Yes, you set a pin. But as long as you have your fingerprint, it no longer requires that pin to be used.
And it isn't a matter of what a person does or doesn't have on their phone. It's a matter of I don't want them on my phone without my permission, period.
As for it being true, it IS true. In addition to various court rulings, I was taught when I went for my CISSP Cert.
http://gizmodo.com/cops-can-make-you-fingerprint-unlock-your-phone-and-th-1653984192
http://www.latimes.com/local/california/la-me-iphones-fingerprints-20160430-story.html
------------------------
Anyway, this thread can be locked / deleted.
I used the support / chat feature on the phone to speak with a Google Rep. The functionality I want isn't present, but being of a security/privacy nature, has been escalated for inclusion in a future build. Thanks everyone.
Click to expand...
Click to collapse
When the police bist in just reset the phone... First login has to be a pin or password not a fingerprint.

If you're don't want you're phone used against you then take the ultimate plunge and smash that on the ground.
Or don't use the fingerprint scanner. Lol

What security options do we have?

A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.

Just to share, I found following to be foolproof
- Setup Pin + Fingerpints
- Setup Pin / Password for phone startup
This
- Keeps the device encrypted
- Unable to boot without pin
- Unable to access TWRP without pin
- Doesn't auto-mount on USB connect
Still, it would be interesting to hear about any cons of the above setup.

hyperorb said:
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Click to expand...
Click to collapse
The easiest is to not get it snatched. Or if it does you chase them down and get your phone back. But barring that not alot you can really do and ill explain why.
When someone steals a phone, they dont care about the data on it. They are either gonna sell it or use it. Either way The device has the sim removed with in sec of it being taken and then it is reset or flashed to stock to remove any and all locks. This normally happens within minutes if not seconds of a device being stolen.

zelendel said:
The easiest is to not get it snatched. Or if it does you chase them down and get your phone back. But barring that not alot you can really do and ill explain why.
When someone steals a phone, they dont care about the data on it. They are either gonna sell it or use it. Either way The device has the sim removed with in sec of it being taken and then it is reset or flashed to stock to remove any and all locks. This normally happens within minutes if not seconds of a device being stolen.
Click to expand...
Click to collapse
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.

hyperorb said:
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
Click to expand...
Click to collapse
No apple doesn't have the option. Main reason the fbi had to pay to have an iPhone unlocked not to long ago.
Part of the reason I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.

hyperorb said:
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Click to expand...
Click to collapse
Cerberus is a really nice app... You have alot of options sadly it isn't free! But heyy, it's cheap and it's functional! Other then that keep your device encrypted and a boot password should do.

As long as you're not rooted and unlocked, it will be a bit hard for an thieve to have access to your phone. Leaving ADB on, might as well decrease the overall security of the phone.
I for example was given a tablet which had a Google account synced with it, and resetting from recovery only made me renter the credidentials previously used to be able to pass the setup.
My luck was that the guy left ADB on and with a simple command I bypassed the setup screen.

hyperorb said:
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
Click to expand...
Click to collapse
Not sure about iPhone's but for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.

Renosh said:
Not sure about iPhone's but for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Click to expand...
Click to collapse
Exactly. If someone steals your device 99.98% of the time it is too use it or sell it. With way your data is meaningless.
As for them wanting your pass code the above is right. But as they couldn't reset it you could have reported it stolen and the police may be able to find it but most of the time they have better things to do then recover a lost cell phone.
I used to work with people that felt with stolen cell phones. I can say the normally. Withing 30 min of a device being stolen the data is gone. And when I say that I mean a complete DOJ style wipe, format and imei change.

zelendel said:
No apple doesn't have the option. Main reason the fbi had to pay to have an iPhone unlocked not to long ago.
Part of the reason I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
Click to expand...
Click to collapse
....so do all iOS keyboards, both first and third party. it's required for them to function
---------- Post added at 09:25 AM ---------- Previous post was at 09:23 AM ----------
zelendel said:
Exactly. If someone steals your device 99.98% of the time it is too use it or sell it. With way your data is meaningless.
As for them wanting your pass code the above is right. But as they couldn't reset it you could have reported it stolen and the police may be able to find it but most of the time they have better things to do then recover a lost cell phone.
I used to work with people that felt with stolen cell phones. I can say the normally. Withing 30 min of a device being stolen the data is gone. And when I say that I mean a complete DOJ style wipe, format and imei change.
Click to expand...
Click to collapse
this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)

2x4 said:
....so do all iOS keyboards, both first and third party. it's required for them to function
---------- Post added at 09:25 AM ---------- Previous post was at 09:23 AM ----------
this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
Click to expand...
Click to collapse
That can easily be bypassed by wiping the data off the device and flash a stock rom to it. The only the the FRP does is prevent them from getting at the data.
No its not really. It's so they can send relevant ads. Those that remember smartphones before Apple or Android knows that it is not really needed.

zelendel said:
That can easily be bypassed by wiping the data off the device and flash a stock rom to it. The only the the FRP does is prevent them from getting at the data.
Click to expand...
Click to collapse
but how can they flash a stock ROM onto the device if the "require PIN before startup" option is selected? how can they flash if recovery has a PIN on it?

2x4 said:
but how can they flash a stock ROM onto the device if the "require PIN before startup" option is selected? how can they flash if recovery has a PIN on it?
Click to expand...
Click to collapse
Because that is before startup and not the bootloader, even with those set up they normally dont cover download mode or what ever mode that particular OEM uses (not all use the same). In extreme cases with some apps that make it a bit harder or people just dont want to be bothered to mess with things too deeply there are tools available that Will push the update right to the board bypassing all security. Sure its a little extra work but it is a sure bet when you cant get into a device and cant be bothered hunting down getting around it.
Also for the passwords on startup. any password cracker would take out the average password in a matter of min.

This has been very interesting and so much to learn. Thank you all for great inputs.
zelendel said:
I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
Click to expand...
Click to collapse
Yes. But then Microsoft too is not clean. Browser , Windows.... That way we can never work.
Puddi_Puddin said:
Cerberus is a really nice app...
Click to expand...
Click to collapse
Have it in all my Androids Very helpful at times, even for non theft purpose..
XDRdaniel said:
Leaving ADB on, might as well decrease the overall security of the phone.
Click to expand...
Click to collapse
Thanks. Will read more on this.
Renosh said:
for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Click to expand...
Click to collapse
Once a phone is lost, there's little chance to get it back. Device loss is one thing and data loss (or rather data access) is another. The later at times can have more problems.
I used to keep my id papers (for ease of printing anywhere as needed) on phone (Nokia N5). Lost that phone .. and till date I hope no one used those to buy services, do illegal stuff. That was a lesson learnt hard way
zelendel said:
With way your data is meaningless.
Click to expand...
Click to collapse
Depends where you are. There are places where one can avail services in other's name using fake ids or stolen data etc.
2x4 said:
. this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
Click to expand...
Click to collapse
Hmm.. I think I came across that in OP3. Didn't pay attention though.
zelendel said:
Because that is before startup and not the bootloader,
Click to expand...
Click to collapse
It is better to loose one than two. Phone is anyways lost .. so at least we can try secure data. Let them wipe and then get nothing in hand.

hyperorb said:
This has been very interesting and so much to learn. Thank you all for great inputs.
Yes. But then Microsoft too is not clean. Browser , Windows.... That way we can never work.
Have it in all my Androids Very helpful at times, even for non theft purpose..
Thanks. Will read more on this.
Once a phone is lost, there's little chance to get it back. Device loss is one thing and data loss (or rather data access) is another. The later at times can have more problems.
I used to keep my id papers (for ease of printing anywhere as needed) on phone (Nokia N5). Lost that phone .. and till date I hope no one used those to buy services, do illegal stuff. That was a lesson learnt hard way
Depends where you are. There are places where one can avail services in other's name using fake ids or stolen data etc.
Hmm.. I think I came across that in OP3. Didn't pay attention though.
It is better to loose one than two. Phone is anyways lost .. so at least we can try secure data. Let them wipe and then get nothing in hand.
Click to expand...
Click to collapse
You don't need to steal someone's phone to get a fake ID with their info. 1500 usd will get you that without it.
As for getting nothing in hand. They got exactly what they wanted. The device. Unless you work for the government in a high place. Then your data is meaningless on your phone. You already put it in enough places on line while using a pc that if they want it they already have it.
I could easily steal someone identity with a little more then what they post on Facebook or other social media outlets.

Forgot password. Need help bypassing lockscreen or data recovery

Does anybody know a good data recovery app? Probably need to factory reset my phone after being locked out.

sd97cl said:
I changed my password and forgot it. I tried using samsung's find my mobile but it says my phone did not set it up. Google's phone finder does not work with android 10. I just went on vacation and have media saved on the internal card but want to retrieve it somehow. I can factory reset but want to try to see if anybody had ideas on how I can keep my data? This is a snapdragon US version. Root doesn't seem possible either. Thanks for your time.
Click to expand...
Click to collapse
Hi @sd97cl
I would suggest you take a step back and ask yourself if, in your case, you would reply the stated question.
If you don't, know that on XDA it's an unwritten common sense rule to not support what can be a suspicious attitude. I do apologise if it's not your case but I do emphasise the "can be".
Still remains, as you've suggested, the option of factory reset.
Nice regards and good luck on your search,
.

https://www.google.com/amp/s/unlock...sung-galaxy-note-10-plus-forgot-password/amp/
If you tried too many times you get locked out for 72 hours until you can try again I think... never been there, don't want to.
I regularly backup to the SD card... just in case.

Kdio said:
Hi @sd97cl
I would suggest you take a step back and ask yourself if, in your case, you would reply the stated question.
If you don't, know that on XDA it's an unwritten common sense rule to not support what can be a suspicious attitude. I do apologise if it's not your case but I do emphasise the "can be".
Still remains, as you've suggested, the option of factory reset.
Nice regards and good luck on your search,
.
Click to expand...
Click to collapse
Gotcha thanks

blackhawk said:
https://www.google.com/amp/s/unlock...sung-galaxy-note-10-plus-forgot-password/amp/
If you tried too many times you get locked out for 72 hours until you can try again I think... never been there, don't want to.
I regularly backup to the SD card... just in case.
Click to expand...
Click to collapse
You get timed countdowns on the device starting at 1 min lockout. 3 5 and so on line of deal. If you change your Google password and reset your device you get locked out for 72 hours. I've had it happen once lol.

TheMadScientist said:
You get timed countdowns on the device starting at 1 min lockout. 3 5 and so on line of deal. If you change your Google password and reset your device you get locked out for 72 hours. I've had it happen once lol.
Click to expand...
Click to collapse
You mean to screen lock has a count down on it?
The worst nightmares in Android seem to work like that... no pressure.
Probably best to close the Goggle account before a hard reset. Wish I could disable all that junk easily.

blackhawk said:
You mean to screen lock has a count down on it?
The worst nightmares in Android seem to work like that... no pressure.
Probably best to close the Goggle account before a hard reset. Wish I could disable all that junk easily.
Click to expand...
Click to collapse
Yea screen lock has countdown. I don't know why I was thinking Google oh yea. When he factory resets with password lock more than likely hell be frp locked upon reset so hell have to manage that

TheMadScientist said:
You get timed countdowns on the device starting at 1 min lockout. 3 5 and so on line of deal. If you change your Google password and reset your device you get locked out for 72 hours. I've had it happen once lol.
Click to expand...
Click to collapse
TheMadScientist said:
Yea screen lock has countdown. I don't know why I was thinking Google oh yea. When he factory resets with password lock more than likely hell be frp locked upon reset so hell have to manage that
Click to expand...
Click to collapse
Lol, those countdowns are enough to permanently traumatized anyone
I like the one "Adroid kernel has stopped" it starts a few minutes apart but eventually gets to about once a second. Or sometimes there's no "countdown" warning at all, surprise!
Try navigating to Device Administrators in one or two second intervals to deactivate a package blocker.
It's that or a reload.

sd97cl said:
Does anybody know a good data recovery app? Probably need to factory reset my phone after being locked out.
Click to expand...
Click to collapse
Were you signed into Samsung on your phone before it got locked? If so, you can use Samsung's Find my Mobile from your computer and it will allow you to change the password there.