Related
My company will be requiring Airwatch to be installed on any mobile device that accesses company email, on the 15th of this month. There is only a little information on XDA related to this, most of it being >7 months old & not very informative; however I've learned the following:
-AW can detect root
-AW allows the admin to encrypt device & SD storage, track the device via GPS, & view installed apps
-I suspect, but don't know for sure, they can also perform a full wipe - should the device security be compromised.
What I'd like to know is if any XDA users are familiar with this app/IT security measure. Is there a way to bypass root detection, or have a source in IT create a custom profile, on the server end, that would not flag my device?
I own my SGS3, & pay for my service, as my company initiated a BYOD policy a few months ago. Now they say I have to install this if I want to continue to access my email, calendar, contacts, etc. The choice is mine, but I'd prefer to have my cake & eat it to, if possible.
So, I'm putting it to the brilliant collective minds, thoughts, experience, & expertise of the XDA community! Any thoughts, accounts of direct experience (admin or end-user), solutions, suggestions - anything would be appreciated.
Thanks!
Samsung Galaxy S3
OdexedBlue ROM
Trinity Kernel
XDA Premium - Support our developers!
Bump....
Samsung Galaxy S3
OdexedBlue ROM
LI3 Stock Kernel
LIF Baseband
XDA Premium - Support our developers, modders, & themers!
Bump... Still nothing! What a bummer!
Samsung Galaxy S3
OdexedBlue ROM
LI3 Stock Kernel
LIF Baseband
XDA Premium - Support our developers, modders, & themers!
Honestly I wouldn't want to give my company access to my personal phone like that... You never know what they can look at that they aren't telling you. Plus tracking the GPS, that's pretty much the same as getting the ankle monitor when you on house arrest. Total invasion of privacy.
I'd pay the $20 for another line on my family share plan And use that for a business phone. That way unless I'm at work or do a on call shift I can turn the phone off and not have to worry abut being tracked.
Sent from Pluto.
Do you really need email access on your phone that badly? Seems like you are giving up a lot...
Sent from my SPH-L710 using xda premium
Well they used to pay for my old blackberry, then initiated the BYOD for everyone. I get approximately 250 emails per day, have all off my contacts on outlook (I had backed up my BlackBerry contacts that way), and I typically have my days packed with one meeting after the other. So, being able to use my phone, instead of carrying around my laptop, to access emails, contacts, & my calendar is extremely useful and convenient.
I'd read on a thread for a similar security product that you can have a custom profile built that will disable the check for root functionality on that. That's why I began looking for possible solutions for Airwatch by posting this thread.
Bottom line though, I will not install it if there's not a work around, or solution of some kind.
Samsung Galaxy S3
OdexedBlue ROM
LI3 Stock Kernel
LIF Baseband
XDA Premium - Support our developers, modders, & themers!
Your place of employment sucks... that's like saying "hey if you want to use your phone for work, well then we own it but you will pay for it."
I mean I get why they have the safeguards in place, just a sucky situation.
I'd still go with my idea, get another line galaxy note 2 would be perfect.
Sent from Pluto.
atm there is no way u can bypass the root check from AW.
but u can disable AW frm "Device Administrator" @ Security when u are off from work.
And install it back when you are back to office.
(click the enrollment link from your email to activate AW)
I actually work for Airwatch, If you own your phone and the company didnt supply it it doesnt matter if your phone is rooted or has a custom rom. its YOUR phone. Yea every week on the AW client it'll report compromised device but its your phone so your company cant say anything to you unless they provide you a phone.
just turn turn off a lot of access and tracking stuff with in the AW app as well
The other thing would be, perhaps a 3G tablet? Unless you absolutely need to make phone calls, that way you can check e-mails and all that jazz, and turn off GPS. Just my two cents. Either way, good luck!
Airwatch user here, member of work IT, with an iPhone, iPad, and Fascinate. Mine reports as compromised devices, and I already told them to wipe my device if it's really out of compliance and they have a problem with it. So far, jail broke and root happy still
My employer is cancelling the BES server (and devices) and switching to a BYOD policy, including Airwatch. The i* device users are ready to be assimilated, but right now there challenges getting the agent on the Droids.
Our policy is that certain employee positions (including mine) are required to have access to a smartphone for e-mail access and/or on-call, and we are in a right to work state. So that means we either comply or risk losing our job. The employee is responsible for purchasing the phone, service & replacing damaged phones, and can turn in the billing summary page each month for up to $100 reimbursement.
The BB was the only smartphone I've had, and my Droid should arrive today. I can understand they want to secure devices which attach to the internal network but that doesn't make me feel any better about how the product integrates with the devices.
Will the agent install on the Droid if it's rooted? Can they prevent me from resetting the phone to remove the agent? And if I do that, will it just re-install if the device is configured in the Airwatch console?
airwatch on S4 blocking USB Debugging
Guys,
I just received a new company Samsung Galaxy S4 and have Airwatch disabling the USB Debugging option, it's greyed out:crying:. Can't even root it now if I wanted to.
Such a shame, I have now two Galaxy S4s, what a b*&(9it to carry around.
Any ideas would be much appreciated.
Cheers!
Airwatch and other email/calendar client
trmixing said:
I actually work for Airwatch, If you own your phone and the company didnt supply it it doesnt matter if your phone is rooted or has a custom rom. its YOUR phone. Yea every week on the AW client it'll report compromised device but its your phone so your company cant say anything to you unless they provide you a phone.
just turn turn off a lot of access and tracking stuff with in the AW app as well
Click to expand...
Click to collapse
Hi,
recently also my company has adopted airwatch MDM to give us the access to email by phone.
I would like to know if there is a way to use a different email/calendar client instead the Airwatch Inbox client... I would like to have a client that offer the possibility top have a calendar with a widget.
cheers,
Luigi
Any updates on this?
I've tried:
RootCloak - downloaded from playstore, didn't work.
Also tried installing it from xposed, but there's an issue with galaxy phones, almost bricked mine.
There's also a thread someplace talking about editing the scripts of AW, but not all scripts are visible any longer.
Bottom line - doesn't work. Using SM-G925F. Any ideas?
Hi,
Have just bought a T-Mobile Note 3 on prepaid and plan to use it to access my company emails (we've just made the switch from Blackberry's to something called mymobile, we bring our own phone and SIM, company gives access to Exchange), the restriction is, the device can't be rooted or modified in any way. I know that, even an unrooted Note 3, flashed to stock gets caught out - the set-up stops with a message saying The Device is Compromised - the dreaded KNOX counter is almost definitely what the secure email access (MobileIron is the name, not sure if its a mainstream app for purely a corporate tool) app looks up.
The question is, is it possible to flash the T-mbile note 3 with a standard international ROM - I don't really have any use for WI-FI calling and stuff and could do without the T_Mobile bloatware.
Regards.
Rizwan
My phone was stolen. Since it was stolen, based on the data usage, the device seems to have only been turned on 3 times, with very minimal data usage. I've been trying to locate the phone via Device Manager, but it has not given me any information. I hoped that the lock code feature would be activated once the phone was turned back on, but I tested it with my replacement phone, and it doesn't appear to be the case. I asked Sprint if the phone could've been activated with another carrier and was told that since it was attached to my phone number it couldn't be (I hadn't reported the phone as stolen with them, because I wanted service to the phone, to utilize the device manager). My question is, is that correct, and if the person changed the gmail account on the phone, wouldn't I then lose the ability to track it, because it would no longer be associated with my email account, as opposed to my esn.
I saw the info about Lookout and Plan B, but it's showing that Plan B isn't compatible with my phone.
Your phone is lost for good. Yes if they change the google account then you cant track. Also if the person who found/stole/has the device knows enough they change the esn and use it. Also if the gsm modification is done then they can also put it on another network and use it. I suggest making a lost/stolen claim and move on.
Sorry for the bad news I had to give you.
Sent from my SPH-L900 using XDA Premium 4 mobile app
jlmancuso said:
Your phone is lost for good. Yes if they change the google account then you cant track. Also if the person who found/stole/has the device knows enough they change the esn and use it. Also if the gsm modification is done then they can also put it on another network and use it. I suggest making a lost/stolen claim and move on.
Sorry for the bad news I had to give you.
Sent from my SPH-L900 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Thanks JLMan, for your reply. I knew it was dismal.
queenlmt said:
My phone was stolen. Since it was stolen, based on the data usage, the device seems to have only been turned on 3 times, with very minimal data usage. I've been trying to locate the phone via Device Manager, but it has not given me any information. I hoped that the lock code feature would be activated once the phone was turned back on, but I tested it with my replacement phone, and it doesn't appear to be the case. I asked Sprint if the phone could've been activated with another carrier and was told that since it was attached to my phone number it couldn't be (I hadn't reported the phone as stolen with them, because I wanted service to the phone, to utilize the device manager). My question is, is that correct, and if the person changed the gmail account on the phone, wouldn't I then lose the ability to track it, because it would no longer be associated with my email account, as opposed to my esn.
I saw the info about Lookout and Plan B, but it's showing that Plan B isn't compatible with my phone.
Click to expand...
Click to collapse
well it also depends when u go to device manager do you use the lock feature do you try ringing it and was ur phone already locked when u lost it
Hi
I can't find call and text on other devices on my T-Mobile tab S7+, and phone app missing too.
It was good on my old Tab S6 but can't find anymore on S7....
Thanks
I suspect if you have an S7/S7+ with mobile data, it has its own phone number and what not. As a result, you may not be able to call/text from another device since your device itself has its own number. I may be wrong, but that seems like the logical answer. Have you tried turning mobile data off or somehow disabling it? Maybe take the SIM card out if you can (not sure if it's an ESIM).
If the above statement isn't true, I would say factory reset it if you haven't already. If you still encounter the issue, I'd talk to Samsung/T-Mobile about it. Personally, the ability to call/text from the tablet while my phone is away is a huge selling point for me as I don't have to take out my phone much anymore.
Good luck, and let us know what happens. I'm sure there will be someone else that encounters this issue.
Was your Tab S6 a U.S. carrier version? The U.S. carriers disable not only what you're looking for but the native dialer and MMS as well. I got my Tab S7+ 5G from the EU and it has Call and Text on Other Devices. I'm using it between by Z Fold 2 and Tab S7+. It doesn't affect the Tab S7+'s ability to use it's own phone number; it just adds the option of using either device for calls and MMS.
BarryH_GEG said:
Was your Tab S6 a U.S. carrier version? The U.S. carriers disable not only what you're looking for but the native dialer and MMS as well. I got my Tab S7+ 5G from the EU and it has Call and Text on Other Devices. I'm using it between by Z Fold 2 and Tab S7+. It doesn't affect the Tab S7+'s ability to use it's own phone number; it just adds the option of using either device for calls and MMS.
Click to expand...
Click to collapse
Yes, I had S6 LTE and now upgrade to S7+ 5G, both are T-Mobile US.
AhsanU said:
I suspect if you have an S7/S7+ with mobile data, it has its own phone number and what not. As a result, you may not be able to call/text from another device since your device itself has its own number. I may be wrong, but that seems like the logical answer. Have you tried turning mobile data off or somehow disabling it? Maybe take the SIM card out if you can (not sure if it's an ESIM).
If the above statement isn't true, I would say factory reset it if you haven't already. If you still encounter the issue, I'd talk to Samsung/T-Mobile about it. Personally, the ability to call/text from the tablet while my phone is away is a huge selling point for me as I don't have to take out my phone much anymore.
Good luck, and let us know what happens. I'm sure there will be someone else that encounters this issue.
Click to expand...
Click to collapse
This also missing phone dial app.
AhsanU said:
I suspect if you have an S7/S7+ with mobile data, it has its own phone number and what not. As a result, you may not be able to call/text from another device since your device itself has its own number. I may be wrong, but that seems like the logical answer. Have you tried turning mobile data off or somehow disabling it? Maybe take the SIM card out if you can (not sure if it's an ESIM).
If the above statement isn't true, I would say factory reset it if you haven't already. If you still encounter the issue, I'd talk to Samsung/T-Mobile about it. Personally, the ability to call/text from the tablet while my phone is away is a huge selling point for me as I don't have to take out my phone much anymore.
Good luck, and let us know what happens. I'm sure there will be someone else that encounters this issue.
Click to expand...
Click to collapse
I might be wrong on this, but the way I understand it is that the feature links the devices via Samsung Cloud. So the only device that needs a number would be the phone. It shouldn't matter whether the other devices have one or not as they should still work independently.
I know this is an old thread, but...
This feature was present on the S6 LTE version, so there should be no reason for it not to be available here. The S7 (non-plus) 5G also has this enabled on T-Mobile, so again - no good reason for the S7+ not to have it.
You are right about the Samsung account - both devices have to be logged into the same account for the feature to work.
The dialer app is present, but not able to be activated.
I have the Samsung tab S7 plus 5G by Verizon. I have a SIM card installed and the representative of Verizon that I talked to told me that it's just for data.
I was very upset. because I encountered the same thing no phone app no text app the Google phone app on Google play is incompatible with my device.
I use Google voice app for Wi-Fi call and texting.
Hitti2 said:
I have the Samsung tab S7 plus 5G by Verizon. I have a SIM card installed and the representative of Verizon that I talked to told me that it's just for data.
I was very upset. because I encountered the same thing no phone app no text app the Google phone app on Google play is incompatible with my device.
I use Google voice app for Wi-Fi call and texting.
Click to expand...
Click to collapse
I haven't used Google Voice for a bit but it's it possible to have the calls FROM you to someone else appear to have your phone's number or caller ID?
I fixed this and got it fully working. Here's the thread....
I got Call and Text from other devices working on Tab S7+ 5G (at least on Tmobile)
I got call and text from other devices working on my Tmobile Tab S7+ 5G. It's super easy. All you need to do is install the apk below because apparently, all we were missing was the app. That's literally all I did. WARNING: Just be warned as...
forum.xda-developers.com
Can anyone help me carrier unlock my Verizon phone? My phone has been hacked and I hope being able to flash it will help me to get rid of whatever they have done to it. Can anyone tell me why I get this message when I reset my phone? Any help would be greatly appreciated
there is no carrier unlock for VZW models. if you can boot into recovery, sideload the OTA version that was last on your device.
What did you do that resulted in the phone being hacked? With the sectors being wiped that are shown in the images, it looks like you have provided total device access to something whilst having an unlocked bootloader or something similar. If you let us know what happened, it might help us to figure out what options you may still have.
But definitely see if you can do what @uicnren mentioned first.
Im not sure who or how they wiped anything. It happened one day after connecting to my girlfriends wifi. I got ahold of Verizon and they sent me a new phone and as soon as I started it the same thing happened to it also
How do I find what OTA version was used on my phone?
Nothing hacked here... this is an error when wiping the Secure Element (the trusted secure module).
(https://android-review.linaro.org/p...cure_element/1.0/SecureElementHalCallback.cpp line #66)
Are you initiating the wipe from the recovery? If so, that's likely the reason. If there is an account attached to the device, a wipe must first be initiated from within Android (Settings)
Woodruff87 said:
Im not sure who or how they wiped anything. It happened one day after connecting to my girlfriends wifi. I got ahold of Verizon and they sent me a new phone and as soon as I started it the same thing happened to it also
Click to expand...
Click to collapse
what symptoms were you seeing that made you think you were hacked?
Those errors are normal in Recovery Mode. I see them all the time, sometimes they don't appear, usually they do.
Did you remove your google accounts from settings, do a factory reset from the reset menu and lastly in recovery mode where you posted the screenshots from.
Your Account might be hacked but the phone is unlikely hacked. You would get a message at boot telling you that the device has been modified. With a locked bootloader its extremely unlikely (unless NSO Group is targeting you).
Woodruff87 said:
Can anyone help me carrier unlock my Verizon phone? My phone has been hacked and I hope being able to flash it will help me to get rid of whatever they have done to it. Can anyone tell me why I get this message when I reset my phone? Any help would be greatly appreciated
Click to expand...
Click to collapse
Did you unlock the bootloader? Have custom firmware/kernel installed?
A "hacker" wins nothing by resetting/wiping your phone. They want data, and that only works if the phone can turn on and works. This looks like a wipe/factory reset gone wrong, which spells user error or software error and less likely a "hacker" attack. Most hacks you will never notice. A hacker that makes you notice that something went wrong, is either an amateur or did it on purpose. Ergo, he wants you to know that something went wrong, which usually only happens in order to extort you. If there is no extortion, then an obvious act by a hacker is highly unlikely.
We need some more information. What firmware had you installed? What happened exactly when. Did you install any new apps recently? What did you do prior to something going wrong? All the information that could help us troubleshoot your issue.
You said your phone wiped itself a day after connecting to your girlfriends wifi, and that a replacement device that you got sent by your carrier, did the same. Did you check your Google account? Do you have two factor authentication activated? It sounds like your phone got wiped over wifi, which would require access to your Google account. It's just odd that you get errors, which normally shouldn't happen if someone would use the erase a lost Android device function.
It's also possible that your backup from your GAccount is simply corrupted (many people had issues with random reboots). You should try and set up your (replacement) phone anew without any backup, maybe that can fix your issue.
Beyond that Google account thing-y, anything else is highly unlikely. Even specialized companies have serious issues getting into a modern smartphone, lest alone an Android 12 phone with a Google Server grade Titan m2 chip. The newer the firmware, the less likely the chance that someone from the outside could get in, especially with a phone like a Pixel that isn't very common. Most security firms/govermental agencies can only abuse older, known security loopholes. It's more likely that very popular phones like a Samsung or IPhone are targets from "the bad guys", since there will be bigger payoff for breaking the security of those phones, since there is a greater pool of users to target. Most hacks I've witnessed weren't random, they were targeted. Ask yourself: Am I worth the trouble of getting hacked? Do you have anything of interest on your phone that would warrant an excessive use of resources? Managing to hack a Pixel is not only unlikely in terms of the security you need to breach, but also in terms of the potential payoff in relation to the necessary knowhow and resources. It's just "not worth it".
What you should do immediately, just in case, is secure your Google account. Change your password. Maybe even change your two-factor authentication, if you have one (sms is not secure, use a token generating software/device). Change the wifi password from your girlfriend and check the list of connected devices. make a list of these connected devices + history (find that in the rooter software) and check them against the devices you know of. Also check the list of connected devices to your GAccount. Use the option to log out ALL devices from your Google account, so only your device is connected.
Do any other people have access to your phone? Do any other people know your passwords? Does your girlfriend has access? Do any other people have biometric security saved on your phone? Do you trust your girlfriend completely?
Make sure you use a special, new password for your GAccount, never reuse old ones that you have used somewhere else. Also check your emails on https://haveibeenpwned.com/
Beyond that, if you are not doing already, use a password manager.
Woodruff87 said:
Im not sure who or how they wiped anything. It happened one day after connecting to my girlfriends wifi. I got ahold of Verizon and they sent me a new phone and as soon as I started it the same thing happened to it also
Click to expand...
Click to collapse
Wait a sec. Verizon sent you a new (refurbished probably but new nonetheless) phone and when you turned it on weren't you greeted with the startup menu? Am I missing something?
Morgrain said:
Did you unlock the bootloader? Have custom firmware/kernel installed?
A "hacker" wins nothing by resetting/wiping your phone. They want data, and that only works if the phone can turn on and works. This looks like a wipe/factory reset gone wrong, which spells user error or software error and less likely a "hacker" attack. Most hacks you will never notice. A hacker that makes you notice that something went wrong, is either an amateur or did it on purpose. Ergo, he wants you to know that something went wrong, which usually only happens in order to extort you. If there is no extortion, then an obvious act by a hacker is highly unlikely.
We need some more information. What firmware had you installed? What happened exactly when. Did you install any new apps recently? What did you do prior to something going wrong? All the information that could help us troubleshoot your issue.
You said your phone wiped itself a day after connecting to your girlfriends wifi, and that a replacement device that you got sent by your carrier, did the same. Did you check your Google account? Do you have two factor authentication activated? It sounds like your phone got wiped over wifi, which would require access to your Google account. It's just odd that you get errors, which normally shouldn't happen if someone would use the erase a lost Android device function.
It's also possible that your backup from your GAccount is simply corrupted (many people had issues with random reboots). You should try and set up your (replacement) phone anew without any backup, maybe that can fix your issue.
Beyond that Google account thing-y, anything else is highly unlikely. Even specialized companies have serious issues getting into a modern smartphone, lest alone an Android 12 phone with a Google Server grade Titan m2 chip. The newer the firmware, the less likely the chance that someone from the outside could get in, especially with a phone like a Pixel that isn't very common. Most security firms/govermental agencies can only abuse older, known security loopholes. It's more likely that very popular phones like a Samsung or IPhone are targets from "the bad guys", since there will be bigger payoff for breaking the security of those phones, since there is a greater pool of users to target. Most hacks I've witnessed weren't random, they were targeted. Ask yourself: Am I worth the trouble of getting hacked? Do you have anything of interest on your phone that would warrant an excessive use of resources? Managing to hack a Pixel is not only unlikely in terms of the security you need to breach, but also in terms of the potential payoff in relation to the necessary knowhow and resources. It's just "not worth it".
What you should do immediately, just in case, is secure your Google account. Change your password. Maybe even change your two-factor authentication, if you have one (sms is not secure, use a token generating software/device). Change the wifi password from your girlfriend and check the list of connected devices. make a list of these connected devices + history (find that in the rooter software) and check them against the devices you know of. Also check the list of connected devices to your GAccount. Use the option to log out ALL devices from your Google account, so only your device is connected.
Do any other people have access to your phone? Do any other people know your passwords? Does your girlfriend has access? Do any other people have biometric security saved on your phone? Do you trust your girlfriend completely?
Make sure you use a special, new password for your GAccount, never reuse old ones that you have used somewhere else. Also check your emails on https://haveibeenpwned.com/
Beyond that, if you are not doing already, use a password manager.
Click to expand...
Click to collapse
Thanks I really appreciate the help and all the advice. I checked https://haveibeenpwned.com/ and my account has been pawned in 1 data breach... I will deactivate the Google account and start over fresh. Thanks again for all the info
bencozzy said:
Two things are they refurbished? And do they work without signing into google?
Click to expand...
Click to collapse
The first one was new, but the one I got from Google as a replacement was refurbished. Ill try resetting through the settings and deactivating all my accounts.
Woodruff87 said:
Thanks I really appreciate the help and all the advice. I checked https://haveibeenpwned.com/ and my account has been pawned in 1 data breach... I will deactivate the Google account and start over fresh. Thanks again for all the info
Click to expand...
Click to collapse
This, among many other things, is one of the reasons I use GrapheneOS and NO gooble services (despite all the attention they give to sandboxed gooble services).
Woodruff87 said:
Thanks I really appreciate the help and all the advice. I checked https://haveibeenpwned.com/ and my account has been pawned in 1 data breach... I will deactivate the Google account and start over fresh. Thanks again for all the info
Click to expand...
Click to collapse
your google address was found on that site for another service and you used the same password for both services, correct?
despite what some believe, your google account will not get hacked unless your password is insecure (ie. leaked or insufficient with 2FA). anything less and your asking for trouble (also using GrapheneOS).