I'd like to add my corporate email to my head unit. On my tablet, it requires security to be enabled with a pin. I don't want that on my head unit. Any way around it? I want to be able to use everything else in the radio, and I'm thinking its best not to add it?
Thanks!
There are two apps in the market you can use - Touchdown or Nine (I prefer nine)
It satisfies the PIN requirement by forcing you to type in your pin only when you open the app - not on the entire device.
It does let you read part of incoming messages in notification without requiring pin at all.
As far as I know there is no simple way to completely remove the pin
Hooch0903 said:
On my tablet, it requires security to be enabled with a pin. I don't want that on my head unit.
Click to expand...
Click to collapse
Depends. Do you want to keep your job? The Android email app is simply enforcing a corporate policy. You would likely be violating your company's policy if you bypass it.
I'll have to ask if they'll approve it, since I can't add the radio to the server without their approval anyway. Appreciate the input...guess we'll see what they say about it.
Sent from my iPhone using Tapatalk
Related
When I set up my exchange 07 account on my tilt it forced me to set a password lock on my phone. Honestly I don't have many security concerns with my mobile, and would like to bypass it because it's annoying. Is there a workaround for the password lock?
Set your lock to only prompt you after 24 hours of inactivity.
On the flip side, with WM6.5, the lock screen is much more useful.
lordxiagan said:
When I set up my exchange 07 account on my tilt it forced me to set a password lock on my phone. Honestly I don't have many security concerns with my mobile, and would like to bypass it because it's annoying. Is there a workaround for the password lock?
Click to expand...
Click to collapse
Search....
http://forum.xda-developers.com/showthread.php?t=317107
lordxiagan said:
When I set up my exchange 07 account on my tilt it forced me to set a password lock on my phone. Honestly I don't have many security concerns with my mobile, and would like to bypass it because it's annoying. Is there a workaround for the password lock?
Click to expand...
Click to collapse
Is this your employers Exchange server? If so, they might have concerns about security (or they wouldn't be enforcing that policy).
The short answer is no, you can't bypass that password lock. Not if it's set on the Exchange server to enforce it. That's the only things that's made ActiveSync acceptable to corporations. End users always think any security is annoying. That's why it has to not be an option.
TomH123 said:
The short answer is no, you can't bypass that password lock..
Click to expand...
Click to collapse
erm.....didnt ADB100 just post a link showing how u can bypass the exchange security policy?
XtreMe_G said:
erm.....didnt ADB100 just post a link showing how u can bypass the exchange security policy?
Click to expand...
Click to collapse
I did, but it can be a bit chicken-and-egg if your IT dept has decided to enforce the policy each time your device connects. I hate this big brother approach and little things like this can quite easily put people off using their devices to their full potential.
Andy
ADB100 said:
I did, but it can be a bit chicken-and-egg if your IT dept has decided to enforce the policy each time your device connects. I hate this big brother approach and little things like this can quite easily put people off using their devices to their full potential.
Andy
Click to expand...
Click to collapse
"big brother approch"? Have you even read 1984? A company wants to secure their property and it's considered big brother?
You're connecting to their Exchange server, downloading their content and they know you won't take security seriously unless you're forced to. I suppose you think server passwords and firewalls are "Big Brother" tactics as well? The potential of the device can be negated pretty quickly with no security in place.
zanyee
zanyee stayunlock will do what you need, simple and easy.
TomH123 said:
"big brother approch"? Have you even read 1984? A company wants to secure their property and it's considered big brother?
You're connecting to their Exchange server, downloading their content and they know you won't take security seriously unless you're forced to. I suppose you think server passwords and firewalls are "Big Brother" tactics as well? The potential of the device can be negated pretty quickly with no security in place.
Click to expand...
Click to collapse
Yes, if it was their phone. It isn't, its mine. They want me to be contactable via email all the time so they provide a push email service (both BlackBerry and Exchange Activesync) which we can use. This allows purely emails to be sent and received, however they enforce a security policy on the devices that connect. With BBC (which I currently use until I get ActiveSync'd) they enforce a 10-minute complex password phone lock policy that can't be disabled - have you tried to use TomTom Navigator in a car with a 10-minute lock? It's impossible - this is my main gripe
I fully understand the need for security but having stupid timers (10-minutes?) is just annoying and makes you not want to use the device.
Andy
ADB100 said:
have you tried to use TomTom Navigator in a car with a 10-minute lock? It's impossible - this is my main gripe
I fully understand the need for security but having stupid timers (10-minutes?) is just annoying and makes you not want to use the device.
Andy
Click to expand...
Click to collapse
Valid issue...have you tried talking to you it Dept. about maybe changing it to maybe a hour or so ?
New to android and captivate, so excuse me if I'm missing something..but it seems that with one's google account being tied into all the functions, including buying in the market with the credit card on file with google..there has to be a setting to not allow the device to be used with a different sim..or some kind of security that will lock down your google account if the phone is stolen? Is something built in..or is there an app out there that people generally use for peace of mind?
EDIT: All of the recent Nokia phones I've had has a setting to not allow a different sim to be used
fldude99 said:
New to android and captivate, so excuse me if I'm missing something..but it seems that with one's google account being tied into all the functions, including buying in the market with the credit card on file with google..there has to be a setting to not allow the device to be used with a different sim..or some kind of security that will lock down your google account if the phone is stolen? Is something built in..or is there an app out there that people generally use for peace of mind?
Click to expand...
Click to collapse
Very interesting. I too would like to know the answer. This is one of the many reasons why I NEVER use:
A) Mobile Banking
B) Purchases of any kind that includes Plastic
C) Setup any accounts that wire account info
Call me paranoid, but hey, it will save you a ton of headache on that unfortunate "if" day. Please keep us posted.
So does anybody have an answer...or at least some kind of marketplace app that is used for security?
So is nobody interested in security? Or is there just no simple solution..one thing that I miss on my Nokia N97 is the remote lock..send a text of a secret word, and poof the device is locked...done
I think people are interested to some degree but no widely known easy method. And just an fyi, rooting your phone and gaining superuser privileges - as many of us have done - creates a big security hole for trogin malware attack, so if you have rooted your phone take care and know what your installing and try to pay attention to anything using super user privileges.
Hi,
Just wondering, I want to bypass the exchange policy (annoying pin lock), so thinking of using those modified AOSP email.apks.
However I would like to retain use of the original email client provided by Samsung.
Anyway to say setup and sync with the modified email.apks but then use Samsung's read/compose ? Do they share same database?
Ideally of course would be a modified Samsung email.apk.
Cheers
fy
fylim said:
Hi,
Just wondering, I want to bypass the exchange policy (annoying pin lock), so thinking of using those modified AOSP email.apks.
However I would like to retain use of the original email client provided by Samsung.
Anyway to say setup and sync with the modified email.apks but then use Samsung's read/compose ? Do they share same database?
fy
Click to expand...
Click to collapse
My initial response was: no. But thinking about it, there is a chance this actually might work. AFAIK, the way that the modified email apks work is that the creation of a "security device admin" is surpessed when defining an exchange account (don't know the exact name in english, but it's a device wide pin lock because you have to enter it every time you wake your phone from sleep). But apart from that a modified email apk creates accounts & databases exactly the same way as the original. One question remains open, and that is that an original email app might check for a policy also every time the account is actually used.
Also, a problem with the modified email apks is that they want to replace the existing email system app. If there is a way to keep the exisiting email app in place, and install a modified second one to just create the exchange accounts, this might work. I have been installing system apps manually through Root Explorer before, surpressing replacements, i will try tonight with email apps
Thanks. For your feedback. It is not exactly clear how the modified apks work. I would think that it would be easier to 'inform' that the policy is applied but does nothing to trigger the pin lock setting.
In this case it may work. Also head that Autostarts can disable this device administrator on some phones but sadly the 1.6.1 version on mine doesn't. It says do not have sufficient permission although already given rooted permission.
Appreciate if you could let me know how did your tests go.
Cheers
Hey all. I tried syncing my university outlook account to my phone and the server requested literally FULL CONTROL over the device. I'm talking everything from camera functions to having the ability to erase my phones data.
Naturally, this poses as somewhat of a threat to me but I really need that account on my device. Does anyone know how to revoke the outlook server's administrative rights, perhaps via app ops?
QUICK UPDATE: it's asking me to encrypt my phone or else the native email app which I synced it to will not run. Can anyone stop this as well?
Sent from my SM-G900A using XDA Free mobile app
abraxo said:
Hey all. I tried syncing my university outlook account to my phone and the server requested literally FULL CONTROL over the device. I'm talking everything from camera functions to having the ability to erase my phones data.
Naturally, this poses as somewhat of a threat to me but I really need that account on my device. Does anyone know how to revoke the outlook server's administrative rights, perhaps via app ops?
QUICK UPDATE: it's asking me to encrypt my phone or else the native email app which I synced it to will not run. Can anyone stop this as well?
Sent from my SM-G900A using XDA Free mobile app
Click to expand...
Click to collapse
these policies are set by the university exchange administrators and can be over-wrote by mods (However, i highly recomend against it, some mods just aren't worth the security holes they create) I know it sounds like big brother taking over but it is the responsibility of the exchange admin to maintain security control over the exchange environment. if you were to remove the security and something detrimental happened i.e. the U got hacked and it was traced back to your account well the results would be not in your favor.
that being said the control and requirements are granular to an extent your exchange admin should remove the ability to control any aspect of your device except the specific email account you are reffering to.
cstayton said:
these policies are set by the university exchange administrators and can be over-wrote by mods (However, i highly recomend against it, some mods just aren't worth the security holes they create) I know it sounds like big brother taking over but it is the responsibility of the exchange admin to maintain security control over the exchange environment. if you were to remove the security and something detrimental happened i.e. the U got hacked and it was traced back to your account well the results would be not in your favor.
that being said the control and requirements are granular to an extent your exchange admin should remove the ability to control any aspect of your device except the specific email account you are reffering to.
Click to expand...
Click to collapse
But would you say it is worth encrypting the device? Way I see it, there isn't too big of a difference between a pass code and encryption except for the fact that you can't undo the latter without a factory reset. Is there a way to at least bypass that or do you recommend going through with the device encryption anyway?
Sent from my SM-G900A using XDA Free mobile app
abraxo said:
But would you say it is worth encrypting the device? Way I see it, there isn't too big of a difference between a pass code and encryption except for the fact that you can't undo the latter without a factory reset. Is there a way to at least bypass that or do you recommend going through with the device encryption anyway?
Sent from my SM-G900A using XDA Free mobile app
Click to expand...
Click to collapse
are they requiring device encryption or email encryption? the law firm where i work requires that all email on the device be encrypted but do not enforce device encryption.
My personal opinion is im fine with the email encryption but when they tell me my whole device requires it thats where they cross the line, access to my email is not that crucial that im willing to encrypt my whole device.
ultimately the decision is yours.
Make sure you put 1* reviews on your Banking apps or all apps that need updating to support face unlock, hopefully it will help speed up the development and support of face unlock on the pixel 4. I am really missing fingerprint unlock on my apps!
Demolition49 said:
Make sure you put 1* reviews on your Banking apps or all apps that need updating to support face unlock, hopefully it will help speed up the development and support of face unlock on the pixel 4. I am really missing fingerprint unlock on my apps!
Click to expand...
Click to collapse
Why? I just contacted my credit union asking for them to add support. Maybe larger national banks and stuff should have been aware and had support ready but smaller, more local institutions might just need to know that it's a thing on Android now.
Sent from my Pixel 4 XL using XDA Labs
In the Play Store, you can reach out to contact each app's development team via email. I've written to Chase, Bank of America, Mint, Credit Karma, and the other apps I use. Some developers are aware that they need to update, others aren't. Here are some of the responses I've received.
My original email (to each app):
Please update the Android app to support the biometric API so that I can use the secure face unlock on my Pixel 4! Thank you!
Click to expand...
Click to collapse
Bank of America:
Thank you for your feedback and we apologize for the inconvenience. We are working to update to the latest biometric authentication for the Pixel 4 and expect to have a supporting app shortly. For now, sign-in to the app using your online ID and password. Please look out for an app update soon.
Click to expand...
Click to collapse
Chase:
We'll be happy to review your request to update the
Android App.
Ivan, please note that the Chase Mobile App will work on
any Android smart phone or tablet running Android
operating system 5.0 (Lollipop) or higher. The minimum
operating system is 5.0 or higher. If your mobile phone
does not have the minimum requirement, the Chase Mobile
app will not be compatible.
We want our mobile app users to have the best experience
possible, so we regularly test chase.com using the most
current versions of operating systems. Since some mobile
app functionality may not work well on older operating
systems, we ask that you perform these updates. We
recommend you update your operating system and application
to the newest versions available. If your device isn't set
up to receive updates automatically, you can get the We
recommend you update your operating system and application
to the newest versions available.
We appreciate your business and thank you for choosing
Chase.
Click to expand...
Click to collapse
Credit Karma:
To determine if your Touch ID or Face ID function is turned on or off, go into your settings by clicking the icon in the top right corner of the app. The directions are the same whether you’re using Touch ID or Face ID.
If Touch or Face ID is turned on you will see a green circle with a white check mark.
If it’s turned off, simply click the empty circle and you’ll be prompted with a message stating the fingerprints or face registered on your phone can be used to access your Credit Karma account. Click “OK” to this prompt and you will be asked to enter your PIN to confirm this change.
Touch or Face ID is now turned on and you will be allowed to use this function to access the Credit Karma app moving forward.
Please note that if you log out of your account, the next time you open the app you’ll be prompted to enter your email address and password.
Thanks so much,
Click to expand...
Click to collapse
I've been sending further follow-ups to the ones who clearly don't understand what we are asking.
The more people who contact them, the more they'll understand that their apps are the problem by not using the current API.
I think Chase already stated that they were going to have an update before the end of the year. Hopefully sooner rather than later.
Robinhood works!
btonetbone said:
In the Play Store, you can reach out to contact each app's development team via email. I've written to Chase, Bank of America, Mint, Credit Karma, and the other apps I use. Some developers are aware that they need to update, others aren't. Here are some of the responses I've received.
My original email (to each app):
Bank of America:
Chase:
Credit Karma:
I've been sending further follow-ups to the ones who clearly don't understand what we are asking.
The more people who contact them, the more they'll understand that their apps are the problem by not using the current API.
Click to expand...
Click to collapse
Very nice work, I have left reviews and also contacted all my Banks via email. Hopefully it speeds up the process.
Throwing up a bunch of one-star reviews won't help, and all it serves to do is make the rater (you) look petty and childish. I'll send an email to my institutions, like a grownup, and go from there.
Getting in contact directly works best, via the play store will get you to the android app devs. I usually go through Twitter and you get a spokesperson who wouldn't know an apk from an adb and will give a stock response of soon™.
Remind them that the old biometric APIs are deprecated and that they should update to current versioning. Should anything happen they don't want to be the story of the bank that wasn't able to keep up.
Honestly I'm not missing it that much for my bank that much because I use LastPass which autofills it quickly. I do miss it for Outlook though because I have to do a pin.
Sent from my Pixel 4 XL using Tapatalk
So Far E-Trade has been updated to the Pixels face Unlock... I sent an email via the app store also to a credit union hoping they will update their app. I'm hoping within the next 2 weeks to a month that all major banks will update...
How secure if this anyway? I mean, my banking account has a password. I enter that password in my banking app to log into my account. In the future I will use my facial scan to log into my banking app.
Does that mean my banking account will have two password (1x password + 1x facial scan) oder will my password be stored somewhere in the app or on android and simply be passed on the my facial scan is verified?
Both do not sound very secure to me.
If you don't feel it's secure then just don't use the app.. simple. I trust that the banks know the risks and have mitigated them. After all they are the ones on the hook if there's fraud.
bobby janow said:
If you don't feel it's secure then just don't use the app.. simple. I trust that the banks know the risks and have mitigated them. After all they are the ones on the hook if there's fraud.
Click to expand...
Click to collapse
Not really the informative answer I was looking for.
I wouldn't blindly trust a bank app or any of the other countless apps that would use my facial scan.
What happens if your facial scan gets stolen / leaked. Everyone with that information will for ever be able to access your data. And you can't even change your access code like you would be able to with a password.
And it seems like you also have no idea where your facial scan is being saved, and how it is secured / locked down. Maybe it is just a plain file on your phone's storage? You don't seem to know.
Why no simply write down all your passwords in a .txt file and save it on your sdcard? That would alteast have the advantage that you could change your password at some point.
Utini said:
Not really the informative answer I was looking for.
I wouldn't blindly trust a bank app or any of the other countless apps that would use my facial scan.
What happens if your facial scan gets stolen / leaked. Everyone with that information will for ever be able to access your data. And you can't even change your access code like you would be able to with a password.
Click to expand...
Click to collapse
Isn't the face unlock for that device only? It's not like someone can install your bank app on their phone, somehow use your face unlock information, and spoof you on that device. Also there's still 2 step verification, at least with my bank, so the new app would still need to get the verification code. If anything, it's easier to do with your password because that's something that can be typed in and then somehow get the verification code text.
Sent from my Pixel 4 XL using Tapatalk
Utini said:
Not really the informative answer I was looking for.
I wouldn't blindly trust a bank app or any of the other countless apps that would use my facial scan.
What happens if your facial scan gets stolen / leaked. Everyone with that information will for ever be able to access your data. And you can't even change your access code like you would be able to with a password.
Click to expand...
Click to collapse
I'm not sure of the question you are asking. It seemed rhetorical to me basically commenting on how you don't think fingerprint, facial or password entry is secure on your app. I don't think any of it is stored in the cloud but nonetheless it's probably not as secure as walking into your bank and transacting with a teller. Even websites probably aren't as secure as you wish they were. So what exactly are you asking that you expect a reply to? You can perhaps check with your bank as to what your liability would be if your account got hacked.
EeZeEpEe said:
Isn't the face unlock for that device only? It's not like someone can install your bank app on their phone, somehow use your face unlock information, and spoof you on that device. Also there's still 2 step verification, at least with my bank, so the new app would still need to get the verification code. If anything, it's easier to do with your password because that's something that can be typed in and then somehow get the verification code text.
Sent from my Pixel 4 XL using Tapatalk
Click to expand...
Click to collapse
Oh is it? That makes it defeniately more secure. But then I would still like to know how it is ensured that my facial scan only works with my specific mobile device and not with any other mobile device.
Yep for banking there is still 2 step verficiation. Good point. But I was actually thinking more about e.g. KeePass.
bobby janow said:
I'm not sure of the question you are asking. It seemed rhetorical to me basically commenting on how you don't think fingerprint, facial or password entry is secure on your app. I don't think any of it is stored in the cloud but nonetheless it's probably not as secure as walking into your bank and transacting with a teller. Even websites probably aren't as secure as you wish they were. So what exactly are you asking that you expect a reply to? You can perhaps check with your bank as to what your liability would be if your account got hacked.
Click to expand...
Click to collapse
Maybe I didn't explain my question good enough. I will try again:
Currently I would unlock e.g. my KeePass Database with a password.
In the future I would use my facial scan for that.
I wonder at what point my facial scan will access my password of the KeePass Database, because it somehow has to know my password in order to unlock KeePass?
And in that case my password suddenly isn't saved only in my head anymore but also within android or another app (because Face Unlock has to somehow know it?).
Or will my KeePass database get a second "password" which is my facial scan data?
In that case I want to make sure that my facial scan is very secure and can't be stolen. Because if it turns up in smth like "haveibeenpwnd.com" everyone will forever be able to access all my files with my leaked facial scan which I cannot even change to something different anymore.
Utini said:
Maybe I didn't explain my question good enough. I will try again:
Currently I would unlock e.g. my KeePass Database with a password.
In the future I would use my facial scan for that.
I wonder at what point my facial scan will access my password of the KeePass Database, because it somehow has to know my password in order to unlock KeePass?
And in that case my password suddenly isn't saved only in my head anymore but also within android or another app (because Face Unlock has to somehow know it?).
Or will my KeePass database get a second "password" which is my facial scan data?
In that case I want to make sure that my facial scan is very secure and can't be stolen. Because if it turns up in smth like "haveibeenpwnd.com" everyone will forever be able to access all my files with my leaked facial scan which I cannot even change to something different anymore.
Click to expand...
Click to collapse
I used LastPass and I think it's not different then when I died the fingerprint option for it. There's a master password for the account and biometric login is, again, just for the individual device. And again, there's 2 step verification at least with LastPass, for whenever you set up.
Sent from my Pixel 4 XL using Tapatalk
EeZeEpEe said:
I used LastPass and I think it's not different then when I died the fingerprint option for it. There's a master password for the account and biometric login is, again, just for the individual device. And again, there's 2 step verification at least with LastPass, for whenever you set up.
Sent from my Pixel 4 XL using Tapatalk
Click to expand...
Click to collapse
Sounds interesting and secure. Now I am interested in how it is ensured that my fingerprint / facial scan will only work with my specific mobile device and that the stolen data from my device can't be used from another device
Utini said:
Oh is it? That makes it defeniately more secure. But then I would still like to know how it is ensured that my facial scan only works with my specific mobile device and not with any other mobile device.
Yep for banking there is still 2 step verficiation. Good point. But I was actually thinking more about e.g. KeePass.
Maybe I didn't explain my question good enough. I will try again:
Currently I would unlock e.g. my KeePass Database with a password.
In the future I would use my facial scan for that.
I wonder at what point my facial scan will access my password of the KeePass Database, because it somehow has to know my password in order to unlock KeePass?
And in that case my password suddenly isn't saved only in my head anymore but also within android or another app (because Face Unlock has to somehow know it?).
Or will my KeePass database get a second "password" which is my facial scan data?
In that case I want to make sure that my facial scan is very secure and can't be stolen. Because if it turns up in smth like "haveibeenpwnd.com" everyone will forever be able to access all my files with my leaked facial scan which I cannot even change to something different anymore.
Click to expand...
Click to collapse
Oh I see now. This really has more to do with your password manager than the bank. Unfortunately, I don't use a PM even though I suppose I should. Everyone says it's pretty secure. Since I don't really know what I'm talking about at this point I'll give it a shot anyway. lol
I don't think the facial scan or the fingerprint scan is saved anywhere other than your device. But I do use fingerprint (or did) scans on my banking app. If I change my password on the banking site my fingerprint scan will no longer work on the app. I would first have to change my password on the app and then reregister my fingerprint when the new password is entered. Can we compare it to the face scan at this point? I mean you can't change your fingerprints either right? Before I go on, am I reading your concerns correctly?
Utini said:
Sounds interesting and secure. Now I am interested in how it is ensured that my fingerprint / facial scan will only work with my specific mobile device and that the stolen data from my device can't be used from another device
Click to expand...
Click to collapse
https://support.google.com/pixelphone/answer/9517039?hl=en
Maybe this confirms it?View attachment 4860867
Sent from my Pixel 4 XL using Tapatalk