SECURITY WARNING!
Note: Because the last thread closed by Perseus (thanks to XePeleato who lobbied for it from Madrid and he said that "Please stop trying to write in Spanish, I don't understand a single word.") I am forced to open a new thread and in this time upload a YouTube video to proof that ALL P8 LITE HAVE A POTENTIALLY DANGEROUS SECURITY ISSUE.
NOT POSSIBLE TO ENCRYPT THE PHONE and I requested here: [ROM][OTA Update] ALE-L21 Dual SIM C432B574 to DELETE THE ROM URGENTLY because if more people updating or flashing the ROM more and more people will be affected very seriously.
This issue I find not just on B574 but on B564 as well.
I kindly request everyone that in the future before posting comments make a full backup on the phone and do the same what I am doing on the video below.
Here you go:
PLEASE WAIT UNTIL HUAWEI FIX THIS (or if you already unlocked the bootloader flash the stock ROM!
(Because Perseus closed the previous thread, I again need to contact with HUAWEI and ask the to keep they eyes on this thread. I request all admin and moderator NOT to close this one because it's helping all device owners and Huawei to resolve this serious security issue)
Thank you for your attention,
AndroidSecurity
All these ROMs are stock. As you can see, nobody cares. Think about not spamming here.
Sent from my Huawei ALE-L21 using XDA Labs
No one encrypts their device, not even 1% of all android owners. I dont care NSA or FBI looking at my cat pictures. So please, stop spamming these mindless posts and opening up new threads. Your previous thread already got closed because you were SPAMMING and acting in a disrespectful manner
The company that I work in use gmail for work and it requires us to encrypt our phone any other stuff to sync so I think this is a pretty serious issue.
Just because you don't use it, doesn't mean others don't too.
Hope Huawei fixes this as I don't want to use our company issued iphones.
Why... That video is so misleading... Why do you talk like if you knew exactly what's going on? This community would be really nice if people said "Help, I can't get it to work " instead of "It doesn't work", or "it's broken" ... I really have a lot of stuff to do, I am just answering to the people who actually believe that their 'naughty secrets' have been compromised.
First of all I am going to explain how does it work, and then, I'll tell you how to check if it's encrypted or not.
Android, as you may know, has some partitions, of course, it doesn't encrypt them all, just the data partition, where your apps data and internal storage live. And I can make such statement because I can actually prove it scientifically, not recording a video, here you have the original emui FsTab, Do you know what it is? Sure you do! You have been programming for 15 years, but I'll explain it for everyone else, FsTab is a file where the Filesystems are defined so android can mount them correctly: https://gyazo.com/ca9072281128b56416bb1fff9163f0c0 At line 9, the data partition is defined, and it ends with 'encryptable=footer' that means that encryption is supported.
Then, you say that it takes very little amount of time to restart, that's because the encryption takes place after that restart, at the Huawei logo, and of course, I'll prove it with a logcat, that, if you don't believe, you can check your own, as well as the Fstab file. https://gyazo.com/1b75c6835be7025169071a7ecc88df16
Cryptfs takes care of encrypting the data partition, as you can see, and then it obviously, as you proved with your video, asks you for the code. But then you say that it stops asking for the code when you change it! Yeah, it does, but it remains encrypted, because the key, or the pattern, is not the real encryption key, it's the key, that unlocks the real key, that's stored inside a cryptographically secure area of the CPU, what you do when you remove the code, is remove a layer of protection, but that doesn't stop the device from being encrypted, because, Can you encrypt it again? The answer is no. What you can do, is change the key by invoking cryptfs from the command line. Should Huawei let you change the passcode via a graphical interface? It would be nice, but the device remains encrypted, until you boot it up.
However, keep this in mind, if you change the code and it no longer asks you for it at the system start, it asks you for it at the home screen, and if you don't have the code, you can't access any file, and if you leave it without a passcode, then you shouldn't be thinking about encryption at all
Now, how can you check at home that it works? Easy, install TWRP or another recovery and try to read/write to your data partition, you'll see you can't. Another thing you can do, is run this command through adb shell 'getprop ro.crypto.state' it will say 'encrypted' of course, if you want to mess with cryptfs just run this command 'vnd cryptfs' and then whatever parameter, by the way, you can check cryptfs code here: https://android.googlesource.com/platform/system/vold/+/master/cryptfs.c to figure out the parameters or just google them.
Now be more careful when you see something and believe it without thinking about it.
P.S: Your thread is closed because you were unrespectful, I have nothing against you or against security, I hope you don't treat this as a personal attack, because it is not.
Encryption works on my device. Your is the only that's broken. I would suggest you go and replace it.
It's very clear that your only mission is to make everyone panic. That's why you keep resubmitting this over and over and try to stop EVERYONE from upgrading to newest version even though almost NO ONE would be affected if this issue was real.
Sent from my ALE-L21 using XDA-Developers mobile app
SHOW ME A VIDEO! I REFUSING TO ACCEPT ANY KIND OF PERSONAL ATTACK IN THIS FORUM. NO ONE OF YOU PROVIDING EVIDENCE THAT I AM WRONG. ALL OF YOU COME HERE AND POSTING BECAUSE SOMEBODY CALLED YOU TO DO IT. I REQUESTING ALL MODERATOR AND ADMIN TO COME HERE.
I POSTING HELPFUL EVIDENCES THAT THE PHONE AND THE ROM IS DANGEROUS. ALL OF YOU CAN GO TO HELL IF YOU ARE NOT ABLE TO RESET THE PHONE AND DO WHAT I DO IN THE VIDEO.
I GARANTEE THAT NO ONE OF HUWEI P8 LITE DEVICE CAN BE ENCRYPTED!!!!
By the way Android 6.0 according to Google requires to enable full disc encryption.
I showed on the video my build number and everything which can be used to verify my statements. I am on stock ROM unlocked bootloader etc. YOU and ONLY you who comes here are discrediting me. But helpful comments you cant provide as I did.
I STRONGLY RECOMMEND DO THE SAME WHAT I DO IN THE VIDEO AND RECORD IT AND POST IT HERE. DO IT!! NOT ATTACK ME WHO HELPING EVERYBODY.
POST HERE VIDEO WHERE YOU SHOWING YOUR BUILD NUMBER AND DOING EXACTLY THE SAME AS I DID. NO CUT ON VIDEO!!!
THANK YOU
I am sorry, but moderators please could you ban this jerk. Everybody knows that using CAP is yelling and he continues to be disrespectful to everybody that disagrees with him, so he should sit in his room with his phone switched off and that is that. Please !
---------- Post added at 07:58 PM ---------- Previous post was at 07:56 PM ----------
He should also learn better spelling. I hope his programming (15 years) is better.
AndroidSecurity said:
SHOW ME A VIDEO! I REFUSING TO ACCEPT ANY KIND OF PERSONAL ATTACK IN THIS FORUM. NO ONE OF YOU PROVIDING EVIDENCE THAT I AM WRONG. ALL OF YOU COME HERE AND POSTING BECAUSE SOMEBODY CALLED YOU TO DO IT. I REQUESTING ALL MODERATOR AND ADMIN TO COME HERE.
I POSTING HELPFUL EVIDENCES THAT THE PHONE AND THE ROM IS DANGEROUS. ALL OF YOU CAN GO TO HELL IF YOU ARE NOT ABLE TO RESET THE PHONE AND DO WHAT I DO IN THE VIDEO.
I GARANTEE THAT NO ONE OF HUWEI P8 LITE DEVICE CAN BE ENCRYPTED!!!!
By the way Android 6.0 according to Google requires to enable full disc encryption.
I showed on the video my build number and everything which can be used to verify my statements. I am on stock ROM unlocked bootloader etc. YOU and ONLY you who comes here are discrediting me. But helpful comments you cant provide as I did.
I STRONGLY RECOMMEND DO THE SAME WHAT I DO IN THE VIDEO AND RECORD IT AND POST IT HERE. DO IT!! NOT ATTACK ME WHO HELPING EVERYBODY.
POST HERE VIDEO WHERE YOU SHOWING YOUR BUILD NUMBER AND DOING EXACTLY THE SAME AS I DID. NO CUT ON VIDEO!!!
THANK YOU
Click to expand...
Click to collapse
Taken from: https://source.android.com/security/encryption/index.html
Full disk encryption is the process of encoding all user data on an Android device using an encrypted key. Once a device is encrypted, all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process.
Click to expand...
Click to collapse
You obviously don't have a clue about what Full disk encryption means.
It has been proven that this claims are all false, so I'd just stop answering him and let the thread get buried, like all the other troll threads.
AndroidSecurity said:
SHOW ME A VIDEO! I REFUSING TO ACCEPT ANY KIND OF PERSONAL ATTACK IN THIS FORUM. NO ONE OF YOU PROVIDING EVIDENCE THAT I AM WRONG. ALL OF YOU COME HERE AND POSTING BECAUSE SOMEBODY CALLED YOU TO DO IT. I REQUESTING ALL MODERATOR AND ADMIN TO COME HERE.
I POSTING HELPFUL EVIDENCES THAT THE PHONE AND THE ROM IS DANGEROUS. ALL OF YOU CAN GO TO HELL IF YOU ARE NOT ABLE TO RESET THE PHONE AND DO WHAT I DO IN THE VIDEO.
I GARANTEE THAT NO ONE OF HUWEI P8 LITE DEVICE CAN BE ENCRYPTED!!!!
By the way Android 6.0 according to Google requires to enable full disc encryption.
I showed on the video my build number and everything which can be used to verify my statements. I am on stock ROM unlocked bootloader etc. YOU and ONLY you who comes here are discrediting me. But helpful comments you cant provide as I did.
I STRONGLY RECOMMEND DO THE SAME WHAT I DO IN THE VIDEO AND RECORD IT AND POST IT HERE. DO IT!! NOT ATTACK ME WHO HELPING EVERYBODY.
POST HERE VIDEO WHERE YOU SHOWING YOUR BUILD NUMBER AND DOING EXACTLY THE SAME AS I DID. NO CUT ON VIDEO!!!
THANK YOU
Click to expand...
Click to collapse
Being ingnorant and disrespectful will not fix any problem you think is going on in your video. Simply calm down and accept that some poeple don't have that problem and the majority don't use this function. If you wanted to warn others simply warn them and that will be that. Also android 6.0 comes with full disk encryption but one thing forgotten here is that we aren't running vanilla android MM. Also Huawei didn't force anyone into updating their firmware. We could complain if it were a major flaw but this bug does not make the device unusable. Also your ignorance reached that of global ingorance. You said and I quote "ALL OF YOU CAN GO TO HELL IF YOU ARE NOT ABLE TO RESET THE PHONE AND DO WHAT I DO IN THE VIDEO. " Religious ignorance, and just general ignorance. As of now I call for a moderator to resolve this issue since I don't have such permissions. You first try to help us and when we try to reason everything and calming people down you attack - also ignorance. Just stupidity in my mind.
Edit: And as it would seem there isn't any problem concerning our encryption.
"Doesn't matter how good of an Idea a person has, if he cannot express it and ignores help to do so, he is as stupid as the rest of us." - me.
You tested one phone and you can't say that EVERY is affected.
Also, who would call people to disagree with you as you stated that we were called to argue here? Huawei? The other guy creates ROMS - something that Huawei doesn't want to and would never work with him, especially on this little issue with YOUR phone. No one called me.
Sent from my ALE-L21 using XDA-Developers mobile app
This thread is a mess and nothing more than speculation really.
You are more than welcome to open another thread, when you have substantial proof of what you are claiming. From what I can tell from this though it is just you, with 1 device claiming this.
Until then, thread closed!
Forum moderator,
Matt
Related
Let's get started!
What you're going to need!(IMPORTANT!)
1. SU
2. Busy Box
3. A Way To Side Load
4. Knowledge Of Permission Setting
& Root Permissions
5. Root Explorer
If you're familiar with setting permissions via. Root Explorer that's a plus!
I'm sorry, but as I don't get on the computer much. I can't provide permissions to set and I'll tell you the usual.
Everything here can be found with a simple Google search.
Are you a noob?
Well, I can tell you that this procedure is very easy and something easy to remember.
Google a search on; "What Permissions To Set On Root Explorer In System" or something among those lines, as we will need to install .apk's that way!
Assuming you understand what to do, let's figure out what player you'd like to use.
I, being one to have large libraries of music tend to use PlayerPro, I recommend Google Music/Google Play Music.
Let's pull more strings! Pull the app off the net or if you own the app, extract it onto a side load app you trust.
Once done, proceed to Root Explorer with knowing you have the app on the Ouya itself, once you see it use the Copy Paste method and place it in the System Apps(can be easily found from Main Directory), once you've established this, now is where permission settings come into play.
You should be able to remotely click the bottom "..." Using the D-Pad or the Touch Pad. This is where Copy And Paste should be.
If you've gotten through this and everything is set up proper, the next step is to reboot the console itself, do a full reboot to prevent any confusion and risk not seeing/having the player working.
If you've done this correctly, once you go to view your apps, you should see your app installed and ready to go.
NOTE: And yes, I mean note! Do not try this with the side load procedure and expect it to work, people have attempted this and either 1. See force closes, 2. The app is not loading, 3. The app is there but will not open and doesn't truly seem to be installed.
SIDE NOTE: This can be done with both ADB and my procedure.
If this was useful to you, I can only ask of a favor!
Check out my YouTube channel!
http://WWW.YouTube.com/user/TheDarkRosary
Subscribe if you will!
You also need googleloginservice.apk and googleservicesframework.apk otherwise you cannot sign into your google account to sync your library.
This has also been posted here:
http://forum.xda-developers.com/showthread.php?t=2291320
Also i would have classed this thread as general and not development.
MODS This just clickbait SPAM BS.
The title is vague on purpose, and the thread is basically saying "Hey bro, if you want a music app on your Ouya, just sideload that ****! OH WOW!"
However, like dully79 said, the only main reason to use the official Google Music app is to use the Google Music service and stream your library from the cloud. However, this is impossible without Google Services, which is not present in the stock Ouya ROM and isn't in any 3rd party ROM out yet, either. So basically, you can't do what he says you can do by doing what he says to do.
This is clearly intended to get people to try and go to his stupid YouTube channel, which he links to at the end.
How about you get traffic and views by having good content on your channel, instead of polluting this forum with useless bull****?
DivinityCycle said:
MODS This just clickbait SPAM BS.
The title is vague on purpose, and the thread is basically saying "Hey bro, if you want a music app on your Ouya, just sideload that ****! OH WOW!"
However, like dully79 said, the only main reason to use the official Google Music app is to use the Google Music service and stream your library from the cloud. However, this is impossible without Google Services, which is not present in the stock Ouya ROM and isn't in any 3rd party ROM out yet, either. So basically, you can't do what he says you can do by doing what he says to do.
This is clearly intended to get people to try and go to his stupid YouTube channel, which he links to at the end.
How about you get traffic and views by having good content on your channel, instead of polluting this forum with useless bull****?
Click to expand...
Click to collapse
Please be respectful of my threads.
No, I do not have my channel setup at the end to spam boards, it's just a simple thanks if you enjoyed my tutorial.
I don't intend to spam people, nor do I try and grab traffic.
I am simply trying to help others understand a method, if you disagree, I'd be more than happy to remove my channel link with a simple request, and also a request that you not bash my threads as I'm only here for assistance and spend my time happily making ROMs and doing other things.
I will not criticize you unless you doing do the same, it's disrespectful to me that you try and hurt my progress and tuts I post as users may not know how.
If I were simply begging for something I'd spend my time in General Forums where people generally go to do that sort of thing.
Lastly, if you've got nothing nice to say, don't say it and just avoid wasting your time coming through a place where people go to help, not get help with a channel.
I'm disappointed to know that someone would go as far as to make a whole post bashing on what I do to help the community, and I will have this brought to the mods and discussed with them in order to better our area without someone posting the same in all threads.
My last words are, thank you for those of you who actually know I try to help and who simply understand that if I were to spam you'd seed traffic from my post everywhere. I love you all, and appreciate you not going this far to bash me.
DivinityCycle said:
MODS This just clickbait SPAM BS.
The title is vague on purpose, and the thread is basically saying "Hey bro, if you want a music app on your Ouya, just sideload that ****! OH WOW!"
However, like dully79 said, the only main reason to use the official Google Music app is to use the Google Music service and stream your library from the cloud. However, this is impossible without Google Services, which is not present in the stock Ouya ROM and isn't in any 3rd party ROM out yet, either. So basically, you can't do what he says you can do by doing what he says to do.
This is clearly intended to get people to try and go to his stupid YouTube channel, which he links to at the end.
How about you get traffic and views by having good content on your channel, instead of polluting this forum with useless bull****?
Click to expand...
Click to collapse
To leave my feedback on a clearer note. YES! Yes you can listen to music from a storage device as long as the device is read as a USB Mount! This has been confirmed by others in the official Ouya Forums!
Google Play Music is for cloud streaming. And for any other read device!
dully79 said:
You also need googleloginservice.apk and googleservicesframework.apk otherwise you cannot sign into your google account to sync your library.
This has also been posted here:
http://forum.xda-developers.com/showthread.php?t=2291320
Also i would have classed this thread as general and not development.
Click to expand...
Click to collapse
Oops, my bad man, all credit goes to you if I took your method.
People cry a out signatures, there's no need for one! I love my community and will stand up for it!
This thread was your fourth post on XDA, at least on that account.
It is not actually a Development post and contains basically nothing that anyone in the Dev section wouldn't already know ("Hey bro, if you want to put an app onto your system you can copy & paste it into /system/apps! This makes it a system app! Oh wow!")
Then you link to your YouTube channel and ask people to go to it.
All of these things together made you seem like a SPAMmer. If you're not, sorry about that, but your post is still in the wrong forum and doesn't actual contain useful or new information. The fact that a much better thread explaining how to do what you posted about exists (in the correct forum no less) is just icing on the cake.
DivinityCycle said:
This thread was your fourth post on XDA, at least on that account.
It is not actually a Development post and contains basically nothing that anyone in the Dev section wouldn't already know ("Hey bro, if you want to put an app onto your system you can copy & paste it into /system/apps! This makes it a system app! Oh wow!")
Then you link to your YouTube channel and ask people to go to it.
All of these things together made you seem like a SPAMmer. If you're not, sorry about that, but your post is still in the wrong forum and doesn't actual contain useful or new information. The fact that a much better thread explaining how to do what you posted about exists (in the correct forum no less) is just icing on the cake.
Click to expand...
Click to collapse
That's fine, I just didn't want you to take me as a spammer, I didn't intend to.
I didn't know where to post this at that.
I've got multiple things done that people are still asking about and I was just trying to knock this one out of the way.
People cry about signatures, there's no need for one! I love my community and will stand up for it!
Is there an application that can password protect certain apps that I choose?
And please do not say Kids Corner as it does not do what I am asking.
It's probably possible (though far from easy), but I'd actually be more inclined to help if you hadn't opened a duplicate thread about this.
Only made second thread about this to attract some attention, 7 months passed since that guy opened his thread and nobody could give a good answer.
To me it's weird that nobody tried to make an app like this still, it would be very popular and help users very much.
Anyways, thank you for replying.
Really, just bumping the other thread was enough, but since we're here anyhow... my idea for how to approach it (and this would take a *lot* of hacking) goes something like this:
1. Create an app (call it X) that has the capability to launch other apps, and filesystem write access.
2. Have X take another app (call it Y) and encrypt its binaries. This prevents anybody from launching it by any means.
3. Tweak the app database to make it so that when you try to launch Y, it instead launches X and passes the id of Y as a parameter to the launcher.
4. X prompts the user for a password to Y. On getting the right one, it decrypts Y's binaries and writes them back to the correct location, then launches Y.
5. When the user (or OS) closes Y, a background process of X notes that Y is closed and re-encrypts it.
Currently we know how to do... well, some of #1, and we think the rest is possible. Given that, #2 isn't too hard. #3 is something I don't have the least notion how to do *right now* but I'm sure it's possible. #4 shouldn't be too hard given #1 and #2. #5 will be a trick - currently, apps have no way to know what other apps are running - but I'm sure it can be done.
It's a large engineering problem blocked by an even bigger research and hacking problem, though. Nothing we'll have soon. You'd never be able to publish it in the store, either, and it would only work for people with hacked phones. It's exactly the kind of *useful* thing that would be possible if Microsoft were willing to let up the restrictions on third-party developers a bit, of course, But for the time being, there are *reasons* nobody has done it yet.
Well the word that I actually was thinking after reading your post was "crap".
It seems only with time (and a whole [email protected]#$ing lot of it) will wp become a true competitor to android, but to be honest I don't think it will come to that.
Thanks for replying GoodDayToDie, I'm freakin' sad that there is no app that can suit my needs, I even tried with kids corner but the screen still needs the password entered like the normal one. Nothing really can make up for what I have in mind.
Cheers mate.
as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...
tfBullet said:
as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...
Click to expand...
Click to collapse
You're right tfBullet! I need it for whatsapp, photos, message and games app, mostly to prevent from friends but gf too.
I was thinking it might be possible to mod an app and add password before it can be accessed, although I have no experience in this domain. Many apps in store have this function, like wallet or prive photo apps.
My phone is dev-unlocked as I started a few days ago to study and try to create a simple app for me and my friends.
Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running. The encryption thing really isn't too hard, although you could skip it anyhow too.
If there was a way to run a program in the background that monitors when certain apps are selected and then prompts when its activated would work, but it would need an unlocked phone. And even under home brew I don't know if its possible to run apps in the background. Yet.
Sent from my Nokia 521 using XDA Windows Phone 8 App
The encryption thing really isn't too hard
Yea, but that's a little extreme. If you can create that password program that runs in the background you could probably have it watch files, apps or pretty much anything. You'd have to password protect the cofig file. And maybe if you can't remember the password after so many attempts you can have the program email the passwords to your email. Just some ideas.
Sent from my Nokia 521 using XDA Windows Phone 8 App
Running software in the background is actually shockingly easy. The trick is getting it to run with better-than-app-sandbox privileges. We're still working on that one. In the meantime, apps can't even read, much less write, to the install location of other apps.
GoodDayToDie said:
Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running.
Click to expand...
Click to collapse
@GoodDayToDie: actually these .NET apps are pretty easy to decompile, if you're willing to fix the bugs that the decompiler leaves you with...
so there is not really a need for a valid signature, if you're able to compile & sideload the app yourself
the only thing is: you need the decrypted XAP, as far as i know these get decrypted while installation and can be pulled from a interop unlocked device?!
It would be nice to get my fingers on some OEM (Nokia etc..) XAPs, to see if we can find any exploit in them
I know better than probably 95% of this forum what it takes to decompile managed code; I have reverse engineered huge numbers of apps. However, you are missing several important points.
1) Modifications like you suggest are very complicated to automate. It's certainly possible, but it's not simple.
2) Re-installing the app would be a pain. You would really want to do this as an in-place modification, and that means (for store apps) that it would still be signature-checked.
3) Not all apps are managed code; WP8 supports purely native code.
4) Even with managed code, obfuscation can make tinkering with the binary nigh-impossible.
It's just so incredibly stupid that WP is so limited. I know it's under Android big time, but I think even iOS more customizable, right?
Also, is there a message app in the store that has pass option? I searched but found nothing...
I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.
GoodDayToDie said:
I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.
Click to expand...
Click to collapse
But with the jailbreak and MobileSubstrate, iOS is extremely customizable, and there are tons of tweaks, that's where Apple gets its new features from
Back to topic, I think the OP would be happy with a solution that locks the "normal" user of his phone out of some apps, so it wouldn't be necessary to modify anything of it, just making the standard launcher (I don't know how it's called, but I mean when you launch the app via home screen or with a toast) ask for a password should be enough.
https://www.xda-developers.com/android-q-storage-access-framework-scoped-storage/
... Looks like porting old pie roms to new phones is going to become a thing
According to what I've read, it would be very easy to build a workaround for it, especially considering Google already has a workaround in place until Q apps are enforced in Google Play.
Also looks like it might be a pain in the ass
I cannot believe what I just read. I wasn't aware this was coming and I couldn't despise the decision more.
Proper access to the file system was for me one of the main advantages Android offered over iOS.
Way to go, Google...
I think this is the best move Google made for security thus far. Too many apps ask for full unfettered access to my storage. I will be happy when apps get a little bit more locked down in this aspect.
Scott said:
I think this is the best move Google made for security thus far. Too many apps ask for full unfettered access to my storage. I will be happy when apps get a little bit more locked down in this aspect.
Click to expand...
Click to collapse
It's not even just storage, it's to everything these days. Why does the app for my Apex Fusion interface on my reef tank need access to contacts and text messages?
On topic, I agree 100% with you.
Those tears in my eyes... yeah not because of the blue light in the middle of the night here... because of what I read... agree +1
I personally think it's a good move. I don't use a lot of apps because of their required permissions.
Well if you can disable Q's "scooped storage" on per app basis with adb shell then it's easy to write a script that enables general storage for every app.
Sent from my OnePlus 6T through Tapatalk
hank81 said:
Well if you can disable Q's "scooped storage" on per app basis with adb shell then it's easy to write a script that enables general storage for every app.
Click to expand...
Click to collapse
True, but I'm sure eventually, just like with most every other special permission these days, you will wind up having to enable it on every boot.
Yes, the entire bug report is atrocious, but let's not get our pitchforks just yet. Google effectively punted on this for Android Q, by making it possible to contribute business as usual. It's quite possible that these issues will be resolved by Android P, or even that the whole idea will be scrapped in favor of something else.
The fact of the matter is that storage permissions in Android are terrible, Trying to address that is not in and of itself a bad thing, in fact I would argue that part alone is a good thing.
Attempting to read the tea leaves a little, this whole project reeks of "new hotshot product manager with poor (at best) understanding of the technical complexities at play forces bad decision into product because he needs to make 'highly visible' changes to the product to demonstrate his worth or get himself promoted". Especially given that the general idea at play isn't the part people are complaining about, just the fact that it's currently technically unusable as a posix api replacement, but the fact that the current one they have is terrible/slow/etc I find the above scenario to be highly likely
partcyborg said:
Attempting to read the tea leaves a little, this whole project reeks of "new hotshot product manager with poor (at best) understanding of the technical complexities at play forces bad decision into product because he needs to make 'highly visible' changes to the product to demonstrate his worth or get himself promoted". Especially given that the general idea at play isn't the part people are complaining about, just the fact that it's currently technically unusable as a posix api replacement, but the fact that the current one they have is terrible/slow/etc I find the above scenario to be highly likely
Click to expand...
Click to collapse
Thats deep!
Scott said:
Thats deep!
Click to expand...
Click to collapse
Lots of adult beverages to come up with this ?
Ayahuasca ?
Scott said:
I think this is the best move Google made for security thus far. Too many apps ask for full unfettered access to my storage. I will be happy when apps get a little bit more locked down in this aspect.
Click to expand...
Click to collapse
I don't get this. Correct me if I'm wrong, but can't you already disable specific permission for every app through system settings? Unless something like a wallpaper app refuses to work without access to your phone's contacts or something. Do you get what I'm saying?
roaduardo said:
I don't get this. Correct me if I'm wrong, but can't you already disable specific permission for every app through system settings? Unless something like a wallpaper app refuses to work without access to your phone's contacts or something. Do you get what I'm saying?
Click to expand...
Click to collapse
Not exactly. Storage access in the current world is a binary yes/no decision (well, 2 binary yes/no decisions if your device has a SD card slot), either "yes here is access to all of /sdcard" or "no you can't read or write to anything outside your specific app data folder". Using something like the API gives you the ability to do much more fine grained access like "give Poweramp access to my normal music collection in /sdcard/Music, but not my keepassxc password file.", Or "let photos index all the pics it finds on my machine, except for the ones in a 'certain' telegram folder".
The cause for pitchforks in the bug report isn't that people are in love with the posix apis for file access, just that the current Android API implementation is something like 50x slower in Android Q, making it essentially useless for file manager apps that need to do things like directory listings and maintain indexes of all shared storage, etc.
Hello everyone!
So today something that could potentially let users flash/unbrick their phones using the current MSM Download tool came to my mind.
I'm also very sorry if this is the wrong place for this, i'm new to xda.
So as you might know for Realme phones there are people who have authorized account out there and once you pay them they will connect to yoprur computer and then start flashing ocess, online with no verification. I even tried getting my phone flashed but due to them not flashing twice if one package doesn't work my device was bricked (I have A.xx variant and i tried getting B.xx flashed) and i had to send to service center to wait for unbricking process which took over a month, yes you heard it right! They couldn't even repair it with software flashing so they had to replace the whole motherboard.... At least i'm grateful i didn't have to pay for motherboard replacement and it was considered in-warranty.
So yes, again let's go back to our topic and my idea.
What came to my mind is, what happens if i create a virtual machine using VMWare, get an authorized account to login to the application then cut connection of that TeamViewer connection and immediately "Save current state of VM" after someone logs in. Would that account be still logged in? This VM can also be shared with it's own folder as far as I know too! Is there a verification after you login to the app? As far as i know there's only a verification while you login to the app and there isn't anything afterwards which i think is also illogical to do so.
I know and i'm aware Realme can patch this possible "vulnerability" overnight because on the server side, literally everything depends on them (I really hope they don't) but thanks to their habit of not caring about development, releasing broken kernel sources and not even providing official bootloader unlock (even after nearly a year in my case) has come to a point where it's irresistably annoying for me so i decided to think of possible ways to maybe bypass the verification part of the application so that they can flash a firmware as their liking.
It's Android! It had to be free! It had to be allowed to do these type of stuffs to your Android phone! Why? Why? Why Realme?!
Edit: This is the exact same post of my post on Android General. After posting i saw there were nearly no replies and activity so i decided to post the same text as well.
daeMysterious said:
Edit: This is the exact same post of my post on Android General. After posting i saw there were nearly no replies and activity so i decided to post the same text as well.
Click to expand...
Click to collapse
THREAD CLOSED as duplicate of https://forum.xda-developers.com/t/...-of-msm-download-tool-of-realme-oppo.4209135/
XDA Forum Rules (excerpt):
...
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
Use our search function to find the best forum for your device.
Links to an external source are only allowed if relevant to the topic in hand. A description must be included, no copy & pasting from the original source.
Self-promotion is forbidden, this includes blogs, social media and video channels etc. Random links will be removed.
...
Click to expand...
Click to collapse
Hi,
I have seen this posted a number of times and people keep saying "just Google" or "look at other threads" however I am confused as to what they mean because none of the stuff around seems valid anymore in 2021.
Right now:
There is no modern up to day process to unlock the bootloader that I can find in Google (even if only looking at the last 1 months sites)
I have found so far is telling me to get an unlock bootloader from Huawei which I can't do (they don't offer it any more)
I have found sites telling me to pay for the bootloader code from funkyhuawei, site that no longer offers them, someone posted about "Direct unlock with no code" but didn't go into details on how that is done, and then I found this on rootmygalaxy:
" Update 2021: All the bootloader unlocking methods have been blocked by Huawei. So none of the methods is working currently. Don’t try to unlock Huawei or Honor devices as of now. For full timeline of events read the story below. We will be updating the post once there is a valid way available. "
So, is that basically meaning that Huawei P20 cannot be unlocked; therefore you cannot root it? If it can be unlocked still can someone, please post a link to how because Google is failing to find anything that is, in fact, working or the information being shared isn't clear enough to explain what is possible.
I am trying to just get information as to if I am wasting my time trying to root this phone, or if it is, in fact, possible or not.
BTW - I have seen {Mod edit} however this only works on EMU 9 or lower. If you are EMU 10 you have to roll back, but it appears Huawei have prevented this (hiSuite doesn't offer the options any more).
Goldendawn said:
BTW - I have seen {Mod edit} however this only works on EMU 9 or lower. If you are EMU 10 you have to roll back, but it appears Huawei have prevented this (hiSuite doesn't offer the options any more).
Click to expand...
Click to collapse
Okay, this has been fixed - so I am doing the roll-back now. If that works, I will try the URL included in the port above and then report back, so if people want to know what is possible.
Okay ... um.... they need to remote onto your computer and do it.... that is totally unacceptable.
So basically, there is no way that I can see that allows "ME" to unlock the bootloader, and instead you are allowing people to access your computer, so they can do it.
Moderator Announcement
@Goldendawn Thread has been cleaned from links and references to paid unlock services that are not accepted at all on XDA in accordance with rule no. 11 and no. 13 of the XDA Forum Rules.
Regards
Oswald Boelcke
Senior Moderator