Database Develop

[Q] Airport Security Apps?

Good day all,
With all the hubub about airport security screening your phone I'm interested in an 'airport app'. Namely, as opposed to full encryption (meh good if needed, but I don't really want to trade battery life for security) or the hassle of backing up an image, flashing a virgin phone image for travel, and then restoring the image after travel..
Why not create a 'sandbox' app of sorts. Start it, it simulates virgin or near virgin status, have an advanced unlock sequence to close it. The only issue, I see, would be if the phone was restarted while in 'airport mode' could it be triggered to restart in said mode.
After typing out my whole idea, I'm thinking the backup and flash of virgin rom might be a lot simpler. But I'm interested if any other world travelers, or US travelers would be interested in something like this.
So I guess the question is, anyone else thought about this, anyone know of something similar out already? Anyone want to develop something like this?
~HattZ

Screening in X-rays? What does it have to do with anything?
Or some other screening (don't believe it's technically possible - too many phones)? Can you point to your info source?

I don't understand the point of this, it is not like they take your phone and play with it when you go through security. In fact, mine has never been removed from my carry on when passing through security.
Maybe you have some evidence to support your theory that our phones data is at risk when passing through security checkpoints... but I doubt it.

Are you in the US? 'cause 1) that never happened, and 2) that would be illegal (to search the content of your phone), unless they had reasonable suspicion that your phone contained data that showed evidence of criminal activity.
They might 'touch' some phones to make sure they are real (as in really work vs being a bomb or something), but they wouldn't search the content of your phone.

pconwell said:
Are you in the US? 'cause 1) that never happened, and 2) that would be illegal (to search the content of your phone), unless they had reasonable suspicion that your phone contained data that showed evidence of criminal activity.
They might 'touch' some phones to make sure they are real (as in really work vs being a bomb or something), but they wouldn't search the content of your phone.
Click to expand...
Click to collapse
Sorry, wrong answer, it is the US, most national travel is not submitted to this type of search. All international (incoming) travel can be.
Lots of interesting talk on it: http://yro.slashdot.org/story/10/11...r-Moxie-Marlinspikes-Laptop-Cellphones-Seized
Legal explanation: http://caselaw.lp.findlaw.com/data/constitution/amendment04/04.html
pertinent excerpt: "Border Searches .--''That searches made at the border, pursuant to the longstanding right of the sovereign to protect itself by stopping and examining persons and property crossing into this country, are reasonable simply by virtue of the fact that they occur at the border, should, by now, require no extended demonstration.'' 87 Authorized by the First Congress, 88 the customs search in these circumstances requires no warrant, no probable cause, not even the showing of some degree of suspicion that accompanies even investigatory stops."
A google search for "international travel us border checking laptops and phones" give about a million other examples, I'll throw a few below.
from Feb 12, 2008 (this isn't a new phenomenon, just getting more press)
http://www.pcworld.com/article/142429/five_things_to_know_about_us_border_laptop_searches.html
from 21 September 2009
http://www.mondaq.com/unitedstates/article.asp?articleid=86010
Don't like it? neither do I.
http://www.aclunc.org/issues/technology/blog/checking_your_privacy_at_the_border.shtml
ACLU excerpt (it's liberal, and slanted but a valid presentation of the worst case scenario): "Originally announced in July 2008, the current policy permits border agents to search electronic devices “absent individualized suspicion.” Agents may hold on to devices “for a reasonable period of time” to “review and analyze information.” In other words, border agents are legally able to take travelers’ information whenever they want at security checkpoints at airports or along the border, and hold on to it for as they long as they want. Agents may also copy information and send it off-site to be analyzed. The policy applies to all electronic devices, including computers, disks, hard drives, cell phones and cameras. Travelers have to be concerned about more than the possibility of security agents rifling through their belongings. Their private data might be compromised, erased, or kept indefinitely, and they don’t know how that data might be used."

Best I can say is nandroid + ext backup to your home computer, wipe phone before coming back into country, then recovery nandroid once you're back at home.

MaximReapage said:
Best I can say is nandroid + ext backup to your home computer, wipe phone before coming back into country, then recovery nandroid once you're back at home.
Click to expand...
Click to collapse
Yeah, sorta realized that or something similar would be the most efficient. I'm thinking even a step lazier, nandroid backup to SD, restore a stock rom / clear sim card, remove SD, maybe even backup to laptop (truecrypt FDE - custom error message at boot saying master boot record is corrupt)
walk out of security, pop in SD, start nandroid restore...
sigh.. a sandbox app would be sorta fun though.

If they have a right to detain your laptop, clone your HD and you have to submit all your passwords - it's kinda useless to try and protect the data somewhere on the computer, and it's better just to back it up on microSD hidden in the suitcase - no way it'll be detained.

Definitely keep a copy of it on your computer at home, though.

airplanemode anyone?
Or turn of your phone.

I know what will make it a quick transition through airport security when flying international..
Put some heavy encryption on my phone, obfuscate my data, and then pass it off with a flimsy cover program to make it look like there is nothing there. That way if they do find it, it's GITMO TIME.

Jack_R1 said:
If they have a right to detain your laptop, clone your HD and you have to submit all your passwords - it's kinda useless to try and protect the data somewhere on the computer, and it's better just to back it up on microSD hidden in the suitcase - no way it'll be detained.
Click to expand...
Click to collapse
meh, at the lower tier of airport security a custom boot message from a full disk encrypted truecrypt volume. "please insert windows disk" "cannot find master boot record" or similar.. and a sob story about how your laptop stopped working on vacation and when you get home you have a friend that you hope can fix it..
gets by most, it's not NSA at every checkpoint. it's just over min wage, uneducated, folks..
so backing it up to laptop, and tossing micro SD card in the bottom of a bag or in a jacket pocket.. will work just fine.

Android Device Manager

In case you didn't know, Google has silently implemented FREE tracking for almost all androids. It also allows you to erase the phone if you feel that it's necessary, all you have to do is enable it as a device admin. I realize there have been apps on the market for a long time now that do this (and more) however Google doesn't require you to install or update any apps to use this service and from my brief testing it seems to work amazingly well right off the bat.
Go here and bookmark: https://www.google.com/android/devicemanager

it's about time they did this. i've hated having to install lookout or avast for decent location and remote wipe. now, that is more. further proof why you don't need an AV on your phone.

The only thing missing that I would like to see in future updates would be the ability to remotely lock the device so that a thief would have a harder time fooling around with the phone before you can track it. I've been using Where's My Droid for a long time but it lost the web interface tracking a while ago and that's been a bummer.

Is there any way to uninstall this useless feature? I never use GPS in my phone (because of the horrible reception, also because I am able to navigate without it), and also do not lose it.
Also, I already encrypted my device, so people can't do anything with it when they find it.
Also, whilst I am at it, I really do not like the way google forces their "content" down the wide opened throat of the community. I did not like the way they went with google services framework, and how you can't do jack sh*t without it, and I do not like the updates and "progression" they make.
Soo, any idea on how to get that off my phone?
Cheers!
PS: Everything I wrote is my own opinion, and if yours differs, at least RESPECT mine. If not, I could not care less about yours and do not get upset if I make fun of it. (Just in case some fanboy tries to attack me )

IRKONIK said:
Is there any way to uninstall this useless feature? I never use GPS in my phone (because of the horrible reception, also because I am able to navigate without it), and also do not lose it.
Also, I already encrypted my device, so people can't do anything with it when they find it.
Also, whilst I am at it, I really do not like the way google forces their "content" down the wide opened throat of the community. I did not like the way they went with google services framework, and how you can't do jack sh*t without it, and I do not like the updates and "progression" they make.
Soo, any idea on how to get that off my phone?
Cheers!
PS: Everything I wrote is my own opinion, and if yours differs, at least RESPECT mine. If not, I could not care less about yours and do not get upset if I make fun of it. (Just in case some fanboy tries to attack me )
Click to expand...
Click to collapse
you can disable the google play services in a custom ROM (i think it's built-in to android 4.2.2) but it'll break the YouTube app, and as you said, you're limited without it. as far as like older ROMs go (ICS, GB, etc.), the app isn't built-in and you can uninstall it.
I personally find google play services somewhat useful (especially now with the ADM), and i use YouTube occasionally so i need it for that, but we all have our own opinions, as you said, and I'd personally like to keep things civil.
and if you hate the services that much, you can actually reflash the ROM you're using without Gapps. it will be a limited experience, but the Play Services won't be there

IRKONIK said:
Is there any way to uninstall this useless feature? I never use GPS in my phone (because of the horrible reception, also because I am able to navigate without it), and also do not lose it.
Also, I already encrypted my device, so people can't do anything with it when they find it.
Also, whilst I am at it, I really do not like the way google forces their "content" down the wide opened throat of the community. I did not like the way they went with google services framework, and how you can't do jack sh*t without it, and I do not like the updates and "progression" they make.
Soo, any idea on how to get that off my phone?
Cheers!
PS: Everything I wrote is my own opinion, and if yours differs, at least RESPECT mine. If not, I could not care less about yours and do not get upset if I make fun of it. (Just in case some fanboy tries to attack me )
Click to expand...
Click to collapse
Other than what was already said I don't think there's a way to remove it, but just look at it this way... it doesn't take up any space and won't just activate by itself, so it's really not inconveniencing you in any way. I understand you don't want to be force-fed features that you don't want, and I absolutely respect that, but for many (myself included) this was a long overdue feature that will no doubt help many many users. This kinda stuff comes with the territory of owning a 'connected' device like a smartphone, so if you really want to get off the grid, just go back to a dumb-phone (yes they still exist).

Sorry for the "rant", but these updates cost me money, since I don't have a flatrare on my phone. (And Android OS still uses my data, whilst I have it turned off. Which is strange)
I actually do own "a few" dumb phones, one for calling, one for getting called, one for SMS.
So I am off grid, at least a little bit.
I actually never understood that feature. As I stated above, I am not the kind of person that loses stuff (OK, maybe sometimes my manners ) nor did I ever had something stolen from me. People tried, but never succeeded.
I am looking forward to Replicant, so I can finally shove my middle finger up Googles fat back-ends (of the wafer. Also it is somehow connected to the fat file system. Not what you thought )
Some day.. Soon.

IRKONIK said:
Sorry for the "rant", but these updates cost me money, since I don't have a flatrare on my phone. (And Android OS still uses my data, whilst I have it turned off. Which is strange)
I actually do own "a few" dumb phones, one for calling, one for getting called, one for SMS.
So I am off grid, at least a little bit.
I actually never understood that feature. As I stated above, I am not the kind of person that loses stuff (OK, maybe sometimes my manners ) nor did I ever had something stolen from me. People tried, but never succeeded.
I am looking forward to Replicant, so I can finally shove my middle finger up Googles fat back-ends (of the wafer. Also it is somehow connected to the fat file system. Not what you thought )
Some day.. Soon.
Click to expand...
Click to collapse
Replicant is available for the galaxysmtd (international galaxy s). it's not fully functional though, because there aren't a ton of open-source libraries and drivers available. if you want replicant on this phone, you gotta learn how to code, and how to build from source.
supernexus is kinda like replicant except it uses a lot of closed-source libraries that make things work. as i said, just don't flash the google apps package. it's basically a clone of the Nexus firmware, as you get all the AOSP components, nothing more or less. oh and also, very minimal google integration without Gapps

How does it work
So does Android Device Manager track the phone or tablet by the hardware signature or by Google account? I ask because I lost my Nexus 7 last Monday and immediately changed my Google Account password. Now when I try to track the Nexus 7 using Android Device Manager it shows that it has not been used since last Monday.

Capt-Capsaicin said:
So does Android Device Manager track the phone or tablet by the hardware signature or by Google account? I ask because I lost my Nexus 7 last Monday and immediately changed my Google Account password. Now when I try to track the Nexus 7 using Android Device Manager it shows that it has not been used since last Monday.
Click to expand...
Click to collapse
Hardware i reckon, when i used this it let's me choose which device I've used with my Google account. It sees phone as different again when I've flashed a new ROM.

Crawshayi said:
In case you didn't know, Google has silently implemented FREE tracking for almost all androids. It also allows you to erase the phone if you feel that it's necessary, all you have to do is enable it as a device admin. I realize there have been apps on the market for a long time now that do this (and more) however Google doesn't require you to install or update any apps to use this service and from my brief testing it seems to work amazingly well right off the bat.
Go here and bookmark: https://www.google.com/android/devicemanager
Click to expand...
Click to collapse
CM Team Announces CyanogenMod Account For Remote Device Wipe/Tracking, Dual-Release Branches For Better Security
Posted by Ryan Whitwam in News
http://www.androidpolice.com/2013/0...ng-dual-release-branches-for-better-security/
CM guys still finding ways to 1-up google android :silly:
.

On my Note 9 being hacked & the validity of 'Ethical hackers'...

I was running a U1 XAA build of Android 10 2.0 with the
June 1 Security patch that I'd downloaded and flashed
from Sammobile.
Awhile ago I downloaded and flashed the U1 XAA 2.1 update from the same place and noticed that there
are a number of apps I can no longer deny Wifi Control
access to under the Apps Special access area:
DeviceTest
DeviceKeystring
FACM
Gear VR Service
Voice wake-up
being 5 out of the 12 I cant deny access to.
Also I am no longer able to disable Google Play Services
whereas before in 2.0 I could. I'm not even allowed to forcestop Play Services now! Its not just these two changes, there are other things I used to be able to disable but now can't. And I have *two* 'SmartThings'
apps, one is version 10.0.37.0 and the other is version
1.7.50-21 (the-21 is just how its listed.)
I know this all sounds somewhat tame and trivial but I would like to know if this is all normal and can be confirmed by anyone else.
Anyone
-----------------
**Update**
Okay, just wanted to post some info on some sort of resolution to the above, mostly for those who make honest and earnest pleas for help and ask really pertinent questions but are ignored by the knowledgable (or criminal)
peruser.
In short, I was hacked. It doesn't come as a surprise (has happened *many* times with my N9. It *does* make me wonder about that supposed military-grade Knox security)
How do you know if you're hacked?? I just used the Running Services lister under Development Tools. Look
for services that shouldn't be running as often as they do
(Last hack they had Samsung Push which is for delivering notifications related to Samsung apps?? running something as a Service (not sure what it was but as soon as I stopped it, it popped right back up) or things you never use or have deactivated showing up in the cache (ESPECIALLY Aircommand!! Disable this as a Trusted Agent immediately! And keep an eye on it, and always keep the Air Remote feature OFF).
Also, the Google Play Store app. When I flashed the July 2020 Security update I noticed the Play Store was still at the May 2020 version update. I didn't think much of it at the time, but after having to Factory Reset I noticed it now read July 1 2020. So I guess the 'worms' have the May version hacked. Sucks that villany loves working for free breaking stuff, but in order to build something up and protect it, it takes toil and coercion.
Finally (Not sure if this is actually a sign of malware or hacking, but the only reference I could find relating to it
was from a guy who was truly beleaguered by hackers)
theres a User Certificate under Biometrics & Security / Other
Security settings / User Certificates that reads as
'FindMyMobile' and purports to being necessary for VPN security and other applications. Well, I had Find My Mobile
deactivated and uninstalled via ADB and it still showed back up after being deleted numerous times and my VPN seems to work without it. It might be for the Note 9's
built-in Knox android VPN strengthening parameters, but I couldn't find nfo online about it anywhere except in the case I mentioned which seems very odd. Qualifying proof of its malicious intent for me?: After factory resetting it hasn't shown back up.
I dont think my N9 is cleaned or I should say I'll never trust a smart phone fully again, not until the outdated and hacked 40 year old SS7 protocol that runs all cellular communications is updated, not until something more reliably secure than 'somewhat' obsfucatingly complex baseband processors are present in phones and maybe something akin to a hardware firewall in the soc that can interpret and filter non-carrier invalid commands (prob only need to update that damn SS7 protocol!) I'd also love it if Google/Alphabet would dump Android and start over with a new updated mobile OS with security at the forefront (Think, updates delivered via 'Middleware', roms bought initially directly from the manufacturer that can be crytographically flashed up to three times with signed updates with each update burned and locked into the rom via fuses. Each factory reset brings you back to your last update. The roms are only updatable if a hardware dip switch is tripped which moves actual physical leads in the soc which powers the ability to flash this chip. And maybe screw AOSP, I wonder if all this open sourceness has actually given the malware creators more knowledge to
finess the software and the hardware. The so-called white-hat 'Ethical Hackers' (LOL! HOW can breaking into someone's personal space without permission outside of national defense be considered ethical?!? All hackers are criminals. If you want to be considered a 'good' hacker (*snort*) bring to light the measly exploits and software, the slime who make and distribute the same and tell how to protect against them and detect them and disable them. Criminals giving webinars and seminars about how to circumvent protections for devices that billions of people rely on for living should be outlawed FULL-STOP-PERIOD I'd rather have one slime who knows how to get into a system than having that slime be allowed to freely distribute the software and knowledge so that millions of other definately less conscionable scum can make use of his knowledge.)
hackers only care about making their fame and fortune by
beinging to light obscure and unknown exploits that no one has ever used or are likely to use than going after to exoloits that *are* in use and *do* affect those in the here and now. It must give some sense of ease not to be in contention with real criminality and the fear of any reprisals from the 'less-ethically saturated' in the tech community.
Just wanted to get that out somewhere. I know its pointless and no-one will listen. Look at what Edward Snowden sacrificed for people who were/are unworthy of *any* sacrifice by betraying everything bit by bit, battle by battle until it must one day be reclaimed (if it can be) via costly confrontation, disruption and perhaps irrevocable critical loss.
Okay, END RANT. Yeah, a slow day, corona cloud and all.
But seriuosly the Feds need to check all this electronic criminality, its gotten waaay out of hand. TO FEDS: Less hunting terrorists, MORE hunting electronic predators and anarchists!

Hi, @tamdwin,
Even though you believe your phone may have been hacked, DeviceKeystring, DeviceTest, EmergencyManagerService, FACM, IMS Service, IOTHiddenMenu, Samsung MirrorLink 1.1, Settings, Setup Wizard, Wi-Fi Direct & WlanTest are enabled on my Note9 with One UI 2.1, Security patch: 1 July 2020 (w/out Google Play Services/Google Play Store, Bixby, GearVR, DeX...only have Google Services Framework installed).
After downloading the 1 July 2020 Security update, I noticed that these services could no longer be turned off for wi-fi control.
Wish I never downloaded the update for the fancy camera features, lol.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
Some of the settings, such as disabling "Find My Mobile" from running in the background, reset/enable after you restart the phone.

Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
But will it blend!
https://www.youtube.com/watch?v=FN9mktgYZJ8

I am worried about these things, so I am looking at developing my own custom ROM.
Sorry for my English I Am brazillian

@P00r ROFL! The Samsung S4 Active shake looks delicious! Thank you for sharing the vid!
silvaBR said:
I am worried about these things, so I am looking at developing my own custom ROM.
Click to expand...
Click to collapse
That sounds like an excellent plan!

Malicious Software Removal Help

So need a little help. I have an identified attacker on my phone who has injected spyware which is actively listening to all conversations, reading messages in real time, has access to all apps and full access to the phone. Essentially its an illegal wire tap thats able to view and listen to what i am doing. My question is this, can i clone my phone with all the data on to a thumb drive? Reason i have to turn over the phone to the local police for forensic examination and id rather just give a copy then my personal phone. 2. Is there a way to isolate the program to stop the massive leak without totally wiping my phone? Thanks for your help, I know this is an odd question and a little off the norm any help is deeply appreciated.

Nuke it now.
Change Google and all account passwords after reloaded.
In the future be careful what you install and download or you'll be doing this again!

blackhawk said:
Nuke it now.
Change Google and all account passwords after reloaded.
In the future be careful what you install and download or you'll be doing this again!
Click to expand...
Click to collapse
cant i have to give the information to the police here, long story but the person who did the attack is involved in criminal activities im witness to and my phones going to be evidence. so i need all of the data on my phone to be transfered either to another device or to a thumb drive , after that i can nuke the phone

Kjharahuc said:
cant i have to give the information to the police here, long story but the person who did the attack is involved in criminal activities im witness to and my phones going to be evidence. so i need all of the data on my phone to be transfered either to another device or to a thumb drive , after that i can nuke the phone
Click to expand...
Click to collapse
Well take it offline and backup the data. It should already be backed up though.
That data may have been tainted too.
Your biggest issue is you don't know how or by what it was infected.
Keep the phone completely disconnected from the carrier/internet until it's reloaded.
At this point it is a 100% liability.

blackhawk said:
Well take it offline and backup the data. It should already be backed up though.
That data may have been tainted too.
Your biggest issue is you don't know how or by what it was infected.
Keep the phone completely disconnected from the carrier/internet until it's reloaded.
At this point it is a 100% liability.
Click to expand...
Click to collapse
absolutly 100% agree, i cannot use the twrp backup since the phone has another user on it. I get an error due to the inability to decrypt the data. So im hoping imiging the phone over to a SSD that i can then turn into the police will be effective enough. I was able to identify several folders that are not mine or have anything to do with the apps on my phone so they should be able to do the same. To bad there isnt a way to tunnel back through and gain access on the other side of the leak.

The only things I be concerned with be securing the data, accounts and getting it operational.
I be done with it in under a day.

blackhawk said:
The only things I be concerned with be securing the data, accounts and getting it operational.
I be done with it in under a day.
Click to expand...
Click to collapse
Im just waiting for the SSD to arrive to transfer all the data the accounts have already been secured on another device

Don't transfer to another Android platform...
Verify the data is readable and all there.

I've wiped the os a total of 6 times and putting the phone into hard brick once it still is leaking and I can't stop it

Question Cloned? Mirrored? Hacked? Wtf?

Ok. First thought they got into my gmail, and since all my accounts are linked for recovery options stayed on the reset, uninstall/reinstall, factory reset hamster wheel for a while. Multiple companies customer service for hours, just to tell me it should be working, hang up on me, ask me something completely retarded that i might be doing as the issue, escalate me to another dept. All to no avail. So, i factory reset an old phone not hooked up, brand new gmail not linked to anything, set up google wifi (for 1st time) on it and loaded security camera apps on it. And they still got in and erased all my security videos. Got cameras to not reapond, notifications to not come through even though all says everything was fine. Settings not changed. Before they had been affecting ceetain aspects of apps from Google play. Made it so i couldnt download from there as well. Or if i tried something would get kicked out before i could finish said task. Even changed the "this device" in my google account. Spoofed mac & ips for known devices on wifi. Changed info in every account, still locked out of 3. 4 trips from internet company. 4 routers, 2 extender, modem/router combo, 7 cameras from 2 systems. End result? Me beating my head against the wall telling everyone, sorry but thats not what is happening on my phone/laptop, to evreyone thinking i am crazy and they are still in my stuff. Any thought yo how this is possible? P.s. 100% believe its my meth head neighbors but never would think them clever enough or would have the kind of money to spend on equipment to be able to pull something like this off. Please for the love of God someone help. This is way above my pay grade [email protected]
336 686 6949 at this point i just dont care i just need serious help