Does anybody here know Android, like really *know*?
I have Applock on my Android which keeps the children out of stuff that I don't want them in, but still means I can freely pass the phone to them if they need it for something.
However Applock, and similar programs, are kind of an a*** to use. And not particularly effective, anyway.
What I would really like is an essentially unlocked phone with a hidden/secured partition where I could put files, programs etc. and not only would someone be unable to access them, but they wouldn't even see that they were there.
I need to carry work stuff sometimes, and some times its sensitive or confidential stuff so an open Android is not the way. I end up carrying it on an SD card in my wallet, which is just annoying.
These are not national nuclear secrets or anything, so it doesn't have to be ridiculous, just enough to stop casual or slightly determined nosiness.
Something like KNOX was intended to be but actually isn't. The main problems with KNOX being that it needs central control to be properly effective and restricts which applications you can include within it.
Anybody got any thoughts?
|
Not really and I'd be interested myself in useful responses.
The best I can do is if you start a folder name with full stop it is hidden. I use a file manager called FX which has a Show Hidden option which makes it too easy to defeat. But anyone taking literally just a casual glance would not see the hidden folders.
|
|
not very secure, but for casual shared use, how about setting up multiple users?
|
>>but still means I can freely pass the phone to them if they need it for something.
Can't they just have their own phones, end of issue?
|
>>Can't they just have their own phones, end of issue?
Flat batteries, different contracts, forgotten phones, friends etc. etc.
In fact, I could just say no.
But, I want to be able to be relaxed about my phone, I just would like to address this issue.
|
|
Multiple users? Mmm, that might, I don't know anything about it. I shall investigate, thank you.
|
|
My suggestions was going to be KNOX. Maybe it's improved on the newer phones. I've not tried it personally on my Galaxy S6.
|
I, unlike most of the world, have some time for KNOX but it has the two issues I mentioned;
1) It needs to be controlled centrally (a pain, and it costs)
2) Only certain applications can be included (a show stopper)
|
|
The problem with creating an alternative to Knox is it has to run in privileged mode. If you root a Galaxy device then KNOX will usually be tripped and no longer available. So installing a third party app to do what KNOX does needs the phone rooting. But a rooted phone is no longer secure as you can do anything.
|
You are mostly correct, but I don't need that level of security.
I'm trying to avoid sticky fingers and long noses, not determined efforts.
e.g. I use a particular messaging app. The group I communicate with using that app is about 25 strong and closed. It wouldn't be a disaster, but I wouldn't want someone not on that group to know that group even existed, never mind who was or was not part of it.
Nobody is going to go looking for that group and its messages, I just don't want them to come across them.
Looking at Zero's suggestion of users, that might be the way to go. Unfortunately I have to first go back to the Stock ROM before I can try for myself. Ho hum.
|
I'm struggling a bit with this Zero.
Do you know if you can use restricted profiles on phones, or just on tablets?
|
...afaik, multiple users was introduced on late 4.x Android for tablets, but only from 5.0.x Lollipop for 'phones.
If it looks OK for your purposes, either "Guest" or "multiple users" (which have slightly different targets) might fulfil your requirements if you have Lollipop, but I would be mildly concerned just how "secure" it was "under the hood", and would want to "play" before relying on it.
|
>> I'm struggling a bit with this Zero.
>>
>> Do you know if you can use restricted profiles on phones, or just on tablets?
Just setting up a new test user on my Moto - I'll let you know
|
..on the restricted profile (parental controls") thing, I think the answer is "not on 'phones".
A quick search came up with a possible workaround, the steps look logical, and it might well work, though it looks a bit convoluted:
android.stackexchange.com/questions/92186/creating-restricted-accounts-on-phone-running-lollipop
|
Ok well, Moto on Android Lollipop 5.1, non rooted.
As primary user that set up phone when new, I can create "users" You switch to other users by swiping down and clicking on the "picture of user" icon. New user gets a clean looking install of Android with none of your (as primary user) apps, screens, shortcuts, widgets. User gets access to play store, but NOT with your identity, and can install apps.
To switch back to me, (primary user of phone) requires my password.
Now I'm sure a whizzy android script kiddie could easily crack through any security, for ad hoc multiple family use, it looks ideal for your requirement.
Last edited by: Zero on Fri 29 Jan 16 at 19:51
|
Thanks Zero, your suggestion was the correct one. Or at least, it solved my problem. The following is an overview, if any of you ever need to know then I will provide details and process.
I could not make "multiple profiles" work on my custom ROM, XtreStoLite, even though it said that it should. Its based on 5.0
So first I reverted to the Stock ROM and then re-rooted. That was harder than it needed to be through my own mistakes. Its really only a 15minute job, but I managed to screw it up and then take hours to unpick it.
Then on stock ROM (5.0) the first thing that happened is that it engaged in an OTA update which still remained on .0 but presumably plus a bit.
Multiple profiles was added to Android for tablets from (I think) 4.2 on, but not for phones.
It would appear that multiple profiles is standard Android on 5.0 (Lollipop) and up but may not be enabled by your particular manufacturer, in my case Samsung.
It would further appear that Samsung will enable multiple profiles from 5.1 on, which is being rolled out OTA but not, at this point, by Entel (my MNO).
However, it is included in all Android 5.0 and up, though not enabled.
By editing a file called “build.prop†in the system partition to include the lines;
# Multi Users
fw.max_users=3
fw.show_multiuserui=1
at the end of all the text, then Multiple Profiles becomes enabled.
Having done that then it is as simple as / settings / users / add user and following the instructions.
It is then pretty much comparable to having two accounts on a PC where one is the administrator and the other is standard. And probably about as secure - which means not bad unless someone is determined.
However, its biggest plus point is that it is not obvious that the phone has multiple profiles enabled.
So from my point of view the phone looks completely normal, can do everything it could do before, but there are a few applications and their associated data which are simply invisible.
It wouldn't stop a determined attack, I'm sure. But, as I said, its long noses and sticky fingers I was worried about.
Exactly what I wanted.
|
Zero, could you do me a favour please.
Could you add a secondary user, allow it to make phones calls (which is a setting as you create it), and then try to actually make a phone call using that user.
A pain and a bit of work I know, but I'd appreciate it.
Thanks,
Mark.
|
Done that, created a new user called "test"
Tried to make a phone call and it said "owner only allows emergency calls"
Went back to my user profile, checked the settings for "allow phone calls" on test, and the slider was off, set it on. Logged back to "test" profile, and tried again. It worked ok, and I made a call to my land line.
tired it doing with the "guest" profile, and it wont allow calls, has to be a named user.
Last edited by: Zero on Tue 2 Feb 16 at 16:14
|
Android Security - smokie
