[Q] Hard Baking in Security?

Search This thread

DroidBois

Senior Member
Jul 1, 2010
673
22
Canberra
Does anyone know if it would be possible to bake in security like Wave Secure type of thing in to custom ROMs? I've always thought Wave Secure is a bit pointless if a simple factory reset would clear it and therefore leave the phone ready for the thief or new owner to use as they see fit.

Another layer, not perfect, but still another layer that a thief or finder may not be immediately aware of would be to bake in some security features like tracing or locking in to a custom ROM so even a factory reset wouldn't remove it, possibly something in to the boot loader itself?

Has anyone thought of this?
 

strazzere

Retired Recognized Developer
Nov 4, 2008
74
21
www.strazzere.com
Does anyone know if it would be possible to bake in security like Wave Secure type of thing in to custom ROMs? I've always thought Wave Secure is a bit pointless if a simple factory reset would clear it and therefore leave the phone ready for the thief or new owner to use as they see fit.

Another layer, not perfect, but still another layer that a thief or finder may not be immediately aware of would be to bake in some security features like tracing or locking in to a custom ROM so even a factory reset wouldn't remove it, possibly something in to the boot loader itself?

Has anyone thought of this?

People do and have bundled things into roms - often dropping them into /system/app directory, though I don't think anyones gone as deep as into the bootloader?

Though, if your phone is rooted, and your installed the app to /system/app, then a thief could in theory just flash your phone faster than if your phone WASNT rooted. They don't even need to root your phone at that point.

An interest aspect of hardening this, might be to compile your on recovery/bootloader that would require a password to get into.
 

Xerloq

Senior Member
Nov 10, 2007
90
14
Google Pixel
Google Pixel XL
I think what he's saying is to add the wave secure or similar app into the ROM so that if the thief does a quick "reset to factory settings" after lifting the phone, the security app would survive, perhaps long enough to recover it.

Most thieves would just wipe the phone (if that) to flip it and might not take the time to flash a new ROM.

The tough pay as I see it would be everyone would need their own custom ROM.

Sent from my SPH-D700 using XDA App
 

DroidBois

Senior Member
Jul 1, 2010
673
22
Canberra
I think what he's saying is to add the wave secure or similar app into the ROM so that if the thief does a quick "reset to factory settings" after lifting the phone, the security app would survive, perhaps long enough to recover it.

Most thieves would just wipe the phone (if that) to flip it and might not take the time to flash a new ROM.

Yep, that's it. I'm assuming most thieves would not recognise a custom ROM or know what to do with it. At least buy some time to try and locate and recover the phone. Only time I'd want a front facing camera.

So what happens if they replace the SIM though? Sending SMS's is nice, but only if your number is still working with that phone. A hard baked security system would send an SMS when the SIM was changed at least.
 

minus30

Member
Jul 5, 2010
27
0
Brugge
You shouldn't make a ROM to put an apk into /system/app. You can simply push it through ADB or via terminal emulator. That will atleast survive a factory reset. I don't think many thieves actually take the time to flash a new image
 

DroidBois

Senior Member
Jul 1, 2010
673
22
Canberra
So this is all we need to do? Use the ADB method? So I push through WaveSecure, that could survive a factory reset with settings intact?

Something baked in to recovery would be awesome too.
 

ramdroid77

Senior Member
May 7, 2009
827
127
as far as I know when pushing an apk via adb into system/app then only the app itself is stored there, not the settings. the settings are gone after a system wipe. there needs to be some logic in the app to connect to a site and retrieve your settings from there... using your phone's ID or something.
 

strazzere

Retired Recognized Developer
Nov 4, 2008
74
21
www.strazzere.com
as far as I know when pushing an apk via adb into system/app then only the app itself is stored there, not the settings. the settings are gone after a system wipe. there needs to be some logic in the app to connect to a site and retrieve your settings from there... using your phone's ID or something.


The application itself will survive - but wouldn't all it's data, which still resides in /data/data be wiped?

So yes... the app survived... But it no longer knows who you are, or whose phone it is.
 

tbaker077

Senior Member
Jan 17, 2009
1,066
16
California
Well part of my unspoke point is this is XDA-Developers, I sure there is a ways(one the rom comes out) to port some of those security files to other Android devices.
 

tbaker077

Senior Member
Jan 17, 2009
1,066
16
California
I think once the Droid Pro, which has it baked in, is either rom dumped and extracted, or rooted then I think it could be possible.
 

DroidBois

Senior Member
Jul 1, 2010
673
22
Canberra
I think once the Droid Pro, which has it baked in, is either rom dumped and extracted, or rooted then I think it could be possible.

So something *is* possible via software, not requiring special hardware?

Once some gimboid puts in their own SIM you'd think that you can't send an SMS to control the phone although WaveSecure seems to cover that too.

I'd like something as subtle and as invisible as a good virus. Bootloader would be ideal. Theoretically then a full factory wipe wouldn't clear it.
 

tbaker077

Senior Member
Jan 17, 2009
1,066
16
California
I couldn't tel you. All I know is the Droid Pro is a 3G CDMA. GSM device with some special enterprise security features/software aimed at the BB users.
 

DroidBois

Senior Member
Jul 1, 2010
673
22
Canberra
Doesn't really help us then if that's only available on the Droid Pro.. For the rest of us we still need to work out how to bake in WaveSecure or, ideally, something very subtle. If someone takes my phone I want to nail the little turd, or at least embarrass him when the phone siren goes off or he gets a loud spoken message or something.

Another point, with IMEI numbers, is this of any use if you bought your phone outright? I.e. if my phone is stolen, I can't get the IMEI blocked can I? And can IMEI numbers be changed?
 
I know Paul at Modaco bakes wavesecure into his roms.. not sure if the data would survive a wipe but then whats the point of baking it in system if it doesn't right? Check it out:

Version R9: (requires membership)
http://android.modaco.com/content/h...-rom-for-htc-desire-online-kitchen-2-2-froyo/

R8: (Free for all)
http://android.modaco.com/content/h...for-htc-desire-with-online-kitchen-2-2-froyo/

Okay.. Just found out. This explains everything!

https://www.wavesecure.com/blog/how-to-make-wavesecure-hard-reset-proof.aspx
 
Last edited: