[Q] Exchange Security Policy Post OTA

---

EDIT: Use the app from KShatzkes' post #24.


I installed the the OTA update, and like many 2.2 phones now, if you use the Email app to connect to exchange, you have to enter an annoying password just to unlock your phone, every time it locks. It's annoying and time consuming because you cannot use the pattern unlock --- you must choose an alphanumeric code at least four digits long.

There are email.apk files that bypass this, but since we cannot replace our email.apk permanently, that probably won't work for us.

The phone did not do this before the OTA, but now it does. Also, you can disable it via the databases in 2.1 (or use lockpicker), but these solutions seem to be broken in 2.2.

Any ideas?

Yes! This is bothering the heck out of me too! Hopefully some solution arises soon!

EDIT: I am guessing that the only option we have is to do something like Paul's Goggles Removal app. If we remove the Email that way, we can then install the other .apk just fine.

I emailed my company's IT department today about this, and got an interesting response:

Quote:

[Me],
Activesync is set up for a production environment, since it sync's with your handheld which then contains [Company Name] material.

While not all handheld manufactures are have all come to the same level of programming, we've allowed underdeveloped handhelds containing a degree of activesync client to communicate with our servers, with the priority on greater protection. This is why the update of your device is now asking your for a 4 digit pin. The update to your device now has a full activesync client. This is by design.

We apologize for any inconvenience this may cause you.
Thanks

-[Technician]

So apparently, we got the "full" version of activesync. Sucks. I never before wanted something so underdeveloped. =(

Wish I could revert to the old version of the app as well.

I haven't noticed a difference since I installed the OTA.

I'm definitely not having to enter any password to unlock when I bring the phone to life.

I didn't have an unlock code before, and still don't. Maybe that's the difference. Did you have an unlock pattern before? Maybe it changes the type of code you can use.

I have the same annoying Pin requirement now after the OTA. I also did not have a pin before the update. It sucks.

I'll toss out an idea to get around this.

1. Root with Visionary.
2. Connect device via USB.
3. adb shell
4. su
5. pm disable com.android.email.policy

Our corporate Exchange server does not have these policies enforced so I cannot confirm whether it will do the trick. But either way, the change is persistent so you only need to do it once unless you wipe.

It can be undone by substituting the last command with "enable" instead of "disable.

Quote:

Originally Posted by smasraum

I haven't noticed a difference since I installed the OTA.

I'm definitely not having to enter any password to unlock when I bring the phone to life.

I didn't have an unlock code before, and still don't. Maybe that's the difference. Did you have an unlock pattern before? Maybe it changes the type of code you can use.

This is probably because your IT staff has not enabled the security (or more likely disabled it, since it is enabled by default in Exchange). I talked to our IT guys, and they say the national corporate office won't disable it, but they all hate it (local IT).

I showed them how to disable it in 2.1 Eclair, but those fixes don't work in 2.2 Froyo. The only fix for Froyo is to replace the Email.apk with a hacked version, but we cannot do this without permanent root.

Quote:

Originally Posted by rmk40

I'll toss out an idea to get around this.

1. Root with Visionary.
2. Connect device via USB.
3. adb shell
4. su
5. pm disable com.android.email.policy

Our corporate Exchange server does not have these policies enforced so I cannot confirm whether it will do the trick. But either way, the change is persistent so you only need to do it once unless you wipe.

It can be undone by substituting the last command with "enable" instead of "disable.

I'll give it a shot, but my guess is that you won't be able to connect to the server at all without an email policy.


Edit: Doesn't work. You cannot send without the policy, and the password is still there. If you delete the account and recreate, it still forces you to create a password, and you still cannot send.

So to get this straight, the issue is with the Email.apk or the Email Policy file? Or both?

smasraum, can you upload your Email.apk and/or the com.android.email.policy that you say work for you? I doubt it is gonna work without perm root, but I'm so frustrated that I want to see if the system will allow me to downgrade the files.

Thanks in advance.