PDA

View Full Version : Android developers, lend me your ear


pullnshoot25
11-22-2010, 7:14 AM
OK, so the recent TSA transgressions and a look at my Android phone's capabilities have lead me to the conclusion that the Android security system could use a bit of revamping. Here is how.

1) At the lock screen, one is able to do a long press on the power button which brings up a menu to make the phone turn off, reboot, go silent or go into airplane mode. This is bad because if someone (thief of gov't agent) takes the phone, it can be disabled and the phone will be lost forever (should you want to track it) or the data gathered will stop.

2) The battery is vulnerable on these phones as it can be removed (unlike the iPhone) and there must be a way to protect it. Pulling the battery, obviously, means "game over"

That said, I have a proposition for a talented programmer and a question.

1) If someone is willing to program an app for the Android market, I am certain that some money can be made. I know that I will drop money for it.

There are three ways to go about this in my mind's eye.

a) Disable the long power button press while at the lock screen, making it so that one has to unlock the phone to do anything.

b) Make a "fake reboot program," kind of like what many kids made for their TI calculators so that it faked clearing the cache before going into the SAT test.

c) Disable the power button at the unlock screen on command, instead opting for a small code on the volume buttons or menu buttons to bring the screen back after the threat is over.

Now, about the battery issue... does anyone know of a hardcase on the market that encapsulates a phone (say, the HTC Evo?) that requires bypassing "security screws" (I believe that is what they are called) in order to get to the battery?

That's all I got.

hgreen
11-22-2010, 9:04 AM
I'd be happy to work on that.

Just need someone to buy me a HTC Evo :)

Dr Rockso
11-22-2010, 1:23 PM
Now, about the battery issue... does anyone know of a hardcase on the market that encapsulates a phone (say, the HTC Evo?) that requires bypassing "security screws" (I believe that is what they are called) in order to get to the battery?

The big problem there is going to be bulk, which you may not care about for your purposes but prevent that sort of case from being widely marketable. The evo is a pretty big phone to begin with and a two piece screw together case is going to add quite a bit of size. If you can find a case that screws together its probably just a simple matter of browsing the mcmaster catalog to find security replacements. All the ones I've seen have been snap or slide on types, though. It wouldn't be particularly hard to make one, but it would be pretty expensive for a one-off.

AJAX22
11-22-2010, 1:33 PM
You may be able to permenantly affix the battery and cover using a thin film of epoxy... itwould be a strictly one shot deal however.

JDay
11-22-2010, 3:05 PM
2) The battery is vulnerable on these phones as it can be removed (unlike the iPhone) and there must be a way to protect it. Pulling the battery, obviously, means "game over"

This is a design flaw with the iPhone, it is a decision that was made in order to increase sales. After all, why let you replace a dead battery when they can just sell you another handset? No matter what security your phone has agents can simply make it disappear and say "what phone" when asked about it. This is why you should use an app such as Qik that streams to the internet when you record. Also, since Android runs on Linux you just need to find the right config file to edit to disable the power button on the lock screen.

five.five-six
11-22-2010, 3:15 PM
sjjpbsUvggw

rynando
11-22-2010, 4:15 PM
You could always do it yourself. It isn't hard. (http://www.amazon.com/Android-Application-Development-Dummies-Computer/dp/047077018X)

JDay
11-22-2010, 4:41 PM
You could always do it yourself. It isn't hard. (http://www.amazon.com/Android-Application-Development-Dummies-Computer/dp/047077018X)

No need to buy a book. Google has the API well documented.

http://appinventor.googlelabs.com/about/

sfwdiy
11-22-2010, 5:59 PM
No need to buy a book. Google has the API well documented.

http://appinventor.googlelabs.com/about/

AppInventor is actually pretty cool. I've messed around with it, but I don't really have the time to learn all the ins and outs of the API.

I like the idea and wish that qik had an audio-only option to get around potential bandwidth issues.

Uploading the data while recording data is all well and good, and I doubt your typical TSA slug would have the cranial capacity to realize this, but all your recording and uploading and phone tracking whatevers can be instantly neutralized by simply wrapping the phone in a piece of tin foil. No need to pull the battery. :TFH:

--B

JDay
11-22-2010, 6:58 PM
Uploading the data while recording data is all well and good, and I doubt your typical TSA slug would have the cranial capacity to realize this, but all your recording and uploading and phone tracking whatevers can be instantly neutralized by simply wrapping the phone in a piece of tin foil. No need to pull the battery. :TFH:

--B

Too bad they'd probably wrap it in aluminum foil, which does not have the same effect as tin.

TonyM
11-23-2010, 6:48 AM
I looked into disabling the home key and long-press of the power button on the lock screen awhile back for another application I was writing. I was hitting dead ends and I found that sometime back (I think in SDK 2.0) Google removed the APIs to disable those buttons at the lock screen as security measures, so applications couldn't hijack your device and leave you stuck with a rotating advertisement locked device.

So, I don't think it's possible anymore.

hgreen
11-23-2010, 7:23 AM
... Google removed the APIs to disable those buttons at the lock screen as security measures, so applications couldn't hijack your device and leave you stuck with a rotating advertisement locked device.

So, I don't think it's possible anymore.

Kernel module anyone?

sfwdiy
11-23-2010, 4:50 PM
I looked into disabling the home key and long-press of the power button on the lock screen awhile back for another application I was writing. I was hitting dead ends and I found that sometime back (I think in SDK 2.0) Google removed the APIs to disable those buttons at the lock screen as security measures, so applications couldn't hijack your device and leave you stuck with a rotating advertisement locked device.

So, I don't think it's possible anymore.

Yeah, they did remove that API as of Froyo. There was a plugin for Locale that would allow you disable your lock screen password based on conditions. It was actually quite convenient to disable my lock screen while the phone wasn't in my house.

The plug doesn't work on Froyo.

Too bad they'd probably wrap it in aluminum foil, which does not have the same effect as tin.

I like this:

http://cache.gawkerassets.com/assets/images/4/2010/11/500x_phone-hanckerchief.jpg

http://gizmodo.com/5693203/handkerchief-blocks-cell-phone-signals

--B

AndrewMendez
11-23-2010, 11:33 PM
You can not cover the battery so it can not be removed. What if you need to soft reboot your phone, and the provider requires you to remove the battery for it, not to mention the phones ESN number is on that location. The iPhone was criticized greatly for not having a removable battery. You will also void the mfg Warranty.

JDay
11-24-2010, 12:54 AM
You can not cover the battery so it can not be removed. What if you need to soft reboot your phone, and the provider requires you to remove the battery for it, not to mention the phones ESN number is on that location. The iPhone was criticized greatly for not having a removable battery. You will also void the mfg Warranty.

A soft reboot just involves telling the phone to reboot, and the ESN/MEID is in settings under "About Phone". It's still a bad idea to seal the battery in though, make it impossible to replace and you cannot remove it should it short out (which leads to a fire). Not to mention that the microsd and SIM (GSM and LTE phones) slots are under there.

gunn
11-26-2010, 9:53 AM
There might be easier ways to solve the problem... like a dedicated recorder

http://www.buy.com/prod/qi-remote-car-key-chain-mini-dvr-video-voice-recorder-photo-camera-4gb/q/sellerid/23093153/loc/111/211988524.html

with video
http://www.sears.com/shc/s/p_10153_12605_SPM1323255101P?sid=IDx20101019x00001 a&ci_src=14110944&ci_sku=SPM1323255101

As a pen
http://www.google.com/products/catalog?hl=en&rls=com.microsoft:en-us:IE-SearchBox&biw=1188&bih=592&q=mini+voice+recorder&wrapid=tlif12907975301211&um=1&ie=UTF-8&cid=14261546785401385552&ei=3wHwTMO7CJL4swOAl92mCw&sa=X&oi=product_catalog_result&ct=result&resnum=9&ved=0CI8BEPMCMAg#

If you assume they will put your android brick phone within audio recording distance, they will most likely give you your keys/pen/jacket within the same distance as well.

-g

PS. your post reminds me of those guys on the Make Magazine blog/hackaday that will take a $150 consumer electronic device, take it apart, just to make "hand modded" product that would have originally costed $20.