Reseting CMS is Way too Easy Even Without Having Password To Anti-Theft

Hi All,

Just yesterday when I tried to access CMS Anti-theft feature which I had set already, I realized that I forgot the password.
So What next I had only one option I thought, Uninstall and Re-install but then something struck me…
I went to application settings and Clicked the Clear Data Button given by Android and Voila…!!! CMS got Reset to as Good as First Install… All Virus Defs cleared and Anti-Theft Data cleared.
Well from security point of view this is a glitch.
I simply need to steal a Android Phone having CMS in it and the person would think that “I’ll track or wipe my data out” but I the robber simply Clear User Data from the Application Settings and done all Personal Data, Images, Movies n Porn >:-D are now mine :wink:

I guess this needs to be worked out, If Android phones have some restrictions that do not allow CMS to hide its data from users then in my Point any Anti-Theft Software is useless…

Do discuss on this so that users Know about it…

Edit:

I tried the same on Avast but fortunately their users are safe from this trick… So it ain’t Android restrictions its CMS security Glitch

No Reply yet… I’m waiting to put my comments on Google Play… If no reply I guess others should be aware and careful about it…

Features like this require root I think.
E.g. Phonelocator Pro cannot have its data reset, but it is a) hidden, b) using root, and c) an administrator on the phone.
I don’t know which one is preventing clearing of data, but I suspect being an administrator has something to do with this.
I believe being an administrator prevents it from being un installed.

Its not connected to rooting… try Avast on a non rooted phone and Repeat what I tried… You’ll know…

Neither the password nor the Anit-Theft Feature is Reset… Only the AV gets reseted…

it seems avast-anti-theft is another app?
so the reason only the av gets reseted is that you reset the av, but not reset the avast-anti-theft

yes the anti-theft is a separate app. you get to choose a custom name for it. did you go to the anti-theft app that you give a custom name to and try resetting the data there

Ok I will give that a try with Avast but this needs to be worked on anyways…

What I do is use the built-in CMS app locker and lock the following:

Settings
Play Store
Task Manager

locking each of these makes it impossible to uninstall CMS or reset it’s settings without a password.

Great method of security, Eric. But whereas I am looking at tweaking and mods for performance and feature sets, this would be a hindrance to me (just me).

I will, however, recommend this to other phone owners I know.

OT, Eric, still no lag in startup of CMS since disabling TM. :slight_smile:

Good for those who are aware that there are work around to by pass, but not most on Google Play would know this when downloading the app…
So I’d suggest this to be integrated and not allowed by the app itself then me manually locking up stuffs…

were you able to uninstall avast anti theft by locating the custom name for the anti theft app or clear its data or both?

Couldn’t locate the custom name… and since it wasn’t my phone I was not able to get it in my hand again…
Girls are always afraid of trying anythin with their phone :-\

In their natural to be stubborn ;D

True…
But the topic remains the same… Kindly fix this…

I have and use avast and yes you can uninstall the anti theft if it is installed normally but you can make it (as I have) a device administrator.

ok I tested avast anti theft. my phone is not rooted. I set anti theft as device admin which prevents uninstall but not clearing data. clearing data for anti theft does not erase anti theft pin but erasing avast mobile security dose which can be done with anti theft set as admin. so even though avast anti theft can’t be uninstalled while set as device admin, it can’t follow sms commands if data is cleared from avast mobile security. if anti theft is not set as device admin it will prompt you for a pin but you can just exit out to your home sceen and try to uninstall again and you will not be prompted for a pin and you can successfuly uninstall anti theft. anti theft can’t be uninstalled from play store because it isn’t a play store app. avast can only prevent access to settings if the phone is marked as stolen which will prevent users from being able to access the uninstall app screen. so if you don’t realize your phone is lost then the thief can easily uninstall all of avast. if avast mobile security gets uninstalled but the anti theft is still installed, I don’t know if it removes anti theft data such as the pin. I forgot to test that. so if comodo could make the anti theft component a non market app and make it watch for uninstall attempts like avast and prompt for password but improve it so it can catch all uninstall attempts and not just the first one then that would be great and it would be good if it could prompt for password for data clear attempts. if it could achieve this behavior for 3rd party uninstallers that would also be great

Yes thats what I am requesting for…

Doesn’t seem this was even reported… And no reply that this will be worked on…
Any mods could forward this issue… to egmen or someone…

Is this going to be worked on?

Eric has described a solution that addresses your security concerns.
First page.

Eric has a solution yes but the problem is that cms is misleading. it doesn’t offer to protect crucial areas and explain why it’s offering to protect those areas. so for an average user they think their phone is protected by cms with default setup and they are to an extent but by default crucial areas are not protected to prevent a thief from uninstalling cms which is a major fail for anti theft. currently cms default settings gives a false sense of security to average users. that’s why he asked is this going to be worked on.

As proven, even Avast has this downside.
For those that wish the added security (not all want the inconvenience to access settings), use the above mentioned solution.