I Agree to this point… And that’s why I brought this to notice… No one is going to try out things to see if they are protected, if that had to be done then no security suites would exist…
I’m not here to talk about Avast downside, I really don’t care about Avast or AVG or any other product…
If one product fails doesn’t mean that even CMS should fail there…
You Answer is like, if one person can have an affair with his daughter then why not me… :-TD
If i was concerned about sensitive information or settings, I would lock the phone, either on screen off, or remote.
Prevent access to the phone. That is what you should be concerned with, not whether an app can be reset/removed. Most people are not going to look for a security app to disable if they find a phone. They want to know who’s phone, and what information is stored within.
Who’s phone and contact information can be displayed on a locked screen.
Other information requires access.
The only solution to protect an app is to hide it (whatever method you choose, be it Eric’s solution or another app locker, or simply hiding it from the screen).
Personally, hidden from the screen is more for a dedicated remote security app than a multi function app such as CMS.
Whichever method you prefer, I doubt it is of higher importance than phone location and data security.
On a final note, anyone who is familiar with Recovery knows no security can prevent a phone from being wiped clean, and/or factory reset.
So just concern yourselves with protecting your personal data/information rather than can or cannot an app be reset/removed, because no matter what you implement, the answer will always be “YES”.
alright we’ll just pretend like there’s no major security issue in cms anti theft default setup. even though I pointed out suggestions that could fix the problem that don’t require root which I can back by my testing of avast on a non root phone. yeah you can say go to another product but they all have the same problem. it’s ok though i’ll just put my head in the sand and that will magically fix the issue
Avast Mobile Security Guide mentions if Anti-Theft is installed on rooted phones & the settings too then Anti-Theft survives hard reset.
"Hard reset protection
Store settings
This setting applies only to rooted phones and enables the Anti-Theft
settings to also be stored rooted so that they will even survive a hard reset."
I was referring to the fact that if you try to uninstall avast from app management that you are prompted for a password. yes currently it has a bug so that you can still uninstall without putting in a password but It’s a bug that will be fixed. if they could make cms do the same as avast with the bug fix and also make cms watch for app data resets and force stops then users could protect from uninstall without requiring a password to access all parts of settings. then cms would just have to offer to lock down play store and task manager apps. they could also give an option to enter a pattern instead of a password to approve uninstall, data reset, force stop, play store, and task manager apps. also file manager apps
@Anyone From Comodo
After so much of talk with John Buchanan I just have one thought in my mind, “Is there any other Moderator who would like to understand what we ( me n trscsaeg ) are trying to say”
Or Like trscsaeg said,
Lets pretend… Ohhhh Woowww…!!! CMS Our Saviour… What a product…!! :love: :love: :love: … Your truly Awesome CMS…!!!
John Buchanan :-TD
I believe the app needs to be listed as a device administrator for that feature to work.
That would also prevent uninstalling it.
Ok, I’m going to try and answer this one.
Firstly, let me say I do understand what Ishaan and trscsaeg are saying. We have been pm’ing the devs to try and get an up-to-date response on the development of CMS and I included some of the things you are suggesting in the Wish List topic recently.
The ability to stop the process, clear data and uninstall CMS is a security issue if someone manages to get into your phone. I personally us a 6 digit code, sim lock and I use a separate app that makes you tap a hidden part of your screen to access your phone. My current solution is to protect uninstall and wipe of CMS is to use the built in App Locker. I have it set to lock Settings, Play Store, Task Manager and Filer. There’s a known bypass bug with this which is by clicking your recent app list and going into one of those without being prompted for a password. The app called AppLock is currently better to use because it has it’s own self protection and it’s more flexible allowing a various password options such as screen pattern etc.
Avast is clever in that it at least hides the Anti-Theft and has it set as admin and from what I remember previous versions of CMS use to have the same. I have been tempted to try and use the Comodo Anti-Theft as a separate app and protecting it with AppLock or the one built in CMS but I haven’t had the chance. I would like to see a web portal option like Avast has so you aren’t required to have a “buddy number”.
Having said all that, someone can quite easily simply plug your phone into the USB port and wipe it clean and copy all your data. If it was possible to protect this option as well that would be ideal though I think it requires rooting your phone.
This brings up the topic of encrypting the data on your phone. I’ve yet to explore this option.
John isn’t saying that the issues you’ve raised aren’t a security issue. He’s simply pointing out the obvious, if they can’t get into your phone in the first place then they wouldn’t be able to disable CMS or the anti-theft. As a first line of defence you should have a strong phone lock key.
I can recommend a number of options but if your as concerned about your phone being accessed and disabled then you need to at the very least use the built in app locker as I have suggested. I think, for the ordinary user, just insuring your phone has a screen lock would go a long way towards keeping your phone protected in the first place.
I do think that the Health Check should run automatically and flag up issues like unlocked phone, unprotected settings or at least further security suggestions but while we wait for further information on the plans for CMS development, the only currently solution is to use the built in app lock or a separate app.
Cheers,
Eric
If USB debugging is disabled on phone then too data can be copied or wiped clean?
I don’t have USB debugging on my Android 2.3.5. Certainly the data on the SD Card can be copied and deleted or wiped but I don’t think this has any impact on the android system itself apart from messing up apps running via the SD card.
You can copy the backup files created by the built in back up in CMS as they are saved on the SD card which might be a bit of a security risk and that folder or files may need to be encrypted as they are simply the original .apk for the app you backup, .vcfs for the contacts and a .db file for your CMS backed up settings.
So, knowing that, you might want to either ignore the backup that’s flagged in the Health Check which you have the option to do permanently when you tap it in the pending items in the results.
Alternatively, you can encrypt the contents of that folder. There’s a brilliant app called File Locker (https://play.google.com/store/apps/details?id=com.mwgo.filelocker&feature=search_result#?t=W251bGwsMSwyLDEsImNvbS5td2dvLmZpbGVsb2NrZXIiXQ…) that can do that job for you but it would be a good suggestion to add to the wish list and/or have an online option. I know there’s Comodo Cloud but I haven’t tried using that.
Cheers,
Eric
Looking forward Eric, let’s hope CMS does it well ;D
nobody here is saying that users shouldn’t have a good screen lock of some kind or that our suggestions are a replacement for screenlocks. we are saying that if someone gains access to your phone while it isn’t locked that it is likely you may never get your phone back if the thief has just a little knowledge do to a weakness in cms offering protection for crucial areas to be protected or protecting against uninstall, force stop, data clear attempts directly as they happen with a password or pattern lock