Articles

Android 4 Stock Contacts

posted Oct 6, 2012, 7:27 AM by Ondřej Pšenčík   [ updated Nov 12, 2014, 11:47 AM ]

Get it on Google Play

In the Android 4, there is only one correctly working contacts application - the stock contacts application, part of Android Open Source Project. Unfortunately often stock contacts application is replaced by a false contacts application by manufacturer or user installs a false application being humbugged by false review or similar.

There are 3 categories of false contacts applications
  1. contact application - using Android built-in contacts database - which does not have essential features (e.g. Go Contacts Ex)
  2. contact application - using Android built-in contacts database - which simultaneously does not have essential features and corrupts contact data (e.g. Samsung contacts application)
  3. contact application - using own database - simultaneously does not have features, does not integrate with system, corrupts data and causes system malfunctions
I experienced data loss caused by Samsung contacts application so I prepared True Contacts for Android 4.0.x to avoid contacts data loss and corruption again.

Let's explain issue in detail - with Samsung contacts application.

Samsung contacts application is legacy (Android 1) application in Android 4 that is patched together by Samsung to somehow work in following Android version, but Samsung contacts application
  1. corrupts phone numbers
  2. does not support arbitrary contacts accounts (in 4.0.3 it crashes, in 4.0.4 support is erroneous)
If contact with various phone numbers is created in Android stock application


and is open in the Samsung contacts application editor


the contact is open corrupted - it does not know all various numbers and puts Mobile instead of correct number type - and if you save it data will be corrupted and can be lost.

To avoid this unwanted situation it is possible to configure stock contacts application as default contact editor - select stock contacts editor as default when editing contact:

If you prefer AES 256 over AES 128

posted Sep 5, 2012, 1:32 PM by Ondřej Pšenčík   [ updated Sep 5, 2012, 1:35 PM ]

SSL security parameters are negotiated after connection is established, default first choice in Windows Schannel is AES 128 for encryption, fortunately it is easy to configure it if one wants to.
Start Group Policy Editor (gpedit.msc) and locate SSL Configuration Settings - see picture below.


Open SSL Cipher Suite Order, select enabled and redefine order of suites to reflect your wishes (i.e. put AES 256 first) - I used notepad - copied existing text there, made modifications and copied it back into that miniature edit field.
 

It looks like suites are enabled, so you do not need to modify registry to enable them. Local Sync outputs result of negotiation in the main log so you can see negotiated security parameters, e.g. in my case


In case of Local Sync program it makes sense to use stronger encryption in case you are using own certificate, not built in certificate.

Local Sync - data transfer protection with SSL

posted Sep 2, 2012, 2:32 PM by Ondřej Pšenčík   [ updated Sep 10, 2012, 5:28 AM ]

Since Local Sync version 1.7 WiFi data transfer is protected with SSL. This feature is available only for Android version 4 or greater and by default all data transfer is encrypted but files synchronization. If you want to encrypt also file synchronization, this setting can be found in Android Local Sync Menu - Settings.


There are 2 security scenarios that can occur when using Local Sync
  1. By default there is used Local Sync built-in exchange certificate - basic security if you want to be protected from novice eavesdropper (experienced cracking eavesdropper will decipher your data)
  2. You can provide own certificate for better security if you need to be protected from an adversary (will require active attacks and exploitation to obtain your data - she will probably use other methods than Local Sync program exploitation to get your data)
In the Windows Local Sync main log it is indicated by icon whether transfer was secured or not. Unsecured transfer is indicated by normal green flag, secured transfer is indicated by green flag with key  so you can verify whether security is maintained.

If you want to use own certificate (pfx file - with private key) for SSL you configure this in Windows Local Sync program. Save your pfx file in some folder and open Windows Local Sync settings.


As you can see by default there is used Built in certificate in Local Sync program. Press Select certificate button and select your own pfx file.


You must provide password for private key. Password is stored in plain text in Local Sync settings file (which is in Application Data folder), so you will want to have that folder secured.


If you save settings by pressing OK on Settings dialog window, certificate will be applied (and Local Sync SSL server component restarted) as you can see in the main application log.


How to get own certificate for free and be protected from an adversary?
Built in certificate works out of the box with zero configuration, however better security is achieved with own certificate. Certificate used for Local Sync SSL Server must have trust anchor. You will not buy certificate for this purpose but you will prepare own fine certificate. This is possible because since Android 4 it is possible to configure trusted certificates in the Android. Steps to make it work are:
  1. generate own signing certificate that will be used for generating Local Sync SSL Server certificate
  2. generate Local Sync SSL Server certificate
  3. import cer from step 1 into Android trust store
  4. set certificate from step 2 in Windows Local Sync
Software necessary for creating certificates is makecert by Microsoft. Download it as part of Windows SDK. You can open SDK command prompt and

Create CA Certificate (you will be prompted for private key password)
makecert -r -pe -n "CN=Local Sync CA"  -ss CA -sr currentuser -a sha256 -sky signature -cy authority -sv LocalSyncCA.pvk LocalSyncCA.cer

Create Local Sync SSL Server certificate
makecert -pe -n "CN=Local Sync Local" -a sha256 -ss my -sr currentuser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -ic LocalSyncCA.cer -iv LocalSyncCA.pvk -sy 12 LocalSync.cer

Open certmgr.msc and export LocalSync certificate with private key into LocalSync.pfx file (you will be prompted for private key password - this password you will set in Local Sync Windows app when you configure certificate). Delete Local Sync certificate from Personal store in certmgr because you do not need it there anymore.

Copy LocalSyncCA.cer onto Android sdcard and add own CA certificate into Android trust store. Open Settings - Security, tap Install from SD card, alert dialog is shown.


Tap OK, if you do not have set PIN or screen lock pattern, you will have to do it now (which is great)


And you have imported your own certificate in the Android trust store.


Set LocalSync.pfx certificate in Windows Local Sync program. You must protect own certificates, Local Sync SSL server private key password is stored plain text so you might want to encrypt your Application Data folder with encrypting file system. Local Sync data transfer is then secured with fine SSL setting. The last step to increase security (and avoid some types of attacks) is then disable built in certificate in Android - Menu - Settings.

Note: Synchronization done via USB cable is not protected with SSL.

Local Sync on Android 4 - system upgrade

posted Aug 30, 2012, 2:21 AM by Ondřej Pšenčík   [ updated Aug 31, 2012, 5:48 AM ]

Due to various issues in contacts application caused by proprietary changes made by manufacturers in Android 2 and 3 Local Sync synchronized contacts into various accounts (and not Local Sync account) - HTC devices and Samsung tablets - therefore if one updated Android firmware without wipe following would happen on some devices:
  1. Local Sync update is offered in Google Play because there is special version for Android 4
  2. One updates Local Sync
  3. One runs synchronization
  4. Contacts are moved in Outlook into trash (because account changed and it looks like all contacts were deleted)
Solution:
Move contacts from trash back again to contacts.

Second scenario is that Local Sync was uninstalled before update as it is instructed on program web page.
  1. One installs Local Sync from Android market
  2. One runs synchronization
  3. Contacts are "duplicated"
Solution:
In fact contacts are not duplicated, but there is double set of contacts in original (non Local Sync) account and Local Sync account. So it is only necessary to delete contacts in original account (as described on program web page, it is phone account on HTC devices and device account on Samsung tablets).

Android 4 supports fully 3rd party apps/external accounts. See Local Sync and Android 4 ICS.

If you have any questions related to Android update (from version 2 or 3 to version 4) use Q&A.

AutoSync Account Activator explained

posted Aug 25, 2012, 2:05 PM by Ondřej Pšenčík   [ updated Nov 12, 2014, 11:49 AM ]

Get it on Google Play

There are synchronization facilities in Android. These facilities allow applications to have accounts and synchronization capabilities. Account is set of information such as server address, email address, password, data types, etc.; for account application usually has logic how to synchronize data with outside world.

Account can be used by other applications to contain data from that account, e.g. Contacts application can contain contacts from Gmail, Facebook, Twitter, etc., Calendar application can contain calendars from Gmail, etc. if given account has capabilities to provide such a information.

In following picture, there is list of various Accounts in Android 2.3, background data are active, master auto sync is active.


If master auto sync is active, accounts are synchronized automatically, if master auto sync is disabled, accounts are not synchronized automatically and one must synchronize account manually, it can be done by pressing "Sync all" button or in account screen by pressing "Sync now" button. If sync is manual some functionality may not be available, e.g. Gmail does not notify new email via system notification. Manual auto-sync is not interesting from AutoSync Account Activator point of view.

If master auto sync is active, accounts are synchronized automatically. There are currently 2 auto sync types:
  1. periodically synchronized accounts = data are synchronized in time intervals
  2. account synchronized via Google push sync = data are synchronized each time something happens, e.g. new email arrives
In fact not whole account, but authorities are synchronized. Each account contains zero or more authorities, e.g. Google account contains many authorities:


Authorities can be enabled or disabled, in case master auto sync is active (in case master auto sync is not active and synchronization is manual, one cannot select auto sync for given authority, because synchronization is done manually by tapping authority or pressing "Sync now" button, etc.)
In previous picture Picasa Web Albums authority is unchecked, which simply means that Picasa web albums will not be synchronized at all (I have disabled this authority, because I do not want to see web albums from that account in my gallery application). If I unchecked Sync Gmail authority, Gmail would not synchronize automatically and Gmail application would not show new email messages and system notifications reporting new email would not be shown, etc. unless I refreshed email manually inside Gmail application (Menu - Refresh). Note: as mentioned above in case Gmail manual refresh in case auto sync is not active, system notification is still not shown.

AutoSync Account Activator automatically checks/unchecks authorities according to configuration:
  • mobile network connected
  • particular WiFi connected
  • always checked
  • always unchecked
If you tap on some account in AutoSync Account Activator application, configuration is open. On first tab you can define on what networks (connections) authorities will be checked. For example in following picture, Local Sync account automatic synchronization is activated only on anetliberec.cz WiFi network


on the second screen there is possibility to configure time interval for periodically synchronized accounts, default value is 1 day. Periodic synchronization interval is built in Android feature, I created this configuration screen because it is not available in Android. Google push sync accounts are not synchronized periodically, you cannot make e.g. Gmail to not to sync push way and sync it periodically, you can only disable synchronization for push sync accounts. On the other hand Local Sync account is periodic sync account so it will sync in defined intervals (here 1 day) automatically.


Third screen configures applicability of first screen. There are 3 options
  1. Auto - authority will be checked/unchecked according to connection status
  2. Always on - authority will be checked always (will synchronize always automatically if master auto sync is enabled)
  3. Always off - authority will be unchecked always (will not be synchronized automatically)


If authority is unchecked and checked then synchronization is started immediately for that authority. This is proximity sync feature out of the box. For example you disable all Google accounts at work WiFi and allow them on cellular network, then if you connect WiFi at work Google accounts are disabled and as soon as you leave work WiFi and connect to cellular network all new data/emails/etc. are immediately synchronized.

1-5 of 5