I found a few ways to detect a rooted Android phone, but I would now like to use that functionality to whitelist (or blacklist) users who root with activesync.
What are my implementation options here?
Asked
Active
Viewed 1,744 times
0
-
Um, ActiveSync is a Microsoft concept, having little to do with Android and less to do with rooting a phone. – CommonsWare Jan 23 '12 at 19:10
-
The idea is that if the phone is rooted, perhaps I can kill Activesync – makerofthings7 Jan 23 '12 at 19:15
-
1There is no ActiveSync to be killed. ActiveSync is a Microsoft concept, having little to do with Android and less to do with rooting a phone. Android has Exchange support, and it is possible that uses the same protocols as ActiveSync, but that's all there is, AFAIK. – CommonsWare Jan 23 '12 at 19:56
-
The relation is that a rooted Android phone might pose a security risk to a corporate org that relies on Activesync. (Improper Process Elevation, etc) In that case, I want to support disabling Activesync for phones in this configuration. – makerofthings7 Jan 23 '12 at 20:09
-
Since there is no ActiveSync to be disabled, you are already done. – CommonsWare Jan 23 '12 at 20:13
-
1@CommonsWare Android uses Activesync to connect to Exchange. It exists, and I see it occurring before my eyes. It seems you are unaware of the feature – makerofthings7 Jan 23 '12 at 20:27
-
1You are massively confused, but, be that as it may... Most Android devices can connect to Exchange nowadays, as it was added as a feature in Android 2.0. Hence, your blacklist will be ~99% of all devices. Moreover, your only way to disable it will be to replace the firmware with one that does not support Exchange synchronization. – CommonsWare Jan 23 '12 at 20:36
-
@CommonsWare If you assert I'm confused, please elaborate. (I've been an Exchange admin for 15 years) If 2.0 devices are not using Activesync, what is it? Possible options are POP3, IMAP, EWS, OWA, Activesync – makerofthings7 Jan 23 '12 at 21:02
-
Various things get the ActiveSync label. I tend to think of software. Android does not use ActiveSync software from Microsoft for Exchange synchronization. ActiveSync is also a protocol. Android's Exchange synchronization does use the protocol. You do not disable a protocol; you might disable software that implements the protocol. You do not kill a protocol; you might kill software that implements the protocol. Now, my own confusion was forgetting that ActiveSync is the name of the protocol as well as the software (I thought MS used a different term) and for that I apologize. – CommonsWare Jan 23 '12 at 22:16
-
I'm quit a bit late here, but can't you just determine their MAC address and then block that device from accessing your Exchange server? – Jess Jan 16 '13 at 16:18
1 Answers
3
The ActiveSync client uses the account manager API to sync stuff, thus with the android.permission.MANAGE_ACCOUNTS you should be able to do stuff like clear the password or at least disable sync / delete the account.
(Deleting the account can lead to all information being removed. Clients usually do not appreciate this)
But.. they'd have to be running software that you've built. So whats stopping them from uninstalling that? They've already got root.
Jens
- 16,853
- 4
- 55
- 52