Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect a device: sentry or wasted? #27

Open
alfredonodo opened this issue Jan 9, 2023 · 10 comments
Open

Protect a device: sentry or wasted? #27

alfredonodo opened this issue Jan 9, 2023 · 10 comments

Comments

@alfredonodo
Copy link

alfredonodo commented Jan 9, 2023
edited
Loading

Hi,
I just found sentry and found out that it is written by the same developer as wasted. I have a device with lineage os 13 rooted with magisk and no google services, so I'm looking for a way to protect it in case of loss.
On sentry safe boot, USB data signalling and controller are disabled and I can't access them.

adb kill-server
adb shell dpm set-device-owner me.lucky.sentry/.admin.DeviceAdminReceiver
* daemon not running; starting now at tcp:5037
* daemon started successfully

Exception occurred while executing 'set-device-owner':
java.lang.IllegalStateException: Not allowed to set the device owner because there are already several users on the device.
	at com.android.server.devicepolicy.DevicePolicyManagerService.enforceCanSetDeviceOwnerLocked(DevicePolicyManagerService.java:9588)
	at com.android.server.devicepolicy.DevicePolicyManagerService.setDeviceOwner(DevicePolicyManagerService.java:8421)
	at com.android.server.devicepolicy.DevicePolicyManagerServiceShellCommand.runSetDeviceOwner(DevicePolicyManagerServiceShellCommand.java:259)
	at com.android.server.devicepolicy.DevicePolicyManagerServiceShellCommand.onCommand(DevicePolicyManagerServiceShellCommand.java:89)
	at com.android.modules.utils.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:97)
	at android.os.ShellCommand.exec(ShellCommand.java:38)
	at com.android.server.devicepolicy.DevicePolicyManagerService.onShellCommand(DevicePolicyManagerService.java:9932)
	at android.os.Binder.shellCommand(Binder.java:1049)
	at android.os.Binder.onTransact(Binder.java:877)
	at android.app.admin.IDevicePolicyManager$Stub.onTransact(IDevicePolicyManager.java:6063)
	at android.os.Binder.execTransactInternal(Binder.java:1285)
	at android.os.Binder.execTransact(Binder.java:1244)

Thank you

Edit: I already tried with this and by removing all admin apps.

adb shell dpm remove-active-admin me.lucky.sentry/.admin.DeviceAdminReceiver

Exception occurred while executing 'remove-active-admin':
java.lang.SecurityException: Attempt to remove non-test admin ComponentInfo{me.lucky.sentry/me.lucky.sentry.admin.DeviceAdminReceiver} 0
	at com.android.server.devicepolicy.DevicePolicyManagerService.lambda$forceRemoveActiveAdmin$10$com-android-server-devicepolicy-DevicePolicyManagerService(DevicePolicyManagerService.java:3593)
	at com.android.server.devicepolicy.DevicePolicyManagerService$$ExternalSyntheticLambda132.runOrThrow(Unknown Source:6)
	at android.os.Binder.withCleanCallingIdentity(Binder.java:425)
	at com.android.server.devicepolicy.DevicePolicyManagerService$Injector.binderWithCleanCallingIdentity(DevicePolicyManagerService.java:1581)
	at com.android.server.devicepolicy.DevicePolicyManagerService.forceRemoveActiveAdmin(DevicePolicyManagerService.java:3589)
	at com.android.server.devicepolicy.DevicePolicyManagerServiceShellCommand.runRemoveActiveAdmin(DevicePolicyManagerServiceShellCommand.java:280)
	at com.android.server.devicepolicy.DevicePolicyManagerServiceShellCommand.onCommand(DevicePolicyManagerServiceShellCommand.java:93)
	at com.android.modules.utils.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:97)
	at android.os.ShellCommand.exec(ShellCommand.java:38)
	at com.android.server.devicepolicy.DevicePolicyManagerService.onShellCommand(DevicePolicyManagerService.java:9932)
	at android.os.Binder.shellCommand(Binder.java:1049)
	at android.os.Binder.onTransact(Binder.java:877)
	at android.app.admin.IDevicePolicyManager$Stub.onTransact(IDevicePolicyManager.java:6063)
	at android.os.Binder.execTransactInternal(Binder.java:1285)
	at android.os.Binder.execTransact(Binder.java:1244)
@SystemR
Copy link

SystemR commented Jan 18, 2023

I've played around with this and the only way to remove active admin that doesn't have the android:testOnly="true" in the manifest is to factory wipe the device.

You can try this deprecated API to see if it works on your device: https://developer.android.com/reference/android/app/admin/DevicePolicyManager#clearDeviceOwnerApp%28java.lang.String%29

Source: https://stackoverflow.com/questions/49128293/how-to-remove-set-device-owner-in-android-dpm

@alfredonodo
Copy link
Author

Thank you for your reply. Lineage os 20 aka android 13 uses API level 33. I unpacked the apk with apktool and can confirm that there is no android:testOnly="true" in the manifest. I have tried to add it and rebuild, but I cannot install the package.
Can the maintainer provide a package with this flag? Or are there any contraindications?
Thank you

@Amelnaka
Copy link

dev should add a different app signed with the same keys and this android:testOnly="true" flag in the manifest, to make it removable

@fireneat
Copy link

fireneat commented Jan 6, 2024

Thank you for your reply. Lineage os 20 aka android 13 uses API level 33. I unpacked the apk with apktool and can confirm that there is no android:testOnly="true" in the manifest. I have tried to add it and rebuild, but I cannot install the package. Can the maintainer provide a package with this flag? Or are there any contraindications? Thank you

The application needs to be installed with adb using "adb install -t sentry.apk". Also make sure that you signed the apk file.

@aly-k
Copy link

aly-k commented Jul 3, 2024

Thank you for your reply. Lineage os 20 aka android 13 uses API level 33. I unpacked the apk with apktool and can confirm that there is no android:testOnly="true" in the manifest. I have tried to add it and rebuild, but I cannot install the package. Can the maintainer provide a package with this flag? Or are there any contraindications? Thank you

The application needs to be installed with adb using "adb install -t sentry.apk". Also make sure that you signed the apk file.

won't work because signing certificate will be different

@aly-k
Copy link

aly-k commented Jul 3, 2024
edited
Loading

@x13a can you provide a signed apk with android:testOnly="true" in the manifest so that users can uninstall the app without a factory reset ?
I incorrectly set sentry as profile owner and now i can't have a work profile.
Edit: backups and find my device also don't work now

@x13a
Copy link
Owner

x13a commented Jul 4, 2024

@aly-k ok, will add soon

@aly-k
Copy link

aly-k commented Jul 4, 2024

Thanks!

@x13a
Copy link
Owner

x13a commented Jul 9, 2024

app-release.apk.zip
@aly-k you can try this

@aly-k
Copy link

aly-k commented Jul 10, 2024

@x13a Thanks for providing the build. Unfortunately, The update fails with error code INSTALL_FAILED_UPDATE_INCOMPATIBLE. It seems that you can't update a production build to debug. Factory reset is the only way to remove profile or device owners.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@SystemR @alfredonodo @x13a @Amelnaka @aly-k @fireneat