# [APP MOD] Exchange Security Bypass (No PIN/No Admin) - Android 4.1+ [v6.0]



## craigacgomez

The Android Email application enforces various security policies such as PIN/password lockscreen, device administration. remote wipe, blocked attachments, etc. based on your Exchange server security requirements.

The aim of this patch is to bypass those security enforcements and allow you to set up an Exchange account without any security restrictions. This is achieved through various code modification in the AOSP Email application where security policies are checked and enforced. These modifications bypass the creation of the various security policies and forcefully makes the application think that all the security policies are enabled. For example, one part of this modification completely bypasses the Device Administrator creation and forcefully returns a true every time the code check if the account is a device administrator.

This modification is based on AOSP (or AOSP derivatives) and should work on any stock Google ROMs or AOSP-based ROMs like CyanogenMod, AOKP, ParanoidAndroid, Evervolv, SlimRoms, Carbon. There, however, is no guarantee that this will work on all ROMs or devices, especially OEM ROMs like Sense, Touchwiz, Blur, etc.

*IMPORTANT:*
Since this modification disables the enforcement of Exchange security policies, it may be illegal and may violate your workplace/school policies. If you chose to install and use this modification, please remember that you are doing so at your own discretion. I, craigacgomez, cannot and will not be held responsible for any issues, legal, technical or otherwise, that may arise due to the use of this modification.

The latest version of this modification is based on AOSP android-4.4.2_r1 (KOT49H) and should work fine on Android 4.1+. However, should you encounter any issues, please use the previous version of this patch.

*PLEASE READ THROUGH THIS THREAD PROPERLY, ESPECIALLY THE KNOWN ISSUES AND INSTRUCTIONS*

*CHANGELOG:*

v6.0
1. Rebased to AOSP android-4.4.2_r1 (KOT49H)
2. Made some modifications to the bypass code to fix issues with storage encryption
3. Improved robustness of the bypass logic
4. Added backuptools script for custom ROMs like CyanogenMod, SlimRoms, etc. which will automatically restore the mod after re-flashes and/or updates to the ROM. Credit BlackFang171

v5.0.1

1. Fix manual user app install on Google Stock ROMs. Only the manual install package has been upda

v5.0
1. Built using AOSP android-4.4_r1.1 (KTR16O)
2. Rebuilt the modification from ground up and added several bypasses to improve robustness of the modification
3. Disables remote wipe functionality
4. No longer requires modifications in the Exchange apk. All modification are in Email apk
4. Should also work on any Google stock/AOSP-based ROMs running Android 4.1.x, 4.2.x & 4.3.x (untested)

v4.0
1. Rebased to the CM-10.2 (Android 4.3) source. This release is only intended for Android 4.3.x. For prior versions of Android, flash the appropriate mod release below.

v3.1
1. Small bugfixes to "really" make sure that we fake that all security policies are active. This is basically making "really" sure that the device does not ask you to set up any security policies. It can be safely flashed over v3.0 without having to remove & re-setup the account. However, updating from any earlier version would still require you to remove and re-setup the account.

v3.0
1. Built using the latest updates from the CyanogenMod 10.1 (Android 4.2.2) source as of July 20, 2013.
2. Published source code to GitHub (link below)
3. Fixes and updates to the patch changes
4. No longer requires that the account be setup as a "Device Administrator"

v2.0
1. Built using the CyanogenMod 10.1 (Android 4.2.2) source
2. Some nice additions and fixes over the AOSP version like LED notification support, blocked attachment extensions selection and more.

*INSTRUCTIONS [RECOVERY VERSION]:*
1. Download the zip file named ExchangeNoPIN-xxxx
2. Remove all existing Exchange accounts and wipe data for Email/EmailGoogle & Exchange2/Exchange2Google
3. Make a nandroid backup (optional, but recommended)
4. Flash the zip using ClockworkMod Recovery, TWRP or a similar recovery
5. Wipe cache & dalvik-cache
6. Reboot and set up you Exchange account(s)

*INSTRUCTIONS [MANUAL USER APP INSTALL]:*
1. Download the zip file named ExchangeNoPINNoRoot-xxxx
2. Remove all existing Exchange accounts and wipe data for Email/EmailGoogle & Exchange2/Exchange2Google
3. Make a nandroid backup (optional, but recommended)
4. Stock ROMs: Disable/freeze EmailGoogle.apk (com.google.android.email) & Exchange2Google.apk (com.google.android.exchange)
5. AOSP-based ROMs: Uninstall/remove Email.apk (com.android.email)
6. Stock ROMs: Extract the zip file and install Email.apk & Exchange2.apk
7. AOSP-based ROMs: Extract the zip file and install Email.apk
8. Reboot and set up you Exchange account(s)

*INSTRUCTIONS [MANUAL SYSTEM APP INSTALL]:*
1. Download the zip file named ExchangeNoPIN-xxxx
2. Remove all existing Exchange accounts and wipe data for Email/EmailGoogle & Exchange2/Exchange2Google
3. Make a nandroid backup (optional, but recommended)
4. Stock ROMs: Uninstall/remove EmailGoogle.apk (com.google.android.email) & Exchange2Google.apk (com.google.android.exchange)
5. AOSP-based ROMs: Uninstall/remove Email.apk (com.android.email)
6. Stock ROMs: Extract the zip file and copy Email.apk & Exchange2.apk to /system/app
7. AOSP-based ROMs: Extract the zip file and copy Email.apk to /system/app
8. Reboot and set up you Exchange account(s)

*KNOWN ISSUES*
1. v5.0 - When setting up your account, when you reach the wizard screen where you set up your sync preferences, wait for 5-10 seconds before clicking Next. Clicking through too fast sometimes causes the account reconciliation code to remove your account. I am still trying to work this out.
2. v5.0 - After you finish you account set up, you will see a "Security policies changed" notification. You can just ignore this and swipe it away.

*IMPORTANT:*
1. For patch version 4.0 and earlier, you need to have a device with a custom recovery or a rooted device.
2. Root is not required unless you wish to apply this patch manually by replacing the files in /system/app.
3. After you flash this, make sure you DO NOT replace the Email or Exchange apks with themed versions or you will have issues.
4. If you use the ExchangeNoPIN-xxxx zip version, you need to reflash this every time you update your ROM.
5. Before upgrading to a newer version of this patch (example v2.0 to v3.0), you need to remove all existing Exchange accounts.

*CREDITS:*
The base of this modification is the EmailPolicyPatch created by rustamabd. I have made these change to the AOSP source rather than smali patches to pre-compiled version and I have expanded the capabilities of the modification.

*DOWNLOAD v6.0 (Android 4.1+):*
ExchangeNoPIN-v6.0.zip
ExchangeNoPIN-Manual-v6.0.zip [UNTESTED]

*DOWNLOAD v5.0 ( Android 4.1+ ):*
ExchangeNoPIN-v5.0.zip
ExchangeNoPIN-Manual-v5.0.1.zip

*DOWNLOAD v4.0 ( Android 4.3.x ):*
ExchangeNoPIN-4.3.x.zip

*DOWNLOAD v2.0 ( Android 4.2.x ):*
ExchangeNoPIN-4.2.x.zip

*DOWNLOAD v1.0 ( Android 4.1.x ):*
Stock OTA Android 4.1.x
AOSP Android 4.1.x
CM10 Android 4.1.x

*SOURCE ( Android 4.4 ):*
GitHub

*SOURCE ( Android 4.3.x/4.2.x ):*
GitHub


----------



## psychedel!k

Just what i've been looking for! Would you mind making one for JRO03C OTA? Thanks a million!!


----------



## craigacgomez

psychedel!k said:


> Just what i've been looking for! Would you mind making one for JRO03C OTA? Thanks a million!!


Added to OP...


----------



## psychedel!k

nice, thanks! Qs: Did you remove "Google" from the file names on purpose, and do those work in the stock OTA build? The file sizes of the original APKs are a bit different between AOSP and OTA..

No offense. Just playing safe. I can send you those files if you'd like.


----------



## craigacgomez

psychedel!k said:


> nice, thanks! Qs: Did you remove "Google" from the file names on purpose, and do those work in the stock OTA build? The file sizes of the original APKs are a bit different between AOSP and OTA..
> 
> No offense. Just playing safe. I can send you those files if you'd like.


The Google Stock OTA build have the files named EmailGoogle.apk & Exchange2Google.apk... When built from AOSP, the files are named Email.apk & Exchange2.apk... There may be differences in the apk sizes... and both should work on any 4.1 ROMs


----------



## psychedel!k

thanks..but it didn't work on my OTA build..


----------



## craigacgomez

psychedel!k said:


> thanks..but it didn't work on my OTA build..


Send me EmailGoogle.apk & Exchange2Google.apk...


----------



## psychedel!k

craigacgomez said:


> Send me EmailGoogle.apk & Exchange2Google.apk...


Check you PM


----------



## craigacgomez

Added stock/ota 4.1.1 [background=rgb(245, 245, 245)]JRO03C version... thanks to @[/background]psychedel!k for the original apks.. updated first post... please read new section titled IMPORTANT


----------



## psychedel!k

craigacgomez said:


> Added stock/ota 4.1.1 [background=rgb(245, 245, 245)]JRO03C version... thanks to @[/background]psychedel!k for the original apks.. updated first post... please read new section titled IMPORTANT


works like a charm. thanks again! Good bye ugly password screen and hello Face/Pattern Unlock


----------



## mkraftdet

notifications are not working for me now


----------



## psychedel!k

mkraftdet said:


> notifications are not working for me now


notification has always been hit-and-miss on GNex according to forum members, and i doubt that anything he's changed would affect notification. People have been relying on Light Flow to really take advantage of our device's LED. It's still buggy on 4.1.1 but it's a worth a shot once the bug's fixed.


----------



## mkraftdet

its weird---dumped my email account--installed this file, re did my exhange account--and no notifications for email, no sound or visual!!



psychedel!k said:


> notification has always been hit-and-miss on GNex according to forum members, and i doubt that anything he's changed would affect notification. People have been relying on Light Flow to really take advantage of our device's LED. It's still buggy on 4.1.1 but it's a worth a shot once the bug's fixed.


----------



## psychedel!k

mkraftdet said:


> its weird---dumped my email account--installed this file, re did my exhange account--and no notifications for email, no sound or visual!!


Was you phone asleep by any chance? Push doesn't work when your phone's asleep (Wifi policy issue). I'm also not getting alerts on subsequent mails when I'm already alerted once. These are actually my biggest gripes with GNex coming from an HTC device, but I got my life back


----------



## psychedel!k

craigcgomez,
Today I got two consecutive FCs that resemble the ones I got during setup. It's not a showstopper and could be a non/known issue but can you check and see if there's any periodic polling calls unaccounted for? Thanks!


----------



## Tekfrog

Any chance of a JRN83C version? Or a confirmation of which one is compatible?


----------



## mkraftdet

I was fine..installed this app, and now no notifications. Might have to wipe



mkraftdet said:


> its weird---dumped my email account--installed this file, re did my exhange account--and no notifications for email, no sound or visual!!


----------



## psychedel!k

mkraftdet said:


> I was fine..installed this app, and now no notifications. Might have to wipe


let it break-in for a few days. i was having sporadic notification issues before and after the mod like i described earlier but today everything started work as expected and i didn't do anything..(well maybe a few build.prop/init.d tweaks followed by a fix permission, but i'm too newbie to tell whether they contributed anything to the notification behavior..sorry)


----------



## craigacgomez

I've been a bit busy with work... but I'll try spend some time over the weekend to:
1) Figure out why notifications are a hit-n-miss
2) Fix the Exchange app FCs


----------



## bludevil35

Isn't there a way to disable the password on the lockscreen bychanging things in SQLite Editor?


----------



## craigacgomez

bludevil35 said:


> Isn't there a way to disable the password on the lockscreen bychanging things in SQLite Editor?


Not that I'm aware of... there is code in Email.apk & Exchange2.apk which check the security status


----------



## evanhindra

Hey guys,

I'm new to Android, so I'd like to apologize in advance for the obvious question, but I'm just making sure before I break something.
I'm running CM10 JellyBro nightly; I'm assuming I'd have to grab the AOSP build?


----------



## craigacgomez

evanhindra said:


> Hey guys,
> 
> I'm new to Android, so I'd like to apologize in advance for the obvious question, but I'm just making sure before I break something.
> I'm running CM10 JellyBro nightly; I'm assuming I'd have to grab the AOSP build?


Yes!


----------



## Munk

I have the AOKP 4.1 ROM installed on my GNex which uses JRO03H. Is this compatible?


----------



## FloridaMike

Not sure what's been happening lately.... this app, as well as Enhanced Email used to work flawlessly.... recently however, any email app that overrides the PIN lock requirement sets up fine, then after a reboot or two, looses the exchange account all together. I've duplicated this on multiple ROMs, and both this app and Enhanced Email. I wonder if Microsoft changed something on the Exchange end.


----------



## craigacgomez

Updated the mods. No more FCs!!


----------



## engmisho

Hi all, may I ask which one is compatible with AOKP rom which is based on 4.1.1 JB ?

thanks alot


----------



## craigacgomez

engmisho said:


> Hi all, may I ask which one is compatible with AOKP rom which is based on 4.1.1 JB ?
> 
> thanks alot


All should work! Use what you want!


----------



## darshakk

@psychedel!k: I tried this on my cm10 JB infuse and it worked initially. Few days back my work email stopped syncing. I tried to remove the account and added again. I noticed that it did not asked the device administrator wizard after finishing the server settings. I also tried to re-flash the apk and re-setup the email account(after deleting before re-flashing), but don't see device administrator wizard at all.

Any idea what might be the problem?


----------



## darshakk

darshakk said:


> @psychedel!k: I tried this on my cm10 JB infuse and it worked initially. Few days back my work email stopped syncing. I tried to remove the account and added again. I noticed that it did not asked the device administrator wizard after finishing the server settings. I also tried to re-flash the apk and re-setup the email account(after deleting before re-flashing), but don't see device administrator wizard at all.
> 
> Any idea what might be the problem?


Sorry, I meant to ask it to @craigacgomez.


----------



## k.electron

would you mind sharing the code edits that you did to accomplish this? i am building an unofficial cm10 zip for my grouper and would like to incorporate this into there.

Thanks.


----------



## xbdarkman

I just want to confirm that the AOSP Android 4.1.x version works for Android 4.1.2


----------



## ahpatel

xbdarkman said:


> I just want to confirm that the AOSP Android 4.1.x version works for Android 4.1.2


I'm using it on the latest CM10 nightlies without issue.


----------



## ArmedMonkey

Does this also bypass other fascist crap like remote device wipe permissions?


----------



## jkworth

Any chance of getting this to run on the Nexus 4. I put the OTA version on and the app walks me through the set up but it just keeps telling me, with a notification, that my account needs me to update my security settings. Here is the message "[email protected] requires that you update your security settings."

I hope you can help.


----------



## jdotcarter

jkworth said:


> Any chance of getting this to run on the Nexus 4. I put the OTA version on and the app walks me through the set up but it just keeps telling me, with a notification, that my account needs me to update my security settings. Here is the message "[email protected] requires that you update your security settings."
> 
> I hope you can help.


Yeah haven't tested this on 4.2 but I'm about to test on my sgs3 running cm10.1


----------



## tarkaner

psychedel!k said:


> Check you PM


Could you please send me also email.apk and exchange.apk. Thank you in advance!


----------



## JackBNimble

Any chance of seeing this updated for 4.2.1 (Cyanogenmod 10.1)?


----------



## Spunks3

agreeing with @JackBNimble... can anyone confirm this working on a 4.2.1 AOSP rom? - im running mmuzzy's french vanilla at the moment.


----------



## Spunks3

I flashed this on Mmuzzy's latest AOSP 4.2.1 French Vanilla build and it works flawlessly

EDIT: I did notice that there is now no lock screen widget available (most likely since the apk is from 4.1)

----> would it be possible to remove the required pin from the latest and greatest exchange Email app and make a flash-able zip ?

I'd be more than happy to provide the files from an AOSP ROM... Not having the widget on my lock screen is not the end of the world but it would be nice and intuitive

Thanks!

Sent from my Galaxy Nexus using RootzWiki


----------



## craigacgomez

Updated for Android 4.2.x... See OP...


----------



## Techsauce

I am a total Android newb. I just put my corporate email on my Nexus 4 and I hate it. Totally ruins half the features of the phone. Can you help a newb out and tell me how I can do this for my stock 4.2.1 Nexus 4.

Thank you!


----------



## zdr

I tried flashing with TWRP on 4.2.2 Nexus 4, but got an error that zip cannot be opened. Is this working with 4.2.2?


----------



## craigacgomez

Updated the 4.2.x mod. v2.0 of this mod is built using the CyanogenMod 10.1 (Android 4.2.2) source and has some nice additions and fixes over the AOSP version like LED notification support, blocked attachment extensions selection and some more.


----------



## wideopn11

craigacgomez said:


> Updated the 4.2.x mod. v2.0 of this mod is built using the CyanogenMod 10.1 (Android 4.2.2) source and has some nice additions and fixes over the AOSP version like LED notification support, blocked attachment extensions selection and some more.


Works like a charm on CM nightly 0410 Galaxy Nexus Toro.
Thanks.


----------



## izack187

Greetings,
I come from the XDA forums and subscribed to this site just to ask this one question... :
Is it possible to bypass the forced "Device Encryption" required by some exchange accounts??

Thank you! 
(Great mod btw)


----------



## hmaidhoff

Does anyone know if this works with cleanrom v6, and if so which file do I need to download . Thanks in advance for the help


----------



## cobjones

Has anyone seen an inverted/dark version of this?

TIA


----------



## skatastic

delete this


----------



## craigacgomez

Added source. New version soon which bypasses the need to set up the account as a device administrator (changes already included in source)


----------



## craigacgomez

New updated version in OP... changes include:
1. Built using the latest updates from the CyanogenMod 10.1 (Android 4.2.2) source as of July 20, 2013.
2. Published source code to GitHub (link below)
3. Fixes and updates to the patch changes
4. No longer requires that the account be setup as a "Device Administrator"

NOTE: Please remove existing Exchange accounts before flashing this.


----------



## craigacgomez

Updated version v3.1 added to OP...

Small bugfixes to "really" make sure that we fake that all security policies are active. This is basically making "really" sure that the device does not ask you to set up any security policies. It can be safely flashed over v3.0 without having to remove & re-setup the account. However, updating from any earlier version would still require you to remove and re-setup the account.

All source changes published to GitHub...


----------



## k.electron

fc on android 4.3 stock.


----------



## craigacgomez

Update github source with CM-10.2 (Android 4.3) changes... (branch cm-10.2)... https://github.com/craigacgomez/android_email_policy_patch

New release for Android 4.3 soon...


----------



## craigacgomez

Updated release 4.0 for Android 4.3 in OP


----------



## theMichael

Has anyone tried this on a 4.1.2 touchwiz based ROM? I don't mind that its the aosp version of email as long as it gets rid of the security requirements


----------



## hnrk

Crashes on stock Android 4.3 on Nexus 4. Installed with TWRP 2.6.

Stacktrace says:

java.lang.RuntimeException: Unable to create application com.android.email.Email: java.lang.SecurityException: Not allowed to bind to service intent { act=com.android.email.EXCHANGE_INTENT } at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4447)


----------



## jdubso

I am running Shiny 4.3 on a gnex and I get fc's. Using touchdown for now.


----------



## budjb

This is incredibly helpful, thank you!


----------



## jkworth

I am running stock 4.3 on a Nexus 4 and I get FC everytime I try to open the app.

Anyone else get it running on the same?


----------



## xbdarkman

4.4 pleeeeeease


----------



## wideopn11

Yes, 4.4 please. Stupid lock screen is driving me nuts and I've only had my Nexus 5 for 6 hours.


----------



## cgull

xbdarkman said:


> 4.4 pleeeeeease


http://forum.xda-developers.com/showthread.php?p=47150261

Sent from my Nexus 5 using Tapatalk


----------



## craigacgomez

Patch version 5.0 uploaded and added to OP... Based on android-4.4_r1.1 (KTR16O)... Should work on Android 4.1+

This new version has several updates to the policy bypass code and no longer requires any code modification in Exchange2.apk. This can also be set up as user apps.

PLEASE READ THE UPDATED INFORMATION AND INSTRUCTION IN THE OP!!


----------



## craigacgomez

I've updated the Email apk in the manual install version to fix the issue with installing this as a user app on Google stock ROM. Please note that only the manual install version has been updated to v5.0.1. This does not address any other issues yet!


----------



## maddness632

Get error:

X App not installed

An existing package by the same name with a conflicting signature is already installed

Carrier: VZW

Phone: Moto X

Software: Stock 4.4 OTA

Root status: Not rooted

Any suggestions?


----------



## Nandrew

So glad that this works with ART thanks again Craig!

Sent from my Galaxy Nexus using Tapatalk


----------



## craigacgomez

Added a non-root user installable version of the mod. I do not have a device with a stock un-rooted ROM at the moment, so any feedback is appreciated!!!


----------



## Nandrew

Thanks for the v6 update!

Sent from my Galaxy Nexus using Tapatalk


----------



## Lt_Salt

I can't seem to get this to work for me. I'm running 4.4 rooted and I'm able to flash the zip (ExchangeNoPIN-v6.0.zip) without any errors and reboot. When I try to open email I get an error saying "Unfortunately, Exchange Services has stopped" that pops up multiple times and I can never connect to my mail server. Did I mess something up with Exchange Services? Please help.

*Edit:* Ok, nevermind, I got it to work for me. I just had to uninstall and reinstall Exchange services. Thanks for this workaround.


----------



## jkworth

I have a stock Nexus 4 running 4.4.2 KOT49H and the non-rooted installer method does not work. I disabled Email & ExchangeServices. I installed the new apks then rebooted. When I start the email app i get an error saying "Unfortunately, Exchanges Services has stopped."

Craig, let me know if you need any further testing. I would love tohelp get this working.


----------



## theMichael

This mod has been a life saver! Many thanks!


----------



## Demiurg

Apparently, the names of email apps on S3 4.3 (stock firmware) are completely different. What I have is:

[email protected]:/system/app $ ls *mail*
ls *mail*
Gmail2.apk
SecEmail_J.apk
SecEmail_J.odex

[email protected]:/system/app $ ls *chang*
ls *chang*
SecExchange.apk
SecExchange.odex

What shall I do? Which ones should I remove before installing the patched version?


----------



## fo1457

Been running this mod for a couple of years now, and generally just love it.

Problem I've been getting recently: sometimes when there's no internet access, Exchance Services and Email will go crazy and consume about 55% of CPU combined for a few hours, having a big drain on the battery. I've never seen this when I have internet access, just when neither wifi nor mobile data are available.

Currently running CM11 M6 on Galaxy S4 GT-I9505. Same problem existed on stable CM10 and other ROMS and on a Galaxy S2.


----------

