Cyanogen Mod & Pure Android, Why?

So last summer, I purchased a ZTE Zmax when my phone was stolen as it had a great recommendation from a nerdy friend in my speech class.  My first six months of ownership were amazing and I was extremely happy with the device except I desired root access which wasn't available.  Somewhere along the way, I installed an application that was a system optimizer and it ran and munged things up.  Then I found root and just waited for the time to wipe and reinstall.  This day arrived on Thursday and I started by rooting and installing a custom recovery partition.  Then I found an ADB command to turn off the write protection in the boot loader thus making the system partition writeable when booting a custom ROM.  Next I downloaded nandroid backups of the factory ROMs for this device and placed them all on the SD card.

Meanwhile, I had already used the recovery program to factory reset the phone and had installed and added most of the APPs that I regularly use.  I made a nandroid backup before I wiped and then again once I had everything perfect.  I then proceeded to install the CM 31.1 nightly that I found on an Android Nerd Website, Android Authority, I think.  There is that moment when you flash a ROM and reboot when it's finished and your heart seems to stop beating as the boot-up process begins.  I find myself holding my breath until I see the Android desktop.  Everything seemed to work fine and I immediately set about flashing the proper Gapps from Open Gapps.  There are multiple packages based on what you want to install and I screwed up multiple times which meant I had to re-flash the ROM to ensure it was all installed properly. 

Somehow, the permissions did not get set properly and that seemed to be a habitual problem as a total re-flash didn't fix the problem. So, with the help of Google and the million member Android Army, which is where I found all of the information to do everything I have described here, I slowly found out how to resolve each pop-up error about a Google service failing that prevented me from using the device or doing anything else but clicking on the OK button.  There was a video on YouTube of another user with the same problem on another device and his fix was to painstakingly fight to bring up the Android Settings and then Applications and then locate each offending application and give the proper permissions.  Needless to say, this took a while and when I was done, Android 6.0 is so much nicer then the 4.4.4-Kit-Kat that I had been using that it was rewarding to have successfully fixed the permission issue even though it was frustrating.

Everything seemed to work but the LTE wireless data and the 3G and 2G data seemed spotty at best as did cellular calling.  Remember I did most of my setup over Starbucks Wi-Fi and my home Wi-Fi and not Carrier data.  Googling the issue indicated the problem stemmed from the Radio ROM I was using so, I downloaded the correct radio.  Further research indicated it was more then just the radio, so I downloaded a ROM that flashed all of the necessary changes to make the radios work properly with CyanogenMod and AOSP based ROMs.  On first reboot everything appeared to work as I wanted.

Now, it may sound like all of this was trivial, it wasn't and required a significant investment of time to read forum posts and get to the correct solutions.  Then add in my relative n00b status in Android hacking and the time compounds exponentially.  My Google contacts weren't syncing and that took a bit of time and effort to get working properly.  Then add to that the problem didn't go away until I rebooted my device and only then did everything seem to work properly.  Flashing the proper modem files was a nightmare as every copy failed the signature check and only through Google did I find that this was because they couldn't be signed.  Turned off the signature check and crossed my fingers and flashed.  When it rebooted and appeared to resolve the problems, I took a deep breath.

So, why did I do this?  I like the idea of a pure Android phone and my next device will be as close to pure Android as possible because that increases the likelihood of frequent updates and almost guaranteed compatibility with the next version of Android.  Nexus devices are pure Android with the addition of Google's applications for accessing their services.  Motorola offers a purer version as well and ultimately even if the manufacturer doesn't make an update available, as I have shown with the ZTE Z-Max, the community will step in and do it on it's own.

Updates are important and Apple has one of the next track records in this regard, with ensuring that older devices receive updates for a guaranteed period of time and security patches for even longer.  I bought a phone for my wife from Motorola back around the time of the first Galaxy Note, the N-7000 and it never got an updated that I could find even though it was a business class device with a fingerprint reader.  We just recently replaced it with a Blu device purchased from Best Buy because she had a gift card.  Her Motorola device was acting peculiar because of the heat and most of the developers had stopped supporting her version of Android including her browser.  So, she had to upgrade to continue to use the device for anything more then a dumb phone with an iPod built on.

This is scary on multiple levels because it forces people to upgrade in order to continue using the device the same way they always have.  It is also scary because there have been major security flaws in Android that have been discovered that were never patched.  Imagine if a defect was found in a modern car and the manufacturer didn't issue a recall or tell anyone who had purchased one from then new?  When it was discovered, there would be a Senate enquiry to find out the details of who, what, when, where, how and why.  This is becoming more of an issue as more and more personal data is contained on devices and users begin to use them for more and more purposes in their daily lives.

Now that everything is working properly, I am going to slowly begin blogging about each application I install and use regularly along with why I use them.  I am doing this as a guide for some of my friends who are less technical, to help them be able to make the move from a proprietary version of Android like that produced by Samsung or HTC where their overlays often delay and or prevent the release of updates for devices.  One of my primary functions is to show how security can be implemented in a manner that adds to and enhances the existing security.

Samsung N-7000 Repair

When the original Samsung Galaxy Note N-7000 was released in 2011, I acquired one from someone locally who had paid to have it shipped from India.  This is not a problem if you do not have any issues with the device requiring warranty repair since obtaining it requires that the device be shipped back to that region for repair.  This issue reared its head about 6 months in to owning it when the device began to act funny:  it would act like I was plugging in and unplugging a MicroUSB cable.  It would make the same noise and change the battery icon on the status bar to one indicating that the device was charging,.

An exhaustive search of the Internet and the XDA-Developers Forum for the N-7000 indicated that it was related to a bad component on the USB Charging board.  Since the problem seemed to rectify itself, I put it out of my mind until it started doing it again.  It seemed to do it regularly when the temperature got warmer but would rectify itself eventually so I just ignored it.  Then when school started, it began doing it again but this time, it would not let me turn on the phone unless it was plugged in to power and it did not go away.  So I searched YouTube and found a video showing how to replace the defective board:

The video made it look truly easy with the tools used.  So I then began searching E-Bay and found the perfect set of tools shipped on the slow boat from China for $2.99.

So I then ordered the tools, because at this price they would come in handy for a multitude of tasks.  I then searched for and found the board for $5.09 plus $.99 shipping on the same slow boat from China.  So, I of course, ordered this as well.

The screwdrivers arrived last week and the board arrived this week.  I had been nervous about doing it, afraid that I would somehow frack it worse then it already was and I was not planning on doing it today anyway.  Except that I sat down and I thought about what I had learned in the management class, about not being afraid of failing.  So I prepared myself to accept my failures and put them right up alongside of my successes and achievements.

I am glad that I did take the time to do this, since I now have a completely functional device and the total repair time took less then 10 minutes in total and was just as easy, if not easier then the video showed.  The only issue was that I dropped a screw on the floor, but found it almost immediately.  I then thought I had lost a screw and just when I had given up and decided to accept its loss, I found it.  So all in all an easy repair.  This is the power of User Forums and your fellow device enthusiasts on the internet, because chances are, someone, somewhere has had the same issue as you and they figured out how to fix it or work around it.

Keeping Your Data Secure

Now, I do not do much with my phone that I am worried about.  I also am not paranoid about people invading my home to find what nefarious acts that I am doing on my computer or my phone.  That being said, I do not want someone to access the information on my phone without permission.  I have always had a pin code or now a pattern lock on my phone.  The new Atrix that I purchased for my wife so that we can switch from Sprint has a Fingerprint Reader and I have encouraged her to use it.  What does kind of make me nervous is the fact that the court has ruled that Police can take your cell phone during a routine traffic stop and look through it without a warrant.  Sure, right now it is only in Florida but the way our legal system works, it could easily be used as the basis for a ruling in other states.   This is even scarier when you add to it that Michigan Police have a device that can copy all of the information on your phone, including deleted information in less then a minute.  Why does this scare me?  Let’s say for instance, your child is in the bubble bath and just gave themselves a soapy Mohawk and are not showing anything but the minute before you snap the picture they stand up exposing themselves to you and the camera.  You delete the photo and think it is gone forever and they find it, technically in the eyes of the law it is child pornography.  The police will charge you with possession of child pornography and more then likely it will make it in to the news papers because it is sensational.  Even if you are later found innocent of the charges, that court decision will not receive the publicity or the front page status like your arrest and the damage will be done.  Not to mention those risqué pictures you took of the two girls in your ultimate fantasy threesome.

The other reason you should worry about this is if you use those free charging stations in airports, ever because they can do pretty much the same thing as that device mentioned above or worse because there are ways to potentially put information on your device without your knowledge like viruses and hidden applications.  People may say it is not possible, and I used to think it was impossible to infect a Windows PC just by connecting to the Internet and then someone figured out how to do it.   So just because it seems impossible does not mean that it really is or will always be so.  We used to think that our government didn’t kidnap random people from around the world, regardless of reason, take them to a not so secret, secret military base in Cuba to torture them with enhanced interrogation techniques.  Then we found out that they did it quite regularly and also wanted to be able to do it to citizens too.  But I digress.

So how do you prevent this from happening?  Android devices have the ability to disable the USB port for anything other then charging.  I am going to show you how to do it with the two most popular brands of Cell Phones, Samsung and HTC.  HTC is easy, this screenshot is from the HTC Sensation, go to Settings and USB and the screen looks like this:

So uncheck the Ask me option and set the Default connection to charge only.  You will have to change this each time you wish to copy things to or from the phone.  If you want you can check the Ask Me and the default to Charge Only, this will let you change it on the fly when you connect it to your computer.

Next you will want to go to the Security settings and enable a screen lock.  The most secure is a pin code, but the pattern lock is secure enough that the FBI asked Google for a back door, which they said was not possible, publically.  In that regard it does not matter which you use if there is a back door around it.  Once this is done, your device is pretty safe from the scanners listed above.  This screen shot is from my Samsung Galaxy Note:

As you can see I have enabled the Pattern Lock and the pattern is visible.  As I said, I know that nothing will stop everyone so I am primarily concerned about deterring the less determined people.  I usually turn it off to be honest and have just left it on since I only use it as a tablet right now until I port my number from Sprint.  This should be very similar to the HTC or other Android devices in how this functions.  I know it works on my Sprint Samsung Galaxy S II Epic 4g Touch, and yes that is a mouth full.

Right now it is configured to be connected to the PC, I am running Ice Cream Sandwich and if you notice in the top Status Bar, the USB icon on the left side.  If you pull down the ‘curtain’ it will say “Connected As Media Device” or something else if you have uncheck this.  If you then click on that it will bring up this page so that you can change it on the fly.  When the first option is unchecked, the USB port only functions as a charging port.

Finally, under Settings, Development make sure that USB Debugging is not checked.  Once this is done, your device is impervious to the device mentioned above.  There is always more you can do to secure your device and this is only the first  step.  I will add more in future articles.  Just because you have nothing to hide, doesn’t mean you shouldn’t or do not need to secure your device because in this day and age you never know what could be misinterpreted or used against you so securing your digital device is the smart thing to do.

Loss or Theft of a Smart Device

When I started using a Smart Phone they were not called such, they were referred to as a PDA Phone in the beginning and then Microsoft needed to refresh their mobile operating system and coined the term Smart Phone.  I wasn’t particularly worried about loss or theft because I pin protected the device and I had insurance from my carrier, Sprint, that would replace the device after a modest deductible.  I also did not worry about my data because I had everything synced with Outlook, even text messages and call history.  This worked well for me because when a device failed or was replaced all I had to do was plug it in the USB port and away I went.

When I got my Android tablet, I set it up so my important personal data was kept in a secure, encrypted container with a complex passcode.  So I was not worried about people accessing my data and my device was insured.  I never thought about theft because I always kept the device secure or on my person.  A couple of weeks ago, it was in my car, in my driveway and someone took it out of my car.  Needless to say I was devastated and posted on Facebook about it.  Within minutes one of my friends suggested a piece of software called Plan B  that I could install in the hopes that it would help me retrieve my missing device.  The awesome thing about Google Play is that you can login to the website and install applications on your device through the website.  So I chose to install Plan B and thus far it has not worked for me but this could mean the device has just not been connected to the internet or that someone wiped the device.  If it does connect to the internet it is supposed to email me the location when it does. 

If I had not of cancelled the wireless internet on the device, it would have installed instantly and notified me of the location.  I could then use text messages to control the device.  Unfortunately when Sprint screwed over all their HTC View owners I eventually decided that $20 a month for 1gb was just too much money.  Even if I did not get ahold of the device, I carried the $15 dollar insurance package which would have replaced the device by now for a small modest fee.  Unfortunately the insurance went along with the service.  I know, sucks to be me and I just hope that all the fleas from all the camels in Saudi Arabia infest the person who took it’s underwear so that it gives new meaning to Jock Itch.  While I know anyone could have done it, I am leaning more towards a male as this was a very bold theft.  But I digress.

For my Cell Phone I have installed a program from Google Play called Prey and this program will allow you to do some awesome things with your device remotely should it become misplaced or misappropriated.  I will let you know after I have had some time to play with it if it is a viable option or not.  There are quite a few applications like this on the market and I always try and use the open source products first since this allows others to fix the bugs or take over development should the current developers decide against further development or they get a real life.

So I recommend installing something and making sure that if you have a high end smart device that you also carry theft and damage insurance from your carrier.  A new smart device can run as high as $800 without a carrier discount and they only give them every two years so if you lose the device it will cover it.  Most carriers have it for $10-15 and a $100 deductible which over the course of a two year contract with no deductibles will set you back about $300 but isn’t that worth it knowing that if you drop it or lose it that it will be replaced?