When Google leaves your smart­phone with­out up­dates, open source and Neil Mohr save the day.

APC Australia - - Contents -

When Google leaves your smart­phone with­out up­dates, open source will save the day.

There’s a joke that cir­cu­lates se­cu­rity cir­cles: An­droid smart­phones are re­ally ex­pen­sive aban­doned Linux dis­tri­bu­tions. It hurts, but it’s true. An­droid is based on the Linux ker­nel, mak­ing An­droid (more or less) a form of Linux op­er­at­ing sys­tem, aka a dis­tri­bu­tion. An­droid smart­phone man­u­fac­tur­ers tend to bash out a de­vice, build what­ever the latest ver­sion of An­droid is, sup­port it for the short­est amount of time they can get away with, then aban­don the own­ers — vul­ner­a­ble to what­ever zero-day at­tack next raises its ugly head — run­ning for the hills, wav­ing their wads of cash.

Take the OnePlus Two. A fine An­droid phone, but OnePlus dropped sup­port two years af­ter re­lease, just as the Krack vul­ner­a­bil­ity struck. Tough luck, suck­ers! This is stan­dard prac­tice in the An­droid world. But when peo­ple are car­ry­ing their en­tire lives around with them on a se­cu­ri­ty­hole-rid­dled de­vice, per­haps it’s time to re­think the sit­u­a­tion. So what can you do?

While you could say a fail­ing of An­droid — con­trasted with Ap­ple iOS — is its easy-to-build-and-for­get open-source na­ture, it means any group can sup­port any de­vices via the An­droid Open Source Pro­gram (AOSP). And peo­ple do. Most fa­mously, there was Cyanogen­mod, which blos­somed into a huge project, cre­at­ing builds of An­droid sup­port­ing hun­dreds of de­vices, with far more up-to-date re­leases. But the project closed in De­cem­ber 2016, when the cor­po­rate branch that had sprung up shut down the servers that hosted the im­ages, source code, wiki and so on. That’s where its spir­i­tual and source code suc­ces­sor LineageOS rises phoenix-like from the server ashes to power your de­vices.

That’s the power of open source — while one group might shut down de­vel­op­ment, an­other is free to pick things up and carry on where they left off. It took a few months through the start of 2017 for servers to be es­tab­lished, web­sites to spin up, and de­vel­op­ment to pick up, but as we start 2018, LineageOS of­fi­cially sup­ports al­most 200 de­vices, with many more through un­of­fi­cial de­vel­op­ment. See the box­out op­po­site on how to find out what de­vices are sup­ported, and what to con­sider when buy­ing a de­vice.

As with Cyanogen­mod, LineageOS is built upon the AOSP; the devs take the latest re­lease, which has all the Google soft­ware re­moved, add LineageOS’s own ad­di­tions, cre­ate a build for spe­cific de­vices, and roll out an im­age up­date. This means that, when a zero-day is issue an­nounced, such as the crit­i­cal Krack and Blue­borne vul­ner­a­bil­i­ties, LineageOS de­vel­op­ers can roll out an up­date within days, rather than the weeks, months or never-ever op­tion big-name An­droid man­u­fac­tur­ers can take, de­spite hav­ing weeks of em­bar­goed warn­ing.

So who should con­sider flash­ing their phone with LineageOS? Prob­a­bly not your grand­mother. We don’t like be­ing pre­sump­tu­ous, but it’s prob­a­bly not for her. If your de­vice is still un­der war­ranty, wait un­til it’s not. This type of ac­tiv­ity voids any cover you might have, and that would be fool­ish. The process will likely have your phone out of ac­tion for at least half a day; if you’ve never done this type of thing be­fore, more likely a full day — don’t for­get, there’s an el­e­ment of hav­ing to re­in­stall all your apps, tweak things, curse when some­thing isn’t quite right, and start again. It all takes time.

If you’ve de­cided that flash­ing LineageOS on your phone is for you, first make sure your phone is sup­ported; there’s not much use car­ry­ing on if it’s not! Head to https://­vices, and see whether your de­vice is on the of­fi­cial sup­ported list. If it is, you’re golden; if it’s not, don’t give up hope just yet. Con­sider this list to be tier-one sup­ported de­vices; be­cause this is open source, less pop­u­lar de­vices can of­ten gain sup­port via the https://fo­rum. xda-de­vel­op­ com­mu­nity.

A Google search such as “xda de­vel­op­ers <phone model> lineageos” will gar­ner re­sults. Read any re­turned fo­rum threads to de­ter­mine how good the sup­port is — hope­fully, peo­ple will re­port com­mon bugs or is­sues. Com­mon is­sues are the phone, Wi-Fi, Blue­tooth or cam­era not work­ing — these typ­i­cally re­quire pro­pri­etary bi­na­ries to work that may not have been merged into early builds. Other is­sues in­clude lock­ing up, poor bat­tery life and other quirks.

The for­mer is­sues are likely to be deal-break­ers, while you might de­cide you can live with the lat­ter is­sues. Hav­ing used early builds on a num­ber of de­vices, they usu­ally work rel­a­tively well — as long as you have the ba­sic mo­bile phone ra­dio op­er­a­tional. But you need to de­cide for your­self whether an ‘alpha’ or ‘ beta’ build is go­ing to be good enough.


If some­thing goes wrong, and you’ve backed up your de­vice, you can re­store it back to its ex­ist­ing state, data, apps and all. For the lazy, you might just want to back up your data with an app. We rec­om­mend My Backup ( play.­tails?id=­droid.MyBackup), which has free and paid ver­sions. If you know how to root your de­vice, Ti­ta­nium Backup ( play.­tails?id= com.kerami­das.Ti­ta­ni­umBackup) is more com­pre­hen­sive. Do you use Two Fac­tor Au­then­ti­ca­tion (TFA) or Google Authen­ti­ca­tor? Stop now. You’ll lose ac­cess and need to re-en­able all your TFA-pro­tected ser­vices. If you have rooted your de­vice, you can use Ti­ta­nium Backup [ Im­age 1] to save off the keys, then re­store them af­ter­ward. Other­wise, list your TFApro­tected ser­vices, and ei­ther save off the keys or turn TFA off un­til you’re back. For the su­per-lazy, Google backs up your de­vice to the cloud to a de­gree; when LineageOS is in­stalled, you’ll get the chance to log in to your Google Ac­count and have it re­store the apps and set­tings. Great in prin­ci­ple, a bit hit and miss in prac­tice. Do you want to back up your text mes­sages and call his­tory? Then use a ded­i­cated backup tool. An­other good one is SMS Backup & Re­store ( com/store/apps/de­tails?id=com. ritesh­sahu.SMSBack­upRe­store). Full sys­tem im­ages are pos­si­ble, but only via a suit­able re­cov­ery ROM, such as TWRP (we’ll cover this shortly) or Clock­workMod. How­ever, un­less you al­ready have one in­stalled, in­stalling one re­quires the de­vice be­ing wiped in the first place. Thanks, Google!


With a suit­able backup done, you’re ready to scoop out the brains of your de­vice, and re­place them with some­thing al­to­gether bet­ter. To per­form such a del­i­cate op­er­a­tion, you need the right tools. This tends to be eas­ier on Linux, but we’ll use Win­dows here for sim­plic­ity. The two core com­mand-line tools used to mon­key with An­droid de­vices are Adb (An­droid De­bug Bridge) [ Im­age 2] and Fast­boot. You can down­load these from Google at de­vel­­­dio/ re­leases/plat­form-tools.html. There’s a bunch of other junk in the ZIP that you can safely ig­nore. Adb is designed to in­ter­face and con­trol the An­droid OS — in other words, An­droid needs to be run­ning on the de­vice to work. Fast­boot is a lowlevel tool that con­trols the ba­sic re­cov­ery mode ac­cess, known as fast­boot, on powerup — like your PC’s BIOS. The An­droid ADB driver for Win­dows is used to recog­nise the An­droid de­vice in de­bug mode, so you need the cor­rect driver. You can get a generic one from sup­port-wiki/wiki/An­droid-ADB-Driv­ers. If your de­vice isn’t recog­nised, Google main­tains a list of OEMspe­cific driv­ers you can try at de­vel­­­dio/run/ oem-usb.html#Driv­ers. XDA de­vel­op­ers have cre­ated an all-in-one tool and driver in­staller ( fo­rum.xda-de­vel­op­ thread.php?t=2588979). You may want to opt for that to save your san­ity!

“Make sure your phone is sup­ported; there’s not much use car­ry­ing on if it’s not!”


Now we’re all primed, the first ma­jor step is to un­lock your de­vice. This wipes ev­ery­thing, re­set­ting the de­vice back to fac­tory de­faults. Con­sider your­self warned. An­noy­ingly, it seems that ev­ery man­u­fac­turer pro­vides a dif­fer­ent un­lock mech­a­nism — see the ‘De­vice Sup­port’ box­out on the pre­vi­ous page for more de­tails. We’re go­ing to fol­low the de­fault An­droid sys­tem that is used by Google and OnePlus. To be­gin, we need to ac­ti­vate De­vel­oper mode, and switch on USB De­bug­ging. In An­droid, se­lect ‘Set­tings > About’ and tap the build num­ber seven times. A mes­sage an­nounces that De­vel­oper mode is un­locked. Se­lect ‘Set­tings > De­vel­oper op­tion switch on USB de­bug­ging’. If there’s a OEM un­lock­ing op­tion avail­able, se­lect that as well. Once USB de­bug­ging is on, you’ve in­stalled the ADB driv­ers, and un­zipped the tools, con­nect your An­droid de­vice. A se­cu­rity mes­sage ap­pears on the An­droid de­vice — al­low the con­nec­tion. Se­lect ‘Win­dows’, type “CMD” and press Re­turn. ‘CD’ to where the tools were ex­tracted. For sim­plic­ity, you can copy Adb and Fast­boot to your desk­top, and just work with ‘CD desk­top’. To re­boot into re­cov­ery, type “adb re­boot boot­loader”. To un­lock, type “fast­boot oem un­lock”. A warn­ing ap­pears [ Im­age 3] — read this, and ac­cept the re­spon­si­bil­ity, or run scream­ing into the hills.


You’ll want to re­boot your An­droid de­vice and log in — don’t worry about ac­counts, this is just so we can copy over re­cov­ery im­ages, LineageOS, and so on. At this point, we’re con­cen­trat­ing on adding a cus­tom re­cov­ery ROM. This is ac­ces­si­ble when a de­vice is first pow­ered up via a key com­bi­na­tion, such as Power and Vol­ume Up or Down. You can also re­boot into it via the Adb tool. Us­ing the cus­tom re­cov­ery ROM, we’re then able to flash a new OS and do com­plete sys­tem back­ups. The most com­monly used re­cov­ery ROM is TWRP (Team Win Re­cov­ery Project), so head to­vices, and down­load the cor­rect ROM for your de­vice. If one isn’t listed, you should try search­ing for a Clock­workmod re­cov­ery im­age for your de­vice. Copy the re­cov­ery im­age into the same folder as the Fast­boot com­mand. If you know how to re­boot into fast­boot re­cov­ery, do so. Other­wise, put the de­vice back into USB De­bug­ging mode, as ex­plained in the pre­vi­ous step, and in a com­mand prompt, type “adb re­boot boot­loader”. To flash the re­cov­ery im­age, type “fast­boot flash re­cov­ery <im­age file name>”. Se­lect to start re­cov­ery, and en­ter TWRP. At this point, you can boot back into ‘Sys­tem’, aka An­droid [ Im­age 4].


As dis­cussed, down­load the LineageOS build (­vices) for your de­vice. Cur­rently (early 2018), we rec­om­mend v14.1, which aligns to An­droid 7.1. An­droid 8 Oreo is v15, and is likely some­what ex­per­i­men­tal at this stage, but read the logs and any fo­rums re­ports to make up your own mind. At this stage, you can also grab your faux Google Gapps pack­age [ Im­age 5] from open­ — see the box­out be­low-left for more de­tails on that. Copy both ZIPs to the de­vice — into the Down­load folder, say — and, no, you don’t need to un­zip them.


Re­boot into TWRP Re­cov­ery. Type “adb re­boot re­cov­ery” if you have a com­mand prompt to hand, or power down, and use the Power and Vol­ume combo. Wipe the Data, Cache, and Dalvik/ART Cache (this is the de­fault), tap ‘Wipe’ and swipe to go. Not do­ing this can cause the in­stall to re­turn an er­ror. Re­turn to the main menu and choose ‘In­stall’. Se­lect ‘Down­load’ and the LineageOS ZIP. Choose ‘Add More Zips’ and do the same for Gapps [ Im­age 6]. Swipe to flash, and kiss good­bye to old An­droid. Once done, do a de­fault wipe again, then re­boot into An­droid. The first boot can take five min­utes or so.


Wel­come to LineageOS [ Im­age 7]. If you want to use the cloud re­store linked to your Google Ac­count, there’s an odd quirk at the time of writ­ing. To log on to a wire­less net­work, you need to first choose to not re­store from an­other de­vice/the cloud, set up a wire­less con­nec­tion, then step back, and re­store. Other­wise it doesn’t set up a con­nec­tion, mak­ing it tricky to down­load from the cloud. Once LineageOS is work­ing, you’ll have ac­cess to the Google Play Store. If your Google Ac­count is up and run­ning, apps are slowly re­stored with some set­tings in place. Check Se­cu­rity set­tings, tweak the No­ti­fi­ca­tion drawer, and per­haps get a new launcher; Nova Launcher is our favourite. We’ve men­tioned root ac­cess — this is ad­min­is­tra­tor level ac­cess to the An­droid sys­tem. It’s gen­er­ally not re­quired, and con­sid­ered a se­cu­rity risk, which is why it’s off by de­fault, and hard to turn on. If you want root ac­cess for backup rea­sons, Lin­eage OS makes it rea­son­ably easy. Grab the Su­per User pack for your de­vice’s ar­chi­tec­ture from down­load.­tras. Copy it to your LineageOS de­vice, re­boot into TWRP, and flash the Back in LineageOS, en­able De­vel­oper mode, if you haven’t al­ready. You’ll see an op­tion called ‘Root ac­cess’ — se­lect ‘Apps and ADB mode’. Now apps can be given root ac­cess. De­pend­ing on your de­vice, you could find you’re get­ting LineageOS up­dates once a week. Don’t feel you need to in­stall them. You can fol­low the re­cent changes up­date log for your de­vice at down­, along with any changes that will be merged into the next build.








Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.