Selection | Checkout | Setup | Apps | Top |
Chassis Name | Hostname | Future | |
---|---|---|---|
Old Phone | Pioneer | Selen | Pioneer |
New Phone | Barbet | Orion | Selen |
When Orion is set up and reasonably operational, Selen will be renamed to Pioneer and Orion will be renamed to Selen. The IP addresses follow the names; the MAC address stays with the chassis. The nano-SIM will move fairly early from Selen to Orion.
What's in the box:
Power it up and follow the on-screen instructions.
First steps:
Use Device MAC. (Then finish hostdata.db and firewall setup.)
Going through the steps in Google's guide to import data etc. from an old Android phone.
1. Make sure you have:
2. Update the old phone's software. Back up user data. (Done)
3. Create a Google account if you don't already have one. (Have one)
4. SMS, Calendar and Contacts will sync to your Google account, also photos and videos. Let them sync off the old phone, later onto the new phone.
On the old phone, open Settings-Accounts-(Google account). Click on Google Account — This controls what happens to your data once Google has it (not what I need now). Click on Account Sync. My stuff was synced this morning, no need to sync again. I'm afraid that the important stuff like device settings and app list aren't synced from this page.
5. Power on the new phone. Hold down the power button for 3 secs at least, until a splash screen appears. For stock it's the Google logo; for LOS it's a 10 sec warning that your bootloader is unlocked and the GRU could have messed with everything on the phone. Give it some time for initial boot because it has to recompile all the Java bytecode. On the stock OS it took about 2 minutes; only 1 min for LOS because there were fewer factory installed apps.
The setup wizard will start. Select language and accessibility options (I didn't change any). The default language is English. Hit Start.
6. Power off the old phone and remove the SIM. Insert the same or different SIM in the new one. It's apparently OK to do this with power on. Only one phone at a time should connect to cellular voice and data. If you're going to use an e-SIM, connect to Wi-Fi first.
Poke the SIM ejector in the small hole in the SIM tray cover, making it open a little, then pull the cover all the way open. The SIM tray has the SIM on the front side with the contacts toward the front. There's a corner cut so the SIM will only go in the right way. When you close the SiM tray, the setup wizard will go to the next step. The screen saver is active and if you take too long the screen will go black. Hit the power button to wake it up again.
7. Connect to Wi-Fi.
No QR codes, you have to type in the password. I got on (after 2 tries with the password). Per tcpdump, an unknown MAC address is chattering with Google sites. Having the MAC, I put it in hostdata.db per /etc/hosts.add.txt, and did the additional installation steps. Since Orion is already there, it only affected /etc/ethers, hostgroup.db, trusted-adr.fw.
8. Copy apps and data. Details to do this…
9. Turn the old phone back on. Connect the phones' USB ports. (Or you can use Wi-Fi, so they say.)
Set the screen timeout on the old phone to 30 min (temporarily), so it's not locked and unresponsive when you need to confirm a step. Connect the devices using the cable. For me, the old phone's type C to type A cable (with the adapter) did not result in communication, but the new phone's type C to type C cable brought success. On the old phone, give permission to copy, and authenticate with your fingerprint, pattern or PIN.
10. On the new phone, give the loginID and password of your Google account . (It didn't ask me for this; presumably it was using the copied data.)
11. If you want to omit certain data categories, uncheck their boxes. Hit Copy. The next screen lets you set up fingerprints, Google Pay, or Google Assistant. To do this later, hit Skip.
12. Eventually it will show a summary screen for the data transfer. Hit Done.
It transferred 59 apps and about 30Mb of other data, total 1.8Gb, estimated 2 min to do it. Categories: apps, photos+videos, music, SMS, device settings, call history.
One disappointment: it did not place app icons on the launcher screen. I was hoping it would restore icons in their original positions, but I'm going to have to copy them all from the app drawer.
This is the end of the Google help page, but the wizard continues on to set up other items.
Configure Google Services:
While I did all that, copying finished. On the old phone, close the transfer app and disconnect the cable, because it keeps the CPU in a spin loop and runs down the battery.
Set the lock screen PIN. If you click on lock screen options, you can set a pattern instead. You can't have both.
Set up fingerprints: I think it wasn't recognizing that I was touching the sensor. Skip.
This is the end of the main setup sequence. Now set up Google Pay, Google Assistant, etc. Let's just do it and decline the ones I don't want.
No, thanks
That's supposedly the end of setup, but when I hit Done it gave me some more items:
Respondand
listenare not the same concept.)
Finally everything is done!
Now it wants to update 31 apps. Doing them now.
Quite a lot of apps did not get copied over to Orion (stock OS),
with no report of why. Statistics: 12 missing, 5 replaced by the Pixel
equivalent, 2 other fates. Since I'm going to install LOS, I'm not going
to try to resurrect them. Here's a list. The phrase will reinstall
implies that it's been seen on the Play Store.
share via Bluetooth). It's not in the app drawer, but it's installed: the app drawer's finder can find it.
Here's a detailed history of resurrecting Sudokyuu, a game I play.
On the Pixel (stock OS) you can now create a custom theme for the home screen. You can select an icon theme (e.g. the Wi-Fi icon), the font, and the shape of the icon backgrounds, 4 shapes including square. (In LOS see Display-Icon Shape; they have 7 more creative shapes.) You can reduce the icon grid size; 5x5 is the default.
Breaking news: overnight the Pixel discovered an upgrade from Android-11
Rhubarb
to Android-12 Strudel
. LOS is still on its version
18.1 based on Android-11, so I'm not going to upgrade the stock OS, in case
there are significant differences between stock and LOS-18.1. I'm also
going to pause updates on the Pioneer. (Preview: LOS also switched
versions, and to install LOS-19 I needed to upgrade the stock OS first.)
I discovered these tidbits of information:
The normal way to see the IMEI is in System-About Phone. You can also display the baseband processor's copy of the information by dialling *#06# . It shows you:
Fastboot (bootloader) has a menu choice for Barcodes, which shows most of this stuff with a barcode for each.
Overnight standby, with Wi-Fi on and with a SIM, on the stock OS, for 12hr 40min used 5% of battery. Estimated standby time without charging: 10 days.
For the Pioneer when new, and 8hr overnight time: with no SIM it used 2% of battery. With a SIM the stock image (updated) fairly consistently used 3% overnight.
NOTE: Figure out what to do about the trim area. See the extensive discussion in the Pioneer hardware report.
Jimc judges that he is extremely unlikely to even notice the absence of the DRM keys that were trashed. Thus I'm cutting off this project with the decision to not back up the DRM keys. However, I will use TWRP Recovery to back up the TA partition (minus DRM keys) after unlocking the bootloader. Update: TWRP doesn't support the barbet. I'll have to improvise something once the phone is rooted.
Procedure to back up the TA partition (on Pioneer)
imagevariants of some of these.
backup trim area TA partitionyields (ancient) procedures to back it up before unlocking the bootloader, which is not what I'm doing. Nobody actually says which partition is being backed up, by name.
/vendoris the most likely one. A second choice is the non-user-accessible region of /storage.
adb devicesand make sure the phone replies (with its serial number).
lock your bootloader(ignore), SONY splash screen, TeamWIN splash screen, enter your pattern (to decrypt /data, which it takes a while to do), finally the main screen.
Vendor Image. Hit Select Storage and choose the SD card. The numbers shown are the amount of free space in Mbytes. Don't mess with the other tabs; compression does nothing for the images, though it probably helps the tar files a lot.
When I had my Galaxy S5 rooted, what were the effects on the phone? That is, what did I use rooting for? And what negative effects were there?
In Android-11 and earlier, you need root to set the clock. The app Smart Time Sync can set it from GPS and/or NTP. On the non-rooted Pioneer I relied on the carrier's time. T-Mobile provides time accurate to 2 secs, though there are nonspecific reports that some carriers' clocks are much worse.
Media (music and video) has paranoid protection probably involving DRM. With root I could get non-DRM content (legally owned) from my library onto the phone, so I can perform it without a network connection. I haven't been able to do this on the non-root Pioneer.
Backing up the Trim Area I expect will be a lot more accomplishable with root. If I use TWRP, and if afterward I'm locked out of TWRP (like now), can I restore the backup?
Other backups of system data are feasible with root.
Troubleshooting and investigation often requires root.
On the other hand, banking and payment apps like Google Pay are paranoid about being hacked, for good reason, If the phone is simply rooted, they will not work; there is a uniform API called SafetyNet that they can call to detect if the phone has been tampered with. Magisk is the currently popular hack to get around this.
It would be acceptable if the phone were sometimes rooted and sometimes not, during which time payment apps would work (I hope). Magisk has a feature to do this easily.
The fight between Google Play Services and Magisk is a cat and mouse game, or more like Whack-a-Mole. An upgrade to Google Play may knock out the payment apps until Magisk gets updated. I will need to keep old, vulnerable versions of Google Play Services for when this happens.
The LOS installation instructions warn that just unlocking the bootloader may be enough to trigger SafetyNet, so I may already be locked out of payment apps whether or not I root the phone.
Conclusion: being rooted is not a number one priority for my use of the phone, but I'm going to give Magisk a try.
I installed YASNAC as a SafetyNet tester. There are several such testers. Each one has an API license key, and there's a limit on the number of queries that could be made per key, per day. If the limit is exceeded, which definitely happens on the more popular apps, the app will report that it could not contact Google Play Services.
I'll use this sequence of operations:
So how do you re-lock the bootloader?
Discusson on Reddit, OP u/Axios86 (about 2020-05-xx). He wants to
re-lock. Comments range from I did it on Pixel or OnePlus
(but
doesn't generalize to all OEMs) to don't do that, you'll brick your
phone
. But the procedure involves inserting the appropriate cert
in vbmeta (which you then have to insert into…) I'm going to
conclude that relocking isn't going to happen.
Web resources for Magisk:
Tidbits from the
Magisk release notes: The developer of Magisk is topjohnwu. As of
Magisk 24.0 (2022-01-26), he is working for Google on the Android Platform
Security Team. But apparently he's still allowed to develop Magisk. Formerly
Magisk included a module to hide the existence of Magisk, but he got worn down
by the endless cat and mouse game
and has removed this module. But
other developers have created better such modules, which he endorses.
On the very day I'm writing this, LOS released version 19 (Android-12L)
for Barbet and 40 other phones including the Pioneer. In the
LOS staff blog dated
2022-04-26, they say, On the whole, we feel that the 19 branch has
reached feature and stability parity with 18.1 and is ready for initial
release.
Should I go along? If I install v18.1 and then upgrade to v19,
it's not as much work as replacing the stock OS, but the upgrade is
nontrivial. I'm going to install v19. But I've stashed the last v18.1
image files, so I can downgrade if necessary. For the next month or so
I should upgrade weekly, then go back to my usual update every 2 weeks.
(Note, while the new version is called LineageOS 19
, the image filenames
include 19.1
as the version.)
Web resources:
You should obtain in advance the current LOS image, vendor_boot image, and
GApps (Google Apps) package. (Use GApps
in web searches, not
google apps
.) (LOS instructions put this step after you've booted
into Recovery.)
LOS download
directory; it has subdirectories per date. Normally get the most
recent image. Also download its sha256 sum. (But no GPG signature,
hiss, boo!) Size 1.09Gb. Sample command line to check the checksum;
note the backslash before the question mark:
sha256sum -c < lineage-19.1-20220428-nightly-barbet-signed.zip\?sha256
TeamWin Recovery Project (TWRP) website. This is what I normally use. Click on Devices and pick yours. Oops, Google Pixel 5 is supported but Pixel 5a isn't. The CPU is identical and it would probably work, but I'm not going to try it.
The LOS instructions tell you to download a custom recovery
,
of which TWRP is the most popular; however they also give a link
to theirs, under the name vendor_boot.img
in the same
directory as the main image.
XDA-Developers overview of GApps packages
LOS Wiki overview
of GApps
In the past I've always used OpenGApps. But a key quote from the
LOS overview is: If Open GApps is not listed for your
Android version, it is not recommended.
Which it isn't for
Android-11 and 12. They recommend
MindTheGapps (link to index).
For Barbet you want the arm64 architecture, for Android-12.
Size: 241Mb. The download page gives a MD5 sum; check it.
The first time around I used an experimental OpenGApps bundle. But it put the Setup Wizard into an infinite loop of making me configure Google Services permissions. Thanks to u/monteverde_org on Reddit/Cyanogenmod for showing me the error of my ways.
The following steps are from the LOS installation instructions for Barbet, which should be read (and obeyed) in parallel, plus added clarification by jimc. Step numbers match with that howto.
0a. WARNING, your DRM keys will be gone forever (See extensive discussion of this issue for Pioneer.) The rest of the phone will be totally wiped, so back up user data.
0b. The phone needs to be charged. Anything over 50% should be plenty, says jimc.
0c. Up/downgrade the stock OS to the Android version on which your LOS image is based: Android-11 for LOS-18.1, or Android-12 for LOS-19. If you can't get the needed stock image, install a matching back-version LOS image, and upgrade that in a separate step. It's generally recommended to upgrade one major version at a time, e.g. LOS-16 to LOS-17 to LOS-18 to LOS-19.
3. Connect the USB cable to the host. How you connect made a lot of difference on the Pioneer. See here for how I got this working. For Barbet I used the provided USB-C to C cable from my laptop's USB-C port to the phone. All adb commands worked on the first try.
Unlocking the bootloader. From a tutorial on Droidwin by Sadique Hassan, 2021-08-27; jimc has created this summary and has added a few key items. The tutorial matches the LOS instructions (except for comments).
adbutility. Check recency of versions on developer.android.com. Either install their zip file or install from your distro (which is more sanitary if the version isn't ancient). The OpenSuSE package for Tumbleweed, as of 2022-04-28, is android-tools version 31.0.3 while developer.android.com has v33.0.1 (I'll use SuSE).
adb devices; make sure your phone answers. The key shown is the device serial number; check it in About Phone.
adb reboot bootloader. It showed its info screen after about 3 secs, with this content. This is coming from the stock OS, but I'm almost certain that LOS does not replace the bootloader; behavior and info are identical. The
Enter Reasonitem tells why it thinks fastboot was started.
Product revision: barbet MP1.0(NA) Bootloader version: b9-0.4-8048809 Baseband version: g7250-00118-220211-B-8174514 Serial number: (14 bytes) Secure boot: PRODUCTION NOS production: yes DRAM: 6Gb Micron LPDDR4X UFS: 128Gb Micron Device state: locked Boot slot: b Enter reason: reboot bootloader
fastboot devicesand make sure your phone answers. [It does.]
fastboot flashing unlock. I needed to confirm on the phone. Use the volume keys to select Unlock, and the power key to confirm.
Start) or executing
fastboot reboot. Now when booting it shows for about 10sec a warning about the unlocked bootloader.
adb devicesand make sure your phone answers. [It does.]
4. We're going to run the bootloader (fastboot) again.
On the host:
adb reboot bootloader
On the host, execute: fastboot devices
and make sure your phone answers.
Now install the Recovery image. Execute on the host:
fastboot flash vendor_boot <recovery_filename>.img
(fill in the actual filename for recovery). [Done, takes about
5sec.]
So what is the recovery filename, that you were supposed to have already downloaded? If you're using the LOS recovery, it's vendor_boot.img from the same web directory that you got the main image from. LOS instructions imply that you could also use a TWRP image at this point, if one were available for Pixel 5a, which it isn't. That's how I've done it in the past.
I faked myself out: having failed to find a TWRP Recovery, I then searched around for the relevant LOS Recovery image — and unfortunately I found it in https://mirrorbits.lineageos.org/recovery/barbet/20220428/lineage-19.1-20220428-recovery-barbet.img . So I tried to flash it and got totally tangled up.
Details are murky about how you get from fastboot into the Recovery
you just flashed. The host's fastboot program doesn't have a
subcommand to boot into Recovery. What I did: use the Volume-Up key to
cycle to the Recovery Mode
item, and press the power button to
boot it. (Volume-Down also works but goes through more choices.)
It displays the warning about the locked bootloader (10 sec), then the Google splash screen, then the LOS Recovery front page.
LOS image installation: The phone should be running your custom Recovery. If not, do the previous step.
step 1/2. Tap the screen (in the lower area) if the screen saver blanks it. When done it shows the
Apply Updatescreen again. Using LOS's vendor_boot.img I got no error messages, but they warn that with some recovery programs, adb will report progress up to 47% and then show various bogus error messages such as
No Erroror
Undefined Error 0which are reporting success. The Pioneer with TWRP does this. Blow off the non-error message. On Barbet, transfer stopped at 47% but there was no error message, bogus or not.
vision settings. Hit start.
installing67 apps. Better wait until it finishes. I think each copied app needs an initialization step.
What the Setup Wizard seems to have transferred (or set up anew):
Loose ends:
Now I have LineageOS running on the phone. Here's a journal of what I did to set it up.
The Setup Wizard's copier apparently copies only files with an approved mime-type, i.e. photos, audio or video. Not including my text files, SSH keys, HTTP directory, etc. Transferring those files will be an important early step.
Somehow when Wi-Fi was set up, my attempt to use the device MAC was not honored, so I have an aleatory MAC and DHCP IP. Fixing that now. Settings-Network&Internet-Internet-Wi-Fi, click on settings for the network to which you're connected (or any of the networks; the setting is individual per SSID). Click on Privacy and change to Use Device MAC. Turn off Wi-Fi and turn back on, to get your proper fixed IP address.
Immediate-early apps that I need to set up first because I'm actively using them:
Setting up all this, from the stock OS to the above 7 apps being used overnight, took 20% of battery (100% to 80%).
On Firefox for Mobile, the home page
is the new tab initial
page, with pinned sites, recent bookmarks, etc. For the normal desktop
kind of home page, set a bookmark and jump to that. Firefox for Mobile
used to accept file:// URLs, but no longer; it silently displays
nothing. So I installed NiM Web Server and configured it to serve
my homedir to localhost:8080, and set the bookmark to that.
Importing my bookmarks and pinned sites for Firefox. There's got to be a better way (short of creating a Mozilla sync account). Some of them are rather intricate, e.g. for the National Weather Service the coordinates of my house are appended, to give a truly local forecast.
What I actually did: Do this in the order in which you want the bookmarks to be listed. On the old phone, follow a bookmark. In the dotdotdot menu select Share (3 circles rightward opening) In the resulting icon box pick QRbot (View Code). A QR code of the URL appears. On the new phone, start QRbot, which will activate the camera. Hold the phones parallel and move so the QR code is in the targeting box. QRbot reads it and gives you a menu including Open Web Page. Hit it; it's opened with your default browser (which at the moment is LOS's Jelly). It would have been better to switch to Firefox (in Apps-Default Apps-Browser), but I actually selected the URL, long press and pick Copy, use the app switcher to flip to Firefox, long press on the address bar and pick Paste, let it open the web page, then hit the star in the address bar to make a bookmark. Firefox briefly pops a toast about editing the bookmark; hit it promptly if you need to improve the title.
NEEDS WORK Import the CFT root cert. It's on https://diamond.cft.ca.us/~certauth/ and Firefox doesn't have the trust anchor. Make an exception and download it. But none of the importation procedures will install the cert: download and open with the native cert installer; Settings-Security-Encryption&Credentials-Install a Cert; StrongSwan cert installer.
NEEDS WORK
Import jimc's user cert (for use with the VPNs). But when it installed
the PKCS#12 file it asked for the password encrypting the private key,
then circulated saying extracting
for at least 5min.
I re-created my launcher icon layout.
Now I'm going to go through Settings and see what's available. I expect that most will be informational (like Wi-Fi scan results) and most of the rest will be left at defaults or at whatever value was imported from the old phone; only changed settings are shown here.
large.
chamfered, not
tapered.
Emergency Callat the bottom.
Emergency Informationat the top. Click the label.
Device Controlsdoes. This menu is reached when you long-press the Power button.
Use Developer Options.
The app launcher (Trebuchet) has an unlimited number of pages. It wants
to open on the leftmost of them, whereas formerly I used the middle of three
as my home
page. For launcher settings, long press in the background and
a menu will open with items for settings, widgets and wallpapers. I haven't
found a setting to pick a different home
page. Here are my settings;
* indicates other than the default.
My icon layout. Many apps are reached only from the app drawer. I'm going to duplicate what's on the old phone (Pioneer) as much as possible.
— Dock (using 3 of 5 slots) — | |||
Camera | Firefox | Phone | |
— Page 0 (Home) — | |||
Amazon Kindle | QRbot | Tasks | Xabber |
Smart Time Sync | GPS Locker | aCalendar | Messaging |
Kitchen Timer | Jog Tracker | Contacts | RealCalc |
Huge Dig Clock | Jota Editor | Google Maps | Bible App |
(Vacant) | |||
— Page 1 (Technical and Games) — | |||
StrongSwan | OpenVPN And. | WireGuard | H.E. Net Tools |
SimpleSSHD | NiM Websvr | ownCloud | JuiceSSH |
GPS Status | WiFi Analyzer | Sensors | Net Cell |
Settings | Total Commander | DNS Forwarder | Gallery |
(vacant) | (vacant) | Sudokyuu | Solitaire Coll. |
— Page 2 (Misc) — | |||
iRobot | Domoticz | Thermostat | Ring |
Bitwarden | Whole Foods | MyChart | Voicemail |
Zoom | Bluetooth Kbd | CA Notify | Play Store |
Sky Map | Earth | (Vacant) | Google Pay |
(Vacant) |
Miscellaneous settings: Sounds. Set these in Settings-Sounds (toplevel directory). You can also set them in various other places like the phone app. In several major version upgrades the names of the sounds were randomized, but they stayed stable in the upgrades from LOS-17 to LOS-18.1 to LOS-19.
Ringtone. Set in Sounds-Phone Ringtone. Default is Orion which is not too bad. There are 111 to choose from. I'm using Draco, with Sheep and Canis Major as 2nd choices.
Notification. Set in Sounds-Default Notification Sound. I had trouble with not hearing notification bloinks in a noisy or active environment. I changed to CyanDoink, which is annoying but aggressive enough to not be missed.
Alarm. Set in Sounds-Default Alarm Sound. The default is Hassium,
which is horrible and has none of the cachet of Nuclear Launch. Also
consider Rooster. Among the provided sounds, Platinum is the best of a
bad lot. For my wakeup alarm I use Walk_in_the_forest.mp3 (in ~jimc),
which you could add by Add Ringtone
, once it's been restored
from backups. Confirmed that Huge
Digital Clock can find and play this file when the alarm goes off.
The adb
Android debugging utility used to have a subcommand to back
up the phone, but around 2020 it was removed. I've been using a back-version
adb to do these backups, but that's not sustainable, nor prudent. Also I have
never done a fire drill
, restoring one of these backups, to see just how
much stuff is actually being backed up. It's time to get dragged, kicking and
screaming, into the current decade. So what's a good backup program that will
work on LOS-19?
An open source program called SeedVault is an official component at least since LOS-17. If I'm reading this right, it has these features:
I did a trial backup, with these outcomes:
Here's a preliminary assessment of what was backed up, with a count of apps in each fate category:
How to exfiltrate the backup with adb:
cdto that dir.
How to exfiltrate the backup with rsync:
How to decrypt, modify and reencrypt seedvault android backups
:
There's a program to do this on Github, tlambertz's area, called seedvault_backup_parser. It's in Python and is tested on Linux. There's just the one script file called parse.py and documentation. It has a spec file for making a RPM package, but it's not on SuSE Open Build Service. It has a runtime dependency on Cryptodome (current SuSE package name: python38-pycryptodome), which is installed already.
You can copy from the backup dir containing encrypted files, to a second dir which is decrypted. You need to give the passphrase, 12 English words space separated.
He shows an example of creating a subset of a decrypted backup containing your Wi-Fi passwords, adding multiple other passwords, and sending it back to the phone in a form that SeedVault can restore. Root not needed.
I installed the whole thing in Selen's backup directory, where the encrypted backup dir was copied to. 11.5kb compressed,
To decrypt: First you have to find the backup directory, the one
containing .backup.metadata .
.SeedVaultAndroidBackup has subdir(s) named as integers (but they
aren't times). This is the directory you have to give to parse.py.
mkdir /scr/selen.seed
bkup=/home/backup/selen/sdcard/.SeedVaultAndroidBackup/12324…
./parse.py decrypt $bkup /scr/selen.seed
Give the passphrase, 12 English words space separated.
Oops, the program handles metadata version 0, but the metadata
in the current backup is version 1 (in the first octet of the file).
Too bad, this is going nowhere because I'm not going to hold up finishing the rest of the phone until someone finds out how metadata version 1 differs from version 0 and modifies parse.py to match. There's an issue filed for this update.
A tidbit about DAVx5:
Product hype: you can sync contacts, calendars and tasks between your generic Android client(s) and the DAVx5 server (both directions). It can do generic WebDAV, specifically streaming media with the possibility to seek to an arbitrary location in the stream. It supports Storage Access Framework (SAF).
iOS (Apple) calendar and contact apps can use DAVx5 natively, so you can share content between iOS and Android. (jimc's research: In 2007-03, Cyrus Daboo of Apple and 2 others wrote RFC 4791 which defines CalDAV. In 2011-08 Cyrus Daboo of Apple wrote RFC 6352 (still a proposed standard) which defines CardDAV.)
They say they have a modern GUI
but I don't see much
discussion of it. A good feature of ownCloud is that the server
provides a web GUI that can do pretty much everything the Android
calendar and contact apps can do.
Their business model is to provide the server, at 1.99 euro per user per month for 5 to 20 users, 1.49 euro/user*month for 20 to 100 users, and the price is negotiable for bigger enterprises. However, the server (and client) are open source, and presumably you can host your own server.
The app DAVx5 by Bitfire Web Engineering ($5.99) is a sync client that handles CardDAV, CalDAV and WebDAV. This is the official client that goes with the server. There are a zillion other sync clients that DAV5x will work with. You can get the app for free on F-Droid.
If you're acquiring for free, it's requested that you make a donation. They take Euros by credit card, Paypal, wire transfer, LiberaPay, Bitcoin, or Monero.
Help with Installing Lineage on Xperia XA2,
OP davidovski on Reddit (about 2019-03-xx).
He describes the procedure he followed, which to jimc seems to not agree
with LineageOS instructions. He gets a public key verification error on
(I'm pretty sure) the LineageOS zip file. shamanonymous replies:
You definitely don't need to install TWRP permanently. The XA2 uses the
new A/B system image method, so there is no recovery partition…
I only needed TWRP for reinstalling root, but now Magisk is also A/B aware,
so I just have to run it after the Lineage OTA.
He continues with a summary of the install process (with extra notes from jimc):
adb install MagiskManager-v7.5.1.apk(after rebooting).
He continues with how to handle a Lineage update. It will write the
new image to the other (A/B) set of partitions. If botched it will say so
and exit. If OK it will change that partition to be active. Before
you reboot, start the Magisk Manager app and click Install - On The Other
Partition. Do this, then reboot. Lineage OTA updates work just fine
in this configuration.
thinkofdoc responds: LuK1337 is the primary developer for this build. He advises against installing TWRP, and provides a link to a custom TWRP image that works better with the XA2 image. (jimc says: looks like the reported issue is very minor and in 2020 it will be long forgotten.)
Respondent moroi (2018-08-14 on XDA-Developers) (this is post 311, last on page 31 of this very long thread). He tells why you mustn't boot LineageOS before installing Google Apps: on an A/B system, TWRP installs the LOS zip into the inactive partition, then (on success) marks it active. But it installs Google Apps in the active partition. So after installing LOS you have to reboot back into TWRP, not into LineageOS. This seems a little strange to jimc. My speculation (without objective evidence): TWRP installs everything to the inactive A/B set of partitions. On success with LOS it swaps the active/inactive markings. But the partition isn't really active until you reboot, so if you install something else (Google Apps), it will again go in the currently inactive partition where LOS was just installed, which is what you want. Whereas if you rebooted into LOS (without Google Apps), then got back into TWRP and installed Google Apps, it would go into the then-prevailing inactive partition, where LOS isn't.
Running Magisk Manager to set up Magisk:
stablechannel
Restore Magisk Manager, which you would use to change back to the default app name.
Update: The following hodge-podge of forum posts documents unsuccessful attempts
to get the phone to pass ctsProfile. Suggestion, pick up at
Google Pay on Rooted Phone
.
A lot of the forum posts linked here refer
to how to take an image that Google won't certify, and make it look
like one that can be. But I had no problem registering this LOS image with
Google.
[FIX] SafetyNet Failed: CTS Profile Mismatch Errors — Full Guide!
by Arvind Rana on DroidHolic (2020-03-05).
CTS means Compatibility Test Suite
.
Among quite a lot of other items to check/fix, he says USB Debugging (in
Settings - System - Developer Options) is a red flag for CTS. For me, turning
it off did not solve the problem.
Cant find Enable Busybox in Magisk settings and ctsProfile not successful, OP rolferikalfheim on XDA-Developers (2017-09-14). He has my symptom, no Busybox option in Magisk Manager, and ctsProfile test fails. Digeridoohan (moderator) replies, that setting has been absent for some time. Use the Busybox module in the Downloads section of Magisk Manager.
Magisk and MagiskHide Guide - SafetyNet maintained by didgeridoohan. One issue: check in Play Store settings (at the bottom) for Play Protect certification: Device is not certified. The linked page gives some fixes. Basically, make sure you can pass SafetyNet. Jigger some props to match a known certified kernel/system. Clear data for Play Store. Reboot. The main symptom of this failed certification is that certain apps won't appear, or will appear but won't be installable. Netflix is the one most often complained about. I did this but still can't pass ctsProfile. The item for Play Protect Certification has disappeared, and the Netflix product page can be displayed. (I didn't try to install it; I didn't try to see it before improving my compliance level.)
Following instructions in the above wiki and various forum posts, I disabled Magisk Hide, rebooted, tested SafetyNet (ctsProfile false, basicIntegrity true), enabled it again, rebooted, and tested SafetyNet again. Still ctsProfile false.
LineageOS is supposed to be certified by Google. But from time to time updated versions fail to be certified. Basically, install the Magisk modules for Busybox (prerequisite) and MagiskHide Props Config. Guess which device to emulate. That got him past SafetyNet, except for one game. He had forgotten to spoof the name of MagiskManager; doing that brought that game to life.
After clearing data for Play Store and rebooting, I configured settings
again, then selected My Apps and Games
. It showed a panel saying
Install apps you've used before
. It found 10 apps: apps from
the Sony stock image (that I never opened) like PlayStation App, three that
I had on the old phone, and one that I actually installed on the Sony stock
image. Selectively installing them on the Pioneer.
I found out a better way to install previous apps: Play Store web URL, likely you can click to install, on the phone. It has most of them, including some that I must have had at one time but then uninstalled.
In MagiskManager I installed Busybox by osm0sis (prerequisite) and
MagiskHide Props Config by didgeridoohan. Reboot afterward.
Following instructions: start a
terminal (LOS has one, unless you suppressed it in initial setup), command
props
and grant root access, choice 3 to enable better hiding
(and reboot if it prompts), then choice 1, and then 'f', and pick your
fake OS.
On this phone I would very much like to use Google Pay, a digital payment app which has different security exposures than the traditional use of a physical credit card with a static and stealable account number. (Apple Pay pioneered getting merchants to install the software and a NFC reader, but Google Pay and possibly others can use the same protocol even if the reader is Apple branded.) The digital payment protocol uses a one-time code so the thief cannot steal the transaction record off the wire and use it for a nefarious transaction, a notorious vulnerability, but the credit card's number resides in the phone, where malware could steal it if able to subvert very difficult security involving SELinux. Obviously a rooted phone is a serious threat to this security model, and Google Pay will clam up if it detects root capability. The system service that handles root checking is called SafetyNet.
Therefore if you want root, it has to be stealthy. Of course the easiest solution is to not root your phone. So what do I use root for?
ClockSync by Sergey Baranov. It requires root to sync the time automatically. It does have a mode for manual syncing on a non-rooted phone, but you have to watch the display and hit a button at the optimal moment. The Android Developer site shows a class called TimeManager which can set the current time, set the timezone, set 12 vs 24 hour time, and turn NTP sync on and off. That suggests that a recent AOSP image should have these items in Settings. But I find no trace of them anywhere.
StrongSwan is supposed to provide the server pushed DNS server addresses to the VPN API, but this doesn't seem to be happening. The DNS Forwarder app requires root to establish the DNS server manually by cowboy programming. Not having DNS for the VPN is kind of a showstopper.
Running roughshod over file permissions, particularly storage permissions. This is for ad-hoc tasks like copying crypto keys onto the device in the required locations.
I use Total Commander for such file operations, which uses root if available.
Backups are done with user permissions. This means they aren't very complete. I could do better with root permission.
I think my conclusion is, if I can deal with the clock sync issue, it would be fine if I could manually turn root on and off, and have Google Pay work when it's unrooted.
Magisk is the currently popular rooting app/framework, by topjohnwu. Version as this is written (2020-02-20): v20.3; you should also have Magisk Manager v7.5.1. Magisk Release and Announcement Thread on XDA Developers; distributed from Magisk Github site.
Note, it's a cat and mouse game; Google improves
SafetyNet
and the developer improves
Magisk to get around it. Do not
update Google Pay (both the front and back end) until Magisk is
correspondingly updated.
How to Use Google Pay on Rooted Android Phones by Rohail Khan (2018-07-18). Use Magisk root. Configure Magisk to use BusyBox, Magisk Hide, and Systemless Host. Enable Magisk Core Only (and reboot). Look for the SafetyNet lack-of-root report. It should pass, and both Google Pay and rooted apps should work. Jimc's note: I think turning on Core Only would preclude spoofing the OS type, if that's needed to pass the ctsProfile check.
Google Pay no longer worked, OP henban89 (2019-03-03). It turns out that an updated version of Google Pay was aware of Magisk. A respondent gives instructions to revert to a back version and prevent it from being updated.
Google Play Certification: What it is, and how it affects you by JavelinAndArt (2018-04-09). This is what SafetyNet checks. You need to register your Google Services Framework. If you aren't passing SafetyNet, you will be prevented from downloading some apps, and others like Google Pay will not work at all. See also SafetyNet: What it is, and how it affects you by JavelinAndArt (2017-06-05).
adb root.
adb: unable to connect for root: device unauthorized. This adb server's $ADB_VENDOR_KEYS is not set.
Do Not Disturbmode on. Turned off. Now
adb rootyields
adbd cannot run as root in production builds. adbd cannot run as root in production builds #425, OP peyer (2018-07-29): didgeridoohan responds, probably caused by MagiskHide changing ro.debuggable to 0. It needs to be set to 1 for adb root to work. Turn off MagiskHide (and reboot)…
root access is disabled by system setting - enable in Settings -> System -> Developer options. This setting (Root Access) was not available previously.
Working: Magisk with Google Pay as of gms 17.1.22 on Pie OP BostonDan (2019-05-14). He gives a credible looking procedure for getting around the security check.
Before I try to make Google Pay work, I need to install Magisk Manager, try the SafetyNet check, and get it so it passes SafetyNet. (And don't forget to obfuscate the name of the MagiskManager app, which some programs check for explicitly.) On the first installation attempt, I ended up with a failure in ctsProfile, a server-side test; basicIntegrity (client side) passed. Forum posts about troubleshooting this invariably say, wipe your phone, reinstall the OS, and step by step, check if you're passing SafetyNet. The point at which it starts failing gives a clue what intervention may fix it.
Repeating installation up to the point of activating Magisk.
adb reboot bootloaderor from the option on the power menu (long-press power button).
yes- swipe to wipe. (Back 3 times)
Incompatible device detected… please download the correct version for your device: arm. Error code 64.. Tried twice, same result. Instead,
adb reboot bootloader, which works on TWRP). Start up sideload same as before. (Don't wipe anything of course.)
Can't load Android system. Your data may be corrupt. You may need to do factory data reset…That's right, hit that line. It reboots, and this time we get the LOS boot animation. Slow! Takes about 120sec until setup gets going.
select and patch a filein MagiskManager does not mean to select the downloaded zip file and sic MagiskManager on it. You need to do an arcane procedure to unpack the LOS zip, merge it (how?) with the Magisk zip, repack, and select the result. There are reports of one or two people accomplishing this, but the usual way is to start TWRP and sideload Magisk-v20.3.zip. This worked once for me and I'm going to try it again. The installer script actually does the repacking and patching operation for you.
Hide Magisk Manager. And download whatever additional stuff for the
Fullversion. Still fails ctsProfile. Leaving Core Mode off.
Now to see if Google Pay will actually function. Since there's an
unconfigured instance of Google Pay in my backup, I'll restore state first.
I'm using Backup Your Mobile
By Artur Jaszczyk. Re-installing this
app. There's also an active instance of Magisk Manager. The current instance
is called MgkMgr; the backed-up one is …
It restored 0 application data, 1 Wi-Fi password, 48 system settings, and
the app list. Please restart device.
It should have restored
application data; I don't know why it didn't. Play Store did not seem to
know which apps it was supposed to reinstall. Neither did it restore the
icon load of my home screen. In Settings - Apps - See All Apps -
(name of app) - Permissions - turn them all on; in the dotdotdot menu there's
one item for all permissions
. Restore again. This time it went much
faster probably because the target data didn't need to be changed.
Not much improvement. I think this has failed. Next time around I'll try
ADB backup.
Installing Google Pay. With Magisk core only mode on or off, and with
the Google Services Framework ID registered, it passes SafetyNet. But Google
Pay still says This phone can't be used to pay in stores. This may be
because it is rooted…
Turned on Google Pay in the Magisk Hide list,
joining Google Play Services. Didn't help (but I left it on). Turned on
Google Play Services. And rebooted. Didn't help (but I left it on).
Google Pay Magisk Discussion Thread, moderated by Didgeridoohan, response #5 by JarlPenguin (2019-03-03). Discussing similar symptoms seen last year, an update to Google Play Services caused it. Wait for a version of Magisk that it can't resist. Temporarily revert to the previous version by using the procedure shown.
How to get GPay to work on rooted Xiaomi Mi9 by smohanv (2019-09-24).
He links to a Magisk module and lists the operations that it does if you want
to do it by hand. Basically, lie about whether (something) has been attested,
and change the mode to 440 so your fix
can't be reverted. See response
#11 by 73sydney and follow the links there, if downloading the module.
Conclusion: I need to just be patient. The procedure for reverting to a prior version requires a prior version to revert to, which I don't have. Once I have a working version (of Magisk, Google Play Services, and Google Pay), I'll save them so I can revert if needed.
Selection | Checkout | Setup | Apps | Top |