Valid HTML 4.01 Transitional

Samsung Galaxy S5
Application Setup

Jim Carter, 2015-04-15

Table of Contents

Special Setup for Particular Apps

T-Mobile Visual Voicemail

When you run it for the first time, first it wants you to record a custom greeting or confirm using the default (it reads your phone number only). Then it wants you to set your PIN. As the old PIN use the last 4 digits of your phone number; then give a new one (twice). If you forget it, dial #793# to revert to the last 4 digits.

Night Clock

Need to set up alarms. Each one could have an individual alarm sound, but I'm using the same one for all. I used to use Rooster Alarm for the ringtone, but Rooster is gone in CM-10 (also has a negative WAF). I found a copy of Walk in the Forest with no visible copyright, and that is pleasant for both of us (though one comment poster complains that it sounds like the kind of music old people play on their alarm clocks :-). See the Night Clock app writeup for how to use your own music as a ringtone or alarm.

Copernicum is another decent sound, or it was in CM-11.

VPN Setup

A contemporary (2015-01-11) procedure for setting up the VPNs is documented in Asus Transformer Pad Infinity -- Upgrading the VPNs. This worked on CM-11 based on Android-4.4 KitKat, but not on CM-12. SELinux is currently being blamed.

Wallet by Google

Spoiler alert: after about 2015-06-01, Google Wallet could no longer pay over NFC.

If this is your first time with Google Wallet, you will need to re-authenticate to your Google account, and give your legal name, physical address, and a 4 digit PIN. (Pick one in advance.)

Google, whose business model is world domination through advertising, would like you to provide the number(s) of credit card(s) to be stored on their server. They will then charge your card for purchases. Not a chance! However, you can use your bank's one-time card feature and provide that as a payment method. Then transfer money to your credit balance, after which your card self-destructs. They get the interest from the credit balance, but I would rather let them have that than the real credit card number. As I understand it, Apple Pay does not have the credit balance feature.

Dumb! I forgot my PIN. To reset it, start the app, enter an arbitrary (wrong) number, and the rejection will have a link for "forgot PIN". Eventually it opens (in the browser) the Google login page. Log in. It redirects to the PIN reset page. Give the new PIN (old PIN not required). On success you get a link for back to Wallet. It takes you back to the authentication page, and this time the PIN works.

Recommended to go to Settings (from 3 bars menu, upper left corner), Wallet PIN, PIN Timeout, click on it. You can choose 15 mins, 1 day, or never; pick 15 mins. After this long you will need to re-enter the PIN.

Setting up Tap and Pay (NFC): First make sure you have a valid credit or debit card. Apparently an expired card won't do. But this can be a one-time card. (Update: not after 2015-06-01; it wants a debit card, not a credit card or a one-time card. The issuer is Visa for Bank of America; that might make a difference.)

Then go to the 3bar menu - Settings - Tap and Pay. Look at the brief howto (required), then hit Done. They will make a test transaction to your card, but that will make a one-time card self-destruct, so you can't use it for adding to your balance.

Yes! Confirmed one successful NFC mobile payment with Google Wallet in CyanogenMod-12, using the Google Wallet credit balance. And this was at a cash register branded Apple Pay. This transaction was done before 2015-06-01, but afterward I was unable to repeat the exploit. The symptom was that it interacted repeatedly with the terminal, and if you let it continue until total collapse, it popped an error message implying that it had used up its collection of one-time cards. I'm guessing that it sent in a transaction record but the merchant's bank rejected it every time. Hiss, boo!

As of 2015-06-28 there are no recent postings that I can uncover alleging successful NFC payments on CyanogenMod-11 or 12. The Tapp app is supposed to work on CM-11 but few postings refer to people actually using it: myself included; follow the link for why.

SSH Server

This has been a nightmare! I had to go through nine apps before I found one that worked. For reference, I am using SuperSU, and CM-12 based on Android-5.1 Lollipop (also KitKat) is in serious SELinux enforcer mode. Here are the ones I have tried, just about every one found on the Play Store. Successes shown last.

Ssh server by The Olive Tree

Ad supported, in the configuration and control screens. It does SSH, SCP, SFTP. Authentication by password only, no RSA. This is not going to fly when I make backups.

QuickSSHd by TeslaCoil Software (Kevin Barry)

$1.49. It has 10,000 downloads. One reviewer couldn't get it to work, one says it works fine, no indication what OS version.

DigiSSHD / SSH Server by Alexey Aksenov

Free, no ads. It requires the DigiControl app as infrastructure. It looked promising but it would not start, just died.

Rooted SSH/SFTP Daemon by OSS Mobile Apps

Free, no ads. I have been using this one successfully on CyanogenMod-11 / Android-4.4 KitKat but on Lollipop the server starts and immediately exits.

SSHDroid by Berserker

Free with ads, or Pro. Root is optional. It has preliminary Android-5.x Lollipop support; it may or may not work with root. It looks like it has the feature set that suits me best, but when started the server immediately exited (on port 22).

ssh Control by KnApps (Simon Knopf)

It will install the Dropbear-multi server (by Matt Johnston). This app is way down on the search results lists, only 100+ downloads. The daemon runs as root. (I think it still runs, but restricted to a nonprivileged port, without root.) The included help is not by a native English speaker but is effective in guiding you through a fairly complex setup process; the help is oriented to installing PuTTY on your Windows machine and using it to generate your personal keypair, but you can use ADB on the phone to replace /sdcard/dropbear_easy_setup/key_for_authorization.txt with your public key from UNIX.

Unfortunately the server was not able to listen on any port. I tried 22, 233 (unassigned, his default), or 2022 (unprivileged). The client got connection refused. Too bad, this one looked like what I needed.

SSH Control by Jesus Olmos

This is a similarly named client app which will show up earlier on the search list.

SSH Server by Ice Cold Apps

Free (ad supported), pro for $2.61. Use the Port Forwarder Ultimate app (which requires root) to forward port 22 to a non-privileged port which this one can listen on; I used 10022. Authentication is by password, RSA or DSA. It has X11 and agent forwarding. It has a dynamic DNS updater. Almost certainly updated for Android-5.x.

Configuration is unfriendly. You need to add your SSH server and its user(s) all at once, error free, because you cannot go back and edit the configuration later; you need to delete all your servers and do the whole configuration over.

Port Forwarder Ultimate had a more friendly UI; however, it could not emplace the redirect rule using its included iptables binary because Lollipop only allows position independent (PIE) executables. To use the system's iptables (from Busybox) you need to mark the checkbox in rule settings for Use internal iptables. That done, it works. To see the log file, on the main screen there is a rectangle at the bottom that looks like a tab; swipe it upward. To close the log page, the rectangle will be at the top and you swipe it downward. It's convenient, and not a security hazard, to emplace the rules at boot, but you need to mark that box on both the main settings page and individually for the rule's settings. However the app uses a surprising amount of battery, so I recommend that you run it only when needed and turn it off afterward.

My client was able to connect to port 10022, but I believe a botched user setup prevented executing any commands. For port 22, connection refused. This server was the most successful so far. With Port Forwarder Ultimate properly configured, port 22 can be used. But even with a non-botched user setup, it authenticates successfully but then the exec request still fails. Giving up.

SimpleSSHD by galexand

Free, no ads. Includes rsync. Publickey only, no passwords. No root, cannot use port 22, default is 2222. Updated for Android-5.x Lollipop. Only 100+ downloads, but the way this is going, I should try it.

Yes! You create /sdcard/ssh (configurable in Settings) and copy your authorized_keys file (your public key(s) concatenated) into it. You get a shell session as some user (u0_a138), but you can do su to escalate privileges. For example, on the client do:

ssh your_phone su -c "sh /data/local/bin/backup-host" > your_backup.tar

I ended up reinstalling Port Forwarder Ultimate (see previous app) and using it to forward source port 22 to destination 2222. This works.

Confirmed that this server does not do key agent forwarding. Nor X11 forwarding.

CyanogenMod Updater

The updater is a new feature in CyanogenMod-10. It checks on the CyanogenMod download site(s) for new versions of the system image, analogous to a carrier's OTA (Over The Air) updater, like Samsung's Kies Air. It also checks for themes on multiple sites.

You don't start it from an application icon; instead look in this unlikely place: Settings - About Phone - CyanogenMod Updates. You can set the frequency of checking (default is weekly), and what stability level you want. When an update is found, click on the menu item to download it. Doing this on Wi-Fi is recommended because images are large, e.g. 171Mb, and so take a while to download, and they eat up your cellular data allowance if limited.

When the download finishes you are given the option of installing it immediately or later. You will want to do user-level and system-level backups before installing, particularly if you plan to wipe data, so invariably cancel the installation. Although upgrades within the same major version number (e.g. CM-12 to CM-12.1) are supposed to not need a data wipe, beware that nightly builds may unexpectedly need this; a number of people complained of bootloops and bad behavior in key apps until data was wiped, in the jump from CM-12 to CM-12.1. In the same jump it was necessary to install a new version of Google Apps. So it's most prudent to always back up everything, even if you're expecting not to need to restore it.

When you're ready to update, make sure your phone is at least 50% charged; having the battery die in the middle will likely brick your phone. Click on the update line item. Clicking on the filename itself gives you the changelog, and long-pressing gives the choice to delete it (not what you want, yet). Click on the download icon at the right of the line, and it will offer to install. Tell it Update.

The phone reboots into Recovery. It is told by the updater which file to update (not automatically wiping data), takes about 30 secs. It does clear cache. The phone reboots into the OS, and it takes a while to recompile the Java bytecode, maybe 60 secs.

The whole process is easy and very user friendly, not like the procedure to install CyanogenMod in the first place.

Application Settings -- Open Issues

These issues have been noticed so far and need to be worked on: