Otter: Portrait of Selen
Valid HTML 4.01 Transitional

Sony Xperia XA2 (2020)
More Info

Jim Carter, 2020-02-07

Table of Contents

Bluetooth Testing

Jimc's Suggestions for Saving Battery Power

Master Mode (Tethering) Needs DUN

DUN is the acronym for Dial-Up Networking, a Bluetooth profile (higher level protocol) for making a point-to-point network link between paired Bluetooth peers. Dialing, as in PSTN, is not a required component. Typically one peer is a general purpose portable computer (laptop or cellphone) and the other is some kind of network router or a modem, which in the old days would connect to another remote peer over PSTN by dialing.

A cellphone, like the Pioneer, can make its cellular data uplink available to its peers over Wi-Fi (or Bluetooth); the feature is called tethering or a Wi-Fi Hotspot. But after upgrading from Android-9 Pie to Android-10 Quiche, quite a number of users with various equipment complained that their hotspot feature stopped working. Including jimc. A key symptom on the phone is a small X in the lower right corner of the mobile data bar triangle. This means that data transport is interdicted by something. As seen on the peer (laptop), it connects to the phone, but cannot connect to the Internet. The most likely step to produce an error message is DNS resolution: We're having trouble finding that site…

This forum thread titled After updating to Android 10, Wi-Fi hotspot feature has no internet connectivity (OP Justin Piggott, 2019-04-09 or 2019-09-04, on describes the problem and a working solution. Respondent Rayan Aravinda Jayakody says: Under Modifica Punto di Accesso (Edit Access Point) tab, to APN Type add ",DUN". For him: Tipo APN = default,mms,DUN . This solution is confirmed by a lot of users, at least 10.

Jimc says: the full path is Settings - Network & Internet - Mobile Network - Advanced - Access Point Names - Click on the one that you're already using (for me, T-Mobile US LTE) - you get to Edit Access Point. APN Type (near the bottom) says (for me) default,supl,mms,ia . To fix the problem, add ,DUN. I can't tell if it's case sensitive; I avoided tempting fate. (Update: 'dun' was accepted.) Then put the phone in airplane mode, or otherwise shut off cellular data, and then turn it back on. The X is gone from the mobile data bars, pinging a known IPv4 address gets replies both on the phone and on the client (laptop), and the client can use the Internet normally.

I've found that this setting is volatile: an unknown event can revert it to the default — possibly rebooting the phone.

Jimc has no idea why a Bluetooth profile has anything to do with Wi-Fi, nor why the cellular data access point cares about it, nor why the phone's routing infrastructure takes any notice of the feature codes being passed to the APN.

Wi-Fi in Master Mode (Tethering)

The Wi-Fi driver for the Pioneer can be put into master mode, allowing your pocket computer to act as a Wi-Fi access point. In documentation this is referred to as Wi-Fi Tethering, or as a Wi-Fi Hotspot. Check your cell plan's terms of service carefully to determine if you need to pay extra to do this.

See the previous section about DUN for a prerequisite.

You need to configure it: Settings - Network & Internet - Hotspot & Tethering - WiFi Hotspot. Tell it the SSID (name), access control type (open, WPA PSK, WPA2 PSK, which is recommended), and the pre-shared key (password). It can turn off if unused (make it stay on). Choose the 2.4GHz or 5GHz ISM band. It does not broadcast its SSID so the client doesn't show it when scanning. Configure the same parameters in the client, and it will be able to connect. Nowhere do you specify the channel or the IP range; for me it used 192.168.43.x (RFC 1918). Nor does it ask for the DNS server; presumably it's using the carrier's server, though I have my own recursive DNS server with DNSSEC enabled.

Normally with the Wi-Fi hotspot you want client traffic to exit via the cellphone's mobile data (cellular) connection. But the Pioneer can do master mode with a client at the same time that it's doing managed mode with a nearby Wi-Fi access point. If this is going to cause confusion, e.g. for VPN testing, you need to turn off Wi-Fi in the cellphone. Not all phones can do master and managed mode simultaneously.

It uses IPv4; it doesn't give the client an IPv6 address.

Bad news: at some point at or after the upgrade to LOS-17.1 (Android-10), the hotspot has started misbehaving. The same set of symptoms is seen on a variety of hardware and on various vendors' stock images as well as LOS. Specifically:

As a wild attempt, I activated USB networking, but it didn't help. To turn it on: connect the USB cable from the phone to the laptop, first. Settings - Network & Internet - Hotspot & Tethering - USB Tethering (it's greyed out if no connected client). Turn on. Behavior was the same as for the Wi-Fi hotspot, i.e. no default route.

Tidbit: the Pioneer has two Wi-Fi radios with different MAC addresses (locally administered). The dual radios probably are why it's able to do master and managed mode simultaneously. In the transition to Android-10 it swapped the one used for the default route, with baleful consequences in my firewall and with fixed IP assignments via DHCP.

Removing the SD Card

The unlock procedure wipes the phone. Does that include the SD card? The Sony instructions say it doesn't, but for paranoia I'm going to remove my card. Easier said than done.

Turn off power, hold the phone with the back up, and remove the cover over the slots, to which the SIM tray is attached. It's at an upper corner of the phone on the side opposite the power button. The SIM sits in its tray by gravity, contacts up. Be careful not to drop and lose it.

Various forum postings and help pages give a variety of methods to remove the SD card, obviously describing different models, none of which are the Pioneer.

The SD card is in a tray like the SIM. Scotch tape on the contact side won't hold, and now I see why: behind the outside wall is a void space where you could get traction with a fingernail. Maybe the tape would have grabbed if placed on the other side between the tray and the identifying numbers card, but that's not what I did. No, I tried that later, and couldn't get the tape into the gap.

My fingernail wouldn't reach, and instead I used a micro screwdriver to coax out the tray. But the plastic of the front wall is thin, and the therapeutic index between effective and destructive is small.

How to Do Split Screen

How to Enable Split Screen on Android Pie? by Steve Kelly (2019-06-13). First (so he says) you need to turn on gestures: Settings - System - Gestures - Swipe up on home button (turn on). The result is that the formerly round home button changes to a sausage, and the square history button vanishes. A big swipe upward from the bottom opens the app drawer (as it used to) and a quarter height swipe starting on the home button opens the history list. The author says you have to enable gestures to do split screen, but I'll bet it's optional, assuming your launcher (Trebuchet in LineageOS) gives you a history button. Update: I confirmed that it's optional.

Now for split screen:

How to Turn On the Speakerphone

I haven't noticed this for years: to turn on the speakerphone, make a call, and when it starts dialing and during the call, the screen will include an icon of a speaker. Hit it, to toggle the speakerphone feature on or off.

There's also an icon of a microphone, which is the mute button.

What's In /system/xbin?

Phone Credential Storage

Formerly I never found a way to remove a user or CA certificate, e.g. if expired. Click on Settings - Security & Location - Encryption & Credentials. Turn to User Credentials and click on one of the items. Click on Remove to remove it. Apparently the item is a set including what came out of a PKCS#12 file, in my case a key, the user cert, and one CA cert; I don't know why the intermediate cert is not listed. Is this CA cert sufficient for authenticating a TLS connection to a host whose host cert is signed by that CA, without separately installing the local CA cert? I suspect it isn't.

When Firefox opens a CA certificate or a PKCS#12 file (with a user key, certificate and trust chain), it stores the resulting content in its own trust storage and never uses the system trust storage. To get credentials into system storage, use curl, AndFTP, etc. to download a DER or PKCS#12 file somewhere on your internal flash (or SD card? not tested), then open Settings - Security & Location - Encryption & Credentials - Install From SD Card. Navigate to and select the file you downloaded. Give it a friendly name that's short but that uniquely identifies the subject, and end with the expiration year.

Notes on ADB Backup

Tidbit: adb shell bu help -- command is "backup". Output file is on command line. You can include APKs or omit (default). Also restore, of course.

How to Control Phase Beam

How to control Phase Beam live wallpaper: Settings - System - Developer Options - Running Services - Y.a.PhaseBeam (find and click on the app's line item) - Settings. However, this takes you to a choice of wallpaper selection apps: Wallpapers (icon of mountain), Wallpapers (icon of flower), Live Wallpapers (icon of mountain snowing), Gallery (I suppose the icon is mountainous). The product page on Play Store shows alternate colors, but I haven't found yet how to configure them.

QR Code for Wi-Fi

How to create a QR code with your Wi-Fi SSID and password: Generate the code using QR Code Generator by Ykart. It has a format for Wi-Fi setup. (Include Ykart in the search terms; at least one similarly named app lacks the Wi-Fi data type.) Either save the resulting PNG file on your phone and/or print it out. To use it, an iPhone with iOS 11 can take a photo, and the camera app will recognize the content and feed it to the Wi-Fi settings app. On Android, use a scanner app; the author recommends QR Scanner by Kaspersky, and Barcode Scanner works for me. I've seen a mention that the AOSP camera app can also recognize QR codes and can dispatch the payload according to its mime-type. but it didn't work for me.

How to Steal an APK File

There's a very old game called Lexic from Android-2 that nobody under 60 would be caught dead playing, and that has vanished from the Play Store. It's installed on the old phone and I would like to install it on the new one. See this forum post on StackExchange, OP kBisla (2014-07-02, old). Suggestions: install Android assistant which can do this. Also ES File Explorer. Respondent L.D. James (2014-07-03) gives the most useful suggestions (so says jimc). The key item is:

Setting Up DoT (DNS over TLS)

The VPNs (see the next section) have an issue with DNS which I hope to solve by overriding the DHCP provider's DNS server. However, non-rooted Android since version 9 Pie does this by letting you specify an overriding DoT server. Which therefore has to be able to do DoT. Which I therefore need to set up. The details are off topic, but here is a brief summary:

Tidbit: This blog post by Enno Rey (2015-05-09) about IPv6 Router Advertisement flags and other configuration conflicts has a link to a paper documenting empirical tests of how various (ancient) OS versions react to various IPv6 configuration possibilities.

In a blog post by Joe Nefille (2018-11-13) about DHCPv6 on Android he gives a link to an issue on Google's bug tracker in which a zillion people over many years have asked for DHCPv6 and Google has finally sawed it off with a won't fix judgment.

Setting Up the VPNs

A report on acquiring and setting up the new phone may seem like a strange place to record results of maintenance on CouchNet's VPNs, but whenever I get a new phone it's always traumatic to get it talking to the VPNs, particularly since I've forgotten what I did however many years ago, and this looks like a good and findable place to record the process.

I'm not doing National Security stuff, or the business equivalent, but when I communicate from off-site to home, specifically from the new pocket computer (phone), I often need normal access to the local LAN, while avoiding to offer such access to the global hacking community. I'm also using communication facilities that I cannot audit for security, e.g. at airports, but that I can reasonably expect are infested by or in collusion with hackers, so my communication method needs to protect privacy and integrity (injection of tampered traffic).

CouchNet has a total of four VPNs, as follows:

So what is the current state of the VPNs; are they working?

Client Wi-Fi AP VPN Generic Websvr Gateway Cloud Outcome
Phone Jacinth No VPN IPv4 Claude6 IPv6 IPv4 OK
Phone Jacinth IPSec IPv4 Claude6 IPv6 IPv4 OK
Phone Jacinth OpenVPN IPv4* Claude6* IPv6! IPv4! Bypass*
Phone Jacinth OV 443 IPv4* Claude6* IPv6* IPv4! Bypass*
Phone Cell No VPN DNS Claude6* Claude/4 Claude/6 OK
Phone Cell IPSec DNS# IPv6 DNS# DNS# Wild side DNS
Phone Cell OpenVPN IPv6 IPv6 IPv6 IPv6 OK
Phone Cell OV 443 Claude6 Claude6 Claude6 Claude6 OK
Laptop Jacinth No VPN IPv6 IPv6 IPv6% Claude/6 OK
Laptop Jacinth IPSec IPv6 Claude/6 IPv6$ Claude/4 OK
Laptop Jacinth OpenVPN IPv6* IPv6* IPv6*$ IPv6*
Laptop Jacinth OV 443 IPv6* IPv6* IPv6*$ IPv6*
In this section the phone is on cellular data with no VPN. Unfortunately the test could not be finished because the Wi-Fi Hotspot feature flaked out.
Laptop Phone No VPN TO TO TO TO OK
Laptop Phone IPSec TO TO TO TO No transport
Laptop Phone OpenVPN
Laptop Phone OV 443
In this section the phone is on cellular data, the laptop uses no VPN, but the phone uses the indicated VPN.
Laptop Phone No VPN
Laptop Phone IPSec
Laptop Phone OpenVPN
Laptop Phone OV 443

Overall outcome: No fault is seen in the VPN apps on the phone. But other issues make the outcome less than perfect. Particularly, the problem with the Wi-Fi Hotspot really prevents an important use case. Another problem, that I've had in all previous versions, is that the server's DNS server suggestions are not honored, particularly with IPSec, and to set the DNS server manually requires root access.

Tidbit from The Droid Review (no author, 2015-03-17). This article is a bundle of three tricks for avoiding net restrictions. They don't say the Android version, but per the date, Android-5 Lollipop was then the current version. Their instructions:

Settings - Wi-Fi Options - (long press on network name/SSID) - Modify Network - Advanced. Change IP Settings to Static. Fill in the DNs server's IP in DNS1, and optionally a fallback in DNS2. Hit save. Disconnect from that network and reconnect.

How it works on LOS-17.1 (Android-10) as of 2020-05-14: Settings - Network & Internet - Wi-Fi - hit gear icon - Advanced - Well, it will tell you your DNS server, but doesn't let you change it. Also, this is for Wi-Fi, not cellular data, for which you also may need to override DNS.

Another method: Settings - Network & Internet - Advanced - Private DNS - select Private, enter hostname. You have to do this when you're capable of resolving that hostname to an IP address: suggestion, turn Private DNS off before setting or changing the hostname. Private DNS means DNS over TLS on port 853/tcp, and the correct hostname is required for Server Name Indication; the IP will not do, and Android will reject it. Its main attraction for users is that snoopers cannot tell which hostnames you are trying to connect to.

Otter: Portrait of Selen
Photo Credit