Otter: Portrait of Selen
Valid HTML 4.01 Transitional

Sony Xperia XA2 (2020)

Jim Carter, 2020-02-07

Table of Contents

When the New Phone is Received

The old phone's hostname is selen. The new phone will have the hostname orion until it's set up and reasonably operational, whereupon Selen will be renamed to Selen-S5 and Orion will be renamed to Selen. The IP addresses follow the names; the MAC address stays with the chassis. I've paid for one phone line, and the micro-SIM is in Selen. When I do the changeover I will need to get a nano-SIM for the new phone. And to make sure that the phone number isn't randomized. This will take a trip to the brick and mortar store. For reference:

There are hints in the documentation about dual SIM operation on some models. To find out, dial the phone, give it the number *#06# and it will show the IMEI(s), one per SIM slot. Too bad, I have only one slot. And if it were dual, both would be nano size. The second SIM goes in the SD card slot (despite different sizes), so you can't have both at the same time.

What's in the box:

First steps:

Setting Up the Stock OS

Going through the steps in Sony's Startup Guide:

Battery Tests

Five years ago I did a battery test on the Galaxy S5 like this:

When new, the Galaxy S5 would run this for 151 minutes, taking the battery from 100% to 4%. Test conditions: executing in a local terminal, no other active tasks, Wi-Fi and cell were enabled. Dropbear and a remote shell session existed but were doing nothing, screen was about 50% bright with a dark background, battery started fully charged to 100%. Here is the battery use history, interpolating for the time (in minutes) at each percentage. Cap'y is the run time as a ratio to the Galaxy S5 when new. Run time is the relevant functional measure, but the Pioneer has more nominal battery capacity (3.3 amp-hours at 3.15V) than the Galaxy S5, and its 8 core processor is supposed to use less energy for a standard app-like task, whereas this test procedure doubles the number of cores doing sums, cutting in half the run time. And the time to completion of the same file on one core of the two devices is going to be different but is not measured.

%Charge Galaxy S5 2015 Galaxy S5 2020 Xperia X2 2020
100% 0 0 0 4.35V
90% 18 6 34 4.13V
80% 35 16 61 4.01V
70% 53 28 86 3.90V
60% 70 41 109 3.82V
50% 88 53 134 3.75V
40% 106 67 159 3.75V
30% 120 78 181 3.64V
20% 135 86 203 3.63V
10% 147 94 226 3.62V
Killed 151 (4%) 97 (5%) 277 (1%) 3.37V
Cap'y 1.00 0.64 1.83

Recharging the Pioneer's battery using the provided 1.5A charger: similarly times are in minutes, interpolated to even percentages. On both the provided charger and my smart charger both devices announce that they are charging slowly, implying that high voltage on the power bus has not been negotiated. The charge time (0 to 80%) could be speeded up substantially if that were done, i.e. with a USB cable with type C connectors on both ends (and a charger with such a connector), vs. the provided cable with type C on the phone end and type A at the charger.

%Charge Xperia X2 2020
15 0
20 8
30 21
40 32
50 41
60 53
70 65
80 84
90 113
100 160

Backing Up the Trim Area

There's an issue which for me is spiralling out of control: what to do about the Trim Area or TA partition. It contains your DRM keys for licensed preinstalled Sony content, plus other items like the IMEI and the Wi-Fi and Bluetooth MAC addresses, that are not license related.

Struggles With Unlocking the Bootloader

(Numbers refer to steps in LineageOS' howto for unlocking the bootloader. The next section, Installing CyanogenMod, has preliminary steps that should be done first; then keep in mind the lessons learned in this section when you unlock.)

Installing CyanogenMod (LineageOS)

Procedure for installing CyanogenMod (LineageOS), from LineageOS product page for Sony Xperia XA2 and the linked-to installation guide.

How the Installation Step Worked Out

LineageOS Initial Setup

At this point I shut down the phone and reinserted the SD card. I tried to use sticky tape again to re-extract it but could not get it underneath the tray.

Installing Magisk and Procedure Confirmation

Help with Installing Lineage on Xperia XA2, OP davidovski on Reddit (about 2019-03-xx). He describes the procedure he followed, which to jimc seems to not agree with LineageOS instructions. He gets a public key verification error on (I'm pretty sure) the LineageOS zip file. shamanonymous replies: You definitely don't need to install TWRP permanently. The XA2 uses the new A/B system image method, so there is no recovery partition… I only needed TWRP for reinstalling root, but now Magisk is also A/B aware, so I just have to run it after the Lineage OTA.

He continues with a summary of the install process (with extra notes from jimc):

He continues with how to handle a Lineage update. It will write the new image to the other (A/B) set of partitions. If botched it will say so and exit. If OK it will change that partition to be active. Before you reboot, start the Magisk Manager app and click Install - On The Other Partition. Do this, then reboot. Lineage OTA updates work just fine in this configuration.

thinkofdoc responds: LuK1337 is the primary developer for this build. He advises against installing TWRP, and provides a link to a custom TWRP image that works better with the XA2 image. (jimc says: looks like the reported issue is very minor and in 2020 it will be long forgotten.)

Respondent moroi (2018-08-14 on XDA-Developers) (this is post 311, last on page 31 of this very long thread). He tells why you mustn't boot LineageOS before installing Google Apps: on an A/B system, TWRP installs the LOS zip into the inactive partition, then (on success) marks it active. But it installs Google Apps in the active partition. So after installing LOS you have to reboot back into TWRP, not into LineageOS. This seems a little strange to jimc. My speculation (without objective evidence): TWRP installs everything to the inactive A/B set of partitions. On success with LOS it swaps the active/inactive markings. But the partition isn't really active until you reboot, so if you install something else (Google Apps), it will again go in the currently inactive partition where LOS was just installed, which is what you want. Whereas if you rebooted into LOS (without Google Apps), then got back into TWRP and installed Google Apps, it would go into the then-prevailing inactive partition, where LOS isn't.

Running Magisk Manager to set up Magisk:

Update: The following hodge-podge of forum posts documents unsuccessful attempts to get the phone to pass ctsProfile. Suggestion, pick up at Google Pay on Rooted Phone. A lot of the forum posts linked here refer to how to take an image that Google won't certify, and make it look like one that can be. But I had no problem registering this LOS image with Google.

[FIX] SafetyNet Failed: CTS Profile Mismatch Errors — Full Guide! by Arvind Rana on DroidHolic (2020-03-05). CTS means Compatibility Test Suite. Among quite a lot of other items to check/fix, he says USB Debugging (in Settings - System - Developer Options) is a red flag for CTS. For me, turning it off did not solve the problem.

Cant find Enable Busybox in Magisk settings and ctsProfile not succesfull, OP rolferikalfheim on XDA-Developers (2017-09-14). He has my symptom, no Busybox option in Magisk Manager, and ctsProfile test fails. Digeridoohan (moderator) replies, that setting has been absent for some time. Use the Busybox module in the Downloads section of Magisk Manager.

Magisk and MagiskHide Guide - SafetyNet maintained by didgeridoohan. One issue: check in Play Store settings (at the bottom) for Play Protect certification: Device is not certified. The linked page gives some fixes. Basically, make sure you can pass SafetyNet. Jigger some props to match a known certified kernel/system. Clear data for Play Store. Reboot. The main symptom of this failed certification is that certain apps won't appear, or will appear but won't be installable. Netflix is the one most often complained about. I did this but still can't pass ctsProfile. The item for Play Protect Certification has disappeared, and the Netflix product page can be displayed. (I didn't try to install it; I didn't try to see it before improving my compliance level.)

Following instructions in the above wiki and various forum posts, I disabled Magisk Hide, rebooted, tested SafetyNet (ctsProfile false, basicIntegrity true), enabled it again, rebooted, and tested SafetyNet again. Still ctsProfile false.

LineageOS is supposed to be certified by Google. But from time to time updated versions fail to be certified. Basically, install the Magisk modules for Busybox (prereqisite) and MagiskHide Props Config. Guess which device to emulate. That got him past SafetyNet, except for one game. He had forgotten to spoof the name of MagiskManager; doing that brought that game to life.

After clearing data for Play Store and rebooting, I configured settings again, then selected My Apps and Games. It showed a panel saying Install apps you've used before. It found 10 apps: apps from the Sony stock image (that I never opened) like PlayStation App, three that I had on the old phone, and one that I actually installed on the Sony stock image. Selectively installing them on the Pioneer.

I found out a better way to install previous apps: Play Store web URL, likely you can click to install, on the phone. It has most of them, including some that I must have had at one time but then uninstalled.

In MagiskManager I installed Busybox by osm0sis (prerequisite) and MagiskHide Props Config by didgeridoohan. Reboot afterward. Following instructions: start a terminal (LOS has one, unless you suppressed it in initial setup), command props and grant root access, choice 3 to enable better hiding (and reboot if it prompts), then choice 1, and then 'f', and pick your fake OS.

Setting Up LineageOS Settings and Apps

Now I have LineageOS running on the phone, with Magisk. Here's a journal of what I did to set it up.

Launcher Icon Layout

The app launcher (Trebuchet) has an unlimited number of pages. It wants to open on the leftmost of them, whereas formerly I used the middle of three as my home page. For launcher settings, long press in the background and a menu will open with items for settings, widgets and wallpapers. I haven't found a setting to tamper with the home page. Here are my settings; * indicates other than the default.

My icon layout. Many apps are reached only from the app drawer. I'm going to duplicate what's on the old phone (Samsung Galaxy S5) as much as possible but exchanging pages 0 and -1.

— Dock (using 3 of 5 slots) —
Camera Firefox Phone
— Page 0 (Home) —
Amazon Kindle Barcode Scanner Tasks Xabber
Smart Time Sync RealCalc Calendar Messaging
Kitchen Timer Jog Tracker Contacts
DigiClock Jota Editor Maps Bible App
(Vacant) KeePassDroid
— Page 1 (Technical and Games) —
StrongSwan OpenVPN And. DNS Forwarder H.E. Net Tools
(vacant) SimpleSSHD WiFi Analyzer JuiceSSH
(vacant) (vacant) Sensors GPS Status
Settings Total Commander ownCloud Gallery
Andoku-3 Sudokyuu Solitaire Coll.
— Page 2 (Misc) —
Ring Domoticz Thermostat Google App
Voicemail Whole Foods MyChart Google Pay
Sky Map Earth DaFit Play Store

Miscellaneous settings: Sounds. In LOS-17.1 based on Android-10 Quiche, they have a ton of new sounds. When you set a sound you can complete action using Sounds (i.e. the new sounds) or Media Storage (the old sounds). Find the settings in Settings - Sound - Advanced - Phone ringtone, with the notification and alarm sounds just after. You can also set the ringtone from the phone app (Settings in dotdotdot menu).

How to disable battery optimization: This is needed by apps that run in the background and have time sensitive activities, specifically Kitchen Timer and Shake Alert LA, To set: Settings - Apps & Notifications - Advanced - Special App Access - Battery Optimization - (change from Not Optimized to All Apps) - select app - Don't Optimize.

Google Pay on Rooted Phone

On this phone I would very much like to use Google Pay, a digital payment app which has different security exposures than the traditional use of a physical credit card with a static and stealable account number. (Apple Pay pioneered getting merchants to install the software and a NFC reader, but Google Pay and possibly others can use the same protocol even if the reader is Apple branded.) The digital payment protocol uses a one-time code so the thief cannot steal the transaction record off the wire and use it for a nefarious transaction, a notorious vulnerability, but the credit card's number resides in the phone, where malware could steal it if able to subvert very difficult security involving SELinux. Obviously a rooted phone is a serious threat to this security model, and Google Pay will clam up if it detects root capability. The system service that handles root checking is called SafetyNet.

Therefore if you want root, it has to be stealthy. Of course the easiest solution is to not root your phone. So what do I use root for?

How to Use Google Pay on Rooted Android Phones by Rohail Khan (2018-07-18). Use Magisk root. Configure Magisk to use BusyBox, Magisk Hide, and Systemless Host. Enable Magisk Core Only (and reboot). Look for the SafetyNet lack-of-root report. It should pass, and both Google Pay and rooted apps should work. Jimc's note: I think turning on Core Only would preclude spoofing the OS type, if that's needed to pass the ctsProfile check.

Google Pay no longer worked, OP henban89 (2019-03-03). It turns out that an updated version of Google Pay was aware of Magisk. A respondent gives instructions to revert to a back version and prevent it from being updated.

Google Play Certification: What it is, and how it affects you by JavelinAndArt (2018-04-09). This is what SafetyNet checks. You need to register your Google Services Framework. If you aren't passing SafetyNet, you will be prevented from downloading some apps, and others like Google Pay will not work at all. See also SafetyNet: What it is, and how it affects you by JavelinAndArt (2017-06-05).

Working: Magisk with Google Pay as of gms 17.1.22 on Pie OP BostonDan (2019-05-14). He gives a credible looking procedure for getting around the security check.

Before I try to make Google Pay work, I need to install Magisk Manager, try the SafetyNet check, and get it so it passes SafetyNet. (And don't forget to obfuscate the name of the MagiskManager app, which some programs check for explicitly.) On the first installation attempt, I ended up with a failure in ctsProfile, a server-side test; basicIntegrity (client side) passed. Forum posts about troubleshooting this invariably say, wipe your phone, reinstall the OS, and step by step, check if you're passing SafetyNet. The point at which it starts failing gives a clue what intervention may fix it.

Repeating installation up to the point of activating Magisk.

Now to see if Google Pay will actually function. Since there's an unconfigured instance of Google Pay in my backup, I'll restore state first. I'm using Backup Your Mobile By Artur Jaszczyk. Re-installing this app. There's also an active instance of Magisk Manager. The current instance is called MgkMgr; the backed-up one is … It restored 0 application data, 1 Wi-Fi password, 48 system settings, and the app list. Please restart device. It should have restored application data; I don't know why it didn't. Play Store did not seem to know which apps it was supposed to reinstall. Neither did it restore the icon load of my home screen. In Settings - Apps - See All Apps - (name of app) - Permissions - turn them all on; in the dotdotdot menu there's one item for all permissions. Restore again. This time it went much faster probably because the target data didn't need to be changed. Not much improvement. I think this has failed. Next time around I'll try ADB backup.

Installing Google Pay. With Magisk core only mode on or off, and with the Google Services Framework ID registered, it passes SafetyNet. But Google Pay still says This phone can't be used to pay in stores. This may be because it is rooted… Turned on Google Pay in the Magisk Hide list, joining Google Play Services. Didn't help (but I left it on). Turned on Google Play Services. And rebooted. Didn't help (but I left it on).

Google Pay Magisk Discussion Thread, moderated by Didgeridoohan, response #5 by JarlPenguin (2019-03-03). Discussing similar symptoms seen last year, an update to Google Play Services caused it. Wait for a version of Magisk that it can't resist. Temperorarily revert to the previous version by using the procedure shown.

How to get GPay to work on rooted Xiaomi Mi9 by smohanv (2019-09-24). He links to a Magisk module and lists the operations that it does if you want to do it by hand. Basically, lie about whether (something) has been attested, and change the mode to 440 so your fix can't be reverted. See response #11 by 73sydney and follow the links there, if downloading the module.

Conclusion: I need to just be patient. The procedure for reverting to a prior version requires a prior version to revert to, which I don't have. Once I have a working version (of Magisk, Google Play Services, and Google Pay), I'll save them so I can revert if needed.

Otter: Portrait of Selen
Photo Credit