Database Info

[Q] Why there is no uninstall feature in Android?

I have about two weeks experience with Android OS and as a software developer I will be interested to know the technical details behind the Android OS.
I have already noticed this is possible to upgrade applications ported with the handset's ROM i.e. the Market app. This raised the question to me why can't I uninstall applications from the ROM without rooting or risking my handset's warranty to achieve this?
Is my expectation as a user of computers for 20 years unreasonable to think in 2010 with all software development and technological advances the uninstall feature should have been in Android OS from day one?
This is not exactly like Google is the first company in the world developed an OS to just the lack of experience with what users would want. From what I have seen so far in world of Android is that, the first thing users would want to know how to root their handset to remove packages that they have no use for.

My guess is that Google doesn't want users removing Systems apps. I'm assuming that they think that these applications are core and thus don't want you removing them. Remove the market, no more apps... or way to get it back etc.
Applications installed by you can be uninstalled, I'm just thinking it is the same as in windows, you can't uninstall the task manager etc (Bad example but meh =P)

Very simple - to prevent lay users from removing critical components.
Can you imagine the service costs involved in reparing devices that that have been damaged by people trying to remove bloatware?

They still give you the option to restore.

OK DISREGUARD THIS AS I MISSED THE PART ABOUT NEEDING TO ROOT!
They can be removed but its not recommended to do so without know EXACTLY what your removing and weather is vital to your phones operating system.
BUT in order to do so your phone needs root access, and root explorer installed. There are several forums on just about all android support sites that explain how to root, install the manager, and which apps/files NOT to remove.

J_HaX said:
They can be removed but its not recommended to do so without know EXACTLY what your removing and weather is vital to your phones operating system.
BUT in order to do so your phone needs root access, and root explorer installed. There are several forums on just about all android support sites that explain how to root, install the manager, and which apps/files NOT to remove.
Click to expand...
Click to collapse
Ye u can remove almost every stock app but this may affect the stability of your phone, modifying your phone always comes with the option restoring it back to default. If something goes wrong with moding (something really hard and extraordinary rare ) u can restore it. Browsing through Xda might solve many questions, we all didn't wanted stock rom (not because it was bad, because we can have s omething better. This community has VERY VERY good developers.
Androids own!!!

One thing I still don't get is...
How can Google upgrade Market app without the su privilage but the rest of the world has to root their phones to remove bloatware such as 'amazon mp3'?
@ftgg99: How much bloatware in Windows cost Microsoft or PC manufacturers? None in fact they get paid to include them with your hardware. However, I see an issue with mobile devices. You have already paid for the ROM storage, the bigger ROM size is the more expensive your handset would be, then the manufacturer uses your already paid ROM to make even more money by installing bloatware. I would be a fool to think manufacturers would pass on a percentage of the bloatware earnings by reducing the cost of their products to the consumers in this model.
The way I see it, the burden has been put on the communities such as xda. Users wouldn't ask the manufacturers how to root their handsets and this is left to the dedicated individuals to overcome the mess compnies normally leave us with. I'm not going to say the mess is a cost saving measure by companies.

The thing is that there are a lot more people buy and use phones than computers. After someone buys a smart phone with intention to use for calls, text, web and to use some apps, they realize the possibilities of the smart phone, they start digging in to the files, therefore Google blocked the root folder from modifying, otherwise Google would have to repair warrantied phones that didn't have to end up there just because people didn't know or care what they did. But if you got passed ROOTING, you must know what you are doing and from this point you can modify files and apps, but now ROOTING becomes too easy.
Basically just because too many juveniles got their hands on the equipment.

CSharpHeaven said:
One thing I still don't get is...
How can Google upgrade Market app without the su privilage but the rest of the world has to root their phones to remove bloatware such as 'amazon mp3'?
Click to expand...
Click to collapse
I'm also very interested to read the answer for this one!

CSharpHeaven said:
One thing I still don't get is...
How can Google upgrade Market app without the su privilage but the rest of the world has to root their phones to remove bloatware such as 'amazon mp3'?
Click to expand...
Click to collapse
RAMMANN said:
I'm also very interested to read the answer for this one!
Click to expand...
Click to collapse
The answer, from my point of view, is quite simple: they just upgrade the application on /data/app ON TOP of the /system/app default Market version. So, you can always go back to your "default" version just by "uninstalling updates".
Summary: they do not upgrade the Market form ROM, just install the new version on top.

CSharpHeaven said:
I have about two weeks experience with Android OS and as a software developer I will be interested to know the technical details behind the Android OS.
I have already noticed this is possible to upgrade applications ported with the handset's ROM i.e. the Market app. This raised the question to me why can't I uninstall applications from the ROM without rooting or risking my handset's warranty to achieve this?
Is my expectation as a user of computers for 20 years unreasonable to think in 2010 with all software development and technological advances the uninstall feature should have been in Android OS from day one?
This is not exactly like Google is the first company in the world developed an OS to just the lack of experience with what users would want. From what I have seen so far in world of Android is that, the first thing users would want to know how to root their handset to remove packages that they have no use for.
Click to expand...
Click to collapse
Have you tried to work with iPhone(don't know about iPhone 4)? They build fortress around their system and even the apps you install cannot be uninstalled until you gailbrake it and use 3rd party installer to uninstall. And not talking about the "MONOPLY" they run with AT&T.

CM9 will ship with SU disactivated.

This in my honest opinion is a excellent idea. And wish they would of done it along time ago.
Many of you may not give it a second glance, but among all the furor and concern about permissions requested by market apps and privacy, all Custom ROMs (CyanogenMod included) ship with one major security risk — root!
We have been struggling with how to handle this for quite a bit, and took a first step with the first public CyanogenMod 9 alpha builds, by disabling the previously-default root access over USB. You can still get adb root access by running “adb root” in terminal, should you ever need it.
We recently merged 3 patches into CyanogenMod 9, to further address this: http://goo.gl/eCjDV http://goo.gl/oWAFI and http://goo.gl/34vai.
What follows is an explanation of the changes, how they affect you and our reasoning behind them.
What do the patches do?
They disable root selectively and in a configurable way. Users will be able to configure their exposure to root as:
Code:
Disabled
Enabled for ADB only
Enabled for Apps only
Enabled for both
How does this change affect the usage of your device, and root apps you have installed?
On a default CyanogenMod installation, root usage will have to be explicitly enabled by the user. This means that the user is fully aware that any application that uses root may perform actions that could compromise security, stability and data integrity. Once enabled, the process mirrors that of the current process, apps that request root will be flagged by the SuperUser.apk and the user will have to grant selective access.
Why the change?
At CyanogenMod, security has always been one of our primary concerns, however, we were hesitant to make a change that might disrupt the current root ecosystem. With CyanogenMod 9 we have the opportunity to do things better, whether its the code in the OS, UI/UX, or security – we are taking this time to do things with a fresh approach.
Shipping root enabled by default to 1,000,000+ devices was a gaping hole. With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users.
What concerns remain?
Many of you reading this are savvy enough to note a remaining hole in this approach – recovery and unlocked bootloaders. The bootloaders are out of our hands, there is little to nothing we can do on that front.
Regarding recovery – with unlocked bootloaders, a malicious user could just flash a new recovery image (without any potential security we could apply) or just dump the data partition. This however, requires physical access to the device. As such, the security standards for this are highly reliant on you, the device owner. Data encryption is available in ICS to safeguard your data. (Warning for emmc only users – encrypted /data means recovery will be non-functional.)
The onus is on you to secure your device; take care of your possessions, and this risk is minimal. Always make sure you take devices out of your car before you go into the mall and remove them from pockets before washing laundry. Common sense is a basic security tool.
But Why?
We honestly believe there are limited uses for root on CyanogenMod, and none that warrant shipping the OS defaulted to unsecured.
Click to expand...
Click to collapse

Hope it works out for them, I think it's a pretty good idea.
Sent from my HTC Glacier using xda premium

It better be easy to reactivate because last time i checked, you need root to change ur rom
Sent from my HTC Glacier using XDA

THEindian said:
It better be easy to reactivate because last time i checked, you need root to change ur rom
Sent from my HTC Glacier using XDA
Click to expand...
Click to collapse
1) it's a setting in the OS, you either pick ADB only / APP only or / Both
2) you still physically still have root access. You'll still have s-off, and have SuperUser in the /bin or /xbin file system.
3) this just allows people who what Cyanogen Mod on their phone to get it w/o having to worry about security risk of applications running SU access and damaging something.
4) this could/may/will pave the way for OE manufacturers to incorporate a similar feature into their OS shipping from the factories.

i actually find this a good idea for new comers, so that they don't mess up their devices

I'm glad to see this. Needlessly running with root access at all times can be a big security issue.

THEindian said:
It better be easy to reactivate because last time i checked, you need root to change ur rom
Sent from my HTC Glacier using XDA
Click to expand...
Click to collapse
not true, all you need is custom recovery which can be flashed via fastboot, i have s-on with cwm recovery and went from stock rom to ics
edit: + This is a good approach for newcomers

Rooting Sony's e-reader DPT-RP1 and DPT-CP1

Update (5/18/2019)
Since the first tool was released, HappyZ has improved many features so I think I can just refer to
* HappyZ's rooting guide: https://github.com/HappyZ/dpt-tools/wiki/The-Ultimate-Rooting-Guide
- The only thing I want to add as Windows user is (because the guide is for Mac/Linux users) it gets much easier if you use Linux terminal like cygwin, and the port name should be something like COM# where # can be found in Device Manager by comparing before/after you attach the device.
* HappyZ's upgrade guide: https://github.com/HappyZ/dpt-tools/wiki/The-Upgrade-Guide (Recommend to read this before/after you update the new firmware.)
You may donate a cup of coffee to him there Thanks to all others who contributed a lot.
--
Update (12/02/2018) -- These are outdated.
Finally we manage to root the device! Many thanks to all of your efforts.
Just refer to HappyZ's well written guide: https://github.com/HappyZ/dpt-tools
For whom have never used python like me (and probably using Windows):
(1) Install Python 3 and add it to PATH.
(2) Install MINGW64 and run scripts here instead of Powershell due to xxd issue if you are on Windows.
(2) pip httpsig pyserial on bash.
(3) Download HappyZ's dpt-tools and unzip.
(4* this issue is fixed by HappZ)
(5) Follow HappyZ's guide. You should execute dpt-tools.py in the folder you unzipped to use get-su-bin because of how the script is written.
Some suggestions after rooting (let me know if you have better ideas):
Here is my setup: install "E-ink Launcher" and "Multi action home button" using adb install.
Use adb shell am start -a android.intent.action.MAIN to change the main launcher to your launcher.
Then change the setting of Multi Action Home button (say, the height should be large to be visible in the bottom) and assign its function to be Home for click and Back for double-click.
Whenever you want to use Sony's apps (these are good for pdf markup), just push the home button to open the pop-up menu.
Otherwise, touch the Multi Action Home Button to access to other Android apps. So far I've never experience any crash.
Yet more tips:
Some complain fonts are too small after installing generic apps.
adb shell wm density 320 changes your DPI by 2 times (160 is a default value.) EDIT: I found 200 is quite enough that does not distort Sony apps too much.
My application is using "Tasker" to execute the above code when specific apps are open and execute wm density reset when the apps are closed.
The reason why we cannot change the global DPI is sadly because it makes the default apps by Sony so awkward.
Alternatively, I could successfully install Xposed to try App Settings but this app crashed.
You can also install Gboard (but it has no hide button, so prepare with virtual back button) if you need another keyboard.
Enjoy your DPT devices
--
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!

And here you can find source codes.
oss.sony.net/Products/Linux/dp/DPT-RP1.html

sartrism said:
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
Click to expand...
Click to collapse
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE

Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
Click to expand...
Click to collapse
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.

sartrism said:
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
Click to expand...
Click to collapse
Without some kind of way to flash or interface with the device there isn't much you can do.
I have a kindle fire HD that didn't come with a typical android system but does have a typical bootloader. The Amazon OS was removed and now it's full blown android but it required a "second" bootloader. You don't have a bootloader so I'm not sure what your options are with that device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE

Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk

MarkBell said:
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
Click to expand...
Click to collapse
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE

Droidriven said:
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
I tend to read too deeply into everything. It's the way I am. Lol.
Sent from my SM-G928T using Tapatalk

Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...

happy to help with simple things
thisvip said:
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
Click to expand...
Click to collapse
Bus 001 Device 008: ID 054c:0be5 Sony Corp.

It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.

sartrism said:
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
Click to expand...
Click to collapse
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.

I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',

mcplectrum said:
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
Click to expand...
Click to collapse
Hope you get some result from wifi side. I also realized they use the port 8443 but couldn't get further as you.
For whom trying to hack it, here is the link for the already 'hacked' system apps (including the original files) - that of the famous hacked RP1 video. Inside the subfolder S1, there are also the hacked system apps for DPT-S1 just in case.
https://www.dropbox.com/sh/dvtvokdzrgwjc83/AACXOJA-E56nUpUfiWUOzrM3a?dl=0

George Malas said:
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
Click to expand...
Click to collapse
The stock device has no web browser, no sd-card, no usb connection, and no typical system. I think SONY was haunted by some security issues maybe because they thought the major users are lawyers or very important people? lol

Any chance to create a buffer overflow PDF to attack RP1's pdf reader?

I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.

jess91 said:
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
Click to expand...
Click to collapse
If you're interested and supportive of this then go buy one anyway and apply yourself to going forward figuring out how to get it done. Other than that, you're not supportive, you're just hopeful that someone figures it out and then you'll probably go get one.
DO NOT CONTACT ME VIA PM TO RECEIVE HELP, YOU WILL BE IGNORED. KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE

Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.

Paderico said:
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Click to expand...
Click to collapse
Just a little update from my side. I'm currently tryng to recreate the steps @mcplectrum was using. It seems that my RP1 also uses other ports. I tried to wireshark the USB and WiFi connection. By that I saw that often GET /registration/information is called for Host: localhost:58052. Moreover the first call is GET /register/serial_number also on port 5808. This was via USB.
Trying to trigger the /auth/ call via Telnet returns nothing unfortunately. But also the 8080 port is open. Trying to call digitalpaper.local:8443/auth/ returns nothing on firefox.
@mcplectrum: how did you get the client_id and what would one need that for?
I also tried to change the config.DEVBUILD to true but that seemed to change nothing at all.
So to sum up what we know:
The device is using some kind of android structure, the source code seems to use the uboot bootloader, all communication is done by a rest restlet framework. So actually there should be some kind of way to use the restlet framework to PUT or POST the modified files.
The other option would be directly flash the eMMC right? I would take the risk and just load it on my device and see what happens. Any hints on how to do that?

I WANT TO KNOW NOKIA PHONES ARE SPY HARDWARE!!!

Nokia claims that the phones made by this company contain pure Android software but:
Nokia answers what are dozens of unknown software for?
com.trustsonic.teeservive
smart-divert
com.qti.xdivert
face
com.wos.face.service
sensory
com.sensory.datalogging.dataloggingService
All of these files are systematic
They have access to the phone and cannot be deleted...

ultra2000 said:
Nokia claims that the phones made by this company contain pure Android software but:
Nokia answers what are dozens of unknown software for?
com.trustsonic.teeservive
smart-divert
com.qti.xdivert
face
com.wos.face.service
sensory
com.sensory.datalogging.dataloggingService
All of these files are systematic
They have access to the phone and cannot be deleted...
Click to expand...
Click to collapse
A lot of phones do contain tracker.
If you don't want that, you need to root your device and remove those apps or you have to flash a custom rom.
Even though a company ships with "pure" Android, they do customize it in regard of looks, feels, features...
For that, they also have to install their apps.
If you want to check how many (and which) permissions those apps can request (android os by far doesn't show them all) and possibly use, you could check it with ClassyShark3xodus which is an offline Android app. With that very same app you can also check for trackers that the app may have.
Playstore for example has 228 permissions if I remember right.
Btw.: Hardware and software isn't the same. Hardware is the thing you can actually touch, software is the thing that you cannot touch.

I don't trust any phone from China...
A batch of Nokia phones were inadvertently communicating with a Chinese server
A piece of software in the phone was intended for devices in the Chinese market. On Thursday, major news firm of Norway, NRK reported about an issue where...
m.gsmarena.com

User699 said:
A lot of phones do contain tracker.
If you don't want that, you need to root your device and remove those apps or you have to flash a custom rom.
Even though a company ships with "pure" Android, they do customize it in regard of looks, feels, features...
For that, they also have to install their apps.
If you want to check how many (and which) permissions those apps can request (android os by far doesn't show them all) and possibly use, you could check it with ClassyShark3xodus which is an offline Android app. With that very same app you can also check for trackers that the app may have.
Playstore for example has 228 permissions if I remember right.
Btw.: Hardware and software isn't the same. Hardware is the thing you can actually touch, software is the thing that you cannot touc
Click to expand...
Click to collapse
thank you so much

ultra2000 said:
thank you so much
Click to expand...
Click to collapse
Your welcome!

Why you shouldn't install banking apps on rooted phones

The latest type of hack, something I always thought was not possible, is to infect someone's phone with a mere phone call. You can read about it here.
There are very good reasons why banking apps refuse to work on phones with an unlocked bootloader. Installing random tools/ mods from unknown developers (XDA is no exception) to bypass built-in security to make them work is a very bad idea.
If you absolutely must root your main device (although I don't see too many benefits of rooting in 2023), it is advisable that you buy a 2nd phone and use that for your banking (or anything to do with money and other important things) needs. Even a super budget Android phone, COMPLETELY STOCK, will be fine.
Here's an analogy:
It is very important to follow speed limits on roads. The limits have a scientific basis and anyone who follows it will mostly be able to avoid a fatal accident. Just because accidents won't necessarily happen if the speed limit is breached, doesn't mean it is a safe thing to do.
The single biggest reason responsible for 99% of fatal accidents is overspeeding! If speed was under control, it is very highly likely that there won't be fatalities.

Applies to some Exynos models only. Details are vague. Banking, shopping and social media apps should never be installed anyway. You are what you load...

blackhawk said:
Applies to some Exynos models only. Details are vague. Banking, shopping and social media apps should never be installed anyway. You are what you load...
Click to expand...
Click to collapse
That is only in this case. Snapdragon models are not immune.

TheMystic said:
That is only in this case. Snapdragon models are not immune.
Click to expand...
Click to collapse
Documentation please...

Even if you were to post and reply about it daily in threads, there would still be similar questions about non-working apps with root or unlocked bootloader.
It's sad.

blackhawk said:
Documentation please...
Click to expand...
Click to collapse
Documentation in support of what? That Snapdragon phones are not immune? Are you implying Snapdragon phones are immune?
I'm not talking about this particular vulnerability specifically.

TheMystic said:
I'm not talking about this particular vulnerability specifically.
Click to expand...
Click to collapse
Exactly my point. This isn't a Snap vulnerability at all. Not all unpatched Exynos are vulnerable to it either.
There are multiple workarounds for most vulnerabilities for Android 9. Last time this phone was updated was 11/2019. It's current load will be 3yo in June. Zero malware so far.
Upgrades would've caused me far more lost time and inconvenience than any malware could even if the load only lasted 1 year or less.
The newest firmware isn't immune and may bring new huge vulnerabilities with it. Not doing stupid things is the best protection there is; most victims inadvertently install the malware themselves.

blackhawk said:
This isn't a Snap vulnerability at all.
Click to expand...
Click to collapse
This post isn't about this vulnerability either. It was referenced just as an example of zero day vulnerabilities that any connected tech can be a victim to.
blackhawk said:
Not doing stupid things is the best protection there is
Click to expand...
Click to collapse
Receiving a phone call isn't stupid in any way. Something like this shows that the tech we use everyday isn't as safe as we assume it to be

TheMystic said:
This post isn't about this vulnerability either. It was referenced just as an example of zero day vulnerabilities that any connected tech can be a victim to.
Click to expand...
Click to collapse
No shopping, banking, social media apps mean none multi vector vulnerabilities they bring. None of these apps are needed.
TheMystic said:
Receiving a phone call isn't stupid in any way. Something like this shows that the tech we use everyday isn't as safe as we assume it to be
Click to expand...
Click to collapse
It's a very hardware specific vulnerability. Data bandwidth over the VoLTE is limited. Just hang up. Block unknown numbers, which you should be doing anyway. Delete unknown or untrusted texts without opening.
Google is more hype than fact... wholesale purveyors of disinformation and lying by omission. It's rampant.

blackhawk said:
Block unknown numbers, which you should be doing anyway. Delete unknown or untrusted texts without opening.
Click to expand...
Click to collapse
Not a practical suggestion for most users.

TheMystic said:
Not a practical suggestion for most users.
Click to expand...
Click to collapse
That means numbers with no attached caller ID are blocked...
I'm more tolerant to play with spam in Gmail but not with texts. They are at a much higher risk level.

blackhawk said:
That means numbers with no attached caller ID are blocked...
Click to expand...
Click to collapse
I'm not sure what you mean here. Does your SIM provider have any caller ID service? Mine doesn't. I don't use Google Dialer and certainly not Truecaller, which I consider a spyware.
I do receive lots of calls from unknown numbers, and though many of them are useless marketing calls, some are indeed useful. So I block numbers after attending calls when I know I don't want to hear from them again.

TheMystic said:
I'm not sure what you mean here. Does your SIM provider have any caller ID service? Mine doesn't. I don't use Google Dialer and certainly not Truecaller, which I consider a spyware.
I do receive lots of calls from unknown numbers, and though many of them are useless marketing calls, some are indeed useful. So I block numbers after attending calls when I know I don't want to hear from them again.
Click to expand...
Click to collapse
Unless the caller blocks their caller ID I can see their number. If they block caller ID they are automatically blocked; the call is registered in call history but it doesn't ring.
More over if they phlish a number and get through they generally regret it. I rather enjoy that. Sometimes I take spam calls for sport.
Been doing that for decades

blackhawk said:
Unless the caller blocks their caller ID I can see their number. If they block caller ID they are automatically blocked;
Click to expand...
Click to collapse
You mean calls where we see 'Unknown number' on screen? I think that is a thing of the past now. Today, tech allows such scammers to make internet calls that show up as real numbers (which actually don't exist) complete with country code and city code. And the same tech also allows them to call from different number each time.

TheMystic said:
You mean calls where we see 'Unknown number' on screen? I think that is a thing of the past now. Today, tech allows such scammers to make internet calls that show up as real numbers (which actually don't exist) complete with country code and city code. And the same tech also allows them to call from different number each time.
Click to expand...
Click to collapse
I covered that. Excepting unknown callers is unacceptable today.

blackhawk said:
I covered that. Excepting unknown callers is unacceptable today.
Click to expand...
Click to collapse
That's true. I haven't received a call like that for a very long time now. May be 5 years or more.

TheMystic said:
There are very good reasons why banking apps refuse to work on phones with an unlocked bootloader.
Click to expand...
Click to collapse
My banking app needs minSdkVersion={R.0x18} or let's say min. Android 7. When using an older device with Android 7 for my banking app, would it be unsecure to unlock my bootloader to install a more secure firmware?

WoKoschekk said:
My banking app needs minSdkVersion={R.0x18} or let's say min. Android 7. When using an older device with Android 7 for my banking app, would it be unsecure to unlock my bootloader to install a more secure firmware?
Click to expand...
Click to collapse
Just login online instead using Brave.

blackhawk said:
Just login online instead using Brave.
Click to expand...
Click to collapse
And my TAN app?
An unlocked bootloader isn't unsecure at all. An attacker has got no benefits regarding banking apps on an unlocked or rooted device. Sensitive app data is stored encrypted by the app itself and even root access wouldn't help to read it. Transactions need a TAN that is only valid for the current transaction and only for a very limited time. You can't generate TANs for future transactions.
However, an attacker cannot gain access to your device via an unlocked bootloader. He gains access via an unpatched vulnerability.
Regarding the day-0-exploits: This is almost in every case a very, very theoretical construct and not executable in real life. All patches since 2015 are documented very detailed. You can download the patched and also the unpatched source code for this. It's like a instruction that tells you how to do it. But it seems that no one is able to implement it. Since 8 years Google releases every month new patches for new vulnerabilities. There are hundreds of it but they have never been used.

WoKoschekk said:
My banking app needs minSdkVersion={R.0x18} or let's say min. Android 7. When using an older device with Android 7 for my banking app, would it be unsecure to unlock my bootloader to install a more secure firmware?
Click to expand...
Click to collapse
What do you mean by 'a more secure firmware'? The most secure firmware is what your OEM released for your device. If your device is old and is no longer updated by the OEM, it can still be used safely as long as you keep everything stock and don't install random apps.
WoKoschekk said:
an attacker cannot gain access to your device via an unlocked bootloader. He gains access via an unpatched vulnerability.
Click to expand...
Click to collapse
A device with an unlocked bootloader makes it more vulnerable, and therefore more easily compromised by bad actors.
There should be reasons why banking apps don't want to work on an unlocked device, isn't it? Those apps are developed by professionals who know much more than most of us do. It is better to be safe than sorry.
WoKoschekk said:
There are hundreds of it but they have never been used.
Click to expand...
Click to collapse
Which means we shouldn't take things for granted. And definitely not increase the vulnerabilities even more by breaking the built-in defenses ourselves.