Found this thread created recently on another website. I thought you guys might be interested in reading the content.
Github page: https://github.com/julKali/nokia8-evenwell
Here are some of the most interesting comments:
mattlondon 2 days ago [-]
So I have spent some initial time looking at this.
com.evenwell.autoregistration.Caivs has some worrying looking stuff.
There is a website here with the username and password in cleartext in the jars: https://www.c2dms.com Nothing visible/doable once logged in from what I could see.
It also appears to be collecting fine-grained location data, e.g. this is the output from logcat (I have obfuscated my own GPS coords here, but they are 6 digits of accuracy)
Code:
2019-03-30 19:38:21.406 15139-15159/? D/[CAIVS] LocationFinder: LocationUpdated: 3.location:Location[gps 51.xxxxxx,-0.xxxxxx hAcc=39 et=+1d19h59m28s923ms alt=102.50201416015625 vel=3.09 bear=14.3 vAcc=24 sAcc=3 bAcc=10 {Bundle[mParcelledData.dataSize=96]}]
2019-03-30 19:38:21.406 15139-15159/? D/[CAIVS] LocationFinder: updateLocation: gps accuracy:38.592003
2019-03-30 19:38:21.406 15139-15159/? D/[CAIVS] LocationFinder: updateLocation: is in accuracy :1000
com.evenwell.autoregistration.Utils.RegisterManager seems to be doing some scheduled checks and doing something with this collected data in the first 24 hours, then phased at 15 and 90 days. It is not clear what is happening having only done an initial scan over this.
It does look like they are doing some checking to see if the device is a Nokia device and selectively doing or not doing location-based stuff based on that, e.g. from com.evenwell.autoregistration.Utils.GetInfo
Code:
2019-03-30 20:09:25.108 16558-16577/? D/[CAIVS] GetInfo: getCellLocation: in black list
Further investigation probably warranted. This looks a bit suspect and might only send data on specific days (and would explain why I did not notice anything outbound over my 4 day period of checking before).
Click to expand...
Click to collapse
I found this in English: https://web.archive.org/web/20081027134825/http://www.cseed....
Quote: "CAIVS notifies our system when the handset is purchased. Data includes the date, time, and location that a SIM card is first inserted into the handset, the inserted SIM card's telecom operator, the handset's operating system, the handset model and phone number, and even the time when it is first turned on. "
WTF.
It is not clear at the moment if there is a blacklist on the MCC code going on in com.evenwell.autoregistration.Util.XMLHelper that reads from /product/etc/AutoRegConfig.xml is this line:
Code:
<NOKIA>
<REJECTMCCLIST>232,206,284,219,280,230,238,248,244,208,262,202,216,274,510,272,222,247,295,228,246,270,278,204,242,260,268,226,231,293,655,214,240,228,234,235,520</REJECTMCCLIST>
</NOKIA>
These are - I think - the Mobile Country Codes (https://en.wikipedia.org/wiki/Mobile_country_code) it gets from the cellsite. This list is basically the EU + South Africa, Thailand and Indonesia. Don't know what things are like in SA, Thailand or Indonesia but in the EU this sort of thing would not be acceptable. Looks also like there is a hard-coded short-circuit in getLocation() in com.evenwell.autoregistration.Util.GetInfo to always return no location lat-longs which appears to trigger another shortcut in RegisterManager that shortcuts out to the "Caivs not in registration phase" log output which returns without triggering the sendToServer() calls on other code paths.
I am not convinced that this will never send location back, but looks like it might have been updated with to prevent phoning home in those countries in the MCC list (and maybe by hard-coded shortcuts the actual code). This would meet with what was said with there recent phoning home response from Nokia - i.e. (https://translate.google.com/translate?u=https://nrkbeta.no/...)
Click to expand...
Click to collapse
As foobarbazetc noted, the listed packages have been specifically developed for Nokia (HMD). And although many only actually send telemetry on Nokia phones that have been sold in China, there is still quite a lot of data at stake that can be used to track the device when combined with data from other sources.
I wanted to share my findings to create the awareness that the mechanisms are there and it only takes a little misconfiguration (see https://arstechnica.com/gadgets/2019/03/hmd-admits-the-nokia...) and all this goes straight to the Chinese authorities.
Click to expand...
Click to collapse
full thread: https://news.ycombinator.com/item?id=19530670
This is why I feel like a custom rom for this phone is long overdue so we can use our phones free of concerning bloatware and privacy issues.
Related
Hello all
I've been reading this forum for some months now and i like the windows'es and informations i've found here on my Hermes device
But now i have some questions on using the often integrated tool field test.
I've found out that with the IMSI-catcher (german wikipedia as one of the sources), that are more and more often used semi-legal by the police(here in europe there are a lot of 'GA-90' devices sold to the police and other institutions), it is possible to listen to phone calls(man in the middle attack), by just 'emulating' the strongest phone-cell in the area, to which the device connects instead of connecting to the provider's cell.
I also read that it would be possible to find out if there was an imsi-catcher device active in the area near you or not. The only thing needed is a special monitor software (field test?) that observes the MNC(Mobile Network Codes) behavior(appearently you need 2 handy's from the same provider with the monitoring software running).
But they didn't explain exactly on which behavior you should pay attention.
Since I could use 2 windows mobile devices to test this out, I am searching for more detailled information on this subject, and the first place that came in my mind was xda-developers
I allready did search this forum for the subject imsi catcher, and the only thing I've found is this.
google result
so one person who tries to change hies imei number, and another one who doesn't seem to know exactly what an imsi catcher can do.
Is here anyone who knows more?
I know that where I live, there are pple who make abuse with IMSI-catchers(catching calls without the permission from a judge or similar, or even one time someone listening to his girlfriends phone calls to see if she's cheating(and she did and that was the reason he left her))And yes this one was a young policeman who told that to his friends and even was proud of it.
I also dislike the fact that the handy, instead of the encrypted one with the provider's cell, has an non encrypted connection to the imsi catcher(if not there would be no possibility for a listening man in the middle attack).
I also read about the cellphones from http://www.cryptophone.de/
Appearently they do allways have encrypted conversations even through an Imsi-catcher. But if that would be true, the other side will need the same handy to decrypt it again. Because it has to encrypt, the allready encrypted data traffic with the provider's cell, if not it can't allow any protection against IMSI -Catcher devices. I also ask myself if, depending on where u want to use it, the 2nd encryption could produce a to huge phone traffic that could result p.ex. in a robot voice...
Anyone who could light me up?
Or is there any software able of reencrypting the encrypted transfer on windows mobile devices?technically it should be possible(2nd phone dialer installed so you choose the normal one for normal calls and 2nd one for calls with pple who also have this software installed on their phones)perhaps not with an 256 bit encryption but perhaps with a 128 or 64 bit encryption...
BTW, if there would be anyone able to programm such a hot piece of software for windows mobile devices I wouldn't have any problem to donate him with paypal, and i suppose other pple would do the sameAnd no I don't wanna replace that by Voip or skype via HTC...
Thanks in advance
Patrick
So no one who knows more about this?
I would be very happy if i could at least test if they're really used that often as they say they are(where i live).
And since i could try it in different major 'cities' over here, i suppose catching a imsi catcher soon or later
I'm quite curios if all the pple, telling that there is a lot of abuse with these machines, are right, or if that's all nonsens...
It would be nice if a warning icon could be integrated into Windows Mobile or the dialer to indicate that a call is not being encrypted. Read the Wikipedia entry for IMSI-catcher for more info. I'm guessing CDMA is largely unaffected since the hole seems to rely on the UMTS spec's backward-compatibility with GSM.
I'd also like to note that Skype is the way to go for true endpoint to endpoint call encryption. You know, if you're a gangster or something and need to brush off the popos. It would be interesting to investigate whether the WM6 integrated VOIP stack requires authentication/encryption.
Hi! Let me introduce a tiny app, available in English in the moment.
This program shows a small info window during incoming/outgoing call. It contents country, region, city (or mobile operator) and LOCAL TIME in that place (worldwide)!
See latest comments and screenshots on cyrket (I'm not allowed to insert links)
Detailed popup customization is supported
The phone base I collected and created (many errors there were fixed by hands) was only available in Russian, but today I released English base, made with help of Google Translate
I know, such translation is buggy (but still much better I expected). I hope you'll help me and other users to have a complete and accurate information about calls - just email me right from the program menu about any issues or comment here.
World time also changes (for example, Russia lost two time zones this March) and if you find any error - post here or email me
You don't need to download phone base. You may download its latest version from the app, but if you want to do it manually, unpack the zip to the sdcard's root
How accurate does it get? I don't get many international calls, but might be useful to know where a landline call from within the UK is coming from?
What happens with mobile calls from with the UK? I assume no detail at all then?
it covers both landline and mobile network all over the world, where it is possible to distinguish between numbers by area codes. just try =) there are more than 25000 records in the base
Sent from my T-Mobile G1 using the XDA mobile application powered by Tapatalk
Hi. How do you set this up?
I have placed my Country Code (00351) and set GMT to +1 and when I call from my desk to my phone, it says it's a call from India ...
afaik, country code cant starts with zeros. Please, provide full number (you may hide last four digits) and right country for you I'll check and write settings here
Erm, I think techinally it either starts with two zeros, or a + but you're asking for a single number?
For example, UK is either 0044 or +44
wow. That is new for me. I know that with one leading zero start local calls. And you say two zeros replace + . hmmm. try left country code blank, that may help, I think. and if not, please, type whole number without four last digits
Not sure if this is already obvious but as there seems some uncertainty. AIUI the correct way to state an international number is to prefix it with +. To make a call, the plus sign is replaced with the two (or sometimes three or four) digit international access code which depends on the country one is placing the call from. For Europe this is 00, for the States, 011 etc.
I'm in Portugal, and my number is +35193233xxxx. I have tried leaving it blank, but by default leaves a 7... tried with 00351, with 351 and when calls are incoming still stays it's from India.
I'll wait for further clarification and if nothing happens I'll un-install it.
By the way, it doesn't let me use the +.
Thanks
okay, and what was the incoming number? what it was looking like on the call screen? country code preset replaces leading zero or eight digit. so it doesn't interfere number detection in you case I think
Sent from my T-Mobile G1 using the XDA mobile application powered by Tapatalk
The incoming number was looking like this: 91811xxx
It's a mobile number from Vodafone.
Just got a call from Germany, and it identified the Country and city allright. Seems that it doesn't work for calls inside Portugal only...
i see eight digits and no country info in this number. if there are seven digits program says local call and do not provide any information (because there is no trusted information) in eight or more digits it tries to detect country code. it replaces leading 8 or 0 with country code from the settings - for example local russian mobile calls may look like 8916xxxyyzz - we replace 8 with country code 7 and identify it with MTS - the program even say region or city based on x or xx or xxx in the example above. but in your situation I have no idea how to detect that the call is local and country code needs to be put before the number =( I've never heard that income mobile number may be in the format you wrote - it should start with plus sign and country code or 8 or zero (Ukraine, Moldova). I'm whirled
Sent from my T-Mobile G1 using the XDA mobile application powered by Tapatalk
Any chance you can convert the database into something human-readable? I'll be glad to cross reference a bunch of Southern California area codes and prefixes so that you can get some more accurate data there.
Also, a program similar to yours got hit with a cease & desist a few months back by some patent trolls because they supposedly hold a patent on this very thing. You're in Russia though so I dunno if their reach extends to you. Just thought I'd give you an FYI.
XStylus said:
Any chance you can convert the database into something human-readable? I'll be glad to cross reference a bunch of Southern California area codes and prefixes so that you can get some more accurate data there.
Also, a program similar to yours got hit with a cease & desist a few months back by some patent trolls because they supposedly hold a patent on this very thing. You're in Russia though so I dunno if their reach extends to you. Just thought I'd give you an FYI.
Click to expand...
Click to collapse
please, email me a t r a n t . s g @ g m a i l . c o m (or from the program menu) to discuss db elements, thanks in advance.
and yeah... i've read that stuff and even contacted the author...
But, my program is better now, I think =) And I will hit 10000 downloads, I hope. That will be enough, I think, for my efforts and hand-made db =))
Uninstallation
How do i uninstall de database, can't find it but i takes 3 mb of internal memory. Anyone has a suggestion!!
castor.troy said:
How do i uninstall de database, can't find it but i takes 3 mb of internal memory. Anyone has a suggestion!!
Click to expand...
Click to collapse
Just remove the DB app. There is no way to leave DB app and remove the DB, android OS restriction (can't modify signed apk on the device)
uninstallation
So when i uninstall WorldCallPlaceAndTime.apk than de database will be removed from my internal memeory?
Castor
castor.troy said:
So when i uninstall WorldCallPlaceAndTime.apk than de database will be removed from my internal memeory?
Castor
Click to expand...
Click to collapse
Sure, man! Do it right now!
Ok first off if this is the wrong place to post this I apologize but I tried searching and can't find anything about my phone.
I just purchased a Toshiba Regza phone from AU in Japan. I have changed the regional settings to English and all the menus and mostly everything is in English but the problem I am having is that the email program that everyone uses here to send instant email back and forth is still in Japanese. I have contacted AU KDDI about this and they say there is no way to change the language to English from within the email program itself. My wife is Japanese and she has looked at every setting within the email program itself and cannot find any language settings.
As far as I have found out, the "email" system here in Japan is actually a MMS messaging system on steroids that uses an email address instead of the other persons phone number like in the US. I think a very long time ago some of my friends in Japan had email addresses with there phone number(at)docomo.ne.jp
I have looked on the marketplace and I can't seem to find anything that will work with the AU system.
Does anyone know if there is an app that can replace the stock email program to send and recieve email with my xxxxxxxx(at)ezweb.ne.jp? If there is where can I find the settings for AU's email system? Do they use IMAP. POP or because it is MMS it is totally different?
I love this phone, the camera is awesome the screen rez is really great watching 1 seg TV and the video quality is great. I really don't want to have to do anything to it that will brick it because it's brand new and my wife would kill me LOL Only thing is I cannot use the email program to it's fullest extent.
thanks for taking the time to read this and for any help you might provide.
Unfortunately there is no fix or alternative, as carriers in Japan have their mobile mail services tightly locked down and you require their express authorisation to develop an application for it.
The mail application for the IS04 is as bad as it gets, as are various other software related aspects of the phone... which is a shame because otherwise it's quite a capable device.
Hopefully issues like this one will be addressed at the same time as the rather late 2.2 update, but I wouldn't keep your fingers crossed.
I've been trying to extract the carrier mail application from other the au android devices and modifying it so it can install/communicate with au's servers on the IS04, but I've gotten nowhere with the security.
In case you run into any other trouble, other problems people have had with the IS04 include battery charging issues (phone runs off battery once it reaches 100% and never starts charging again, even while plugged in), contact list problems (multiple and non interchangeable contact lists for different applications), various settings resetting themselves (aforementioned mail application mainly), lost emails/contacts and weird memory restrictions (for storage).
For the record, DoCoMo's version of the Regza phone (and their other Android devices) use a relatively decent universal phone mail application, while au has gone with letting the manufacturers put together their own. I'll let you work out which decision turned out better.
In the meantime, I suggest having your wife translate the settings so you can have it up and running the way you like, and then just memorising the basic navigation and functions.
Edit: To answer your question, correct me if I'm wrong but I believe the weird MMS system for all three major carriers in Japan is still using the I-mode transport protocol.
just FYI:
2013 is around the corner and with Android 2.2.2 now (still) on the Regza IS04 nothing has really changed much.
The mail app - and other default apps - are still in Japanese only and will not be changed.
The general feedback from their tech support is: Learn Japanese or get lost (though said very politely, with smiles and bows and not in such a direct manner )
Have a great 2013 all
I live in a country where it is obligatory to dial long distance company prefix for calling other areas and countries, thus I can´t have all numbers stored in an international standard notation. Like I can´t store a UK number like +44 1273-701648, I have to store it like 00XX441273701648 (where XX is a two digit long distance company code, like 23 or 41 ). Same with in-country numbers - I can´t store them neither in international nor in regular local form, for example - I live in area code 011, so to store a phone number in area code (081) 3421-3266, I have to store it as 0XX8134213266 (where XX is a two digit long distance company code, like 23 or 41 ). At the same time, I have to store numbers in my own area without any prefix at all. So far so good, as long as I don´t leave my area or country.
If I will go to another area, like (081) - I will have to cut off all 0XX81 prefixes since I will be in roaming locally there. At the same time I will have to add 0XX11 to all numbers from my native area code. Worse - if I will go to an area from which I have no numbers stored let´s say 019, I will have to keep ALL locally stored codes, like 0XX81... BUT also add 0XX11 to all phones from my native 011 zone.
When roaming abroad it is somwhat easier - I´ll have to cut off 0XX and add country code +55 to ALL numbers. But also I´ll have add area code 11 to all phone numbers from my native 011 zone.
When I was using WM6.5, Magicall by Mobiion was able to do it for me. Is there anything similar under Android?
Did you check android settings?
There is an option for automatic prefixes, atleast on my i9000.
It might be possible to make a widget that gives quick access to enable/disable the prefixes.
Dark3n said:
Did you check android settings?
There is an option for automatic prefixes, atleast on my i9000.
It might be possible to make a widget that gives quick access to enable/disable the prefixes.
Click to expand...
Click to collapse
Nothing like this on my X10 mini pro. At least visibly, but I´ll try to look into it. Thank you!
Thank you everyone for feedback. I was advised to try out Prefixer and it is exactly what I needed.
Hey,
Germany is implementing EU-Alert (ETSI TS 102 900 [1]) at the moment and referring to the local News, it is a huge mess [2].
But let's start at the beginning.
CellBroadcast is a core component of each mobile network generation (2G,3G,4G,5G,...) and part of the 3GPP spec. CellBroadcast basically allows the network to send a simple SMS to all mobile phones connected to a specific base station. Thes SMS-CB are sent with a Message Identifier (aka Channel, aka Topic) which gives them a special purpose by convention. e.g. ID / Channel 50 is often used for area related information [3], while channel 207 might broadcast local weather information. Since not all Channels are standardized, there is also the option to broadcast an Index that lists all channels with a description. And since users probably don't want any message broadcasted, users have to subscribe to these channels.
Since decades now, CellBroadcast is also used for public Emergency Warnings. This means that, by definition of a country, a specific channel is used to broadcast Emergency Warnings. Long time ago, in many countries it looks like Channel 919 was used for this purpose. For this to work properly, mobile phones were instructed to subscribe to channel 919 by default and also use a special ringtone (even if muted) to alert such a message.
Later - over 12 years ago - additional channels from 4370-4399 were standardized in ETSI TS 123 041 [4] for public warning systems like CMAS, EU-Alert, KPAS. All using the same channels which is beneficial for global roaming.
Android of course supports these public warning systems specified in ETSI TS 123 041 [4] since at least Android 4.2.2 [5]. And nations that use these systems already, like CMAS in the US, report very high and reliable coverage.
However, referring to German news [2] and government, not many phones that are currently on the market will actually support EU-Alert in Germany, despite already supporting EU-Alert in Netherlands or CMAS in the US.
How is this possible when exactly the same SMS-CB is broadcasted, just in a different country?
Golem [2] says that Samsung and Google already confirmed that EU-Alert is currently not supported in Germany, but updates will be rolled out to recent devices.
This strongly suggests to me that OEMs like Samsung and Google actually added country specific filters/configurations for these public warning systems to their phones without deploying a reasonable fallback. Public warning systems based on ETSI TS 123 041 [4] thus may only work in countries that were known to use these systems when the phone was released.
Isn't this an obvious issue?
Google said, starting with Android 11+ it will be possible to update the CellBroadcastReceiver App via Google Play. So devices with Android 11+ will likely receive an update to support EU-Alert in Germany. For Android 10 and older, OEMs will have to supply updates.
What also confuses me is the fact that all Android Phones I own (Nexus 4 with Android 5, Nexus 5X with Android 8, Pixel 3a with Android 12) here in Germany do actually offer the setting for Emergency Warnings and they are already enabled by default. So I assume they would work? Did Google actually deploy a sane default configuration here already?
But if they did - why isn't it working on ALL Android 11+ Phones already? I'm pretty sure my Pixel 3a uses Googles CellBroadcastReceiver App which is provided through the Play Store. So all Android 11+ phones should already use the exact same App?! Or am I wrong here? So what is this update Google actually needs to provide?
And does this also mean that with Android 11+ OEMs are not allowed / cannot implement their own Emergency Warning CellBroadcastReceiver?
This topic is really confusing to me
Shouldn't it be really simple?
All phones, regardless of the OEM, should have a proper SMS-CB Application which allows you to subscribe to custom channels, view the index, and manage your SMS-CB Messages.
Phones should also be aware of special channels to apply special ringtones etc if needed, but they should have a sane fallbacks!
A phone that knows about NL-Alert and CMAS may call messages on Channel 4370 received in the Netherlands "NL-Alert". But when it receives the same message in Germany, it shouldn't just drop it! It should display it as warning and call it whatever it wants. And if it doesn't know about CMAS / EU-Alert, it should just receive it as regular SMS-CB.
Can't be that hard?
Interestingly enough, Samsung phones allow you to subscribe to custom channels. Google phones do not :/
Should there be a better / more enforced standard, so that a country that wants to implement CMAS/EU-Alert in the future doesn't have to rely on OEMs help?
And finally some technical Questions:
I found zero Apps for Android that would allow me to subscribe to custom CellBroadcast Channels on my Google Android phones. Is this even possible?
Also, is it possible to test these CellBroadcasts somehow? Is it possible to write an App that can inject SMS-CB into the system?
Sorry for the long post, but I think this an important Topic.
Let me know what you think
Do you have experience with these Emergency Warnings already?
[1] https://www.etsi.org/deliver/etsi_ts/102900_102999/102900/
[2] https://www.golem.de/news/cell-broadcast-warum-es-am-warntag-ruhig-bleiben-koennte-2206-165822.html
[3] https://source.android.com/devices/architecture/modular-system/cellbroadcast#channel-50
[4] https://www.etsi.org/deliver/etsi_ts/123000_123099/123041/11.04.00_60/ts_123041v110400p.pdf
[5] https://cs.android.com/android/plat...ternal/telephony/gsm/SmsCbConstants.java;l=58
Hey! I was just researching something about this. Thanks for your detailed post.
I am from Chile and, in my case, my operator had subscriptions to two channels: 919 and 920.
In order to see the Cell Broadcast menu in the Messages app, I had to override a CSC setting (I use a Samsung device), particularly "CarrierFeature_Message_DisableMenuCBMessage") because it seems some Chilean operators ordered Samsung to hide it.
Even then, the Google Cell Broadcast app would not let me modify settings other than test alerts.
In my country these emergency alerts are quite unreliable and are often sent by mistake or to the wrong place (i.e. sending a tsunami alert to an area more than 100 km away from the coast).
Shooting Star Max said:
Hey! I was just researching something about this. Thanks for your detailed post.
I am from Chile and, in my case, my operator had subscriptions to two channels: 919 and 920.
In order to see the Cell Broadcast menu in the Messages app, I had to override a CSC setting (I use a Samsung device), particularly "CarrierFeature_Message_DisableMenuCBMessage") because it seems some Chilean operators ordered Samsung to hide it.
Even then, the Google Cell Broadcast app would not let me modify settings other than test alerts.
In my country these emergency alerts are quite unreliable and are often sent by mistake or to the wrong place (i.e. sending a tsunami alert to an area more than 100 km away from the coast).
Click to expand...
Click to collapse
Can you explain how you disabled this CSC setting and on what samsung phone/os?
You can see Googles/Androids latest default configuration for Chile (MCC 730) here:
https://cs.android.com/android/plat...apps/CellBroadcastReceiver/res/values-mcc730/
The config.xml really has some restrictive features enabled :/
Thanks for your reply!
Please note that all the following information assumes you have rooted your device. It's impossible to override this configuration otherwise.
My device is a Galaxy Note20 Ultra (Exynos version, SM‑N985F) running Android 12, One UI 4.1.
As you might know, Samsung devices include several packages named “CSC”, which define settings according to a sales code matching with a region. For example, a device sold in Chile without a carrier uses the sales code CHO, while one sold by operator Movistar uses the sales code CHT.
In the Galaxy Note20 Ultra, the CSC packages are stored in /optics/config/carriers/single (older Samsung devices might use /omc/).
Once you find the sales code matching with your current configuration, you can grab two files: cscfeature.xml and customer_carrier_feature.json. Taking CHO again as an example, the files would be /optics/config/carriers/single/CHO/conf/system/cscfeature.xml and/optics/config/carriers/single/CHO/conf/system/customer_carrier_feature.json.
These files are encoded, but OmcTextDecoder can take care of that.
In the case of CHO, customer_carrier_feature.json has the value "CarrierFeature_Message_DisableMenuCBMessage":"TRUE", which hides the cell broadcast menu in the stock Messages application. Just replace “TRUE” with “FALSE”, save the file and push it to its location. The next time you reboot your system, it will be applied.
Regarding the link you sent, I think we could get around that configuration by decompiling the GoogleCellBroadcastApp.apk through Apktool, modifying the restrictive values, and then pushing the APK to the device, replacing the original version.
Thank you!
Let me know if you managed to patch your original CellBroadcastReceiver.apk!
I actually tried using Runtime Resource Overlays (RROs) which is described on the official docu about CellBroadcast in Android.
You can find the result here: https://github.com/xsrf/android-de-alert
However, I didn't quite get these RROs. It looked like in Oreo you can use RROs to overlay any resource of any app without any permissions or matching signatures, which is quite a surprise to me?!
On my phones with more recent OS, I get signature mismatch errors and also it looks like apps now have to define what resources can be overlayed ...