Some tips, tricks, and hacks for advanced users of Samsung galaxy S4 active (I9295) or other Android 4.2.2 (Jelly Bean) smartphones

A couple of years ago, on my page dedicated to Nokia N900 I have expressed a dislike for Android. However, the availability of LTE connectivity motivated me recently (2014) to get a newer phone. I considered the Jolla phone, but I could not find reliable information whether its LTE capabilities are compatible with networks in Czech republic, so I in the end did not dare to buy it. Choosing the least evil, I ended with a Samsung galaxy S4 active (I9295) phone running Android 4.2.2.

Update 2021: I would choose PinePhonePro now.

I have used some Android tablet just as a reader before, so it was not my first encounter with this system, though. I must say that my dislike for Android did not disappear, in particular I do not understand why one should need to install "apps" for such basic things like sshd, terminal emulator, etc., which should be provided in the basic operating system, not to speak about the necessary "rooting" of the device. And sometimes the apps even want a payment or bother you with some ads. I prefer free GNU software :-). On the other hand, I found it quite possible to find apk files without making an account at google, which was good, since I absolutely refuse to feed my personal data to such a big brother company.

Now enough complaints, as a hardware the phone is quite nice and one can survive with Android, as full-fledged gnu/linux based phones are still extremely rare. Below I give some notes and tips and tricks which I learned during the customization of the device. It is mostly a compilation of previously known matter, which was however rather scattered over the net and sometimes not so easy to find (a lot of things I found also did not work for this particular device and system), so I wrote this for my own future reference and posted it here in the hope that it might be useful for others too. My contribution are scripts to send/receive SMS and to manipulate the event calendar from the command line and some executables which I have cross-compiled.

Rooting Samsung galaxy S4 active (I9295) with Android 4.2.2

Rooting an Android phone is an absolute must for a serious smartphone user, the first thing to do after purchase ;-). Actually, I took care about this during the decision process which phone to buy, checked that there is a known procedure for rooting it and downloaded the necessary files before final decision to buy the phone.

There are MANY HOWTOs on the net, I followed the one at Androidtechnics, which worked flawlessly, except that I had to install USB drivers from a different source I do not remember exactly. For convenience I give the files here USB_Drivers_1.5.27.0.exe and CF-Auto-Root-jflte-jfltexx-gti9505.zip. In spite of avoiding use of Windows for usual work, I did not want to take the risk that something with the rooting will go wrong if I run Odin under Wine or VirtualBox and I end up bricking the device, so I used genuine Windows 8.1 for this procedure. The rooting firmware contains the SuperSU app, so you do not need to install it separately.

Later I found that a rooting tool is available also for the newer Android KitKat 4.4.2 firmware, but I did not want to go through all the installation again, with possible new problems on the way, so I stayed with 4.2.2.

Transferring files between Linux PC and Samsung galaxy S4 active Android 4.2.2 phone

The next thing to do after rooting is transferring the apk files to be installed, contacts, music, books, videos etc. into the phone. If you do not want to give your personal data to various clouds, you need to transfer them from your PC. I am avoiding windows as much as possible, so only Linux PC is meant henceforth.

There is of course the possibility to use 'adb push/pull', but I wanted a more convenient and transparent filesystem-type access.

To my big surprise and dislike, after connecting the phone to USB, no /dev/sdb appeared. I have subsequently found that newer Android devices use MTP for data transfer, to avoid the need of unmounting the exported partitions. I agree partly with the motivation, as it is sometimes convenient to transfer files to/from mounted partition in the phone, but I still think that the USB mass storage should have been retained as an option, even if at least only for external sdcard, since it is supported everywhere and quite efficient and bug free, in contrast to MTP. This can be achieved with the app called "SGUSBMassStorageEnabler_2.3.1" (needs root), again something which should be available in factory default!

Fortunately, Linux now supports MTP via fuse and "simple-mtpfs" implementation worked fine for me:
simple-mtpfs -s -o allow_root -o hard_remove -o intr /mnt/samsung
fusermount -u /mnt/samsung
for mounting and unmounting the phone. Without the "-s" option it did hang when copying a directory with about 100 files. I noticed a problem with files over 2GB size, though, maybe due to FAT, I am not sure and did not investigate further.

Later I noticed that after connecting the phone /dev/ttyAMA0 appears on the PC and its peer in the phone is /dev/ttyGS0. The MTP seems to use these device files for the communication. You can use them for other purpose too - simply try "cat" to/from them, but this of course breaks MTP until phone is unplugged/plugged to USB again.

Getting root command line and ssh/scp access to Samsung galaxy S4 active (I9295) with Android 4.2.2

The next step is to get a root command line on the phone. For use within the phone I install Term.apk, BusyBox.apk, and hackerskeyboard-v1034rc16.apk which all worked flawlessly. However, this is more kind of a toy, or for emergency recovery; for serious work you need to ssh into the phone from a PC. I tried several apps - SSHDroid in several version and also DroidSSHdv06 (this is ads-free), but always I got "child error" - after successful authentication via password or RSA there seems to be some problem with spawning a shell. Some trick with setting umask to 0 which I found on some forums did not help. Finally, I decided NOT to run sshd as root, setting port to listen to unprivileged 2222. I could log in and get a shell with user identity inherited from sshd. Then I tried "su", but it did hang! After some trial/error I found that it is necessary to go to the settings of superSU application and switch off the dialog asking about giving permissions to every app which requests it, change to "grant permission always". This is obviously a security nightmare, but I did not find a better solution yet. (If you know, drop me an email :-)). So, finally I really owned the phone ;-).

To my bad surprise I found a moment later that scp does not work: scp -P 2222 file root@vpnsamsung:/storage/extSdCard/
sh: scp: not found
I tried: ln -s /data/data/br.com.bott.droidsshd/files/bin/dropbearmulti /system/bin/scp
But the result is just another error message: "unknown user 10194lost connection"

Again, I HATE android and its creator google! Why a working ssdh with scp support is not in the factory firmware!!! Why to need to waste time on such things!!!!!! If you reply that 99% of the phone users will never need it, I reply with the low cost of the flash memory and GNU sources for free!

I thought I will have to cross-compile ordinary openssh for ARM and install its binaries, but I found a solution here. Installing the modified version of ssh and scp binaries to /system/xbin solved the problem. Yet another problem is lurking around corner: ssh from the phone to external server blocks on reading /dev/random - there is not enough entropy available, you have to move finger over the touchscreen to generate some...

I really dislike that android did not keep the GNU software core, in the busybox version of commands half of options is missing :-(. Already the Posix-incompatible filesystem layout is annoying, not to speak about different init system etc. etc. To have a specilized java-based GUI with the "apps" is a good idea, but the underlying system should have been kept compatible to GNU/Linux - no problem with the power of the hardware even a few years ago. (And yes, Nokia N900 did run the GUI on top of X11 - perfect backward compatibility!) To summarize this horror story: In my view Android is just a mutilated Linux :-(((.

Activating LTE network on the Samsung galaxy S4 active I9295 with Android 4.2.2

I have noticed that the phone connects always to UMTS network even where I could get LTE connection with a USB modem. The menu for network type selection even did not show any LTE option. I have found on the net, that this might happen with some telecom operators who were not timely included in some list of LTE networks maintained by Samsung. The newer firmware 4.4.2 should not suffer this problem any more (not tested personally).

The quick remedy is to delete the file
rm /data/property/persist.radio.lteon
which contained the word 'false'. After this the LTE/UMTS/GSM option appeared in the menu, but the phone for some reason still preferred UMTS (stronger signal?). So I installed the application Viaero 4G Toggle 3.0, which allows more detailed control, even enforcing 'LTE only' mode, and it worked. I have also found that the preferred net can be changed by sqlite3 in /data/data/com.android.providers.settings/databases/settings.db, for example:
sqlite3 /data/data/com.android.providers.settings/databases/settings.db "update global SET value=11 WHERE name='preferred_network_mode'"
but this seems to be effective only after reboot.

Further applications I installed at Samsung galaxy S4 active

First application to be installed (except Term, BusyBox, and DroidSSHd) is the APK permission remover, and all other apps should be installed through it, carefully inspecting them and removing unneeded permissions. Permissions can be modified only when installing the application, later change requires a reinstall. I find this application really excellent and absolutely essential.

AndroidIDChanger - spoof the unique Android-id, which is exposed for example to WIFI access points. Needs a reboot after the change to become effective.

Android IMSI catcher detector - but deleted it later, since it does not seem to work properly; use SnoopSnitch instead!

Anmap - NMap scanner for Android. For command line access a wrapper script is needed:
#!/system/bin/sh
cd /data/data/com.android.nmap/files
/data/data/com.android.nmap/files/nmap $*


Antox - free and decentralized alternative to Skype

at.zweng.bankomatinfos2_16 - read info from RFID creditcards

Accelerometer - get data from accelerometer and gyro

Autostart - this allows to start android apps at boot time - I do it with openvpn

Barometer - get data from pressure sensor

Bitshark - Wireshark-like packet capture/analysis for android

C:GEO - geocaching

Compass - read info from magnetometer

Cumulus - a simple aeronautical navigation for hobby VFR flying (probably the only open source one with EU airspace maps)

DNS Lookup - again something that should have been provided in the base system!!!

DroidSheep and guard - prevention of ARP spoofing MITM attacks (session-id cookie hijacking) on public wifi

EbookDroid - book reader

eCL0WN - ePassport NFC reader

Es Task Manager - kill unwanted processes from GUI

FBReader - another book reader

Firefox - (I removed the permission to give my location to web sites, as well as access to contacts and personal data). I also installed adblock+ addon, and was unpleasantly surprised that the android version does not support noscript. Otherwise the browser works fine. I use a script started periodically by cron (see below) to delete cookies, history and cache frequently.

Floating stopwatch

G-NetTrack - give misc info about the cellular network

Hacker's Keyboard - much better than the default soft-keyboard

Init.d toggler - this hacks into the android boot process and installs /system/etc/init.d for user boot time scripts (again something which should be available by default)
However, I had to adapt the installed /system/bin/sysinit script to work properly, the logwrapper program failed for some reason.

MifareClassicTool-1.8.1 - tool to communicate with Mifare Classic NFC smartcards

MPlayer - obvious ...

NFCProxy - tool to proxy NFC transactions

NFC Reader - simple smartcard ATR reader

OpenVPN-Installer-0.2.4 and OpenVPN-Settings-0.4.14 - worked flawlessly on first attempt


OSMAND - maps, car navigation (the download limit can be circumvented on a rooted device by directly installing the maps)

PryFi-v1.21-beta - to prevent tracking based on WiFi MAC address

QRcode Scanner - sometimes useful, its permissions have to be drastically limited

Reaver_for_Android (RfA) - WPS Wifi cracking tool ... however, it seems that this phone is not supported by bcmon and iwconfig wlan0 mode monitor reports "Operation not supported on transport endpoint"
Scientific Calculator apk

Set DNS and Set DNS Pro - again something that should have been provided in the base system!!! Change of DNS servers by the app works fine, except for some busybox program, which cannot resolve. The lookup mechanism is different than in Unix, I could not find any resolv.conf file nor any suitable documentation.

ShellMS - a key application: enables sending SMS from adb shell, with a proper configuration wirelessly over VPN, see later. I hate typing sms on a touch screen when I sit at a computer, which I do most of the time I am awake :-)

Sipdroid - I use VoIP over VPN to make encrypted calls. Configuration of this app. was trivial. See below for more info.

Skype - just for calling people who did not install TOX yet :-)

SnoopSnitch - a tool for 2G and 3G network security analysis by SRLABS.de - it can detect IMSI catchers, silent and binary SMS which are processed in the baseband processor and it is thus probably the only way to detect an attack over the baseband

SwiFTP - actually I will maybe remove it after I got scp working

TrevE_LoggingTestApp - to find (key)loggers and spyware preinstalled on your phone and remove them

tw.com.method.rfidtool - tool to read/write some RFID tags

USB Mass Storage Enabler - to allow Mass storage access to external SDCard.

Viaero 4G Toggle 3.0 - the default menu does not allow enough detail in selection of preferred network types, this is the remedy

VLC - video player

Xserver - if I want to run some cross-compiled Linux program. Notice: for security, iptables should be used to filter TCP6000 port listening from everywhere except loopback interface.

ZANavi - navigation based on OpenStreetMaps, which can be pre-loaded to avoid data roaming. I have just loaded the maps from the menu via the app., but reportedly there is some linux program to convert .osm files for ZANavi yourself.

Running TOR on the Android 4.2.2 phone

Running TOR on the android phone is not difficult, as installation of ORBOT and ORWEB was straightforward. However, Android itself is not a good environment concerning user's privacy, it has apparently rather been design with ease of spying on the end-user by google and telecom companies in mind :-). See a a blog at torproject.org.

However, it cannot be recommended to run TOR on a smartphone if personal safety is in question, due to the inherent insecurity of smartphone design. Even if the Android OS can be secured on itself, there is a potential vulnerability for remote OTA exploits via the baseband processor, which nowadays is more intimately connected to the main system than via USART as it used to be in early GSM days. Moreover, since the basenabd has a direct connection to microphone and GPS, it can be used in this way for spying on the user, even if the Android OS remains untouched. It would be great if an open hardware/open source baseband processor existed - implemented using FPGA with open source verilog code, which could then be resistant to such attacks, but this is so far a dream. On a desktop one can do such things with USRP and Gnuradio, but it would certainly be very difficult to make it mechanically compact and with a reasonable power consumption to be mobile. Recently, Snowden claimed that NSA is able to install malware to any smartphone over the baseband processor and get thus a complete control over it, so this is not only a theoretical threat. Possibly the Snoopsnith application could detect such attacks, but it is not sure and certainly there is no way how to block them. Smartphones must thus be considered principially insecure devices and avoided if strong privacy is required. In other words, the only secure smartphone is one with its battery removed. I personally do not store any personal data on the device except contacts and calendar necessary for convenient use (and avoid any syncing to third party cloud services anyway) and never use it for banking, ssh to my servers, or other sensitive operations.

Cross-compiling and installing native binaries to Samsung galaxy S4 active (I9295) with Android 4.2.2

I have noticed that /system is mounted read-only in this android version, so you cannot simply copy the binaries to /system/bin and /system/xbin. Fortunately, once you have root command line, the help is simple: mount -o remount,rw /system. You can remount back to 'ro' later to prevent accidental erasure of something.

I was pleasantly surprised that due to the extreme popularity of ARM architecture cores, the binaries which I compiled for Raspberry Pi are compatible and run flawlessly on this Samsung. They are "ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, for GNU/Linux 2.6.16, not stripped". They were however just command-line based programs, for example strace and tcpdump (the latter seemed to work even being dynamically linked).

For more serious work I have installed the Android NDK, where the cross-compilation can be invoked in this way:
setenv PATH /opt/android-ndk-r8d/toolchains/arm-linux-androideabi-4.7/prebuilt/linux-x86/bin/:$PATH
setenv SYSROOT /opt/android-ndk-r8d/platforms/android-14/arch-arm/
arm-linux-androideabi-gcc --sysroot=$SYSROOT ...

For compilation of wireless-tools package (iwconfig etc.) I have just changed CC setting in the Makefile to: CC = arm-linux-androideabi-gcc --sysroot=/opt/android-ndk-r8d/platforms/android-14/arch-arm/ and compiled it using the NDK. Alternative possibility is described here.

I have installed to the android's /system/bin directory some essential native binary programs like: bash, tcsh, vim, sqlite3, gawk, iwconfig

Sometimes I had problems with ./configure for the cross-compilation, I have then compiled and STATICALLY linked the program natively on Raspberry Pi, using --prefix=/system, the resulting executable always worked fine except some nuisances mainly concerning the paths incompatibility of Android with standard Unix.

You can download a executables.tar.gz file with all native binaries and shared libraries I have added to the android phone. A larger part of them I have crosscompiled myself, a few ones I downloaded from elsewhere.

Bluetooth connection of Samsung galaxy S4 active (I9295) with Android 4.2.2 to Linux PC

In order to contact to the phone when it is offline, it is possible to use Bluetooth tethering, which implements TCP/IP over Bluetooth. (Wifi or USB tethering would be possible, too, but the former prevents simultaneous Wifi connection of the phone, while the latter requires a cable.)

To pair the phone and PC, first put the phone into discoverable mode and then
PC# hcitool scan
to find the phone's Bluetooth address. You can then check for the available BT services by:
sdptool records XX:XX:XX:XX:XX:XX using the found address from previous step.
Then use bluetoothctl on the PC to pair (assuming you run BlueZ 5 or higher on the Linux):
[bluetooth]# default-agent
[bluetooth]# agent on
[bluetooth]# pair XX:XX:XX:XX:XX:XX
(input PIN when prompted)
[bluetooth]# info XX:XX:XX:XX:XX:XX
[bluetooth]# trust XX:XX:XX:XX:XX:XX
[bluetooth]# connect XX:XX:XX:XX:XX:XX

Provided the phone and PC have already been paired, it is quite simple:
Enable "Bluetooth" tethering in the phone
PC# /usr/bin/dbus-send --system --type=method_call --dest=org.bluez /org/bluez/hci0/dev_XX_XX_XX_XX_XX_XX org.bluez.Network1.Connect string:'nap'
where dev_XX_XX_XX_XX_XX_XX should be replaced with the bluetooth address of your phone
PC# /etc/init.d/net.bnep0 start
(ln -s /etc/init.d/net.lo /etc/init.d/net.bnep0 if needed)
Now you can connect to the phone's bluetooth IP address (192.168.44.1 in my case) via ssh or adb
In particular, this can be used for the SMS sending/receiving as described below.

Getting "DUN" access to baseband modem via AT commands would be desirable for backward compatibility, but I did not find a way to easily do it.

Running SIP client via OpenVPN on Samsung galaxy S4 active (I9295) with Android 4.2.2 to make encrypted VoIP calls from the smartphone using your own asterisk server

To make encrypted VoIP calls from the android smartphone, you can tunnel SIP through VPN connection to your own asterisk server, providing thus encrypted VoIP connectivity to a closed group of friends. Sipdroid application worked for me on the first try, just setting the SIP server to my VPN server running asterisk, and corresponding asterisk login credentials. However I had to rob it of the permission to redirect calls, since it did otherwise try to handle calls to 'normal' numbers, while in my setup it works only inside my private VPN network. The Samsung galaxy S4 has powerful enough processor to do all the openvpn encryption fast enough not to affect the sound quality, which might be a problem with low-end phones.

However, for a serious use I do not recommend to employ an Android phone for this purpose at all, since this system is potentially full of backdoors from various closed source system parts.

Using adb to backup Samsung galaxy S4 active (I9295) with Android 4.2.2

First of all, developer options have to be enabled in the phone menu: go to settings/more/about device and 7-time click "Build number". Then go to settings/more/developer options and enable USB debugging.
The rest is also very simple:
adb backup -apk -shared -all -f samsung.ab
adb restore samsung.ab

A little adb tutorial can be found here.

Using adb shell/native command line on on Android 4.2.2 phone

To start an application from command line:
adb shell am start -n com.package.name/com.package.name.ActivityName
For example
# am start -a android.intent.action.MAIN -n com.android.settings/.Settings
See also the reference on github and "am" command description at phonesdevelopers.com.

Start the dialing application from command line/adb shell:
service call phone 2 s16 +xxxxxxxxxxxx
To list available services:
service list


Some things which I found on the net did not work, for example 'adb shell svc data enable' crashed.

How to read/write Android filesystem and recovery images on Linux

The main Android filesystem image is in a particular 'sparse file format', which can be converted to/from mountable linux image:
1. mkdir sys
2. simg2img system.img sys.raw
3. mount -t ext4 -o loop sys.raw sys/
The other way around: make_ext4fs -s -l 512M -a system new.img sys/
You need to install special android support packages into your linux distro to get the simg2img and make_ext4fs commands (or install them from sources). For more detail see the tutorial at XDA-developers For recovery image see the tutorial imajeenyus.com. The tools unpackbootimg, mkbootimg and mkbootfs will be needed as well as the standard unix cpio.

Running ADB over TCP/IP (WiFi,VPN,Bluetooth) on Samsung galaxy S4 active (I9295) with Android 4.2.2

For first time (after phone reboot), connect phone to USB and run adb:
adb usb
adb devices ... check that the device is recognized
adb tcpip portnumber
(remove USB plug)
adb connect IP:portnumber
adb devices ... check that the device is recognized
Now you can issue adb commands wirelessly.
NOTE: there is a security hole since adb daemon in the phone will listen on all interfaces. You should use iptables to drop all incoming packets except from tun0 of your openvpn network!!!
See below in the iptables section.

Next time (after your PC reboot) issue just the commands:
adb connect IP:portnumber
adb devices ... check that the device is recognized
Note: default portnumber is 5555, but you can choose any non-privileged port (>1024)

However, I did not succeed to run adb in loopback (connecting from the phone's command line to itself). I installed the public key:
cat /data/media/0/.android/adbkey.pub >>/data/misc/adb/adb_keys
and restarted the daemon, but adb always hanged. Using strace I found out that regardless of the port specified it tried to connect to 5038. When running the adbd on this port (issuing adb tcpip 5038 from PC), the adb on localhost hanged again, this time in read() from the TCP socket. I gave up further attempts, since it was not absolutely essential for me to get this working.

Running iptables on Samsung galaxy S4 active (I9295) with Android 4.2.2

Iptables binary can be installed by an apk, or is part of the rooting package or busybox package. There are, however, again some incompatibilities with linux: getprotobyname() is not implemented in bionic libc, so you cannot use -p TCP or UDP. Looking into /etc/protocols on a PC shows TCP is 6 and UDP 17, so the android command lines preventing adb over tcp from anywhere except openvpn tun0 and bluetooth reads:
iptables -I INPUT -p 6 --dport portnumber -j DROP
iptables -I INPUT -p 6 -i tun0 --dport portnumber -j ACCEPT
iptables -I INPUT -p 6 -i bt-pan --dport portnumber -j ACCEPT
where portnumber is the one you choose by 'adb tcpip' command


If running xserver, to prevent remote X-windows connections one can use similarly iptables -I INPUT -p 6 --dport 6000 -j DROP
iptables -I INPUT -p 6 -i lo --dport 6000 -j ACCEPT

Running command at boot time on Samsung galaxy S4 active (I9295) with Android 4.2.2

For android applications use the Autostart application, for shell scripts use Init.d toggler apk, which hooks into the default boot script and installs /system/etc/init.d, where one can install his own scripts named "01-something" etc., for example start cron, set firewalling by iptables, etc. However, I had to adapt the installed /system/bin/sysinit script to work properly, the logwrapper program failed for some reason.

Running cron on Samsung galaxy S4 active (I9295) with Android 4.2.2

I could not get the busybox cron working, so I tried to cross-compile vixie-cron using NDK. This did not work due to some missing include files, so I finally compiled vixie-cron and statically linked it on RPi, after some changes to fix paths and to circumvent broken getpwnam and getpwuid. The modified source is vixie-cron-4.1-modified.tar.gz, the binaries can be downloaded in the collection mentioned above

Sending and receiving SMS from Linux command line via Samsung galaxy S4 active (I9295) with Android 4.2.2

This is for me an absolute must. I promised to myself that if I do not achieve this, I will use a big hammer on the Samsung phone, curse their software engineers and use my old N900 forever :-))).

Sending SMS by command line on Android smartphone using adb and ShellSMS

Fortunately for the phone I succeeded :-). Obviously I was not alone nor the first one who wants to do this, so there is an application "ShellMS", which installs support for sending SMS via adb from the PC directly:
adb shell am startservice --user 0 -n com.android.shellms/.sendSMS -e contact +international_phone_number -e msg "text of the message"

Reading SMS by command line on Android smartphone using sqlite3 to directly manipulate the database

The incomming messages are stored in a database, which can be read and modified by sqlite3 (after ssh/su as root into the phone):
echo 'select * from sms;' | sqlite3 -csv /data/data/com.android.providers.telephony/databases/mmssms.db

Provided this information it is easy to write a script which automates the necessary steps. Here are the ones I have written: 'sms', to be used as 'sms +number|contact_name' for sending from PC's command line; the text is being read from stdin and ended by CTRL-D or a line containing single '.' character (mailx-like). Messages longer than 160 chars are automatically split. It uses contacts stored as .vcf in the PC. Second script is 'smsr' for reading the sms database of both incoming and outgoing ones from the phone's command line, it also allows deleting 'smsr del number' or deleting all 'smsr cleanall'. The database files used by smsr are /data/data/com.android.providers.telephony/databases/mmssms.db with the messages and /data/data/com.android.providers.contacts/databases/contacts2.db for number-> name conversion, which is done by an additional script 'contact', called from smsr. For listing call log I use the script 'calls'.

Unfortunately, I did not find out yet how to automatically delete the SMS notifications and the SMS counter displayed at the "messaging" icon. The script marks the messages and threads as seen, but does not restart the 'badge provider' to update the displayed number of messages.

The scripts require a TCP/IP connection to the phone, which can be done conveniently (with constant private IP) via openvpn or via bluetooth (see above).

Command line script to work with the event calendar (sqlite3 based) on Samsung galaxy S4 active (I9295) with Android 4.2.2

I also like to access and manipulate the event calendar from command line, as I did previously with my N900. The database file is /data/data/com.android.providers.calendar/databases/calendar.db. I had to write a different script now, since the database organization is quite different, however, it is standard SQL again. The script is called 'calendar' and can be invoked in four ways:
calendar - lists all events with their number id's
calendar del number [number ...] - deletes specified events
calendar clean - deletes all events in the past
calendar add "EVENT_NAME" "LOCATION" DATE - adds a new event, non-repetitive, with alarm 15 minutes ahead
DATE is in any format recognizable by 'date -d' unix command. For example:
calendar add dinner "favorite pub" Dec 31 20:00 2014


Writing the script was not completely trivial, as the events are stored in several interlinked tables, Julian day calculation was necessary etc. It also requires some custom-built binaries, see above for their download. Note: the calendar script needs /tmp (for tcsh << construct): mkdir /data/tmp; mount -o remount,rw /; ln -s /data/tmp /tmp; mount -o remount,ro /

How to change android_id from command line

sqlite3 /data/data/com.android.providers.settings/databases/settings.db update secure set value='0123456789abcdef' where name='android_id';

Freeing space on /system on Samsung galaxy S4 active (I9295) with Android 4.2.2

I have noticed that /system has become almost full on my phone after installing just a few static binaries to /system/ bin :-(. Using 'du' it was easy to determine the culprit - the preinstalled garbage bloatware in /system/app, where multimegabyte .apk files reside. To see worts of them, 'll|sort -k 4|tail -30'. I have made 'mkdir /data/app/preinstalled' and moved some of the worst there and subsituted them by symbolic links. (Note that the stupid busybox substitute of 'ln' cannot do 'ln -s blabla/* dest/', I had to use foreach in tcsh.) However, then I noticed that the android system does not follow the symlinks and some important apps were then missing from the GUI. So I returned them back, selecting not by size, but just the crapware which I did not want to use anyway. This freed over 300M on /system, making place enough. Possibly one could install the removed apk files as downloaded applications, but I did not try this as there was no need.

Some information about the radio interface layer (RIL) on Android

Read logfiles: adb logcat -v threadtime -b radio
The cellular network IPv4 interface works as a host-less modem:
rmnet_usb0 gets an IP address from private range, ip route default goes to the modem's address

I was not able to find reasonable documentation about RIL, unfortunately ...

How Google and Amazon attempt to spy on you using your own Android smartphone and how to prevent it

It is obvious that companies like Google and Amazon try to collect information about their users and make a profit from it in many ways. These practices are highly controversioal, and several people warned about them, see for example this article and this article and this article and Wiki about Carrier_IQ. You might agree with this being done to you, and if you have an account with them for e-mail or other cloud services, or even if you use google search or youtube without an account, you actually agree with this and give your data away voluntarily.

However, I have found out using wireshark, that my Android phone was sending some packets to their servers even when the phone was idle, browser was closed, and, obviously, I had no accounts with these big brother companies nor did I install applications which would be allowed to e.g. share my location (see above how to restrict permissions of the applications).

Some information was transmitted over HTTP protocol, some was UDP to non-standard ports, some was encrypted HTTPS to 1e100.net (which might be innocent, or not, but since it is encrypted you never know). Moreover, I found that when switching on camera, the phone sends https packets to 31.186.231.35. I find this absolutely unacceptable! The ps command shows more than 300 processes running (!) on an idle phone right after bootup, so there is a plenty of possible backdoors and information leaks. I did not try to identify which processes/apps are responsible for this behavior, but rather I used iptables (started from init.d - see above) to prevent this communication:
iptables -I OUTPUT --dest 74.125.136.188 -j DROP
iptables -I OUTPUT --dest 54.231.10.72 -j DROP
iptables -I OUTPUT --dest 54.229.105.203 -j DROP
iptables -I OUTPUT --dest 176.34.155.23 -j DROP
iptables -I OUTPUT --dest 173.194.116.0/16 -j DROP
iptables -I OUTPUT --dest 216.58.0.0/16 -j DROP
iptables -I OUTPUT --dest 31.186.231.0/24 -j DROP
iptables -I OUTPUT --dest 64.233.0.0/16 -j DROP
iptables -I OUTPUT --dest 74.125.0.0/16 -j DROP
iptables -I OUTPUT --dest 66.102.0.0/16 -j DROP
iptables -I OUTPUT --dest 108.177.0.0/16 -j DROP
iptables -I OUTPUT --dest 52.24.0.0/16 -j DROP
iptables -I OUTPUT --dest 239.255.255.0/24 -j DROP
iptables -I OUTPUT --dest 224.0.0.0/24 -j DROP
iptables -I OUTPUT --dest 52.8.0.0/16 -j DROP
iptables -I OUTPUT --dest 3.122.0.0/16 -j DROP iptables -I OUTPUT --dest 3.121.0.0/16 -j DROP iptables -I OUTPUT --dest 88.198.113.0/8 -j DROP iptables -I OUTPUT --dest 188.120.253.0/8 -j DROP iptables -I OUTPUT --dest 172.253.0.0/16 -j DROP iptables -I OUTPUT --dest 142.250.0.0/16 -j DROP iptables -I OUTPUT --dest 192.254.0.0/16 -j DROP
To repeat this at boottime, I have placed it in /etc/init.d/02-iptables
It is also necessary to periodically check by tcpdump and put additional IPs in the blacklist, since the list is not complete and might change in time. As a side-effect of this, I had to resign on google search and youtube videos on the phone, but I installed duckduckgo instead as an alternative search engine in firefox.
It might be somewhat inconvenient when using the phone for tethering to PC, but it might be possible to solve it with some more elaborate rules.

The above list of IPs might be incomplete - was based on a few hours wireshark session - and may also vary geographically, so you should check for yourself.

I also did not check the IPv6 connectivity, which might be available via some cell providers (yet).

There is also a lot of offline logging being done; the TrevE's security test can be employed to identify the culprits. A paid "pro" version of the app can clean the phone from the GUI, but if you know the command line, it is easy to remove the logfiles yourself, an ideal job for the cron daemon (see above).

The most clean solution to these problems would be to install a completely open source system like cyanogenmod, but I did not try that, partly being afraid that some hardare might now work properly with it, partly due to lack of time, I have spent already time enough on all the stuff described above, just to force the phone to meet modest privacy expectations!



My Electronics page


My hobby page


My main page with e-mail contact


TOP of my family pages