Slashdot Mirror
Ask Slashdot: How To Safely Use Older Android Phones?
An anonymous reader writes: Like many people reading this site, I have several older phones around as well as my newest, fanciest one; I have a minimal service plan on one of these (my next-to-most-recent), and no service plan (only WI-Fi, as available) on the others. Most of them have some reason or other that I like them, so even without service I've kept them around to act as micro-tablets. Some have a better in-built camera than my current phone, despite being older; some are nice on occasion for being small and pocketable; I like to use one as a GPS in the car without dedicating my phone to that purpose; I can let my young relatives use an older one as a camera, etc. Besides, some people have only one phone at all, and can't reasonably afford a new one -- and that probably means a phone that's not cutting edge. So: in light of the several recent Android vulnerabilities that have come to light, and no reason to think they're the last of these, what's a smart way to use older Android phones? Is CyanoGen Mod any less vulnerable? Should I be worried that old personally identifying information from online transactions is still hanging around somewhere in the phone's recesses? I don't want to toss still-useful hardware, but I know I won't be getting any OS upgrades to 3-year-old phones. How do you use older phones that are not going to get OTA updates to address every security issue?
I still have my galaxy s3, which is running CyanogenMod equivalent to Android 5.1.1
I'd imagine that gets security patches.
C'mon, at some point you're just hoarding junk.
Help save the critically endangered Blue Iguana
hopefully some clever x-google employee or a current google employee will so do some work on the side at home and build a customized debian or slackware port that is easily installed in any android device, most are locked down so this cant happen but i bet somebody has the key to unlocking these android phones that have so far been uncrackable at the firmware/hardware level
Politics is Treachery, Religion is Brainwashing
Install Firefox OS on it. Based on this review, it'll be extremely secure, because you probably won't actually be able to do anything at all with it. Apparently there will be a good chance that the phone's GPS, camera, and other functionality won't work, and if they aren't working then they can't be abused.
Safe usage of the old phones is putting them in a container and sending them to rural Africa. Along with your sneakers that you didnt like, tee shirts and so on, believe me, the recipients will appreciate.
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
There you go.
It's unlikely you can keep anything running a version of Android 4.4 truly secure, and even that won't be secure for much longer. The best idea if you're worried these still have some sensitive personal information on them would be a factory wipe (from the phone's recovery mode, not within the OS as this will leave internal storage in-tact). This should protect you from what most malicious parties are looking for, though if the phone is on your local network there's always the opportunity for them to use the compromised phone as a pivot point to compromise other machines on your network, but you'd probably need to be in someone's crosshairs for them to be doing this.
I face the same issue, old phone (2008) with physical keyboard which has been happily running Cyanogen for years now.
With the newly found vulnerabilities I'm also interested in running a os on it that can be patched regularly, be it Linux or a up-to-date android version.
Ubuntu phone isn't supported by my device, and I hope but do not expect it to be supported any time in the future.
I can hardly imagine the original manufacturer would be interested in supporting these old phones (..when they can sell you a new one for direct profit). I do expect any new devices to be obsolete again within 2 years due to newly found exploits and such.
I'm a developer myself, but android is not *yet* my piece of cake to develop for.
What would be a good incentive for developers to keep supporting these phones?
First world problems!
This is Slashdot, everything by definition is a first world concern. If you want to read stories about how to chase down buffalo and antelope to make clothing/food/shelter for the approaching dark months you're on the wrong website.
Yea, the recipients being the government dock or airport workers, who will then sell said items to help fund their queen's $100k Manhattan shopping spree the next time they are in NYC to beg for foreign aid.
while(1) attack(People.Sandy);
It would be nice if phone vendors didn't treat old phones as if only good for landfills. I know I'll never go back to Android because there's no assurance that even a brand new phone will be upgradable to the latest software even a month later (it's already happened to me). So the idea of just installing the latest OS and installing some specific apps doesn't seem doable.
The inability to upgrade Android phones is a HUGE problem.
Perhaps some enterprising people will create dedicated OS images for various hardware that remove all the cruft and just run specific things. For instance, I'd love to use an old phone as just a navigation system for my car - nothing else. I'd pay for that software if it existed.
Now only if Android vendors and developers knew about software portability...
I want a micro-tablet. I want a cell phone without the phone to hold my shopping list, music, and podcasts. I don't want the phone.
Why doe this not exist?
pr0n - keeping monitor glass spotless since 1981.
An insecure old phone for rural Africa, where the first application is probably online banking, is not that desirable. Dumb phones are probably more secure and sufficiently poor people are willing to repair them.
Well, millions of discarded smartphones would be ideal too, with people willing to do a LCD replacement job, battery job, soldering a connector etc. but the OS sticks out as the main issue, like that 233MHz iMac I put back in the junk after I failed to boot a linux installer (perhaps something could be done but I didn't know better)
Why would you link a phone to yourself? Why not just hold up a sign "NSA please track me".
why buy an iphone? I thought he just threw his iphone in the trash where it belongs? ;)
have you seen my sig? there are many others like it but none that are the same
The first application is not online banking. The concept of "banking" is not well developed in these areas, much less online banking.
the first application is almost exclusively simply communication. and watching pictures on the net ( no reading - language barrier ). also taking pictures.
I was in southern parts a year or so ago. gave away a phone, footwear and some shirts in person to some kids - they were super grateful.
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
Don't let it even route to the Internet, but let it use all your local services, e.g. be a control panel for whatever.
Use it with WiFi, run -- ONLY -- the netflix app, use it to control a chromecast on your TV, dump comcast, save $150 a month.
Seriously, old cell phones and tablets are GREAT for this sort of thing! My cable bill is through the roof. Between the premium channels with old crappy movies that couldn't bring in revenue when they were new and renting the set-top boxes, it's all waayyy overpriced! Time to cut the cord!
...and it was called a Palm Pilot.
Is it possible for the hardware manufacturers to put a read-only switch on the device that would protect certain core files from being overwritten?
Wow! CyanogenMod has become amazing since I last looked at it.
New hardware? Steve Jobs got people to believe that, if they don't have the newest version of DTT, Digital Turnip Twaddling, they are horribly disadvantaged.
Buy an Apple watch? For $1,000.00? An Apple employee showed me his watch and said the software was unfinished.
you dont - or actually do in limited fashion in the same way as a computer that is suspected to have already malware. Installing random applications gives out your phone number and its a meter of time when something hits you. Threfore you dont install any applications, best would be no internet connection. Maybe some limited if you trust those, or just apps without ads theoretically should be safe.
Time is being wasted with too much microscopic detail. "In light of the several recent Android vulnerabilities..." is where the question starts. From the first word, all the way down to "...a phone that's not cutting edge" is 148 words (60% of the post) describing trivial concerns and working too hard to explain (thereby only begging the question) why someone would keep old gear. That's why people are saying the problem is trivial and accusing you of holding on to old junk. Me, I applaud old junk, but anyway. Cut those 148 words and replace with, preferably nothing, or you could sum it all up with something like "Old phones still exist because of reasons." (Wow no shit? You mean it's not mandatory to buy every new phone that comes along and toss the old one?)
Turn off wifi and cellular. That should keep you safe.
Older smartphones don't have enough available memory to host the apps released today. Chrome simply won't run right, or even fit on an 8 MB phone, with Cyanogenmod installed and all vendor crap removed.
If you want to do the right thing, donate the phones to any of the countless charities that accept them, take a tax deduction, and donate that amount to another charity.
Making them work for the intended purpose is their problem.
Wipe it (all phones have a factory reset option), remove the SIM, and mail it off.
Mission: To provide products that consume time and energy as entertainingly as permitted by the laws of thermodynamics.
If you want to read stories about how to chase down buffalo and antelope to make clothing/food/shelter for the approaching dark months you're on the wrong website.
Yes, they should look for some kind of a Stevie Wonder/Martha Stewart site, get a little investment advice on the side... Those 'dark months' are great opportunities for discount shopping.
This is actually amazingly wrong. There are micro-payment mechanisms in Africa that work with old Nokia brick phones. Mobile in Africa is not quite what you'd expect by taking the western model and dialling it back; that's not how it is. There are people carrying three mobile phones (for different networks) but charging them with solar.
Unless you're using it for banking or some other financial activity does it really matter? If using it as a GPS or like I do as a pocket ebook reader then who cares? I've got an old Samsung Media Player 5 that I use to read books while listening to FM radio through earbuds (It has an FM chip in it!) That way I run the battery down on it instead of my phone. I have wi-fi so if I have a hotspot available I can e-mail if I like or even browse the web and youtube. If it gets hacked so what? I don't use it for anything critical.
...on the international Samsung Galaxy S3 I bought for the purpose. (The international version uses a different chipset, which is one of the few supported by Replicant, which is a fully-open CyanogenMod derivative that doesn't use a number of closed binary blobs (if you don't install them yourself to use a couple of the phone's features), some of which are known to have backdoor-capable hooks.)
Then these two flaws came to light.
So I'm waiting for Replicant to figure out whether they're vulnerable and if so what needs to be done to fix that.
As I understand it, the Replicant project is down to mostly one guy with a day job - AND is the closest thing to a fully open-source, pretty much secure, smartpphone load out there. (This is the project that DISCOVERED the Samsung backdoor...) IMHO it would be a good project for those who want to work on a secure-AND-open smartphone to contribute to (or fork from).
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
If the default AOSP browser is your only option, toss it if security is a concern. I have a couple old phones that only do one or two things and I don't keep my account associated and side-load only open source apps.
Safe usage of the old phones is putting them in a container and sending them to rural Africa.
And I bet the rural folks can get a bit of cash by selling them to the scammers in Nigeria.
Why bother to spam you to scam you out of your bank account information if they can get hold of a cellphone you've used to access your accounts. B-)
What? You factory-reset the phone? Do you KNOW if that REALLY clears your personal information beyond all recovery on your phone model?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Extremely good point. We need some way to compensate those who do the work.
All the companies associated with Android seem badly managed. They get themselves involved in conflicts of interest. They do things that are, basically, hostile to the customers.
Google developed Android. Good. Then Google began using Android for more and more control. Bad. In response, companies like Samsung are developing their own cell phone OS versions, and also trying to take too much control.
On this Slashdot page, Google is trying to track me 4 different ways:
Google Tag Services, http://www.googletagservices.c...
Google Analytics
Google AdWords
Google DoubleClick, http://www.google.com/doublecl...
People are beginning to speak very negatively about Google because of the over-reaching corporate tactics.
A Google manager told me that the company doesn't know what to do with all the money it makes from advertising on Google search. So, the problem is not Google being poor.
Externally.
"Unfinished software"
The Apple employee meant that the software was worse than alpha. He indicated that Apple shouldn't have released the Apple Watch before it was finished.
Steve Jobs was very abusive, but he had his good side. He would never have released something so obviously faulty. The Apple employee and I agreed about that.
Yes, it tells the time. The watch shows text messages on an iPhone so that it isn't necessary to take the phone out of a pocket. But, does that justify paying $500 or $1,000?
Would you want your company to suffer the destruction of reputation faced by Apple?
Seven problems facing the Apple Watch
Apple Watch: Issues We Know Of And Possible Fixes.
Opinion: One month later, fixing 15 early Apple Watch problems seems straightforward
These 8 problems with the Apple Watch are 'infuriating'
9 of the biggest complaints about the Apple Watch so far
8 Infuriating Problems With The Apple Watch
Find a site that supports your device. You can get rooting information and the real answers your looking for, as CyanoGen isn't the only ROM out there; many are made by users who will access that site.
Once rooted (jail broken) you can add a HOSTS file, programs to change the permissions of a program (as any game is going to want your info and out), just a lot more freedom to do what you want.
Older Android devices you need to access your developers options, newer devices you need to get it to show by opening up the (about device) option and I forget just which one but by tapping 7 times on it will work, when you get close to 7 you will start getting warnings.
1. I have KODI media server and use them as WiFi remote controllers for controlling KODI.
2. I have an older laptop dedicated to the Van and use them with it as PLEX viewing/listening devices for passengers. The Laptop acts as server and the built in WiFi becomes an Access Point for the phones to connect to. Passengers love it for music or photos or listening to music via headphones for privacy.
3. I own TriggerTrap photo device. Older phones can control camera via Wifi from one phone in my hand to another phone connected directly to TriggerTrap device.
4. Mount one to my handle bar phone holder and use the phones GPS for tracking/logging my bicycle rides.
5. Keep them handy for a Happy Snap if nothing better is available to take a photo. Sort of backup to my current phone.
I am not very concerned that any of my uses is a security problem but I can see that security could be an issue depending on how these phones are used.
I own 5 phones - Nexus S, 2x Samsung Galaxy S4 and 2x Moto G -- I try to get phones that the battery can be replaced by user.
I still think we need to cluster them all together and make recycled phones do some meaningful computing such as sequencing genomes for rain forest flora and fauna. It seems like a good enough use for them and, when they die, they can be thrown into the recycle bin and have their parts recycled or disposed of properly. Mind you, the only reason I think this is a good idea is because I want to giggle when they try it but I have been promoting this idea for a while now. A cluster of old smart phones being used for meaningful science is surely going to attract some kickstarter funds.
"So long and thanks for all the fish."
Not going to quibble over whether it's the 'first' application, but actually mobile-phone banking is hugely important in many developing countries. It might be different from the 'online banking' people are imagining, but for people with limited access to traditional banking, using sms to store and transfer cash is widely done.
Doesn't need a smart phone, though.
fwiw: i live and work in a developing country, and have worked in others.
Have you heard of any instances of someone with Android phone actually being a victim of this or any of the dozens of other doomsday bugs we're constantly bombarded with?
Or maybe, just maybe do you ever get the impression that these things are nothing but click bait journalism?
AFAIK, not one instance of stagefright
has been reported in the wild. Almost borders on incredible given that there are 950 million targets wouldn't you agree?
My best advice to you is if you're going to listen to all the noise about how vulnerable s
Let's take a look at the 8 "infuriating" things wrong with the Apple Watch, according to HuffPo:
1) I had no trouble buying one. There are a lot of options; surprise! With more options comes more complexity! ... obviously if you drop it on concrete the face will break, just like the screen on your phone would. You don't have to be any more careful than you are with your phone.
2) My setup time consisted of running the Apple Watch app on my phone. That was it. Minutes.
3) This just in: A watch can get dinged up on your wrist. In other news, water is wet.
4)
5) I have not experienced any degradation in my iPhone's battery life. But, I also don't have a basis for a scientific comparison; qualitatively it doesn't feel like a problem.
6) If it won't charge, it's clearly bad hardware, and you can exchange it. Bad hardware happens, unfortunately, this is why there are return policies.
7) I have to agree a (little) bit with this one, it's not clear how stuff is intended to be used sometimes. But once you get used to it, it's no problem. Still, that's a black eye for Apple; ease-of-use is one of their primary selling points.
8) I've experienced the issue described. I have not had the issue with my watch's app screen.
Clearly it's not the smoothest rollout Apple's ever had, but it's not the disaster that people are making it out to be.
Never underestimate the power of stupid people in large groups.
I've dropped real watches tons of time and none of them have had their watch faces shatter, nor their glass scratch.
Bad watch design is bad.
Also, re: #1
You realize what people you're talking to, right? These are the same people who WANT no choice because OMG THINKING HURTZ.
"... it's not the disaster that people are making it out to be."
One of the issues is this: "people" are saying negative things. Apple has become a gay-supporting, headphone-selling, watch-making corporation that announces products before they are ready.
Apple's Tim Cook profiled as "most powerful gay man in Silicon Valley"
5 Reasons Apple Headphones Are The Actual Worst. We are all victims.
Exclusive: Corrupt Apple Store Employees Come Forward Across America (12/20/12)
Apple CEO Tim Cook is apparently not someone who can handle being a CEO. A capable CEO would not run a company in a way that gets so much negative or distracting publicity.
Does Tim Cook deserve to be paid so much? "Cook's pay package was valued at $378 million when he became Apple's CEO."
I have a BUNCH of older phones - somewhere in the neighborhood of (cough, 60, cough) I have started using the oldest of the bunch as wifi security cameras with an app called Alfred (android only) and every time the device senses motion it sends a screen capture to my viewer device (which is a couple phones I actually use with cell/data service.) basically I put one in my front window, on each side of the house and, in my entry way into my home, I plan on putting one more in the garage window, and will put a couple more in the back yard windows, and for those of you with children - perhaps a baby monitor???? And since the devices barely have enough memory to cover google play services, much less other installable apps, this seems like the best way I know how to repurpose them - besides, they cost me less than $10 ea. so WAY cheaper than any IP camera you can buy!
Also, you're wrong anyway. The SD card "read only" switch can be connected to a GPIO, but SD card controllers (the chip you use to interface to them) tend to have write enable lines. If you connect a hard switch there, nothing you do in the driver will enable writes... save perhaps loading compromised firmware to the chip. That's still a danger... which is why we need firmware write enable switches!
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
They are basically an IPad in a IPhone form factor. I was surprised Apple still made them.
In Soviet Russia, Slashdot.ru is only second world concerns!
no text
It's a distraction that causes people to get involved in other things rather than thinking about Apple products.
Apparently there are no second world concerns, slashdot.ru returns 'Nothing here.'
Requiem for the American Dream
I still think we need to cluster them all together and make recycled phones do some meaningful computing such as sequencing genomes for rain forest flora and fauna. It seems like a good enough use for them and, when they die, they can be thrown into the recycle bin and have their parts recycled or disposed of properly. Mind you, the only reason I think this is a good idea is because I want to giggle when they try it but I have been promoting this idea for a while now. A cluster of old smart phones being used for meaningful science is surely going to attract some kickstarter funds.
The problem with this idea is that it's more effective to buy a single new cpu than it is to try to wire up a bunch of slow unreliable phones.
I have a closet full of 1U servers that are about 7 years old. Today, I can buy a $150 computer that sits in my hand and uses 1/10
the power and is twice as fast. I can buy a single server that uses the same power as one of them that is faster than the entire rack.
If electricity was free AND maintenance was free AND you could network them together for free AND the task you wanted to do was
easy to do in parallel so that you could easily scale horizontally then it might be worth it but none of those conditions hold true.
Pfft... We'll get a research institute or government funding. We're recycling phones for nature.
Thank you for the well done response, seriously.
"So long and thanks for all the fish."