Slashdot Mirror
Ask Slashdot: How To Safely Use Older Android Phones?
An anonymous reader writes: Like many people reading this site, I have several older phones around as well as my newest, fanciest one; I have a minimal service plan on one of these (my next-to-most-recent), and no service plan (only WI-Fi, as available) on the others. Most of them have some reason or other that I like them, so even without service I've kept them around to act as micro-tablets. Some have a better in-built camera than my current phone, despite being older; some are nice on occasion for being small and pocketable; I like to use one as a GPS in the car without dedicating my phone to that purpose; I can let my young relatives use an older one as a camera, etc. Besides, some people have only one phone at all, and can't reasonably afford a new one -- and that probably means a phone that's not cutting edge. So: in light of the several recent Android vulnerabilities that have come to light, and no reason to think they're the last of these, what's a smart way to use older Android phones? Is CyanoGen Mod any less vulnerable? Should I be worried that old personally identifying information from online transactions is still hanging around somewhere in the phone's recesses? I don't want to toss still-useful hardware, but I know I won't be getting any OS upgrades to 3-year-old phones. How do you use older phones that are not going to get OTA updates to address every security issue?
I still have my galaxy s3, which is running CyanogenMod equivalent to Android 5.1.1
I'd imagine that gets security patches.
C'mon, at some point you're just hoarding junk.
Help save the critically endangered Blue Iguana
hopefully some clever x-google employee or a current google employee will so do some work on the side at home and build a customized debian or slackware port that is easily installed in any android device, most are locked down so this cant happen but i bet somebody has the key to unlocking these android phones that have so far been uncrackable at the firmware/hardware level
Politics is Treachery, Religion is Brainwashing
Install Firefox OS on it. Based on this review, it'll be extremely secure, because you probably won't actually be able to do anything at all with it. Apparently there will be a good chance that the phone's GPS, camera, and other functionality won't work, and if they aren't working then they can't be abused.
It's unlikely you can keep anything running a version of Android 4.4 truly secure, and even that won't be secure for much longer. The best idea if you're worried these still have some sensitive personal information on them would be a factory wipe (from the phone's recovery mode, not within the OS as this will leave internal storage in-tact). This should protect you from what most malicious parties are looking for, though if the phone is on your local network there's always the opportunity for them to use the compromised phone as a pivot point to compromise other machines on your network, but you'd probably need to be in someone's crosshairs for them to be doing this.
First world problems!
This is Slashdot, everything by definition is a first world concern. If you want to read stories about how to chase down buffalo and antelope to make clothing/food/shelter for the approaching dark months you're on the wrong website.
It would be nice if phone vendors didn't treat old phones as if only good for landfills. I know I'll never go back to Android because there's no assurance that even a brand new phone will be upgradable to the latest software even a month later (it's already happened to me). So the idea of just installing the latest OS and installing some specific apps doesn't seem doable.
The inability to upgrade Android phones is a HUGE problem.
Perhaps some enterprising people will create dedicated OS images for various hardware that remove all the cruft and just run specific things. For instance, I'd love to use an old phone as just a navigation system for my car - nothing else. I'd pay for that software if it existed.
Now only if Android vendors and developers knew about software portability...
I want a micro-tablet. I want a cell phone without the phone to hold my shopping list, music, and podcasts. I don't want the phone.
Why doe this not exist?
pr0n - keeping monitor glass spotless since 1981.
An insecure old phone for rural Africa, where the first application is probably online banking, is not that desirable. Dumb phones are probably more secure and sufficiently poor people are willing to repair them.
Well, millions of discarded smartphones would be ideal too, with people willing to do a LCD replacement job, battery job, soldering a connector etc. but the OS sticks out as the main issue, like that 233MHz iMac I put back in the junk after I failed to boot a linux installer (perhaps something could be done but I didn't know better)
It's amazing how quickly these phones go obsolete and become completely vulnerable to exploits over time. Meanwhile, I have an old PC happily running linux on it for years on end with all the security updates. These phone manufacturers have only themselves to blame for creating this security mess in the first place. Locked bootloaders, locked modem, locked OS. The worst of it? No one is complaining. Until more people start complaining about getting hacked and being a victim of identity theft, nothing will change. And if you use wifi on your phone, your phone essentially is a nice backdoor into your own network behind a firewall.
The first application is not online banking. The concept of "banking" is not well developed in these areas, much less online banking.
the first application is almost exclusively simply communication. and watching pictures on the net ( no reading - language barrier ). also taking pictures.
I was in southern parts a year or so ago. gave away a phone, footwear and some shirts in person to some kids - they were super grateful.
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
Just wait until you have pop-over/under adware on android phones that you can't get rid of. I bet you people will start complaining then about security.
This Sig does not Exist.
...and it was called a Palm Pilot.
Is it possible for the hardware manufacturers to put a read-only switch on the device that would protect certain core files from being overwritten?
Wow! CyanogenMod has become amazing since I last looked at it.
New hardware? Steve Jobs got people to believe that, if they don't have the newest version of DTT, Digital Turnip Twaddling, they are horribly disadvantaged.
Buy an Apple watch? For $1,000.00? An Apple employee showed me his watch and said the software was unfinished.
Time is being wasted with too much microscopic detail. "In light of the several recent Android vulnerabilities..." is where the question starts. From the first word, all the way down to "...a phone that's not cutting edge" is 148 words (60% of the post) describing trivial concerns and working too hard to explain (thereby only begging the question) why someone would keep old gear. That's why people are saying the problem is trivial and accusing you of holding on to old junk. Me, I applaud old junk, but anyway. Cut those 148 words and replace with, preferably nothing, or you could sum it all up with something like "Old phones still exist because of reasons." (Wow no shit? You mean it's not mandatory to buy every new phone that comes along and toss the old one?)
Turn off wifi and cellular. That should keep you safe.
Older smartphones don't have enough available memory to host the apps released today. Chrome simply won't run right, or even fit on an 8 MB phone, with Cyanogenmod installed and all vendor crap removed.
If you want to do the right thing, donate the phones to any of the countless charities that accept them, take a tax deduction, and donate that amount to another charity.
Making them work for the intended purpose is their problem.
Wipe it (all phones have a factory reset option), remove the SIM, and mail it off.
Mission: To provide products that consume time and energy as entertainingly as permitted by the laws of thermodynamics.
Unless you're using it for banking or some other financial activity does it really matter? If using it as a GPS or like I do as a pocket ebook reader then who cares? I've got an old Samsung Media Player 5 that I use to read books while listening to FM radio through earbuds (It has an FM chip in it!) That way I run the battery down on it instead of my phone. I have wi-fi so if I have a hotspot available I can e-mail if I like or even browse the web and youtube. If it gets hacked so what? I don't use it for anything critical.
...on the international Samsung Galaxy S3 I bought for the purpose. (The international version uses a different chipset, which is one of the few supported by Replicant, which is a fully-open CyanogenMod derivative that doesn't use a number of closed binary blobs (if you don't install them yourself to use a couple of the phone's features), some of which are known to have backdoor-capable hooks.)
Then these two flaws came to light.
So I'm waiting for Replicant to figure out whether they're vulnerable and if so what needs to be done to fix that.
As I understand it, the Replicant project is down to mostly one guy with a day job - AND is the closest thing to a fully open-source, pretty much secure, smartpphone load out there. (This is the project that DISCOVERED the Samsung backdoor...) IMHO it would be a good project for those who want to work on a secure-AND-open smartphone to contribute to (or fork from).
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Safe usage of the old phones is putting them in a container and sending them to rural Africa.
And I bet the rural folks can get a bit of cash by selling them to the scammers in Nigeria.
Why bother to spam you to scam you out of your bank account information if they can get hold of a cellphone you've used to access your accounts. B-)
What? You factory-reset the phone? Do you KNOW if that REALLY clears your personal information beyond all recovery on your phone model?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Extremely good point. We need some way to compensate those who do the work.
All the companies associated with Android seem badly managed. They get themselves involved in conflicts of interest. They do things that are, basically, hostile to the customers.
Google developed Android. Good. Then Google began using Android for more and more control. Bad. In response, companies like Samsung are developing their own cell phone OS versions, and also trying to take too much control.
On this Slashdot page, Google is trying to track me 4 different ways:
Google Tag Services, http://www.googletagservices.c...
Google Analytics
Google AdWords
Google DoubleClick, http://www.google.com/doublecl...
People are beginning to speak very negatively about Google because of the over-reaching corporate tactics.
A Google manager told me that the company doesn't know what to do with all the money it makes from advertising on Google search. So, the problem is not Google being poor.
Externally.
"Unfinished software"
The Apple employee meant that the software was worse than alpha. He indicated that Apple shouldn't have released the Apple Watch before it was finished.
Steve Jobs was very abusive, but he had his good side. He would never have released something so obviously faulty. The Apple employee and I agreed about that.
Yes, it tells the time. The watch shows text messages on an iPhone so that it isn't necessary to take the phone out of a pocket. But, does that justify paying $500 or $1,000?
Would you want your company to suffer the destruction of reputation faced by Apple?
Seven problems facing the Apple Watch
Apple Watch: Issues We Know Of And Possible Fixes.
Opinion: One month later, fixing 15 early Apple Watch problems seems straightforward
These 8 problems with the Apple Watch are 'infuriating'
9 of the biggest complaints about the Apple Watch so far
8 Infuriating Problems With The Apple Watch
Find a site that supports your device. You can get rooting information and the real answers your looking for, as CyanoGen isn't the only ROM out there; many are made by users who will access that site.
Once rooted (jail broken) you can add a HOSTS file, programs to change the permissions of a program (as any game is going to want your info and out), just a lot more freedom to do what you want.
Older Android devices you need to access your developers options, newer devices you need to get it to show by opening up the (about device) option and I forget just which one but by tapping 7 times on it will work, when you get close to 7 you will start getting warnings.
1. I have KODI media server and use them as WiFi remote controllers for controlling KODI.
2. I have an older laptop dedicated to the Van and use them with it as PLEX viewing/listening devices for passengers. The Laptop acts as server and the built in WiFi becomes an Access Point for the phones to connect to. Passengers love it for music or photos or listening to music via headphones for privacy.
3. I own TriggerTrap photo device. Older phones can control camera via Wifi from one phone in my hand to another phone connected directly to TriggerTrap device.
4. Mount one to my handle bar phone holder and use the phones GPS for tracking/logging my bicycle rides.
5. Keep them handy for a Happy Snap if nothing better is available to take a photo. Sort of backup to my current phone.
I am not very concerned that any of my uses is a security problem but I can see that security could be an issue depending on how these phones are used.
I own 5 phones - Nexus S, 2x Samsung Galaxy S4 and 2x Moto G -- I try to get phones that the battery can be replaced by user.
I still think we need to cluster them all together and make recycled phones do some meaningful computing such as sequencing genomes for rain forest flora and fauna. It seems like a good enough use for them and, when they die, they can be thrown into the recycle bin and have their parts recycled or disposed of properly. Mind you, the only reason I think this is a good idea is because I want to giggle when they try it but I have been promoting this idea for a while now. A cluster of old smart phones being used for meaningful science is surely going to attract some kickstarter funds.
"So long and thanks for all the fish."
Let's take a look at the 8 "infuriating" things wrong with the Apple Watch, according to HuffPo:
1) I had no trouble buying one. There are a lot of options; surprise! With more options comes more complexity! ... obviously if you drop it on concrete the face will break, just like the screen on your phone would. You don't have to be any more careful than you are with your phone.
2) My setup time consisted of running the Apple Watch app on my phone. That was it. Minutes.
3) This just in: A watch can get dinged up on your wrist. In other news, water is wet.
4)
5) I have not experienced any degradation in my iPhone's battery life. But, I also don't have a basis for a scientific comparison; qualitatively it doesn't feel like a problem.
6) If it won't charge, it's clearly bad hardware, and you can exchange it. Bad hardware happens, unfortunately, this is why there are return policies.
7) I have to agree a (little) bit with this one, it's not clear how stuff is intended to be used sometimes. But once you get used to it, it's no problem. Still, that's a black eye for Apple; ease-of-use is one of their primary selling points.
8) I've experienced the issue described. I have not had the issue with my watch's app screen.
Clearly it's not the smoothest rollout Apple's ever had, but it's not the disaster that people are making it out to be.
Never underestimate the power of stupid people in large groups.
"... it's not the disaster that people are making it out to be."
One of the issues is this: "people" are saying negative things. Apple has become a gay-supporting, headphone-selling, watch-making corporation that announces products before they are ready.
Apple's Tim Cook profiled as "most powerful gay man in Silicon Valley"
5 Reasons Apple Headphones Are The Actual Worst. We are all victims.
Exclusive: Corrupt Apple Store Employees Come Forward Across America (12/20/12)
Apple CEO Tim Cook is apparently not someone who can handle being a CEO. A capable CEO would not run a company in a way that gets so much negative or distracting publicity.
Does Tim Cook deserve to be paid so much? "Cook's pay package was valued at $378 million when he became Apple's CEO."
I have a BUNCH of older phones - somewhere in the neighborhood of (cough, 60, cough) I have started using the oldest of the bunch as wifi security cameras with an app called Alfred (android only) and every time the device senses motion it sends a screen capture to my viewer device (which is a couple phones I actually use with cell/data service.) basically I put one in my front window, on each side of the house and, in my entry way into my home, I plan on putting one more in the garage window, and will put a couple more in the back yard windows, and for those of you with children - perhaps a baby monitor???? And since the devices barely have enough memory to cover google play services, much less other installable apps, this seems like the best way I know how to repurpose them - besides, they cost me less than $10 ea. so WAY cheaper than any IP camera you can buy!
Also, you're wrong anyway. The SD card "read only" switch can be connected to a GPIO, but SD card controllers (the chip you use to interface to them) tend to have write enable lines. If you connect a hard switch there, nothing you do in the driver will enable writes... save perhaps loading compromised firmware to the chip. That's still a danger... which is why we need firmware write enable switches!
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
They are basically an IPad in a IPhone form factor. I was surprised Apple still made them.
It's a distraction that causes people to get involved in other things rather than thinking about Apple products.
Apparently there are no second world concerns, slashdot.ru returns 'Nothing here.'
Requiem for the American Dream
I still think we need to cluster them all together and make recycled phones do some meaningful computing such as sequencing genomes for rain forest flora and fauna. It seems like a good enough use for them and, when they die, they can be thrown into the recycle bin and have their parts recycled or disposed of properly. Mind you, the only reason I think this is a good idea is because I want to giggle when they try it but I have been promoting this idea for a while now. A cluster of old smart phones being used for meaningful science is surely going to attract some kickstarter funds.
The problem with this idea is that it's more effective to buy a single new cpu than it is to try to wire up a bunch of slow unreliable phones.
I have a closet full of 1U servers that are about 7 years old. Today, I can buy a $150 computer that sits in my hand and uses 1/10
the power and is twice as fast. I can buy a single server that uses the same power as one of them that is faster than the entire rack.
If electricity was free AND maintenance was free AND you could network them together for free AND the task you wanted to do was
easy to do in parallel so that you could easily scale horizontally then it might be worth it but none of those conditions hold true.
Pfft... We'll get a research institute or government funding. We're recycling phones for nature.
Thank you for the well done response, seriously.
"So long and thanks for all the fish."