Difference between revisions of "Android"

Links

• Wikipedia

App stores

• Android Market

Alternate views on the official market:

• AndroLib
• Cyrket

Alternate markets:

• AppsLib
• AndSpot (beta)
• GetJar
• Handmark
• Mobango
• Handango
• explorePDA
• MiKandi
• MobiHand
• Mobspot
• Smartphone.net
• AndroidGear
• SlideME

User manuals

• Android 2.3 Manual
• HTC Wildfire Manual
• Nexus S Manual

Some internals info here

Short notes

Android 5.0.1 on Nexus 4

OTA attempt

This now requires adb v1.0.32 not yet in Debian/Ubuntu

Update refused to install because it was now also checking /system/bin/install-recovery.sh integrity

cd /system/bin
mount -o remount,rw /system
mv install-recovery_original.sh install-recovery.sh
mount -o remount,ro /system

Then OTA installed properly but attempt to root it with SuperSU v2.40 resulted in boot loop.

FW flashing

• ADB 1.0.32: https://skia.googlesource.com/skia/+archive/cd048d18e0b81338c1a04b9749a00444597df394/platform_tools/android/bin/linux.tar.gz
• 5.0.1 (LRX22C) for occam: https://developers.google.com/android/nexus/images -> https://dl.google.com/dl/android/aosp/occam-lrx22c-factory-86c04af6.tgz
  • Modified flash-all.sh to not wipe device: fastboot [delete: -w] update image-occam-lrx22c.zip
• TWRP 2.8.2.0 for mako: http://techerrata.com/browse/twrp2/mako -> http://techerrata.com/file/twrp2/mako/openrecovery-twrp-2.8.2.0-mako.img
  • fastboot boot openrecovery-twrp-2.8.2.0-mako.img / Advanced / Sideload
• BETA-SuperSU-v2.41 http://download.chainfire.eu/642/SuperSU/BETA-SuperSU-v2.41.zip
  • adb_1.0.32 sideload BETA-SuperSU-v2.41.zip

Tools

apt-get install android-tools-adb
apt-get install android-tools-fastboot

USB permissions on the host

Create /etc/udev/rules.d/99-android.rules for Nexus phones:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", MODE="0666", OWNER="<your_account>" # all Nexus

Then execute /etc/init.d/udev reload

Enter Fastboot mode

• Power off phone
• Depends on the phone, e.g.:
  • Nexus S: keep volume-up pressed while pressing power on for 5 secs
  • Nexus 4: keep volume-down pressed while pressing power on for 5 secs
  • Nexus 5: keep volume-down pressed while pressing power on for 5 secs
  • You've entered fastboot

Alternatively, fastboot can be triggererd from adb: adb reboot-bootloader

OEM unlock

This will wipe ALL DATA!!!

fastboot oem unlock

OEM unlock for rooted devices

Once the device has been unlocked and rooted, it can be locked/unlocked again without wiping all the data, at least on some phone models.
Install BootUnlocker

Factory images for Nexus phones

• https://developers.google.com/android/nexus/images

Example for Nexus S: (requires OEM unlock)

wget https://dl.google.com/dl/android/aosp/soju-imm76d-factory-ca4ae9ee.tgz
tar xzf soju-imm76d-factory-ca4ae9ee.tgz
cd soju-imm76d
./flash-all.sh

Example for Nexus 4: (requires OEM unlock)
cf https://support.google.com/nexus/4/answer/2936226?hl=en
Factory Images "occam" for Nexus 4 -> Android 4.3 (JWR66Y)

wget https://dl.google.com/dl/android/aosp/occam-jwr66y-factory-74b1deab.tgz
tar xzf occam-jwr66y-factory-08d2b697.tgz
cf occam-jwr66y
./flash-all.sh

Recovery

• http://www.clockworkmod.com/rommanager

Example for Nexus S: (requires OEM unlock)

wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.4.3-crespo.img
fastboot flash recovery recovery-clockwork-6.0.4.3-crespo.img

Example for Nexus 4: (requires OEM unlock)

wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.4.7-mako.img
fastboot flash recovery recovery-clockwork-6.0.4.7-mako.img

Example for Nexus 5: (requires OEM unlock)

wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.4.5-hammerhead.img
fastboot flash recovery recovery-clockwork-6.0.4.5-hammerhead.img

(or Touch version e.g. recovery-clockwork-touch-6.0.4.5-hammerhead.img)

We can also launch this recovery without flashing it:

fastboot boot recovery-clockwork-6.0.4.7-mako.img

Stock recovery

To show menu with stock recovery, it depends on the phone, e.g.:

• Nexus 4: hold "power" and press "volume-up"
• Nexus 5: press & release quickly volume-up & power a few times

Rooting

Requires OEM unlock, see above fastboot oem unlock (! erase all) and BootUnlocker (for already rooted)
Requires e.g. Clockworkmod recovery
Requires e.g. ChainFire SuperSU

adb reboot bootloader
fastboot boot recovery-clockwork-touch-6.0.4.7-mako.img
# Install zip / from sideload
adb sideload UPDATE-SuperSU-v2.00.zip
# Reboot (and decline erasing recovery updater install-recovery.sh)

Rooting and OTA

One way of doing:

• Keep stock recovery
• Keep bootloader locked (see BootUnlocker)
• Prevent OTA updates by touching build.prop (so its sha1sum won't match anymore)

adb shell
su
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

When ready to really do OTA update:

1. Unlock bootloader with BootUnlocker, super critical step!!!

2. Restore build.prop:

adb shell
su
mount -o remount,rw /system
sed -i '/Remove me/d' /system/build.prop
  # or if you don't have sed/busybox:
  grep -v "Remove me" /system/build.prop > /sdcard/build.prop.tmp
  cat /sdcard/build.prop.tmp > /system/build.prop
  rm /sdcard/build.prop.tmp
mount -o remount,ro /system

3. Install OTA update
This can be done usually directly from the phone but if you want to install manually an OTA update (e.g. before it's available automatically):

adb reboot recovery
#(Nexus 4): keep power button pressed and press volume-up to get the menu
# In stock recovery, choose "apply update from ADB"
adb sideload some_ota_update.zip
# In stock recovery, choose "reboot system now"

4. Root again, see above and check for latest CWM recovery and latest SuperSU

adb reboot bootloader
fastboot boot recovery-clockwork-touch-6.0.4.7-mako.img
# Install zip / from sideload
adb sideload UPDATE-SuperSU-v2.xx.zip
# Reboot (and decline erasing recovery updater install-recovery.sh)

5. Prevent OTA updates:

adb shell
su
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

6. Lock bootloader with BootUnlocker

See also my feature request for BootUnlocker

ADB

To reveal developer menu on Jelly Bean, tap 10x on "settings/about/build nr"
Then enable usb debug.
USB debugging is pretty secured since Jelly Bean but beware for older versions!

adbd insecure

As USB debugging is now pretty secure, let's enable immediate root access:
Install adbd insecure
Open app -> enable & enable at boot time

adb & recovery

From recovery, you can also use adb:

• adb shell
• adb sideload update.zip
• adb push

etc

Busybox

From Google Play: https://play.google.com/store/apps/details?id=stericson.busybox&hl=en
Local install:

adb install stericson.busybox-1.apk
=> Run busybox -> install -> smart install

Consider buying Busybox Pro...

Modifying stuffs in system partition using su

adb push some_file /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cat /sdcard/some_file > /etc/some_file"
sleep 1
adb shell su -c "mount -o remount,ro /system"

Modifying stuffs in system partition with insecure adbd (=being root by default)

adb shell mount -o remount,rw /system
adb push some_file /etc/some_file
sleep 1
adb shell mount -o remount,ro /system

Encrypt device

See official help
Some reports say they had to repeat the process several times on Nexus 4 before encryption started. I didn't have that problem.

One major caveat is that this is the same password for disk encryption and screen unlock, cf this longstanding bugreport.
On a rooted device this can be achieved thanks to Cryptfs password or simply by doing:

vdc cryptfs changepw <new_password>

Note that it will have to be done every time the screen PIN or pwd is changed.
See also http://nelenkov.blogspot.jp/2012/08/changing-androids-disk-encryption.html

Nexus 4

https://en.wikipedia.org/wiki/Nexus_4

Hardware

• Chipset: Qualcomm Snapdragon™ S4 Pro processor with 1.5GHz Quad-Core Krait CPUs
• Operating System: Android 4.2, Jelly Bean
• Network: 3G (WCDMA), HSPA+
• Display: 4.7-inch WXGA True HD IPS Plus (1280 x 768 pixels)
• Memory: 8GB / 16GB
• RAM: 2GB
• Camera: 8.0MP rear / 1.3MP HD front
• Battery: 2,100mAh Li-Polymer (embedded) / Talk time: 15.3 hours / Standby: 390 hours
• Size: 133.9 x 68.7 x 9.1mm
• Weight: 139g
• Other:
  • NFC: Broadcom BCM2079x family: BCM20793 over I2C, cf /dev/bcm2079x-i2c
  • SE: ST33 from STMicroelectronics
  • Wireless charging
  • Miracast
  • BT 4.0
  • SlimPort for HDMI

Versions

physical mark

• FCC ID: ZNFE960 IC:2703C-E960
• MODEL LG-960 MADE IN KOREA

under fastboot, stock

• PRODUCT_NAME - mako
• VARIANT - mako 16GB
• HW VERSION - rev_11
• BOOTLOADER VERSION - MAKOZ10o
• BASEBAND VERSION - M9615A-CEFWMAZM-2.0.1700.48
• CARRIER INFO - None
• SERIAL NUMBER - xxxxxx
• SIGNING - production
• SECURE BOOT - enabled
• LOCK STATE - lock

under 'About phone' from the settings, stock 4.2.2

• Android 4.2.2
• Baseband M9615A-CEFWMAZM-2.0.1700.48
• Kernel 3.4.0-perf-g7ce11cd
• Build JDQ39

under 'About phone' from the settings, 4.3

• Android 4.3
• Baseband M9615A-CEFWMAZM-2.0.1700.84
• Kernel 3.4.0-perf-gf43c3d9
• Build JWR66V then JWR66Y

My tunings

• Original recovery
• Rooted with "SuperSU"
  • "SuperSU" protected by PIN
  • Rooting maintained over OTA updates (using chattr +i and "SuperSU" survival mode)
• OEM locked again
  • "Bootunlocker" app to unlock without wiping
• Avast Mobile Security
  • anti theft with anchor in system (so even factory reset doesn't help)
  • application firewall (wifi/3g/roaming per app)
• USB debugging activated and paired with my PC
  • "adbd insecure" installed
• "BusyBox Pro"
• "OpenVPN Install" & "OpenVPN Settings"
• "SSHDroidPro"
• Encrypted
  • with better pwd at boot time, using "Cryptfs password" app
• Bluetooth & Belkin A2DP for car: no need to unlock my screen
  • "Bluetooth Auto Connect" -> pairs when screen is turned on
  • "Bluetooth connect and play" -> starts playing when paired
• "AdAway" installed via "F-Droid"
• "Nexus 4 Dot" as live wallpaper
• "Helium" to backup & sync apps via Google Drive
• With Android 4.4 install launcher of Nexus 5:
  • com.google.android.launcher-0.9.6.886092.apk

Nexus S

Old notes here

Versions

physical sticker behind battery

• Model: GT-I9023
• FCC ID: A3LGTI9023
• SSN: -I9023GSMH
• IMEI: xxxxxxx
• S/N: xxxxxxx

under fastboot, after upgrade to 4.1.2

• Bootloader version - I9020XXLC2
• Baseband version - I9020XXKI1
• Carrier info - EUR

under 'About phone' from the settings, after upgrade to 4.1.2

• Android 4.1.2
• Baseband I9023XXKI1
• Kernel 3.0.31-g5894150 android-build@vpbs1 #1
• Build JZO54K

Upgrading to 4.1.2

OTA update is available and the phone proposed me to start upgrade process
update zip is located in /cache

android# ls -l /cache
pc$ adb pull /cache/9U4MCfNt.zip .

Preparation

• Go to fastboot (vol-up + power)
• Go to recovery
• Backup & restore / Backup
• Mount USB
• Copy all /sdcard content to PC
• Reboot -> enter fastboot again

Preparation bis

• edit 9U4MCfNt.zip to remove recovery/ and edit META-INF/com/google/android/updater-script
  • remove all commands about recovery
  • add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
  • radio image don't seem to be affected by update, nothing to do here

This time I tried differently:

• pc$ adb push 9U4MCfNt.zip /cache
• dd if=boot.img of=boot-fit.img bs=262144 count=28 #(with original boot.img from 4.1.1)
• fastboot flash boot boot-fit.img

Upgrade

This time I tried differently:

• Reboot and accept upgrade, it will reboot the phone and let Clockwork recovery applying the patch
• Despite the set_perm, recovery told me "Root access possibly lost. Fix? /system/bin/su" and I accepted, just in case...
• Backup & restore / Backup
• Mount USB
• Copy new backup to PC
• Reboot

Rooting again

• Extract new 4.1.2 boot.img (e.g. using clockworkmod backup or:)
• modify it & flash it back, see below

android$ su
android# cat /dev/mtd/mtd2 > /sdcard/boot.img
adb pull /sdcard/boot.img .
abootimg -x boot.img
mkdir ramdisk
cd ramdisk
gzip -dc ../initrd.img | cpio -i
sed -i 's/ro.secure=1/ro.secure=0/' default.prop
find . -print|cpio -o -Hnewc|gzip > ../initrd.img2
cd ..
abootimg -u boot.img -r initrd.img2
dd if=boot.img of=boot-fit.img bs=262144 count=28
fastboot flash boot boot-fit.img

Installing Cyanogenmod

See http://wiki.cyanogenmod.org/w/Install_CM_for_crespo and repository for Crespo
Boot into cyanogenmod recovery

• Wipe data/factory reset

adb shell mount /data
adb push YOURROMZIP.zip /sdcard/

• Install zip from sdcard
• Choose zip from sdcard...
• Reboot

To install Google apps, see http://wiki.cyanogenmod.org/w/Gapps

Rooting Samsung Galaxy Tab 10.1

cf http://forum.xda-developers.com/showthread.php?t=1239185
I used a WinXP within a virtualbox under Debian
When flashing with Odin3 I had problems process being stuck at SetupConnection
Trick was to unplug physically the USB cable, start Odin3, plug the cable, connect the USB device through virtualbox to WinXP

Once rooted, upgrade the Superuser application
Once started, the app should detect su binary needs also to be updated. Follow instructions.

To enter clockwork recovery: power off / press vol down + power till 2 icons appear / press vol down to select left icon / press vol up / you should see recovery menu now

Installing new Market application:
Some apk are lying around, here is how I use them
First test their certificate as I don't want to get a malicious app:

$ adb install Vending_3.1.5.apk 
Failure [INSTALL_FAILED_ALREADY_EXISTS]

This is ok, but e.g. this one seems more worrisome, I wouldn't try it:

$ adb install Vending_3.1.6.apk 
Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]

Make your backups!
Replace manually /system/app/Vending.apk by the new version and reboot.
If trouble you may try to clean the Dalvik cache from Clockwork recovery advanced menu

busybox  mount -o remount,rw /system
mv /system/app/Vending.apk /sdcard/Vending_1.0.apk
mv /sdcard/Vending_3.1.5.apk /system/app/Vending.apk
chown 0.0 /system/app/Vending.apk
busybox  mount -o remount,ro /system

Rooting Samsung Galaxy Tab 3 7.0 3G/WiFi

cf http://honai-android.blogspot.be/2013/11/how-to-root-galaxy-tab-3-70-sm-t211-on.html
For model number SM-T211!
Other methods reflash completely the device, I prefer the less intrusive method consisting in just installing CyanoGenMod Recovery and SuperSU
I used a Win7 within a virtualbox under Debian
I used

• USB Drivers
• T211.CWM.v6.0.4.5.recovery.tar.zip
• Universal Root Package android-armeabi-universal-root-signed.zip
• Odin 3.07

Steps:

• Enable USB Debugging Mode on the device by navigating to Settings >> Developer Options.
• Extract CWM and Odin 3.07 files
• Switch off the Galaxy Tab 3 7.0. Then boot the device into Download Mode by pressing and holding Volume Down, Home and Power buttons together until a construction Android robot icon with a warning triangle appears on screen. Now press the Volume Up button to enter Download Mode.
• Plug the tablet to let Windows discovering and configuring the device USB drivers
• Unplug the tablet
• Run Odin on the computer as an Administrator.
• Plug the tablet. Wait until Odin detects the device. When the device is connected successfully, the ID: COM box will turn to light blue with the COM port number. Additionally, the successful connected will be indicated by a message saying Added.
• In Odin, click the PDA button and select the recovery.tar.md5 file. Verify that F. Reset Time checkbox is selected. Also, ensure the Auto Reboot and Re-Partition options are NOT selected.
• Double-check and click Start button in Odin. The installation process will now begin.
• Once the installation process completes, you will see a PASS message with green background in the left-most box at the very top of the Odin. You can now unplug the USB cable to disconnect the device from the computer.
• Reboot the device into CWM Recovery mode by pressing and holding Volume Up, Home and Power buttons together.
• In CWM Recovery, select "install zip / install zip from sideload"
• Back on Debian:

adb sideload android-armeabi-universal-root-signed.zip

• Once the installation process completes, return to main recovery menu and select "reboot system now".

Misc

Security

http://wiki.secmobi.com/

Wi-Fi & client certs

To be able to authenticate to a Wi-Fi network using client certificates via TLS:
If needed, export certificate from IE in Pkcs#12 PFX, *with* private key, *with* all certs, *without* strong enc, *without* deletion of private key.
Rename .pfx file as .p12
(source: http://www.google.com/support/mobile/bin/answer.py?answer=168466&topic=27214#1086573)
Copy pkcs#12 certificate to root of USB storage.
File must end with .p12, not .pfx!
One single file with key+cert+cacerts is ok
Wi-Fi params: 802.1x EAP / TLS / phase2: None / CA cert: cf previous import / user cert: idem / Identity: DOMAIN\user... / Anonymous id: empty / password:...

Note that after each reboot, you'll have to select manually one of the protected networks to unlock the secure storage of personal certificates or open manually the certificates storage:
Settings > Location & Security > Use secure credentials
See also Keystore Unlocker

Importing certs

Since Android 3.0, no need for rooting anymore
If troubles, use PEM format, with file extension .crt

• drop certs on /sdcard/
• go to settings / personal: security / credential storage: install from storage & select both certs

ADB

• Manual, covers adb, am, pm, etc

Installing an app in /system/app :

adb push MyApp.apk /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cp /sdcard/MyApp.apk /system/app/"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot
adb shell pm list packages -s # Should be there now

Removing an app from /system/app:

adb shell su -c "mount -o remount,rw /system"
adb shell su -c "rm /system/app/MyApp.apk"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot

In case of error such as:

* daemon not running. starting it now on port 5037 *
cannot bind 'local:5037'
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon

strace revealed that the error was in fact:

socket(PF_FILE, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_FILE, path="/tmp/5037"}, 12) = -1 EACCES (Permission denied)

and there was indeed a named pipe /tmp/5037:

srwxr-xr-x 1 root       root             0 Sep  4 23:26 5037

Removing it solved the issue.

Test menu

Dial *#*#4636#*#* (== *#*#INFO#*#*)

SMSC configuration

To configure the SMSC (SMS gateway) on Android is not straight forward.
Access a hidden settings menu by dialing *#*#4636#*#* (*#*#INFO#*#*) -> phone settings -> SMSC -> Refresh (to get current value)
To update that field, if it does not work in plain or between quotes, try encode it in PDU

• First byte is length of SMSC info, so if it's e.g. +32475161616, it's 11 digits to code on 6 bytes, + 1 byte to code type of SMSC address => 7 bytes
• Second byte is the type of SMSC address, 91 for international format
• Next bytes are the SMSC digits, padded with "f" if odd, then nibble-swapped so in our example: 32475161616F => 2374151616F6
• Full PDU-encoded SMSC is then: 07912374151616F6 -> Update

Screenshots

Run ddms (from Android SDK) -> Tools / Device / Screen capture

Screencast

Droid@Screen:
You'll need Android SDK too.
Make sure you're using the adb from SDK and not from e.g. Debian packages:

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
java -jar droidAtScreen-1.0.2.jar

androidscreencast:
Get jnlp file from project page

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
$ANDROID_HOME/platform-tools/adb start-server
javaws androidscreencast.jnlp

Rooting, old notes

Using ChainsDD SuperUser

wget http://downloads.noshufou.netdna-cdn.com/superuser/Superuser-3.1.3-arm-signed.zip
=> drop on /sdcard/ (or use adb sideload)
=> recovery -> install from zip -> Superuser-3.1.3-arm-signed.zip

ChainFire SuperSU

wget http://download.chainfire.eu/345/SuperSU/UPDATE-SuperSU-v1.51.zip
=> drop on /sdcard/ (or use adb sideload)
=> recovery
   -> wipe cache
   -> install from zip 
         -> from /sdcard: UPDATE-SuperSU-v1.51.zip
      or -> from sideload: "adb sideload UPDATE-SuperSU-v1.51.zip"
   -> reboot (and decline erasing recovery updater install-recovery.sh)

Details:

/system/app/Superuser.apk
/system/etc/init.d/99SuperSUDaemon
/system/etc/install-recovery.sh (lsattr: -----i--A----)
/system/bin/.ext/.su (rwsr-sr-x = 06755)
/system/xbin/daemonsu (rwsr-sr-x = 06755)
/system/xbin/su (rwsr-sr-x = 06755)

The 4 binaries may be locked by a "chattr +i" but this seems to break some OTA updates, so better to change manually OTA updates first.
Version 1.51 still chattr +i /system/etc/install-recovery.sh but this breaks JWR66V to JWR66Y OTA update.
Warning CWM proposes to erase "recovery updater", actually the file from SuperSU, so decline and say no!

Rooting with SuperSU without recovery

Chainfire's CF-Auto-Root makes life really easy to install SuperSU
e.g. for Nexus 4: (requires OEM unlock)

wget http://download.chainfire.eu/297/CF-Root/CF-Auto-Root/CF-Auto-Root-mako-occam-nexus4.zip
unzip -j CF-Auto-Root-mako-occam-nexus4.zip image/CF-Auto-Root-mako-occam-nexus4.img
sudo fastboot boot CF-Auto-Root-mako-occam-nexus4.img

Consider buying the PRO license key too...

Keep rooting over OTA

Apparently SuperSU has some "survival mode" that you can turn on in the settings but I don't know what it does...
Once you have busybox installed (see below), you can set the su binary immutable to avoid an OTA update to kill its setuid bit:

mount -o remount,rw /system
chattr +i /system/xbin/su
mount -o remount,ro /system

There is also a "OTA Rootkeeper" application to do the same
If you need to reflash a custom recovery to install a custom OTA update, see this article

Edit I'm not sure the chattr method works.
OTA update JWR66Y-from-JWR66V failed because of /system/etc/install-recovery.sh being locked with chattr +i and used by SuperSU to launch daemonsu.
To solve it I had to modify manually the patch and apply it through custom recovery:
Avoid Clockworkmod recovery to be overwritten.
Avoid su setuid bit to be overwritten.

• OTA update was left in /cache and failed being applied as explained above
• Unzip 6136cbe0fb21994b8bd463d137ac75b953ba8e9b.signed-occam-JWR66Y-from-JWR66V.6136cbe0.zip
• rm -rf recovery
• Edit META-INF/com/google/android/updater-script :

--- updater-script.orig2013-08-27 17:40:36.500787411 +0200
+++ updater-script2013-08-27 17:40:10.912302554 +0200
@@ -1371,11 +1371,8 @@
             6713bc8134b88289bf2fd5c17bf30d0d174d6eb0, 374184,
             9d87d330c5490fec0fca02ba3d7ba17fa7d65e8c, package_extract_file("patch/system/vendor/lib/mediadrm/libwvdrmengine.so.p"));
 set_progress(0.999987);
-delete("/system/recovery-from-boot.p",
-       "/system/etc/install-recovery.sh");
+delete("/system/recovery-from-boot.p");
 show_progress(0.100000, 10);
-ui_print("Unpacking new recovery...");
-package_extract_dir("recovery", "/system");
 ui_print("Symlinks and permissions...");
 set_perm_recursive(0, 0, 0755, 0644, "/system");
 set_perm_recursive(0, 2000, 0755, 0755, "/system/bin");
@@ -1383,7 +1380,6 @@
 set_perm(0, 0, 0755, "/system/bin/ping");
 set_perm(0, 2000, 0750, "/system/bin/run-as");
 set_perm(1014, 2000, 0550, "/system/etc/dhcpcd/dhcpcd-run-hooks");
-set_perm(0, 0, 0544, "/system/etc/install-recovery.sh");
 set_perm_recursive(0, 0, 0755, 0555, "/system/etc/ppp");
 set_perm(0, 2000, 0755, "/system/vendor");
 set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/etc");
@@ -1407,6 +1403,9 @@
 set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/pittpatt/models/recognition");
 set_perm(0, 0, 0644, "/system/vendor/pittpatt/models/recognition/face.face.y0-y0-22-b-N.bin");
 set_perm_recursive(0, 2000, 0755, 0755, "/system/xbin");
+set_perm(0, 0, 06755, "/system/xbin/su");
+set_perm(0, 0, 06755, "/system/xbin/daemonsu");
+set_perm(0, 0, 06755, "/system/bin/.ext/.su");
 ui_print("Patching remaining system files...");
 apply_patch("/system/build.prop", "-",
             e336e937ec01a4e2fcb60d3659e296a30701ebf9, 2742,

OTA update KTU84L-from-KOT49H (4.4.3 from 4.4.2):
Modify manually the patch and apply it through custom recovery:
Avoid Clockworkmod recovery to be overwritten.
Failed to preserve root, better to root it after update

• OTA was not pre-downloaded in /cache, so I had to take it from Google: Nexus 4, Nexus 5
• Unzip 61a9ce8d2c4154837905e93a2e00540b7ebad8ff.signed-occam-KTU84L-from-KOT49H.61a9ce8d.zip
• rm -rf recovery
• Edit META-INF/com/google/android/updater-script :

--- updater-script.orig	2014-06-19 17:56:21.000000000 +0200
+++ updater-script	2014-06-19 18:12:23.000000000 +0200
@@ -4408,13 +4408,10 @@
             "-", 40e71cb1beb7b998d13ce16530d0e7bf03ed0732, 6518784,
             04df7b014a4a6b01095f5728158510fe4d8ae4fc, package_extract_file("patch/boot.img.p"));
 set_progress(1.032753);
-delete("/system/recovery-from-boot.p",
-       "/system/etc/install-recovery.sh");
+delete("/system/recovery-from-boot.p");
 show_progress(0.100000, 10);
 ui_print("Unpacking new files...");
 package_extract_dir("system", "/system");
-ui_print("Unpacking new recovery...");
-package_extract_dir("recovery", "/system");
 ui_print("Symlinks and permissions...");
 set_metadata_recursive("/system", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0644, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
 set_metadata_recursive("/system/bin", "uid", 0, "gid", 2000, "dmode", 0755, "fmode", 0755, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
@@ -4449,7 +4446,6 @@
 set_metadata("/system/bin/wpa_supplicant", "uid", 0, "gid", 2000, "mode", 0755, "capabilities", 0x0, "selabel", "u:object_r:wpa_exec:s0");
 set_metadata_recursive("/system/etc/dhcpcd", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0644, "capabilities", 0x0, "selabel", "u:object_r:dhcp_system_file:s0");
 set_metadata("/system/etc/dhcpcd/dhcpcd-run-hooks", "uid", 1014, "gid", 2000, "mode", 0550, "capabilities", 0x0, "selabel", "u:object_r:dhcp_system_file:s0");
-set_metadata("/system/etc/install-recovery.sh", "uid", 0, "gid", 0, "mode", 0544, "capabilities", 0x0);
 set_metadata_recursive("/system/etc/ppp", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0555, "capabilities", 0x0, "selabel", "u:object_r:ppp_system_file:s0");
 set_metadata("/system/recovery-from-boot.p", "uid", 0, "gid", 0, "mode", 0644, "capabilities", 0x0);
 set_metadata("/system/vendor", "uid", 0, "gid", 2000, "mode", 0755, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");

Then install SuperSU v2.00

USB tethering

Plug phone & PC via USB
Activate USB tethering (Settings / Wireless & networks / Tethering / USB Tethering)
It works OOB on Debian, nothing to do

Mounting USB as MTP or PTP

New Nexus devices don't use USB mass storage anymore but MTP or PTP, mainly to be able to access data both from Android & PC at the same time.
There are two methods using fuse so make sure your user is member of fuse group:

sudo adduser <your_user> fuse

and make sure your user can access the USB device (cf above: /etc/udev/rules.d/...)

Using mtpfs

See this article

sudo apt-get install mtpfs mtp-tools
mkdir ~/MyAndroid

mtpfs ~/MyAndroid
...
fusermount -u ~/MyAndroid

Problem is that it's very slow to mount

Using go-mtpfs

See this article

sudo apt-get install golang fuse git-core libmtp-dev libfuse-dev
mkdir /tmp/go 
GOPATH=/tmp/go go get github.com/hanwen/go-mtpfs
sudo mv /tmp/go/bin/go-mtpfs /usr/local/bin/
mkdir ~/MyAndroid

go-mtpfs ~/MyAndroid &
...
fusermount -u ~/MyAndroid

Using gphotofs

This method requires the phone to share files over USB as Camera (PTP), *not* MTP.

sudo apt-get install gphotofs
mkdir ~/MyAndroid

gphotofs ~/MyAndroid
...
fusermount -u ~/MyAndroid

Problem is that it only shows DCIM & Pictures
Not sure if it's a limitation of Android or Gphoto...

Applications

See Android Apps

Applications development

See Android SDK

Using the embedded SE

See Android SE

using Software Card Emulation

See Android Software Card Emulation

Backuping via BackupPC

I'm a big fan of BackupPc and this guy managed to link android & backuppc so let's give it a try.
Check the mentioned link but his setup is a bit different, running CyanogenMod while I'm using a stock fw.
Instructions here suppose your phone is rooted.

IP

Backuppc server needs to reach the phone so your phone needs a static (or DHCP statically attributed) IP or whatever dyndns system.

SSH

I'm using SshDroidPro
Make sure backuppc key is properly installed in /data/data/berserker.android.apps.sshdroidpro/home/.ssh/authorized_keys
Then test it as user backuppc, trying to access the phone and accept the server key fingerprint.

rsync

To get rsync binary, I found rsync backup for Android which downloads a rsync binary during install (a weird way to deal with a GPL program IMHO).
The actual binary it downloads is available here.
But Android wget doesn't support https so you've to transfer it to your phone by another mean.
One way is to install the application I mentioned and let it download that binary.
Then, to install it at a more rooted-Android standard place:

cd /system/xbin
busybox mount -o remount,rw /system
cp /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/
chmod 755 /system/xbin/rsync
chown root.shell /system/xbin/rsync
busybox mount -o remount,ro /system

Wi-Fi

Make sure Wi-Fi will stay on!
Menu > Settings > Wireless & networks > Wi-Fi settings > Menu > Advanced > Wi-Fi sleep policy > Never (or never when powered)

BackupPC config

My config: create new host in backuppc web interface with:

   XferMethod = rsync
   RsyncShareName = [/data/, /efs/ (useful??), /system/, /mnt/asec/, /mnt/sdcard/]
   RsyncClientPath = /system/xbin/rsync
   BackupFilesExclude = /mnt/sdcard/ => [/oruxmaps/mapfiles, /clockworkmod/backup, /radio_dump_*, /videos]

Note that in the mentioned link he's using RsyncShareName = / and playing with BackupFilesOnly but for me it looks like BackupFilesOnly was not respected, so I preferred to have separate RsyncShareName
Some info on APP2SD here and here
I had errors "Ping too slow" so I increased

   PingMaxMsec = 400

as anyway it's on local network

Non-rooted device

For non-rooted devices the setup is a bit different:

• SSH server will run on a non-privilegied port, e.g. port 2222
• login will be done with sshdroid permissions, not root, so it cannot access rsync binary neither /data content
• rsync needs to be available so we'll transfer it again, as sshdroid user:

scp -P2222 rsync galaxy:/data/data/berserker.android.apps.sshdroid/home/bin/

then make it executable

• BackupPC config is e.g.:

   XferMethod = rsync
   RsyncShareName = [/mnt/sdcard/]
   RsyncClientPath = /data/data/berserker.android.apps.sshdroid/home/bin/rsync
   BackupFilesExclude = /mnt/sdcard/ => [/Movies]
   RsyncClientCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"
   RsyncClientRestoreCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"

Because we cannot directly backup /data content, what can be done is to use e.g. MyBackupPro to backup most of the data to the SD card, in a scheduled way.