Category: phones

Phones

Troubleshooting: Ice Cream Sandwich Bootloop

No Comments
I had a hugely frustrating experience very recently with my Galaxy S II, and whilst trying to find the solution I searched and searched and couldn’t find the answer. BUT!!! I have solved the problem, and I will share it now, in case you ever have such an issue. I’m currently typing with only one thumb (another story – broken thumb), so forgive any missed spelling errors!
TLDR instructions at the end, for the impatient.

To set the scene, my phone is the Samsung Galaxy S II, a fantastically powerful and capable phone that very recently got the upgrade to Android OS 4 (Ice Cream Sandwich). This was mostly trouble-free, however I have had probably slightly more phone crashes since the update, probably because the OS is relatively new and needs a few bugfixes. My phone features a large internal app space in contrast to many phones, having a full 2 GB of app space. It also has an SD card capable of up to 32 GB. Why do I tell you this? It will become relevant later.

So what happened exactly? Well, I was minding my own business, on my phone, late on Thursday trying to cure the broken-thumb-induced insomnia, and I have a facebook message from a friend who has changed his number. I want to copy his new number into his contact, so I click the hyperlinked number in his facebook message, and it dutifully opens my dialer and fills in the number. I highlight it, and go to press the copy button… and nothing. The system seems to have locked up. This isn’t unheard of, as I said I do encounter these, and usually they resolve themselves pretty quickly, usually at the expense of whatever program is running. So, I wait, tap the screen a bit to see if it frees up, and suddenly, I get the swirly video indicating my phone rebooting. “Crap” I think, but I don’t worry, this has happened and I get ready to just try again. So I wiat for my phone to reboot, not a long process. My background comes up, my pattern lock. I put in the pattern… and suddenly gone again, reboot. Once more, I don’t panic, I just assume that maybe my dialer app got fucked by the process, and wait.

Again. Again. Again, each time a short but variable amount of time after boot. Longer after a cold boot. Clearing my cache in recovery fixed nothing.

Now, I am rooted, and I knew I’d very recently updated to a slightly newer firmware. I pondered whether it was blowback from that update, although I was at a loss to explain why. I knew I could easily reflash using ODIN, but didn’t want to have to go through the rooting process for something I didn’t believe was at fault. I notice that the problem SEEMS to only occur once the mobile signal kicks in, so I try to boot without my SIM, to no avail.

I give up, and give in to the reflash. NOTHING!

By this point I begin to worry a little. I start going through scenarios; a data / factory wipe being most likely to bring success, but my inability to get in and run a backup to save all my shit making that daunting, and with the loss of root to the reflash I can’t do deep diagnostics or backups. I start wondering, what did I install recently? I had installed a load of FlipFonts recently, as well as a few apps updating themselves that day. I wonder if a corrupt font might be causing it, but I get no time to try and uninstall them before the reboots.

I start thinking about what I can backup – most of the stuff being in the internal storage space and therefore largely inaccessible. I take out my SD card and use my card reader to check what I can get off it before resigning myself to a data / factory restore. On an impulse, I turn on my phone without SD card. And what do you know, it works! So basically, the phone is stuck in a bootloop when the SD card is plugged in!

It becomes clear, the reboot occurs during the initial SD card media scan on boot – giving me a method of diagnosing the problem. First thing I try is to check the SD card for errors using Windows. No problems. I justifiably assume the problem isn’t MP3 files or video. The only other thing on the SD card? The “.androidsecure” folder, used to store apps that have been moved to the SD card. I rename the folder, and the problem is gone!

I go back into the folder and being to search for anomalies – I find one file that has an erroneous size of 0Kb which doesn’t solve the problem. Eventually I give up trying to isolate which it is, most apps on the SD card where installed there by default because they are big games, and I know I can easily redownload. I delete about half of my SD apps, and the problem is gone. I can only assume that one of the apps that updated itself earlier became corrupt.

Easy!

I have to reroot, and clean up some of the mess I made, like settings etc that were lost, but well I couldn’t sleep anyway, and that would have bugged me all night.

TLDR

Summary – Whilst there can be many reasons for a bootloop on an Android device, if your device only exhibits the problem when your SD card is plugged in, this may be your problem.

Take your SD card, remove it and plug it in using a card reader.

Locate the folder “.androidsecure”. It may be hidden.

If you know which apps changed recently, delete those ones and try putting the card back in. Otherwise, just rename or delete the folder.

If it works, hurrah! Redownload any apps you want and you are good to go.

If it does not, this is not your problem, sorry!

 

UPDATE: The problem happened again, and this time I noticed that on both occasions, the free game “Tanked” was updated, which was one of the SD card apps. Removing it instantly solved the boot loop. So there you go!

 

Hope I helped!

Matt (gyaku_zuki)

Categories: phones technical support technology, games and gadgets

Tags: ,

Apple App Store – Walled garden, or pit of snakes; the security flaws

No Comments

Some might be familiar with the name Charlie Miller. He is a well-known software security expert, most known for his work with Apple products of late. His previous accomplishments include the hack of the Intel MacBook line smart batteries, which were all protected by the same two passwords and could be accessed by software (Good one Apple – create a situation where some internet script kid could disable my battery remotely…). This time around, he turned his eye to Apple’s prized feature – the App Store.

Whatever you think of the walled garden approach they adopt, there is no doubt that the App Store is a commercial success (for Apple – unfortunately for the devs, it’s mostly a gambling exercise where a few make millions, the rest lose their shirt). It works well for the consumer, as Apple personally go through each submitted app, making sure it meets the standard they expect. Apparently, that inspection is supposed to cover security. However, Charlie Miller has put a chink in that assertion, by releasing an app which is capable of receiving remote commands and putting those commands into effect on your device. What’s more important, is that this app, called InstaStock and designed as a simple stock ticker, got right through the fabled verification process without a hitch.

The roots of the flaw are based on how Apple enforce code-signing, and Apple’s desire to speed up the phone browser in competition with other devices. A technique used in all sorts of software and security, code-signing in basic terms relies on Apple wrapping the software with a code, and any software without this code is refused. That is similarly why you can’t just download some app straight onto your iPhone – it isn’t signed and therefore the phone won’t run it without a jailbreak. However, by manipulating the access given to javascript commands in the browser, and Apple’s addition of a special exception (allowing the browser to run unsigned code in an area of the memory) opened a hole. Whilst Apple had protected that exception with other methods, blocking untrusted websites from using it, Miller found a way around that:

“Apple runs all these checks to make sure only the browser can use the exception,” he says. “But in this one weird little corner case, it’s possible. And then you don’t have to worry about code-signing any more at all.”

Miller has already promised that he won’t reveal more detail about the bug until his talk next week in order to give Apple more time to fix the flaw, planning to discuss the flaw in detail at the SysCan conference in Taiwan next week.
Using the flaw, he got the aforementioned app placed into the store, and demonstrated that it could connect to a remote machine to download instruction and execute them at will. Functions such as photos, contacts, sound, vibration and other iOS functions are accessible, according to Forbes.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” says Miller. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

Whilst many will point out that Android already has this kind of malicious application, Google do not purport to guarantee the safety of their Market – they encourage you to be vigilant, and use a permissions-check system to tell you exactly what services and functions a program requires. Apple, on the other hand, present a model where worries over safety can be ignored as they have checked everything and it all just works.

”Android has been like the Wild West,” says Miller. “And this bug basically reduces the security of iOS to that of Android.”

Worse, when the deception was all pointed out to Apple, instead of a response of “whoa, dude, thanks. We’ll get this patched right up. Cheers for the heads-up”, instead the app was pulled (no big deal obviously) and then Miller was struck from the developer programme – Miller announced the news on Twitter this afternoon, saying “OMG, Apple just kicked me out of the iOS Developer program. That’s so rude!” But as Apple notes in its letter to Miller (posted below), he violated sections 3.2 and 6.1 of Apple’s iOS Developer Program License Agreement (a separate agreement), which respectively cover interfering with Apple’s software and services, and hiding features from the company when submitting them.

“I don’t think they’ve ever done this to another researcher. Then again, no researcher has ever looked into the security of their App Store. And after this, I imagine no other ones ever will,” Miller said in an e-mail to CNET. “That is the really bad news from their decision.”

The real shame from all this is that Apple and their walled garden gives its users a totally false sense of security. Whilst, for both the App Store and Android Market (and any other app stores), 99% of apps will be genuine and safe, you can never be 100% sure. Users should be taking their own precautions, and should not be lulled into complacency. Apple’s insistence on an ‘it just works’ method results in expectation, expectation that when Apple assert that an app is safe (by publishing it on their store) it must be.
In computer terms, you’d call the Apple model gateway security – you secure the entrance, and therefore anything that gets inside must be safe. Unfortunately, that leaves one big, central point of failure. The gateway. And any knowledgeable computer user knows it isn’t just enough to use the firewall on your router – you need the antivirus and firewall protection on the PCs too.

And the final observation – if some nice, white-hat hacker finds a flaw and tells you about it for free, ‘thanks’ will do much better than a swift kicking. I know you have an image to maintain, Apple, and you can’t allow people to lose confidence in your garden, but at least give him some credit.

Categories: featured phones software security

Tags: , , , , , ,