Wednesday, 29 June 2011

Problem: Missed alarms and notifications when SD card is mounted. Workaround: root your phone and move your sounds to internal memory

When you hook up your phone to your computer to transfer files, your SD card is "unmounted" and Android can't access it.

And then you receive an SMS. Or your calendar is supposed to sound its alarm to remind you of an important meeting. Or you've left your phone hanging on your computer overnight to back up your entire SD card and get your phone charged at the same time, and then the alarm clock has to fire off...

...but it doesn't.

Because when Android can't access your SD card, apps can't access the custom ringtones stored on the card.

Sometimes it will play the default tone when the custom tones are unavailable. This works for calls, but not always for messages, calendar alarms or alarm clock apps. For example, if you switch off notification sounds in Androids settings (because you don't want to hear a sound for every email or incoming IM) but enable a custom notification in your SMS app, the custom SMS sound fails if your SD card is not mounted.

Soulution: each and every app should play a backup sound from the on board memory if it can't play files from your SD card. Unfortunately there will always be programmers who forget to add the few lines of code needed for that.

Workaround: copy your custom sounds to the internal memory of your phone. This way you can unmount or remove your memory card without having to worry about missing your early morning flight because the alarm clock stays silent. Of course you need root access for that; yet another good reason to root your phone if you haven't already done so.

Always check if alarm clock apps, calendars, SMS programs and other apps play a backup sound if they can't reach your memory card. If an app fails to make some noise when it should, you should use a sound from your phones internal memory.

image from Wikipedia
tweet this reddit digg this StumbleUpon digg this digg this

Monday, 27 June 2011

Workaround for the AdFree out of date error (update: there's a fixed version in the Android market now)

Edit: There's an update out now. It asks for registration, but if you hit the "skip" button it won't bother you again.

AdFree is an essential app for any Android phone and a good reason to root it. It keeps annoying ad banners away from apps and websites, and it prevents advertisers from getting your location, grabbing your phone number, or using your IMEI as an undeletable super cookie to track all your online movements.

But today (27th of June 2011) AdFree started to complain about being too old. Of course I speeded to the market to check for a new version, but it wasn't there. All that the market had to offer was the outdated version, and a million complaints from fellow AdFree users who ran into the same bug.

Fortunately there is an easy workaround. Just enter your phone's settings menu, fire up the date & time panel, and set the clock back to 2010. Now you can run AdFree and download the latest hosts file.

Don't forget to set the date back to 2011 after you're done downloading the latest blocklist. And check for updates, because I'm sure the developer of AdFree will release an update soon.
Edit: There's an update out now. It asks for registration, but if you hit the "skip" button it won't bother you again.

AdFree (alternative download links, no longer in Play Store)

tweet this reddit digg this StumbleUpon digg this digg this

Friday, 24 June 2011

Jbak TaskMan for Android needs lots of work

Jbak TaskMan is an excellent task manager and quick launcher for Symbian, and there's an Android version too.

The good news: the Android version of Jbak TaskMan is updated.

The bad news: the Android version is not ready for use yet.

Keep it offline

The trouble with Jbak TaskMan for Android starts right when you install it. It asks for a truckload of permissions: just about every permission that endangers privacy and security is in there, including keylogger functionality. This may be a side effect of Jbaks ability to take over your home button or bypass the slider lock screen because Android tends to stack innocent and dangerous permissions together, but combined with full internet access there's too much potential for bad stuff. Jbak doesn't explain why it wants full internet access, and the app runs fine without it. My advice: keep Jbak offline with DroidWall or LBE Privacy Guard. You should do this for any app that works fine offline but asks for internet access anyway.

Jbak autostarts when you install it, and downloads a lot data before you get a chance to block it. Really, what did Jbak upload and download in those 56 kB that my traffic stats reported before I even launched the app?

Once you've banned Jbak from going online it's time to dig into the app and its settings.

What's inside?

When you launch Jbak it fires up the same split screen as in Symbian: one half of your screen displays your running tasks, the other half is empty and waiting for you to fill it with quick launch shortcuts. The two parts are separated by four buttons: one to toggle between running apps and all installed apps, another with RAM and battery info that launches Androids hidden info menu called "testing" (the same app that fires up when you dial *#*#4636#*#*), a button that shows the free storage space on your internal memory and SD card (which launches the settings app), and a switch to selects idly running apps so you can kill 'em all at once. Unfortunately the buttons have black text on a dark grey background, so have fun trying to read them.

Tell Jbak who's the boss

Time to hit the settings screen and tame the app.

You can run Jbak TaskMan as a background service, make it take over your home button, and turn it into your default desktop. The default desktop option means that your launcher requires an extra click to get into.

This is followed by some settings to change the program interface. You can set actions for tapping, double tapping, and long-tapping your home key (because not everybody want Jbak to launch by a single tap on the home button), but this simply fires up JBaks version of the app drawer. This means that there's no way to launch Androids own recent tasks screen while JBak is in charge. Well, there is a way to get the default long-press action back, but enabling this setting will turn your home key into a task switcher when you single tap it.

The list of settings ends with an option to disable the unlock slider. However, since Froyo this also kills your security lock (PIN, pattern, password) without warning, leaving your phone wide open to anyone who picks it up. You'll need to enter the Android settings to put your security lock back. This will also put the annoying slider screen back, because for some reason you can't have one without the other unless you downgrade to Eclair.

While you're digging in the Androids settings to repair your security lock, also check the double tap behaviour of your home button, because Jbak tends to reset it to default, which is the "voice commands" option. You may need to restore your custom double tap action.

The verdict

Jbak TaskMan for Android has potential, but in its present state it's still a buggy beta test version.

Jbak TaskMan (Android Market)

tweet this reddit digg this StumbleUpon digg this digg this

Monday, 20 June 2011

ES File Explorer now has Dropbox and unpacks RAR files

ES File Explorer is a great file manager for Android. It has a built in ftp client, connects with Samba servers, does bluetooth ftp, lets you put shortcuts to files on your home screens, and much more.

And now it comes with Dropbox built in.

The official Dropbox app for Android sucks, and Awesome Drop is not much better. Both apps are good enough if you want to copy files to or from Dropbox, but they won't let you move entire folders.

ES File Explorer will let you do that. You can move files and folders to and from your Dropbox account, or delete them from the Dropbox server. It's like having ftp access to Dropbox!

Other new stuff in the latest update: extract rar archives, make and open zip files with passwords, and an app organiser. Now if it would only come with an ftp and http server and make its root explorer work with all ROMs...
Update: the root explorer works with all ROMs, but think twice before you enable it.

ES File Explorer (Android Market)
ES File Explorer (EStrongs)

tweet this reddit digg this StumbleUpon digg this digg this

Sunday, 19 June 2011

Lookout opens unwanted data connections all by itself and punches holes in DroidWall

If you switch off mobile data in the Android settings menu or with widgets like Dazzle or Extended Controls you'd expect your data connection to stay quiet, even after a reboot. You definitely don't want apps to switch it on behind your back.

But when I reboot my phone I always see network traffic in the status bar, and my Dazzle data indicator turns green. After a few seconds the rogue data connection switches itself off again. If you don't keep looking at your screen you'll probably never notice that something phones home upon boot.

Of course I wanted to know how the data connection got switched on, which apps used it, and how to put an end to this. Testing conditions: Motorola Defy running Froyo, installed apps include DroidWall (with a long list of blocked apps), AdFree, and Lookout (not set as device administrator, which didn't make any difference). Mobile data was switched off before rebooting with either Dazzle, Extended Controls, Quick Settings, or WidgetSoid. I didn't use the APN rename method, just the plain data switch.

Even though mobile data was supposed to be off I always found traffic by mobile virus scanner Lookout. Other apps went online too, even though DroidWall should have blocked most of them. This is possible because DroidWall doesn't block anything until it has written its iptables. Blocked apps can go online in between booting your phone and DroidWall doing its thing if there is an open data connection.

The apps that hitched a ride were GO SMS Pro and Make Your Own Clock Widget (both bypassing DroidWall), YouTube, and GoogleServices Framework. The latter includes the calendar and contacts sync adapters. Of course I had syncing switched off but Google doesn't care about that. Other apps may also sneak unwanted traffic through if they manage to squeeze in between booting the system and DroidWall getting out of bed.

GO SMS Pro, Make Your Own Clock Widget, YouTube, and the Google Services Framework didn't go online at every restart, but often enough to notice. I guess they sometimes woke up in time to hitch a ride, and sometimes started late and found a closed connection. But Lookout always managed to go online in the few seconds that the rogue data connection was live. Maybe it activated the connection by itself?

To verify that Lookout was the guilty one I rebooted my phone a few times with Lookout uninstalled or frozen with Titanium. Without Lookout my data connection never activated by itself, and I didn't detect any stowaway data traffic from the other apps. With Lookout defrosted or reinstalled the unwanted traffic came back. Not only from Lookout, but also from the apps that hitched a ride.

Lookout may have good reasons to switch data on by itself, such as phoning home if your phone gets stolen so you can lock it or wipe it remotely. But Lookout has no reason for not including an off switch. If you only use the virus scanner part of the program there's no need for Lookout to snoop online on startup.

It's ironic that an antivirus program causes blocked apps to leak data. An internet connection that starts up by itself before apps like DroidWall or LBE Privacy Guard wake up is a major security problem. It can also lead to unpleasant surprises on your phone bill if you're traveling abroad and pay a fortune for international data roaming.

You can prevent unwanted data connections with apps like APNdroid, the APN renaming switches in Quick Settings and Widgetsoid, or by any other method that renames your access points into something unusable. But this defeats the purpose of Androids built-in off switch that doesn't rely on the clumsy workaround of renaming your access points.

I'll try some alternatives to Lookout to see if there's a good security app out there that doesn't open the doors when it shouldn't. Stay tuned!

Update: I ditched Lookout for avast.

tweet this reddit digg this StumbleUpon digg this digg this

Friday, 3 June 2011

The "read phone state and identity" permission should be split

Does Google care about your privacy? Of course not! That's to be expected from a company that lives from advertising. Google makes money from gathering as much information about you as possible. They have no reason to let you control what information you share and what information you keep private.

Of course they need to pretend that they let you choose, because bad publicity is bad for business. That could explain why Android has some privacy features that are really nothing but a bit of window dressing.

The prime suspect is the "read phone state and identity" permission in Android that many apps request when you install them, even when there's no apparent need for this permission other than allowing advertisers such as Google to spy on you.

The phone state and identity permission is a grab bag of permissions:
- See if there's a call going on.
- Read your phone number.
- Read your phone's IMEI number.
- Read the IMSI number of your SIM card.
- Read the unique device ID that Google assigns to your phone.

The first permission is useful and not controversial. Of course a media player should be told that you receive an incoming call so that it can pause playback until you hang up.

But this innocent permission is bundled with a bunch of dangerous permissions. My streaming media player should keep quiet during phone calls, but it doesn't need to know my phone number.

IMEI, IMSI, and device ID may seem innocent at first, but they're not. The phone identy permission is the wet dream of all advertisers and spammers. These numbers can be used to track you, and unlike web browser cookies there's no way to opt out. You can delete cookies, but your device ID is permanently tied to your phone, your IMSI identifies your SIM card and cannot be changed, and altering the IMEI of your phone is illegal in many countries. Combined with permission to go online (which comes in one flavour only: "full internet permission") the potential for abuse is endless.

So this permission should be split. The phone state permission should NOT be bundled with permission to read your phone identity.

The phone identity permission should be tuned too. Permission to read your phone number should be separate from the other permissions.

Unfortunately there's no way to split these permissions yet. Apps like LBE Privacy Guard and Permissions Denied only allow for an all-or-nothing choice. Maybe future versions of these programs will allow us to grant phone state permission but deny access to phone identity, or feed bogus identy information to nosy apps?
tweet this reddit digg this StumbleUpon digg this digg this

Thursday, 2 June 2011

Free for everybody with KLastFM

Update 1: CoboltFM and KLastFM are dead. changed things for the worse and pulled the plug on free streaming for almost everyone. Believe it or not, most of the planet can't stream anymore even if they pay. refugees can still stream custom radio stations from Grooveshark with Dood's Music Streamer.

Update 2: Liquid Bear still plays radio on Android. is great, except for one thing. Germans, english and americans can play radio for free, but the rest of the world has to pay. And even if you pay, you can only stream on your computer. Outside the UK, USA, and Germany even paying customers are not allowed to listen to radio on their phones.

Back when I used a Nokia with Symbian I used to listen to with Skyfire. This browser routes everything through an american proxy server and identifies itself as a standard desktop browser.

But on Android it's even easier: get KLastFM from the market (or straight from the developer) and you can stream on your phone anywhere on the planet.

Which is how it should be. The internet was never meant to have borders.

KLastFM is far from perfect. Its user interface is a mess, it has a very annoying banner ad that AdFree fails to block, scrobbling is a hit 'n' miss affair, and according to LBE Privacy Guard KLastFM tries to read my IMEI number (the ad banner is probably abusing it as an undeletable cookie). It also sucks your battery dry, but that's a problem of all apps that stream media from the web. On the bright side, KLastFM also streams radio to your phone without a paid subscription. Also if you're outside the UK, Germany, or the USA.

Update: AdFree and AdAway now block the ads in KLastFM!

KLastFM (Opera Software)
KLastFM (developer's site, in french)

Update: for an even better alternative app, check out CoboltFM:

CoboltFM: free on all Android phones everywhere

Update 1: CoboltFM and KLastFM are dead. changed things for the worse and pulled the plug on free streaming for almost everyone. Believe it or not, most of the planet can't stream anymore even if they pay. refugees can still stream custom radio stations from Grooveshark with Dood's Music Streamer.

Update 2: Liquid Bear still plays radio on Android.

tweet this reddit digg this StumbleUpon digg this digg this

Wednesday, 1 June 2011

Android Market needs more tabs

The Android Market app has a few built-in tabs (like Top paid, Top free, Just in), but it won't let you make your own tabs.

Since the market app works like a web browser, it could have tabs like a web browser.

Why would you want to make tabs? Because it makes it a lot easier to compare apps! When you search for an app, you get many results for similar apps and you need an easy way to compare them. Same goes for the "related apps" section once you've clicked to an app. I'm sure everybody uses the related apps part to find free alternatives to paid apps.

Comparing apps in the current setup means navigating back and forth a lot. If you could open app pages in tabs you can compare them side by side without losing track.

Of course you could ditch the Market app and open in your (mobile) web browser to get tabs, but wouldn't it make things easier if Google would add tabs to the market app?

tweet this reddit digg this StumbleUpon digg this digg this