Android Diaries, Part 3: Gingerbread

I’ve been pretty happy with my cleaned up Milestone and I was content with running a rooted and slightly modded Android 2.2.1. Then I stumbled upon an article outlining a serious data vulnerability affecting Android versions up to and including 2.3.3. This gave me the final push I needed to take the next step with my phone.

Vulnerability Scenarios:

• Are you connecting to unsecured wireless connections? So long as your answer is NO, then you are safe from this particular exploit. The remaining scenarios assume that you have/are/plan-to connect to unsecured wireless connection at some point. I would still recommend exploring options to update to the latest operating system build.
• Do you use Picasa Web Albums? If YES, then you are affected by this vulnerability. The remaining scenarios assume that you are not using Picasa Web Albums.
• Are you using Android 2.3.4 or later? Is your don’t know how to determine your Android version have a look at this). If you ARE, then you are safe from this vulnerability (with the exclusion of Picasa from the scenario). If you are not using Android 2.3.4 or later, then you are vulnerable.

What’s the deal with Picasa?

While the latest Android 2.3.4 update fixes the problem for the majority of Google related services (Gmail, Google Contacts, Google Calendar etc.), the Picasa Web Albums service (and possibly others) are still vulnerable. I’m not sure but I think other services like Twitter and Facebook are also vulnerable if you use the built in app (accessing through the web-browser, using https should protect you).
A quick way to mitigate this vulnerability is to disable the automatic synchronization for these services. Depending on how often you plan on connecting to unsecured wireless connections, you may opt to do this on a case by case disable/re-enable or global disable/re-enable.

• You can disable synchronization entirely. You can find this under Settings > Accounts & Sync Settings. Disable the background-data and auto-sync.
• You can disable specific services (say, Picasa Web Album synchronization). You can find this under Settings > Accounts & Sync Settings > Your Gmail Options > Sync Picasa Web Albums

For both of those options, you may find a little applet/shortcut like Sync Settings to be a real time saver.

The Move to Gingerbread

This was the push I needed to sit down and see if I could force a newer build of operating system on my phone. The fact that it’s not a simple “click and go” experience like it is with iOS is due to there being three bottlenecks:

1. Google needs to make updates (this, naturally, takes time).
2. Individual manufacturers that have additional crapware, sorry, features (like HTC Sense or Motorola MotoBlur) on their phones need to add their bloat to the base OS. This takes a stupid amount of time and often many products are just forgotten.
3. The carriers need to push these updates to the phones themselves. This takes forever.

The bottom line is my phone just got Android 2.2.1 – well over a year since it was released. This is just plain stupid and does nothing to reinforce the value of a product or the carrier. Mind you, when all the manufacturers and carriers are equally inept, there’s no much one can do through official channels. Google is trying to encourage vendors to get on the damn ball, but time will tell how effective this turns out.
The difference between hacking my Milestone versus hacking the XOOM was night and day. The core difference being that the Milestone has a locked bootloader (essentially Motorola is pulling an Apple and saying “yes, you bought our hardware, but we still decide what you can or cannot do”).
After a few tries of trying to get remote flashing to work (note to self: Windows 7 users, you may want to find a Vista/XP machine to do this first step – the application compatibility settings do nothing for this). There were a few times I thought I’d totally bricked my device (not that it would be exactly possible considering the bootloader is locked) but in the end, I got the device to play by rules.
After the dust settled, I’m running Android 2.3.4 with CyanogenMod 7.1.0 RC3 (May 15).

Gingerbread Impressions

I love it! I’m not sure if it’s the changes to the core OS or the changes brought by the CyanogenMod (I was already running LauncherPro before) but everything is ridiculously fast. I’m running the same 1GHz overclock as per before but there isn’t a 15 second load time for the home screens.
I suspect a large part of this is due to the fact that I actually have RAM available – before, with 2.2.1, I struggled to maintain 20MB of free internal storage and 5MB of RAM (applications would be shutting down all the damn time). Now that all the Motorola bloatware is no longer there, I have an easy 100MB+ free internal memory and 40MB of RAM.
On the downside, I did lose the built in Motorola Phone Portal which is quite possibly one of the coolest features ever. I also have hit and miss functionality accessing the internal memory or SD card from Explorer but thankfully I know my way around adb.
All in all, I’m ecstatic that my phone is finally usable again, it’s still not as smooth of an experience as my tablet (which is to be expected) nor the iPhone (which wasn’t expected and frankly, kind of pathetic on Motorola’s part).