[Discuss] Syncing Android phones directly

Tom Metro tmetro+blu at gmail.com
Tue Jul 2 02:59:12 EDT 2013


David Kramer wrote:
> I take lots of notes and make lots of lists.

As far as notes and lists are concerned, that's a fertile ground for
apps, and there are at least a few aimed at technical users and they
accommodate unconventional syncing mechanisms, like saving data to
Dropbox (technically no better than a public cloud) and private servers.

Like Todo.txt:
https://play.google.com/store/apps/details?id=com.todotxt.todotxttouch

which uses plain text files.

So I'm pretty confident you'll find something that fits your needs in
that area.


> I'm hoping NOT to root it, at least not at first...

That was the path I followed with my first Android phone, and it may
have been a mistake. The problem is that once you've used the phone for
a while, you'll likely want to preserve what you have
created/customized, yet in many cases rooting will require wiping the
device, and fully backing up will require wiping the device to install
the necessary backup tools (not always the case).

So you could end up creating a bigger hurdle against rooting/ROMing in
the future.

For a hacker-type, I recommend selecting a phone while strongly taking
into consideration the ease of rooting/ROMing and the opinions of groups
like xdadevelopers. And plan to root and fully backup the device before
you get invested in the stock ROM. This is also the time to experiment
with alternate ROMs where you have the least to loose.

Of course if you are new to Android and haven't lived with it for some
time, you won't really have a feel for what you like better about one
ROM vs. another.


> I know you can turn off syncing contacts with GMail, but I had
> assumed if I turned that off, then I wouldn't have to worry so much
> about them getting my contacts.  I get the impression you all think
> that's not the case.

It should be the case, but I guess I'd just remain a bit skeptical.

I'd feel way better about the privacy of Android if it supported a
per-app permission and network firewall. (WhisperSystems was working on
this before they got bought up by Twitter.)

Then you could disregard some application's declaration that it has
permission to access your contacts, and simply deny it, knowing that
you'd be deprived of some bit of ancillary functionality, but the rest
of the app would still function as designed.

Similarly, you could clamp down outbound connections used by apps, and
completely shut off apps that have no real business talking to the
Internet (of course this would break a bunch of ad services, but it
would be good motivation for small app developers to make use of a
shared ad service on your device, which you could grant net access).


> If I load a replacement ROM, do my chances of keeping my data private
> increase?  How?

Richard has a point about arbitrary apps using Google cloud storage.
While you can turn off some specific things, like syncing of contacts,
app settings will get synced without any fine-grained control.

A while back I asked an app developer whether they could use Google's
cloud storage as a way to synchronize the app's data currently held in
an SQLite database, and he replied, "This storage is just for backing up
and restoring app settings, which happens totally automatic. Google does
not provide the means to control and use it as basic storage, nor do
they want you to."

So apparently apps use an API for storing settings, probably similar to
the way a Windows application would use the registry, or a GNOME
application would use gconf, and Google transparently backs that up to
the cloud. While bulk data storage is more explicitly managed by the
application, and not automatically backed up.

So even with a custom ROM with root access and the ability to get rid of
privacy leaking carrier bloatware and some Google apps, you may still be
leaking information.

It makes you wonder, as lots of apps store login credentials for various
services they make use of. In some cases those will be low-risk
app-specific tokens, but in other cases they're actual passwords. Are
these being encrypted before being sent to the cloud? Not likely, as it
would defeat the ability for you to recover the data on a new device
(because they assume a user can't back up a key or passphrase).


> When it comes to rooting, my main objections are not the inconvenience,
> but reliability and support.

I imagine if you chose a mainstream device and a mainstream ROM, support
would be pretty good. The Android user base is certainly getting big
enough, so that even with you slice off a fringe of people who bother to
load a third part ROM, the community is still fairly sizable.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/



More information about the Discuss mailing list