After Samsung abandoned any support for the S7-series of their smartphones, the pressure on me to buy a new device kept increasing. This led me to an idea of giving a chance to LineageOS. Making backups, especially in a non-proprietary way was challenging. I hate all these vendors offering nothing but their own cloud.
Updated: see below for Lineage OS 21 / Android 14
My friend was adb
together with abe.jar
. You can force an app to generate an update with the command adb backup -f DESTINATION.ab PACKAGE_NAME
. Leaving the package name would generate a full backup, which takes time and disk capacity on the phone. Not enough space leads to a failure, obviously. A prerequisite is:
adb
and maybe fastboot
for unlocking the phone).The *.ab
files are modified tgz-files, having a different header and (at least in my case) encrypted with device's passcode. The easiest way to extract them seem be to any variation of the abe.jar
tool. No idea which one I have used, the Android Backup Extractor from Nikolay Elenkov seem to be a good one. You get a tar file, which should be a no-brainer to get extracted.
Two apps did annoy:
The command adb backup -f memo.ab com.samsung.android.app.memo
generates an almost-empty archive. I did not find any reasonable way to extract the notes and had to export one-by-one to a file. And the only way generating actually a file (html-like with optional pngs for images) was to send each note via Bluetooth to an external device.
The command adb backup -f sms.ab com.android.providers.telephony
do actually generate promising files, but their structure is nothing I could easily read. Some websites say, it should be an SQLite DB, but it wasn't (in my case). Other websites say, you need Android forensic tools to decode the backups. So I have decided to use a third-party app SMS Backup and Restore, which did the job both ways.
I have also found a command-line approach, which unfortunately did not work in my case (insufficient privileges):
adb shell "content query --uri content://sms/ --projection thread_id:address:person:date:date_sent:protocol:read:status:type:reply_path_present:subject:body:service_center:locked:sub_id:error_code:creator:seen" > sms.lst
Error while accessing provider:sms
java.lang.SecurityException: Permission Denial: reading com.android.providers.telephony.SmsProvider uri content://sms/ from pid=28079, uid=2000 requires android.permission.READ_SMS, or grantUriPermission()
at android.os.Parcel.readException(Parcel.java:1967)
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:183)
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:135)
at android.content.ContentProviderProxy.query(ContentProviderNative.java:418)
at com.android.commands.content.Content$QueryCommand.onExecute(Content.java:593)
at com.android.commands.content.Content$Command.execute(Content.java:447)
at com.android.commands.content.Content.main(Content.java:664)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:287)
That was an easy one thanks to the built-in vcf-export function.
Messengers do it all in a proprietary way, but in most cases I was able to generate a recovery file, somehow.
The rough steps are:
Prerequisites are:
Caution Take a maximal care when choosing the images. They need to match the processor and type of your phone. Otherwise you risk bricking the device as it won't be able to understand the code while booting. Especially the S7 has been manufactured with two different CPUs: Exynos and Qualcomm, depending on the geographical region.
What is Odin? It's an internal tool of Samsung that was never officially published. Still, you will find a lot of websites offering a copy of it. Be careful, as it is possible that many sources are infected with malware. A newer version do not need to be a better one. Especially for older phones an older version of Odin may work better. In my case the 3.14.1 was fine. An open-source alternative is Heimdall, but it (probably) requires you to compile the tool on your own.
What are GApps? Since LineageOS is a clean operating system without any Google tools (like Play Store, Maps, YouTube and so on...), you may want to have access to them. If you don't do it at the imaging step, you will not be able to install them afterwards. At least the Play Store is required, all the rest can be installed from there (this is basically the difference between different package sizes). There are a lot of developers providing their own *GApps, but only a few of them will be compatible with the LineageOS package. If you choose the LineageOS of Ivan Meler, the only officially compatible variant are NikGApps.
It was actually unclear to me, whether it is required at all, but some sources mention the risks: a) encrypted disk may lead to TWRP crash and not being able even to restore the original OS, b) leftovers of accounts may interfere with some rest-overs of 'find my phone' and stuff. So, I have removed the PIN from the start-up, removed regular PIN, removed both accounts, rebooted, back to factory settings.
Because I did restore factory settings, I had to initialize the system again, in a simplified way: without a SIM card, no accounts, just to see the phone's menu. Then:
No 'OEM unlocking' there?
I was lucky, but some sources say the option can be missing or it can require you to enter some special vendor code. In this case, there is a chance it is doable by booting the phone with a key combination into the bootloader mode and then unlocking the bootloader there. The exact key combination varies - you need to google it. Yet another option is to use the adb
tool (see 'Backup' section before for installation details) and typing adb reboot bootloader
in. The actual bootloader unlocking would be done with another fastboot
tool (also part of the platform tools). To check, whether the device has been recognized in the bootloader mode, enter fastboot devices
and in order to unlock the bootloader enter fastboot oem unlock
. At the end, enter fastboot reboot
.
When connected to the PC, enter adb reboot download
.
Without a USB cable, the Internet says (not tested, exact timing unknown to me):
Other description says:
Just in case you need to quit the download mode - this is doable by long-pressing the power and one of the volume keys.
Start the Odin program and:
Caution: The transfer is done and there is a reason the phone was not restarted automatically. You have only one chance to boot into the TWRP bootloader now. If you fail, the original bootloader will be restored and you need to repeat the step again. If you succeed, the TWRP will install itself permanently.
If there were no errors, you are ready to reboot the phone and enjoy the new operating system. Otherwise, stay in TWRP and repeat the steps (probably with alternative packages) until you succeed.
Caution: Install *GApps before rebooting the system. Only this way the package can be correctly initialized and get administrative rights for software installation.
The LineageOS 20 (Android 13) takes way less space on the device than the original OS with a lot of bloatware. It also seems to be more reactive and consume less power. Up to now I have identified the following disadvantages:
Still, the pros overweight the cons of having an extremely outdated stock operating system (slow, full of bloatware, decreasing availability of compatible apps, no security patches).
Updated after three weeks of using the new system.
I don't use the phone for any sensitive data now (like banking apps), since there is no option to know, whether there is no hidden backdoor or anything like that. You don't know, who worked on all drivers, the image itself and so on. So: be careful. I analyzed the network traffic of the phone and could not find anything suspicious. Still, there are hundreds of ways to hide unwanted stuff.
The last point requires some explanation: Regardless whether the always-on-display option is activated or not, it turns on at random (once a week in average). The thing is, there is no exit out of this mode. Once activated, the display shows the clock. Forever. Pressing buttons, touching the screen, using the fingerprint sensor - all of them do nothing. The fingerprint sensor does react (the phone vibrates), the phone seems to work in the background (messages are being received - phone vibrates), but the screen stays black showing only the clock. SOLVED! Responsible for that is the magnet sensor in the bottom left edge of the phone. It is normally used to detect a closed cover and show a clock in such case. Just use a magnet close to this edge and it will unlock. Unfortunately, there is no menu option to disable covers.
The phone was gradually working worse and worse. The most annoying thing: the camera app freezing the whole phone (only with connection to the main camera; face camera no issues). After a forced reboot I could like use the camera maybe 5 times, each time getting more delay, after finally getting a completely frozen OS. Time to time it was not possible to wake the phone up: pressing buttons, touching the screen, no reaction, black screen. Since the only reasonable option was to make a clean installation, I needed a couple of months to grow up to this decision. It worked extremely easy:
I used the following files:
And it worked like a charm.
Just a rough overview of the traffic generated by the phone, directly after flashing, looks as follows:
The above traffic has been observed after a reboot within ca. 26 minutes. The two destinations: glltos2.glpals.com and BCMLS2.glpals.com seem to belong to Broadcom and probably are used for the assisted GPS. The NTP protocol is for syncing the time. All others are most probably the result of having NikGapps installed. Of course, a backdoor in the image could use any of these connections to leak the data (or to provide a remote access to the phone), as well as this simple test could not have been enough to find a backdoor (e.g., in case it needs to be triggered somehow first). Anyway, it makes a good feeling, since nothing obviously wrong has been found.