Root Warning. Do Not Share Nandroid Backups

Discussion in 'Android Devices' started by adrynalyne, Jul 30, 2010.

  1. adrynalyne

    adrynalyne Well-Known Member
    213

    Jul 15, 2010
    1,507
    885
    213
    Even if your apps aren't there, and no personal information has been entered on a fresh wipe.

    If someone asks for a stock Nandroid backup, kindly tell them to get lost ;)

    contagous and I learned the hard way. I sent him a completely tweaked and clean nandroid, with none of my personal info or anything like that. He has been using it and it works great.

    Until AppBrain fast web installer is used. See, it IDs your device by the Android_ID, which is unique to every phone, or is supposed to be.

    Nandroid backups will record this device ID, and clone it onto another device. Well, when contagous installs an app using the web installer, I get it. Without a prompt or nothing.

    While I can do the same thing, and it was fun sending him pron apps and sexy men wallpapers, it has a real potential for a security nitemare. I trust contagous, but let this serve as a warning to everyone. Its also not so simple as installing another ROM and factory reset. So far as I can tell, as long as you stay on the same build OS, you will keep the same ID. The only thing that changed my ID to something else was going back to 2.1.

    So friends, don't let friends share nandroids. If you do, play it smart, and delete all but the system and boot images and recalculate the md5.
     

    Advertisement
  2. contagous

    contagous Well-Known Member
    93

    May 21, 2010
    966
    132
    93
    Gfx Design / Network Engineer
    Seattle WA
    Yeah we defo had some fun for like 5 hours messing with this, we also told appbrain and they said thanks and that they are trying to make the fast web installer part of the appbrain app in the future so it will be done by the Google account like the rest of the site and not the android_id.

    So be careful who you give your nandroid copy too :) we have known each other a while since back on the Omnia so we trust one another :)

    Good write up Bro
     
    JustDroid likes this.
  3. Hand76

    Hand76 Guest

    Interesting I was wondering if this would work.
     
  4. spartan141

    spartan141 Well-Known Member
    63

    Dec 7, 2009
    452
    61
    63
    hehehehe did he send you gay pron? j/k.
     
  5. adrynalyne

    adrynalyne Well-Known Member
    213

    Jul 15, 2010
    1,507
    885
    213
    Haha no. I sent hima bunch of stuff and then uninstalled my appbrain apps before he could retaliate :D
     
  6. adrynalyne

    adrynalyne Well-Known Member
    213

    Jul 15, 2010
    1,507
    885
    213
    If anyone has ANY information on where to find the database where the Android_ID is kept, please let me know. The typical haunting places are not present.

    Thanks.
     
  7. contagous

    contagous Well-Known Member
    93

    May 21, 2010
    966
    132
    93
    Gfx Design / Network Engineer
    Seattle WA
    ROFL, well we think we found it, will update soon :)
     
  8. adrynalyne

    adrynalyne Well-Known Member
    213

    Jul 15, 2010
    1,507
    885
    213
    Ok, update as promised.

    If this happens to you, the offending party (the nandroid receivee) needs to delete this file:
    /data/data/com.android.providers.settings/databases/settings.db. This cannot be done from Clockwork.

    Then reboot. They will lose their settings, but get their true ID back.
     
    contagous likes this.
  9. contagous

    contagous Well-Known Member
    93

    May 21, 2010
    966
    132
    93
    Gfx Design / Network Engineer
    Seattle WA
    Yup we tested it more then once, and seemed to work everyime, I now have my own ID back :) and no more free pr0n from my Adrynalyne :p

    oh and by the way, when we was installing each other's apps lol, it would only work for unprotected free apps, so appbrain was still as secure as normal :) in case anyone was worrying about it.

    Its just the way that Fast Web installer worked off ID's and not Gmail account, should be fixed one day apparently :), until then i will stick with the Sync option, much better IMO
     
  10. Dex

    Dex Well-Known Member
    53

    Jan 11, 2010
    424
    54
    53
    Mobile Tech Support
    Tennessee
    It CANNOT be done from Clockwork? I know it says that, but there is no further explanation. So... yeah. Please elaborate. Thanks.
     
  11. adrynalyne

    adrynalyne Well-Known Member
    213

    Jul 15, 2010
    1,507
    885
    213
    Clockwork cannot see this stuff. Do it via adb in normal mode.
     

Share This Page

Loading...