Warning. Do Not Share Nandroid Backups


Last Updated:

  1. adrynalyne

    adrynalyne Well-Known Member This Topic's Starter

    Joined:
    Jul 15, 2010
    Messages:
    1,507
    Likes Received:
    885
    Even if your apps aren't there, and no personal information has been entered on a fresh wipe.

    If someone asks for a stock Nandroid backup, kindly tell them to get lost ;)

    contagous and I learned the hard way. I sent him a completely tweaked and clean nandroid, with none of my personal info or anything like that. He has been using it and it works great.

    Until AppBrain fast web installer is used. See, it IDs your device by the Android_ID, which is unique to every phone, or is supposed to be.

    Nandroid backups will record this device ID, and clone it onto another device. Well, when contagous installs an app using the web installer, I get it. Without a prompt or nothing.

    While I can do the same thing, and it was fun sending him pron apps and sexy men wallpapers, it has a real potential for a security nitemare. I trust contagous, but let this serve as a warning to everyone. Its also not so simple as installing another ROM and factory reset. So far as I can tell, as long as you stay on the same build OS, you will keep the same ID. The only thing that changed my ID to something else was going back to 2.1.

    So friends, don't let friends share nandroids. If you do, play it smart, and delete all but the system and boot images and recalculate the md5.
     

    Advertisement
  2. contagous

    contagous Well-Known Member

    Joined:
    May 21, 2010
    Messages:
    966
    Likes Received:
    132
    Yeah we defo had some fun for like 5 hours messing with this, we also told appbrain and they said thanks and that they are trying to make the fast web installer part of the appbrain app in the future so it will be done by the Google account like the rest of the site and not the android_id.

    So be careful who you give your nandroid copy too :) we have known each other a while since back on the Omnia so we trust one another :)

    Good write up Bro
     
    JustDroid likes this.
  3. Hand76

    Hand76 Guest

    Interesting I was wondering if this would work.
     
  4. spartan141

    spartan141 Well-Known Member

    Joined:
    Dec 7, 2009
    Messages:
    452
    Likes Received:
    61
    hehehehe did he send you gay pron? j/k.
     
  5. adrynalyne

    adrynalyne Well-Known Member This Topic's Starter

    Joined:
    Jul 15, 2010
    Messages:
    1,507
    Likes Received:
    885
    Haha no. I sent hima bunch of stuff and then uninstalled my appbrain apps before he could retaliate :D
     
  6. adrynalyne

    adrynalyne Well-Known Member This Topic's Starter

    Joined:
    Jul 15, 2010
    Messages:
    1,507
    Likes Received:
    885
    If anyone has ANY information on where to find the database where the Android_ID is kept, please let me know. The typical haunting places are not present.

    Thanks.
     
  7. contagous

    contagous Well-Known Member

    Joined:
    May 21, 2010
    Messages:
    966
    Likes Received:
    132
    ROFL, well we think we found it, will update soon :)
     
  8. adrynalyne

    adrynalyne Well-Known Member This Topic's Starter

    Joined:
    Jul 15, 2010
    Messages:
    1,507
    Likes Received:
    885
    Ok, update as promised.

    If this happens to you, the offending party (the nandroid receivee) needs to delete this file:
    /data/data/com.android.providers.settings/databases/settings.db. This cannot be done from Clockwork.

    Then reboot. They will lose their settings, but get their true ID back.
     
    contagous likes this.
  9. contagous

    contagous Well-Known Member

    Joined:
    May 21, 2010
    Messages:
    966
    Likes Received:
    132
    Yup we tested it more then once, and seemed to work everyime, I now have my own ID back :) and no more free pr0n from my Adrynalyne :p

    oh and by the way, when we was installing each other's apps lol, it would only work for unprotected free apps, so appbrain was still as secure as normal :) in case anyone was worrying about it.

    Its just the way that Fast Web installer worked off ID's and not Gmail account, should be fixed one day apparently :), until then i will stick with the Sync option, much better IMO
     
  10. Dex

    Dex Well-Known Member

    Joined:
    Jan 11, 2010
    Messages:
    424
    Likes Received:
    54
    It CANNOT be done from Clockwork? I know it says that, but there is no further explanation. So... yeah. Please elaborate. Thanks.
     
  11. adrynalyne

    adrynalyne Well-Known Member This Topic's Starter

    Joined:
    Jul 15, 2010
    Messages:
    1,507
    Likes Received:
    885
    Clockwork cannot see this stuff. Do it via adb in normal mode.
     

Share This Page

Loading...