Root Warning. Do Not Share Nandroid Backups

[adrynalyne]

Even if your apps aren't there, and no personal information has been entered on a fresh wipe.

If someone asks for a stock Nandroid backup, kindly tell them to get lost

contagous and I learned the hard way. I sent him a completely tweaked and clean nandroid, with none of my personal info or anything like that. He has been using it and it works great.

Until AppBrain fast web installer is used. See, it IDs your device by the Android_ID, which is unique to every phone, or is supposed to be.

Nandroid backups will record this device ID, and clone it onto another device. Well, when contagous installs an app using the web installer, I get it. Without a prompt or nothing.

While I can do the same thing, and it was fun sending him pron apps and sexy men wallpapers, it has a real potential for a security nitemare. I trust contagous, but let this serve as a warning to everyone. Its also not so simple as installing another ROM and factory reset. So far as I can tell, as long as you stay on the same build OS, you will keep the same ID. The only thing that changed my ID to something else was going back to 2.1.

So friends, don't let friends share nandroids. If you do, play it smart, and delete all but the system and boot images and recalculate the md5.

 

[contagous]

Yeah we defo had some fun for like 5 hours messing with this, we also told appbrain and they said thanks and that they are trying to make the fast web installer part of the appbrain app in the future so it will be done by the Google account like the rest of the site and not the android_id.

So be careful who you give your nandroid copy too we have known each other a while since back on the Omnia so we trust one another

Good write up Bro

 

[Hand76]

Interesting I was wondering if this would work.

 

[spartan141]

hehehehe did he send you gay pron? j/k.

 

[adrynalyne]

Haha no. I sent hima bunch of stuff and then uninstalled my appbrain apps before he could retaliate

 

[adrynalyne]

If anyone has ANY information on where to find the database where the Android_ID is kept, please let me know. The typical haunting places are not present.

Thanks.

 

[contagous]

ROFL, well we think we found it, will update soon

 

[adrynalyne]

Ok, update as promised.

If this happens to you, the offending party (the nandroid receivee) needs to delete this file:
/data/data/com.android.providers.settings/databases/settings.db. This cannot be done from Clockwork.

Then reboot. They will lose their settings, but get their true ID back.

 

[contagous]

Ok, update as promised.

If this happens to you, the offending party (the nandroid receivee) needs to delete this file:
/data/data/com.android.providers.settings/databases/settings.db. This cannot be done from Clockwork.

Then reboot. They will lose their settings, but get their true ID back.

Yup we tested it more then once, and seemed to work everyime, I now have my own ID back and no more free pr0n from my Adrynalyne

oh and by the way, when we was installing each other's apps lol, it would only work for unprotected free apps, so appbrain was still as secure as normal in case anyone was worrying about it.

Its just the way that Fast Web installer worked off ID's and not Gmail account, should be fixed one day apparently , until then i will stick with the Sync option, much better IMO

 

[Dex]

Ok, update as promised.

If this happens to you, the offending party (the nandroid receivee) needs to delete this file:
/data/data/com.android.providers.settings/databases/settings.db. This cannot be done from Clockwork.

Then reboot. They will lose their settings, but get their true ID back.

It CANNOT be done from Clockwork? I know it says that, but there is no further explanation. So... yeah. Please elaborate. Thanks.

 

[adrynalyne]

It CANNOT be done from Clockwork? I know it says that, but there is no further explanation. So... yeah. Please elaborate. Thanks.

Clockwork cannot see this stuff. Do it via adb in normal mode.