PR1.2 compulsory My Nokia subscription
The N900's Maemo 5 update PR1.2 contains a new feature called "My Nokia". This is a text message (SMS) subscription service, which you can register for and receive information texts from Nokia periodically.
The implementation of the feature is rather controversial, and some consider it a privacy breach. This document describes the problem and suggests some ways to work around it.
See also the related talk.maemo.org thread.
The problem
The main problem is that, by default, all devices upgraded to PR1.2 are automatically subscribed to My Nokia. This involves a text (SMS) being sent from the device to Nokia, which might be at the owner's expense, and then receiving texts from Nokia. In normal circumstances, it is not possible to use the upgraded operating system without agreeing to subscribe to My Nokia.
Technical analysis
If you just wish to find out how to avoid this, please skip down to the How to avoid the compulsory registration while upgrading to PR1.2 section.
In PR1.2, the My Nokia feature is enabled by the "cherry" package. The package is closed source, but it can still be analysed to an extent. The package can be downloaded on any N900 (even those that have not been upgraded to PR1.2). Downloading the package as described here does not install it, so is safe. For some reason, trying to wget the package from a Linux desktop machine doesn't work.
First you need to install "wget", which doesn't appear in Application Manager but can be installed using:
apt-get install wget
Then you can obtain the cherry package using:
cd ~/MyDocs wget --no-check-certificate https://qa9recEP:Pat2UGuP@downloads.maemo.nokia.com/fremantle/ssu/mr0/cherry_0.20-2+0m5_armel.deb
You should find the cherry_0.20-2+0m5_armel.deb in your MyDocs folder, which appears as N900 in File Manager, and can be accessed via USB and transferred to a desktop computer running Linux, where it is easier to analyse.
In that package, we see that it installs a script at /etc/X11/Xsession.d/34cherry
(which is run every time the device boots) containing:
#!/bin/sh # Cherry checks for .cherry_state anyway, but testing here makes it faster if [ ! -f /home/user/.cherry_state ] ; then . /etc/X11/Xsession.d/04b_start_matchbox /usr/bin/cherry 1>&2 . /etc/X11/Xsession.d/06stop_matchbox fi
The package also installs a script at /etc/osso-cud-scripts/cherry-clean.sh
(which it is thought is run when the user does "Restore Original Settings" from the menu in the Settings app) containing:
#!/bin/sh /bin/rm -f $HOME/.cherry_state
From this it would seem that although the main /usr/bin/cherry
binary is closed source and difficult to analysis, it can be largely neutralised by creating a file /home/user/.cherry_state
.
The /usr/bin/cherry
program brings up the warning that is seen on first booting the device after PR1.2 is installed. There is also /usr/lib/hildon-control-panel/libcpcherry.so
and an associated /usr/share/applications/hildon-control-panel/cpcherry.desktop
file which puts the My Nokia icon into the Settings app.
The package also contains a ChangeLog, which makes interesting reading as to how the package developed over time.
How to avoid the compulsory registration while upgrading to PR1.2
To avoid the compulsory registration, i.e. to avoid the device sending a text to Nokia and breaching privacy, it is most important to stop the /usr/bin/cherry
app from running. It would also be nice to remove the My Nokia applet from Settings, but at least that should not subscribe you without asking.
As you will see from the technical analysis above, creating a file called /home/user/.cherry_state
should stop /usr/bin/cherry
from running. This file lives in the eMMC, so if your PR1.2 upgrade procedure doesn't involve flashing eMMC, then you can create that file before you upgrade and it should still be there after the upgrade. That means that you should avoid running /usr/bin/cherry
. To create that file, type:
touch ~/.cherry_state
Before you first boot into PR1.2, it is probably best to remove your SIM anyway, just in case something went wrong and /usr/bin/cherry
still ran.
If your upgrade method to PR1.2 involved flashing eMMC, this will mean that you cannot create the /home/user/.cherry_state
file before booting into PR1.2. But you can remove the SIM card, boot and create the file. Then you are free to reboot with the SIM card in and it should not subscribe you.
Cherry will tell the CSD daemon, through CSD's libcsd-sms.so module, to send the SMS directly, bypassing Telepathy and RTCOMM.
Before you put a SIM back in, check to see if there are any files in /var/spool/sms/outgoing and check to see if /var/spool/sms/regs_out.txt contains an entry. If you haven't sent any other SMSes, it's a safe bet that this message scheduled to go out is the one produced by Cherry. Removing the file in /var/spool/sms/outgoing and the entry from regs_out.txt is safe, but make a backup just in case.