PR1.2 compulsory My Nokia subscription

(How to avoid the compulsory registration while upgrading to PR1.2)
Line 60: Line 60:
If your upgrade method to PR1.2 involved flashing eMMC, this will mean that you cannot create the <code>/home/user/.cherry_state</code> file before booting into PR1.2. But you can remove the SIM card, boot and create the file. Then you are free to reboot with the SIM card in and it should not subscribe you.
If your upgrade method to PR1.2 involved flashing eMMC, this will mean that you cannot create the <code>/home/user/.cherry_state</code> file before booting into PR1.2. But you can remove the SIM card, boot and create the file. Then you are free to reboot with the SIM card in and it should not subscribe you.
 +
Cherry will tell the CSD daemon, through CSD's libcsd-sms.so module, to send the SMS directly, bypassing Telepathy and RTCOMM.
 +
 +
Before you put a SIM back in, check to see if there are any files in /var/spool/sms/outgoing and check to see if /var/spool/sms/regs_out.txt contains an entry. If you haven't sent any other SMSes, it's a safe bet that this message scheduled to go out is the one produced by Cherry. Removing the file in /var/spool/sms/outgoing and the entry from regs_out.txt is safe, but make a backup just in case.
[[Category:N900]]
[[Category:N900]]
[[Category:Users]]
[[Category:Users]]

Revision as of 14:59, 16 June 2010

The N900's Maemo 5 update PR1.2 contains a new feature called "My Nokia". This is a text message (SMS) subscription service, which you can register for and receive information texts from Nokia periodically.

The implementation of the feature is rather controversial, and some consider it a privacy breach. This document describes the problem and suggests some ways to work around it.

See also the related talk.maemo.org thread.

The problem

The main problem is that, by default, all devices upgraded to PR1.2 are automatically subscribed to My Nokia. This involves a text (SMS) being sent from the device to Nokia, which might be at the owner's expense, and then receiving texts from Nokia. In normal circumstances, it is not possible to use the upgraded operating system without agreeing to subscribe to My Nokia.

Technical analysis

If you just wish to find out how to avoid this, please skip down to the How to avoid the compulsory registration while upgrading to PR1.2 section.

In PR1.2, the My Nokia feature is enabled by the "cherry" package. The package is closed source, but it can still be analysed to an extent. The package can be downloaded on any N900 (even those that have not been upgraded to PR1.2). Downloading the package as described here does not install it, so is safe. For some reason, trying to wget the package from a Linux desktop machine doesn't work.

First you need to install "wget", which doesn't appear in Application Manager but can be installed using:

apt-get install wget

Then you can obtain the cherry package using:

cd ~/MyDocs 
wget --no-check-certificate https://qa9recEP:Pat2UGuP@downloads.maemo.nokia.com/fremantle/ssu/mr0/cherry_0.20-2+0m5_armel.deb

You should find the cherry_0.20-2+0m5_armel.deb in your MyDocs folder, which appears as N900 in File Manager, and can be accessed via USB and transferred to a desktop computer running Linux, where it is easier to analyse.

In that package, we see that it installs a script at /etc/X11/Xsession.d/34cherry (which is run every time the device boots) containing:

#!/bin/sh
 
# Cherry checks for .cherry_state anyway, but testing here makes it faster
if [ ! -f /home/user/.cherry_state ] ; then
  . /etc/X11/Xsession.d/04b_start_matchbox
  /usr/bin/cherry 1>&2
  . /etc/X11/Xsession.d/06stop_matchbox
fi

The package also installs a script at /etc/osso-cud-scripts/cherry-clean.sh (which it is thought is run when the user does "Restore Original Settings" from the menu in the Settings app) containing:

#!/bin/sh
/bin/rm -f $HOME/.cherry_state

From this it would seem that although the main /usr/bin/cherry binary is closed source and difficult to analysis, it can be largely neutralised by creating a file /home/user/.cherry_state.

The /usr/bin/cherry program brings up the warning that is seen on first booting the device after PR1.2 is installed. There is also /usr/lib/hildon-control-panel/libcpcherry.so and an associated /usr/share/applications/hildon-control-panel/cpcherry.desktop file which puts the My Nokia icon into the Settings app.

The package also contains a ChangeLog, which makes interesting reading as to how the package developed over time.

How to avoid the compulsory registration while upgrading to PR1.2

To avoid the compulsory registration, i.e. to avoid the device sending a text to Nokia and breaching privacy, it is most important to stop the /usr/bin/cherry app from running. It would also be nice to remove the My Nokia applet from Settings, but at least that should not subscribe you without asking.

As you will see from the technical analysis above, creating a file called /home/user/.cherry_state should stop /usr/bin/cherry from running. This file lives in the eMMC, so if your PR1.2 upgrade procedure doesn't involve flashing eMMC, then you can create that file before you upgrade and it should still be there after the upgrade. That means that you should avoid running /usr/bin/cherry. To create that file, type:

touch ~/.cherry_state

Before you first boot into PR1.2, it is probably best to remove your SIM anyway, just in case something went wrong and /usr/bin/cherry still ran.

If your upgrade method to PR1.2 involved flashing eMMC, this will mean that you cannot create the /home/user/.cherry_state file before booting into PR1.2. But you can remove the SIM card, boot and create the file. Then you are free to reboot with the SIM card in and it should not subscribe you.

Cherry will tell the CSD daemon, through CSD's libcsd-sms.so module, to send the SMS directly, bypassing Telepathy and RTCOMM.

Before you put a SIM back in, check to see if there are any files in /var/spool/sms/outgoing and check to see if /var/spool/sms/regs_out.txt contains an entry. If you haven't sent any other SMSes, it's a safe bet that this message scheduled to go out is the one produced by Cherry. Removing the file in /var/spool/sms/outgoing and the entry from regs_out.txt is safe, but make a backup just in case.