PR1.2 compulsory My Nokia subscription

(Technical analysis)
m (Move analysis lower down, as most people probably just want to find out how to avoid this)
Line 9: Line 9:
The main problem is that, by default, all devices upgraded to PR1.2 are automatically subscribed to My Nokia. This involves a text (SMS) being sent from the device to Nokia, which might be at the owner's expense, and then receiving texts from Nokia. In normal circumstances, it is not possible to use the upgraded operating system without agreeing to subscribe to My Nokia.
The main problem is that, by default, all devices upgraded to PR1.2 are automatically subscribed to My Nokia. This involves a text (SMS) being sent from the device to Nokia, which might be at the owner's expense, and then receiving texts from Nokia. In normal circumstances, it is not possible to use the upgraded operating system without agreeing to subscribe to My Nokia.
-
== Technical analysis ==
+
== How to avoid the compulsory registration while upgrading to PR1.2 ==
 +
 
 +
To avoid the compulsory registration, i.e. to avoid the device sending a text to Nokia and breaching privacy, it is most important to stop the <code>/usr/bin/cherry</code> app from running. It would also be nice to remove the My Nokia applet from Settings, but at least that should not subscribe you without asking.
 +
 
 +
As you will see from the technical analysis below, creating a file called <code>/home/user/.cherry_state</code> should stop <code>/usr/bin/cherry</code> from running. This file lives in the eMMC, so if your PR1.2 upgrade procedure doesn't involve flashing eMMC, then you can create that file before you upgrade and it should still be there after the upgrade. That means that you should avoid running <code>/usr/bin/cherry</code>. To create that file, type:
 +
 
 +
touch ~/.cherry_state
 +
 
 +
Before you first boot into PR1.2, it is probably best to remove your SIM anyway, just in case something went wrong and <code>/usr/bin/cherry</code> still ran.
 +
 
 +
If your upgrade method to PR1.2 involved flashing eMMC, this will mean that you cannot create the <code>/home/user/.cherry_state</code> file before booting into PR1.2. But you can remove the SIM card, boot and create the file. Then you are free to reboot with the SIM card in and it should not subscribe you.
 +
 
 +
Cherry will tell the CSD daemon, through CSD's libcsd-sms.so module, to send the SMS directly, bypassing Telepathy and RTCOMM.
 +
 
 +
Before you put a SIM back in, check to see if there are any files in <code>/var/spool/sms/outgoing</code> and check to see if <code>/var/spool/sms/regs_out.txt</code> contains an entry. If you haven't sent any other SMSes, it's a safe bet that this message scheduled to go out is the one produced by Cherry. Removing the file in <code>/var/spool/sms/outgoing</code> and the entry from regs_out.txt is safe, but make a backup just in case.
-
If you just wish to find out how to avoid this, please skip down to the [[#How to avoid the compulsory registration while upgrading to PR1.2|How to avoid the compulsory registration while upgrading to PR1.2]] section.
+
== Technical analysis ==
In PR1.2, the My Nokia feature is enabled by the "cherry" package. The package is closed source, but it can still be analysed to an extent. The package can be downloaded on any N900 (even those that have not been upgraded to PR1.2). Downloading the package as described here does not install it, so is safe. For some reason, trying to wget the package from a Linux desktop machine doesn't work.
In PR1.2, the My Nokia feature is enabled by the "cherry" package. The package is closed source, but it can still be analysed to an extent. The package can be downloaded on any N900 (even those that have not been upgraded to PR1.2). Downloading the package as described here does not install it, so is safe. For some reason, trying to wget the package from a Linux desktop machine doesn't work.
Line 48: Line 62:
The package also contains a ChangeLog, which makes interesting reading as to how the package developed over time.
The package also contains a ChangeLog, which makes interesting reading as to how the package developed over time.
-
The package is not optified, contributing to the rootfs compressed terms files of about 1.3MB
+
The package is not optified, contributing to the rootfs compressed terms files of about 1.3MB.
-
 
+
-
== How to avoid the compulsory registration while upgrading to PR1.2 ==
+
-
 
+
-
To avoid the compulsory registration, i.e. to avoid the device sending a text to Nokia and breaching privacy, it is most important to stop the <code>/usr/bin/cherry</code> app from running. It would also be nice to remove the My Nokia applet from Settings, but at least that should not subscribe you without asking.
+
-
 
+
-
As you will see from the technical analysis above, creating a file called <code>/home/user/.cherry_state</code> should stop <code>/usr/bin/cherry</code> from running. This file lives in the eMMC, so if your PR1.2 upgrade procedure doesn't involve flashing eMMC, then you can create that file before you upgrade and it should still be there after the upgrade. That means that you should avoid running <code>/usr/bin/cherry</code>. To create that file, type:
+
-
 
+
-
touch ~/.cherry_state
+
-
 
+
-
Before you first boot into PR1.2, it is probably best to remove your SIM anyway, just in case something went wrong and <code>/usr/bin/cherry</code> still ran.
+
-
 
+
-
If your upgrade method to PR1.2 involved flashing eMMC, this will mean that you cannot create the <code>/home/user/.cherry_state</code> file before booting into PR1.2. But you can remove the SIM card, boot and create the file. Then you are free to reboot with the SIM card in and it should not subscribe you.
+
-
 
+
-
Cherry will tell the CSD daemon, through CSD's libcsd-sms.so module, to send the SMS directly, bypassing Telepathy and RTCOMM.
+
-
 
+
-
Before you put a SIM back in, check to see if there are any files in <code>/var/spool/sms/outgoing</code> and check to see if <code>/var/spool/sms/regs_out.txt</code> contains an entry. If you haven't sent any other SMSes, it's a safe bet that this message scheduled to go out is the one produced by Cherry. Removing the file in <code>/var/spool/sms/outgoing</code> and the entry from regs_out.txt is safe, but make a backup just in case.
+
[[Category:N900]]
[[Category:N900]]
[[Category:Users]]
[[Category:Users]]

Revision as of 21:28, 23 June 2010

The N900's Maemo 5 update PR1.2 contains a new feature called "My Nokia". This is a text message (SMS) subscription service, which you can register for and receive information texts from Nokia periodically.

The implementation of the feature is rather controversial, and some consider it a privacy breach. This document describes the problem and suggests some ways to work around it.

See also the related talk.maemo.org thread.

The problem

The main problem is that, by default, all devices upgraded to PR1.2 are automatically subscribed to My Nokia. This involves a text (SMS) being sent from the device to Nokia, which might be at the owner's expense, and then receiving texts from Nokia. In normal circumstances, it is not possible to use the upgraded operating system without agreeing to subscribe to My Nokia.

How to avoid the compulsory registration while upgrading to PR1.2

To avoid the compulsory registration, i.e. to avoid the device sending a text to Nokia and breaching privacy, it is most important to stop the /usr/bin/cherry app from running. It would also be nice to remove the My Nokia applet from Settings, but at least that should not subscribe you without asking.

As you will see from the technical analysis below, creating a file called /home/user/.cherry_state should stop /usr/bin/cherry from running. This file lives in the eMMC, so if your PR1.2 upgrade procedure doesn't involve flashing eMMC, then you can create that file before you upgrade and it should still be there after the upgrade. That means that you should avoid running /usr/bin/cherry. To create that file, type:

touch ~/.cherry_state

Before you first boot into PR1.2, it is probably best to remove your SIM anyway, just in case something went wrong and /usr/bin/cherry still ran.

If your upgrade method to PR1.2 involved flashing eMMC, this will mean that you cannot create the /home/user/.cherry_state file before booting into PR1.2. But you can remove the SIM card, boot and create the file. Then you are free to reboot with the SIM card in and it should not subscribe you.

Cherry will tell the CSD daemon, through CSD's libcsd-sms.so module, to send the SMS directly, bypassing Telepathy and RTCOMM.

Before you put a SIM back in, check to see if there are any files in /var/spool/sms/outgoing and check to see if /var/spool/sms/regs_out.txt contains an entry. If you haven't sent any other SMSes, it's a safe bet that this message scheduled to go out is the one produced by Cherry. Removing the file in /var/spool/sms/outgoing and the entry from regs_out.txt is safe, but make a backup just in case.

Technical analysis

In PR1.2, the My Nokia feature is enabled by the "cherry" package. The package is closed source, but it can still be analysed to an extent. The package can be downloaded on any N900 (even those that have not been upgraded to PR1.2). Downloading the package as described here does not install it, so is safe. For some reason, trying to wget the package from a Linux desktop machine doesn't work.

First you need to install "wget", which doesn't appear in Application Manager but can be installed using:

apt-get install wget

Then you can obtain the cherry package using:

cd ~/MyDocs 
wget --no-check-certificate https://qa9recEP:Pat2UGuP@downloads.maemo.nokia.com/fremantle/ssu/mr0/cherry_0.20-2+0m5_armel.deb

You should find the cherry_0.20-2+0m5_armel.deb in your MyDocs folder, which appears as N900 in File Manager, and can be accessed via USB and transferred to a desktop computer running Linux, where it is easier to analyse.

In that package, we see that it installs a script at /etc/X11/Xsession.d/34cherry (which is run every time the device boots) containing:

#!/bin/sh
 
# Cherry checks for .cherry_state anyway, but testing here makes it faster
if [ ! -f /home/user/.cherry_state ] ; then
  . /etc/X11/Xsession.d/04b_start_matchbox
  /usr/bin/cherry 1>&2
  . /etc/X11/Xsession.d/06stop_matchbox
fi

The package also installs a script at /etc/osso-cud-scripts/cherry-clean.sh (which it is thought is run when the user does "Restore Original Settings" from the menu in the Settings app) containing:

#!/bin/sh
/bin/rm -f $HOME/.cherry_state

From this it would seem that although the main /usr/bin/cherry binary is closed source and difficult to analysis, it can be largely neutralised by creating a file /home/user/.cherry_state.

The /usr/bin/cherry program brings up the warning that is seen on first booting the device after PR1.2 is installed. There is also /usr/lib/hildon-control-panel/libcpcherry.so and an associated /usr/share/applications/hildon-control-panel/cpcherry.desktop file which puts the My Nokia icon into the Settings app.

The package also contains a ChangeLog, which makes interesting reading as to how the package developed over time.

The package is not optified, contributing to the rootfs compressed terms files of about 1.3MB.