What is wrong with this (kind of old) Android, and https (only?) internet?
Linux - MobileThis forum is for the discussion of all topics relating to Mobile Linux. This includes Android, Tizen, Sailfish OS, Replicant, Ubuntu Touch, webOS, and other similar projects and products.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What is wrong with this (kind of old) Android, and https (only?) internet?
I have a CCE tablet model "Motion TAB TR91" here.
It was apparently working a few months ago, since the owner installed and used a few apps. But a few days ago, its browser (where do i discover its version? It is an old chrome, i guess, since its icon is a blue Earth made with visible dots) apparently stopped working. Further, Gmail and a few other standard apps started having strange behaviours.
Gmail kept giving a small error window saying "Gmail stopped", with just an [OK] button in it. But it never worked again.
The email accounts in the "Email" app was still working, though.
I tried to install an alternative browser, but i could not open any page! In the end, i noted they were all https sites (even if i tried to use them as clean http, they redirect themselves to https, so...).
The app store was also strange, since it only showed paid things. I could not find the usual things there. I decided to reset the tablet.
I backed everything needed up, and did the reset. But now i am still having some good amount of trouble to get this tablet to do all it can do.
Android version is 4.0.4. Kernel version is 3.0.8+.
App store is working again. I created a new gmail account just to it, and the app for it is working. The Email app is still untouched.
HTTPS things are all inaccessible.
I tried to download Duckduckgo browser from app store, but it is (!) not there! I used a site i have, put its apk there, downloaded it with http, tried to install. Nope: "There is a problem in package analysis". After that, i checked: DDG 5.42.1 is for Android 5.0+. )':
Searching around the web for my problem, i found a page talking about *exactly* Android 4.0.4, and how it did not upgrade the CHORUME¹ browser on purpose. And it recommended the Dolphin browser. I thought "why not"? I could not download it from the tablet (secure connection again). But i did on my computer, after that, sent it to the http site, downloaded in the tablet, installed. Great. But i cannot use any https site! The error is:
"Web page not available
Please, check your internet connection
[reload]"
http pages are fine.
Since the backup was made (actually, all files and needed things were moved to somewhere else; the reset was done without a gtrash backup), i am free to do anything in the tablet.
Suggestions? What can i do?
---------------------
I did not write it wrong, it is intentional this way. You can call it a nickname for that bad browser.
Based on this I'd say one or several of the below:
- browser certificates are too old
- installed ssl version is too old
- possibly other software dealing with encryption/SSL is outdated
esp. the SSL problem often means that websites refuse to connect encrypted with the error message "no cypher overlap" or some such.
Newer certificates are easy to install, the other stuff not.
Try to get some meaningful error messages from that browser.
(with small editions) Based on this I'd say one or several of the below:
1- browser certificates are too old
2- installed ssl version is too old
3- possibly other software dealing with encryption/SSL is outdated
esp. the SSL problem often means that websites refuse to connect encrypted with the error message "no cypher overlap" or some such.
Newer certificates are easy to install, the other stuff not.
From Android KitKat (4.0) up to Nougat (7.0) it's possible and easy. I was able to install the Charles Web Debbuging Proxy cert on my un-rooted device and successfully sniff SSL traffic.
Before Android version 4.0, with Android version Gingerbread & Froyo, there was a single read-only file ( /system/etc/security/cacerts.bks ) containing the trust store with all the CA ('system') certificates trusted by default on Android. Both system apps and all applications developed with the Android SDK use this. Use these instructions on installing CAcert certificates on Android Gingerbread, Froyo, ...
Starting from Android 4.0 (Android ICS/'Ice Cream Sandwich', Android 4.3 'Jelly Bean' & Android 4.4 'KitKat'), system trusted certificates are on the (read-only) system partition in the folder '/system/etc/security/' as individual files. However, users can now easily add their own 'user' certificates which will be stored in '/data/misc/keychain/certs-added'.
System-installed certificates can be managed on the Android device in the Settings -> Security -> Certificates -> 'System'-section, whereas the user trusted certificates are manged in the 'User'-section there. When using user trusted certificates, Android will force the user of the Android device to implement additional safety measures: the use of a PIN-code, a pattern-lock or a password to unlock the device are mandatory when user-supplied certificates are used.
Installing CAcert certificates as 'user trusted'-certificates is very easy. Installing new certificates as 'system trusted'-certificates requires more work (and requires root access), but it has the advantage of avoiding the Android lockscreen requirement.
But that does not help me. I do not know what to do, or how.
Would someone guide me with more easy steps? I am pretty newbie and ignorant about mobile stuff.
Quote:
Originally Posted by ondoho
[...]
Try to get some meaningful error messages from that browser.
'.' How? From either browsers (the preinstalled and the Dolphin version 12.1.5 for Android 4.0.4) i see only that error screen, with nothing else to "click" or open. I do not see anything that will give more information.
Android version is 4.0.4. Kernel version is 3.0.8+.
Android 4.0.4 only supports up to TLS 1.0
The PCI DSS (Payment Card Industry Data Security Standard) specifies that TLS 1.0 may no longer be used as of June 30, 2018. It also strongly suggests that you disable TLS 1.1. - https://www.acunetix.com/blog/articl...her-hardening/
So you'll find https will work with some sites but not all of them, and certainly not any that audit to PCI compliance standards.
What can i do with this tablet? It has a separate account. But i need to install things in it. I want it able to: open PDF, EPUB, ... files; edit images; play games; visit any site i want, assuming the risks this has. How do i set this up?
Looks like this device was first released in 2013, which is an eternity when it comes to Android devices.
Save yourself the time and headaches and drop it off to be recycled and buy a new cheap (<$70) tablet.
No. That is an absurd idea. Why will i throw away something that has everything needed to do all i said, and several other things? That is silly. I will not give any money to another device made to last a few months.
Continue using it as it is and accept the risk & the few sites you cannot visit.
Maybe try to install a browser that still supports Android 4.x - How about Fennec on F-Droid? Oh no, recent versions require at least Android 4.1...
Are you still around? I realize I'm late with my reply, but I don't hang around here, I just happened across this post while doing some unrelated searching.
There's no need to trash this tablet just because it has an outdated Android ROM. Actually from my perspective, this is a good thing (because that tablet would be very easy to manually root from ADB shell hooked up to a Linux-based computer.) I'm willing to help you with this if you would like my help... I can write a bash shell script to gain root access to the tablet and use it to update the TLS certificates.
Normally I would recommend updating to a custom ROM (running a new Android version) and I'd still recommend this, but I didn't find much info about your tablet from a quick search. It looks like a fairly rare tablet from Brazil or Portugal or something (based on some stock ROMs I found online.)
It looks like an AllWinner tablet to me. I'm thinking the Motion brand name is not the real manufacturer. It would be easy to find all this info out from an ADB shell (or Termux is an excellent terminal emulator app... but you'll probably have issues installing packages on Termux since it uses TLS.) Hook that tablet up (via USB) to a Debian-based Linux (like Ubuntu) and you can use Ubuntu's terminal (with 'adb shell' command) to access the tablet's shell. Old Android 4 is loaded with exploits right and left, so gaining root would be trivial (root can be used to update the TLS system certs to the latest certs from Android's open source codebase.) If I knew more about the tablet, I might be able to find source code for building the kernel and I could build a Lineage custom ROM for it (say Android 7.1.2... Oreo brings default encryption that makes working with stuff harder and would only slow down old tablet hardware.)
Anyways, if you still have the tablet and haven't gotten anywhere with it and you'd like my help, just let me know. I'm happy to root the tablet and update the TLS certs for you (either by writing a bash script or we could use TeamViewer on Ubuntu so I'd be able to access the tablet's shell directly.) I cannot promise to build a custom ROM just for your tablet (although I'll show you how to do it yourself on Ubuntu.) Building ROMs takes a lot of bandwidth (to download all the code), hard drive space and lots of CPU/RAM and a good bit of time involved. I don't have good enough computer hardware to build a ROM in a reasonable amount of time... but it's not as hard as it sounds, I'll show you how it's done.
The important first step is to gain root from ADB shell (multiple memory exploits and system bugs in Android versions before 6 make this easy) and then to take a full backup of the tablet's existing eMMC (storage chip) using 'dd' command. This way if you mess anything up on the tablet, you have a full disk backup to be able to restore it.
This may all sound like more trouble than it's worth... but it's actually fun for me. It's not hard either, but it does take time (writing full tablet backup to computer's hard drive, etc.)
If you don't want my help (or if I don't reply) then I'd recommend looking for a custom ROM (and custom recovery) that you can try flashing to the tablet yourself (but take a backup first!) I can't find any specs on this tablet... so I don't know the chipset (CPU) and without knowing that I can't recommend a ROM or look for the kernel source to build a ROM.
Other than that... try "Privacy Browser" (app) on the tablet. (Here's a link to download it from F-Droid: f-droid org packages / com.stoutner.privacybrowser.standard )
Privacy browser is a good open source browser... but more importantly if a TLS (formerly known as "SSL") certificate for a website you visit on the browser is expired or somehow invalid, the browser will warn you will a pop-up (and it shows you the TLS cert and what the problem is) but it will let you click "Proceed" where the browser will load the site regardless of an invalid TLS cert. Most browsers try to "protect" the user by not letting you access sites with invalid certs due to the highly unlikely possibly of somebody performing a MiTM attack on you... but a smart MiTM attacker would replace the cert with a forged (but valid) one so you wouldn't even notice.
**Edit**: Actually Privacy Browser requires Android 4.4 (Lollipop.) So basically you need to update the Android ROM... which means you need to know the exact chipset so you can build (or find) a custom ROM that will work on that tablet.
Your TLS certificates are outdated, but another problem is the old version of OpenSSL used in Android before 4.4 and 5.
I bet updating Android (sometimes called Google) System WebView would help as it'd might allow you to use the newer TLS protocols where now the tablet would only support older SSLv2/v3 protocols (which many websites won't accept since they are back from the nineties.) Yeah there's actually more work to fix this than I thought (I thought you were on Lollipop until I reread your post.) It's manually fixable using ADB shell and root access... but if I were you I would build a newer ROM with Lineage/AOSP code, you just need the tablet's kernel source. If you could find or build a ROM running at least Android 5 then everything would work (but not future-proof; I would target Android 6 or 7.)
Just let me know if you want my help, I'm happy to be of help as I enjoy working with Android on hardware I've not worked on before. I'll definitely need more information about the tablet though. If you can setup ADB shell with the tablet on Ubuntu we could use TeamViewer or something... this is all a lot easier for me to do than to try and explain, but if you can find a newer Android ROM made for your tablet then It's easy enough to tell you how to backup the old ROM and flash the new one. I can't find any ROMs newer than Android 4.2.2 online though.
Well. Reading this thread made me search for my Iview 4 incher Cyberpad tablet that also runs Android 4.0. Been in the corner in it's box for awhile. So I am charging via usb cable from my recliner chair. Which has a usb port under the arm < folds up >
Fired it up and connected to my router. Eyes need reading glasses for 4 inch screen though. It is about 1/2 charged presently. Will check on it and this thread tomorrow. Time to hit the subscribe button.
I figured that Iview had gone down the dust collector trail.
Edit: Fired it up again to check android version . It is 4.04 ,baseband version 1.5 , kernel 3.0.8, build number A13_66V_402_1303073.20130315
Are you still around? I realize I'm late with my reply, but I don't hang around here, I just happened across this post while doing some unrelated searching.
[...]
Yes, i am still here! The tablet still exists, and has been mostly doing nothing, since i started this post. In your post, you described many some very nice things that would make me use it almost daily, possibly!! (:
So, i am into it, for sure!
How should we talk about it? A thread here may be too slow for our communication. How about XMPP? Maybe a group in Telegram. But i would like to keep everything we do recorded somehow, so it may possibly be used by others. I can put it somewhere in internet, with all details - maybe as a new part in a site i own.
For your words, I have a doubt that the brand and model were correctly understood. So, i have taken 3 pictures of the tablet now, and i show you. What is written in the back of the tablet is mostly in portuguese. This is because it is made in Brasil, by an industry of Brasil (i do not know if it is exported, nor if, for that, it will have a different, but almost equivalent, model).
The first picture if the full back of the tablet. The second one is a zoom to the lower part, so we can read it. And the third one is a zoom to be glued paper above - could almost be read already, but with a better picture is easier.
The 3 pictures are in a gallery, so you only need to click one of them here, and use the page with it to see the others:
When we open the first link, we are given a page written "proceed to your image" link above, and an ad below this. When we click on the link, a new window opens, with *ad*. That is not what we want. In the original tab/window we opened the link, the image and gallery will be there.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.