Sunday, 15 September 2019

Setting up an Android for Fun and Profit (Testing)

A question I recently got asked by a colleague of mine was basically "what phones do you use for Android testing?" The truth is "anything I can get my hands on" but it made me think about the process I use for generating new test data.

Rule 1: Always use your own data when you can.
What? Why?! Because you know what should be there! One of my favorite things is to pull my own data from my devices because I know what I did with that device.

Rule 2: Make your life easy.
Pick a device that you can control. Get one that's easily rootable, or one that you can easily grab data from. I like to pick Android devices that have an easy root method like Magisk Manager or one I can use TWRP to grab a full image. Be aware of FBE (File Based Encryption) phones because it may change the way you need to grab data.

Rule 3: Make it last.
I like to pick devices that I know are going the distance when it comes to updates. Nothing makes me more aggravated then dropping a bunch of money on a phone to only be able to use it for a year.

So what have I recently picked?

Anyone who know me knows that I'm a massive iOS fanboy. I've used an iPhone since the iPhone 4 and iPads since the original first generation came out. But I'm a google user too. This makes doing a lot of Android data easy to generate by simply signing into a phone with my Google account. Recently, I got my hands on a Pixel 3a and made it my main Android test phone. Here's why:


  • Not super expensive
  • It's a pixel, so I've got a few years of use
  • Easily rootable (Magisk)
  • Bootloader Unlocking (and easy OEM images when I inevitably break it)

The only downside is that I'm not going to get a lot of vendor data from things like Samsung and their annoying apps they like to pre-install. I set up a Pixel 3a recently using the following method.

Download the latest OEM image. 
Google allows users to download the latest OEM images with security patches from their website here: https://developers.google.com/android/images

Unlock the Bootloader
Even to install the stock OEM images, you're going to need to unlock the bootloader. In order to do this, you have to at least turn on the phone once. You can skip all of the setup questions and jump straight into the OS. Once there, head over to developer options (Settings --> About phone --> Tab build number 7 times // if you set up a password or PIN, you'll need to enter it with Android 8 and above). That enables developer options but you'll need to go to Settings --> System --> Advanced --> Developer options to actually turn on the two options needed. 
In the above screenshot, you can see the two options (flagged on in my screenshot) you'll need to enable. OEM unlocking and USB debugging. A note I discovered: if you've never brought the phone online, you may have to at least once to turn on OEM unlocking. 

Once the options are enabled, you'll need a copy of adb you can download from: https://developer.android.com/studio/releases/platform-tools.html

The directions from here will differ from phone to phone, but on the Pixel phones it super straightforward. 

Root It!
Depending on your phone, you might be able to easily root it using something like Magisk Manager. https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445 That's what I use and I love it! Your millage my vary depending on the phone you choose. 

What about Data?
Another reason I went with a Pixel is because of Google Fi. It's a really nice plan through Google that allows me to gen data from about 20 bucks a month (USD) plus 10 per gig I use. I like it because I can set up an account (and if you do it often, reference codes are great) and then suspend it when I'm not using it for no cost. Really I only use this when I'm traveling and need to gen "real" data otherwise I just tether it to my existing phone. 

What about you guys? I'd love to hear back from people on the phones they're using for Android testing. I'm not really experimenting with security exploits at this point as I'm focusing on OS updates and 3rd party apps. If you see some data coming from Android in my posts, it's likely coming from this guy!

No comments:

Post a Comment