XPERIA Z3C BLUES

Quite recently I found myself the new owner of a Sony Xperia Z3 Compact smartphone. This comes after a year of using another Sony phone, the Z1. I love the Z1 - it's fast, smooth and has a great camera. The only downside to it was its size and sharp corners: it's a bit too big for my pocket.

So I decided to downsize to a more reasonable 4.6" screen, but with the same flagship specs and performance. This is one thing to love about Sony, when they release smaller versions of their phones, they don't put really weak chips in them (like HTC or Samsung do).

The Baidu Connection

I'm not going to review the phone though, this is about something else. Something decidedly more fun. A day before my phone arrived a friend linked me an article which basically threw the Internet into an uproar: the Z3 line is infected with spyware from China!

What was found (with the assistance of the OSMonitor app) was that whenever the phone had connectivity (WiFi, Mobile) it would establish a connection to a server in China. And keep it open.

It was quickly established that the Chinese server belonged to Baidu and the app that was opening this connection was part of the system: myXperia. This app (made by Sony) is normally used to track and remotely lock your phone in case it gets stolen. To do that, it connects with both Google and Baidu (the latter for the Chinese market where Google is a no-no) for push notifications.

Sony managed to respond in a quasi-official way on its support forums that the Baidu connection is harmless and it was added for the Chinese market only. So what's it doing on my UK bought phone eh, Sony? EH? (╯°□°)╯︵ ┻━┻)

All nice and well, but the biggest problem was that you couldn't disable the app. Well, it turns out you can, but it's not something your average Joe will be doing.

By the way, I will not be held responsible in any way for anything you do to your phone as a result of reading this article. Just thought I'd make sure you understand that (it's in the general rules of the website as well).

To start with, you need to enable USB Debugging (under the Developer options menu) and install adb, the Android Debug Bridge. It is available as part of the Android SDK, but if you run Linux you might find it in your package list (apt-get install android-tools-adb for Ubuntu/Debian derivatives).

Run a terminal with administrator privileges / root and connect the phone. You'll have to accept the debug session on the phone and then you should be able to run adb devices to confirm it's detected.

Open adb shell and run the following commands:

pm block com.sonymobile.mx.android
pm block com.sonymobile.mx.android:bdservice_v1

The output from each pm block should look like Package %PACKAGE_NAME% new blocked state: true. If it says "false", check if the app is a device administrator (on the phone -> Settings -> Security -> Device Administrators).

If you're like me, you will want to get rid of a few more pesky apps. Be warned that this will most likely break some of the Sony-specific features of the phone.

pm block com.sonymobile.enterprise.service
pm block com.sonymobile.advancedwidget.entrance
pm block com.sonymobile.phoneusage
pm block com.sonymobile.deviceconfigtool

Hopefully, the apps will be gone. Disconnect, reboot the phone and check whether the apps are still blocked.

Getting the storage to work on Ubuntu

When connecting the phone normally, I noticed that it didn't recognize it as an MTP device, or if it did (very random), it didn't show the internal storage.

A bit of digging told me that you can:

  1. Wait until the planets align the libmtp devs update the device list and the new package makes it into your distribution's repositories.
  2. Do it yourself. It's easy. Really.

Find your MTP rules file. In Ubuntu 14.04 it's here: /lib/udev/rules.d/69-libmtp.rules. Add the following lines to the list.

# SONY Xperia Z3 Compact
ATTR{idVendor}=="0fce", ATTR{idProduct}=="01bb", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1"

# SONY Xperia Z1
ATTR{idVendor}=="0fce", ATTR{idProduct}=="019e", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1"

Now your Z1/Z3C should be recognized automagically when connected via USB.

About those permanent connections

It's funny how people get all crazy about their phone having a "backdoor" to China. It's upsetting until you pay a bit of attention to the connection list and discover that you have about 5-6 "backdoors" to Google in the USA on a factory-defaults phone.

In the end, Android's made by Google and it's normal, right? I'm not so sure anymore, after noticing that an app called Overheat control calls to a server in the USA.

I did go the extra mile and placed my laptop as a man-in-the-middle to sniff all the traffic in the hope of catching the Baidu connection sending my private data to China, but no such luck.

I captured packets over two days and got nothing to make the headlines: very little communication was made over that connection and the single bad thing I could find was that data was sent unencrypted. At least most of the connections back to Google were using TLS.

It was an interesting exercise - the end result is that I learned how to block the unblockable on an unrooted Android phone.

And, as always, thanks for reading.


comments powered by Disqus