Hi!
I've updated my Kindle Fire manually to 6.2 since I read it improves performance and was still rootable. However, I've also read several reports about the Kindle Fire automatically updates itself without any user's choice of yes/no.
My question is therefore: Is there any way to disable automatic updates? If Amazon releases 6.3 and 'fixes' rooting, I probably don't want to upgrade immediately. I guess when ICS ROMs enter the scene this won't be a problem, but until then...
Update 20/12: Various reports about these suggested solutions so far. It seems like solution 2, renaming OTASilentInstall.apk, is a method many have had success with so far. Not too sure about solution 1 yet.
Solution 1
Add this line to your host file:
127.0.0.1 s3.amazonaws.com
Click to expand...
Click to collapse
It will reroute connections trying to reach s3.amazonaws.com to localhost, and therefore won't connect to the Amazon servers.
Solution 2
Rename system/app/OTASilentInstall.apk to OTASilentInstall.apk.bak or something like it.
Well, I have, and the only thing I found was this post, which suggest to de-register the Kindle. I was hoping for a more 'elegant' solution.
I find many threads discussing the 6.2 update itself, but I'm not able to find much information about disabling the automatic update feature - while keeping it online with a registered Amazon account.
That means there's still no solution for this, you can use a cooked rom, or deal with it peacefully.
Installing CM7 disables automatic updated
If search doesn't yield an answer, there isn't one. Best bet is to find what address/ip it tries to connect to for it and block it on your router or hosts file on the kindle.
Or, install a diff rom.
Wow I am surprised how often people get flamed in this forum. Treating people with an elitist snippy attitude when they ask a question degrades the quality of this forum.
Added: I read somewhere that if you rename system/app/OTASilentInstall.apk to OTASilentInstall.apk.bak that could do the trick.
Glasairmell said:
Wow I am surprised how often people get flamed in this forum. Treating people with an elitist snippy attitude when they ask a question degrades the quality of this forum.
Added: I read somewhere that if you rename system/app/OTASilentInstall.apk to OTASilentInstall.apk.bak that could do the trick.
Click to expand...
Click to collapse
Thank you so much! That's really worth a try. I'm glad someone finally answered to this thread with the main goal of helping Good to know that it's allowed to ask questions.
Appreciate it!
hachiueno said:
Hi!
I've updated my Kindle Fire to 6.2 manually since I read it improves performance and was still rootable. However, I've also read several reports about the Kindle Fire automatically updates itself without any user's choice of yes/no.
My question is therefore: Is there any way to disable automatic updates? If Amazon releases 6.3 and 'fixes' rooting, I probably don't want to upgrade immediately. I guess when ICS ROMs enter the scene this won't be a problem, but until then...
Click to expand...
Click to collapse
Use the sqlite method as explained for the nook tablet. Look for the Kindle fota.mode value and change from automatic to manual. Here is the thread.
http://forum.xda-developers.com/showpost.php?p=10973887&postcount=1
Keep it nice and friendly.
Thread cleaned
Glasairmell said:
Added: I read somewhere that if you rename system/app/OTASilentInstall.apk to OTASilentInstall.apk.bak that could do the trick.
Click to expand...
Click to collapse
That is not proven yet to actually work yet. Won't know until the next update.
Thanks a lot for your help! I updated the first post with your hints so that it should be easier to find for the next guy searching for this.
Your help is appreciated! Looks like my Kindle is ready for the future... at least its rooting
Curious that this is marked as Solved.
Solution 1
Thanks to hwong96 for this link. It's a working solution for the Nook Tablet, and obviously work for the Fire as well. However, as hwong96 wrote, the name of the fota file will differ from the BN.
Click to expand...
Click to collapse
Did you actually try this. I'm curious where you found the fota file since I don't see a similar file on the Kindle Fire. What was the fota file named and what database was it in that you found that had this option in it?
Solution 2 Yet to be proved?
Thanks to Glasairmell for this solution. However, someone said it's still to be tested until the next update is out, so not sure yet.
Click to expand...
Click to collapse
Many have made this change, but until the next update, nobody will really know.
There is no sure fired way that I've seen to prevent the next update.
Actually, there is a sure fire way... just turn off your WiFi connection. Without that, you can't get the update. Makes the device a bit useless at that point, but...
Did you actually try this.
Click to expand...
Click to collapse
Nope, thought he was sure about his advice. That's why I also wrote obviously, as I'm not sure. Maybe I should add it later after I've tried.
Many have made this change, but until the next update, nobody will really know.
Click to expand...
Click to collapse
Yes? Isn't that exactly what I wrote?
Actually, there is a sure fire way... just turn off your WiFi connection.
Click to expand...
Click to collapse
Without WiFi my Kindle would be... totally useless. No browsing, no news, no downloading... can't see the reason anymore. If I had to choose, I would rather loose root and have WiFi
Yes krelvinaz is correct. Some of the solutions above are not really proven solutions until we see what happens with the next update.
I heard that when somebody did that while off of wifi before the update, it didn't work.
Sent from my Kindle Fire using Tapatalk
Could we find the source of the update alerts/files and block them via the hosts file?
EDIT: looks like updates come from https://s3.amazonaws.com/kindle-fire-updates/update-kindle-6.2_D01E_3003020.bin
So, if we add s3.amazonaws.com, we should block the update from downloading.
Edit 2: added to my own hosts. Now we wait.
Sent from my Kindle Fire using xda premium
I'm about to receive an un-sealed KF next month, that means it's still on 6.1 (I guess), so can you guys recommend the most effective solution to disable update ? I will try and report later (if 6.3 has't come out yet)
So, if we add s3.amazonaws.com, we should block the update from downloading.
Click to expand...
Click to collapse
Excuse me, but how can I do this ?
mr_gem said:
I'm about to receive an un-sealed KF next month, that means it's still on 6.1 (I guess), so can you guys recommend the most effective solution to disable update ? I will try and report later (if 6.3 has't come out yet)
Excuse me, but how can I do this ?
Click to expand...
Click to collapse
You must have root. Use your favorite root file viewing tool, navigate to /etc, open the hosts file in the text editor and add a new line at the bottom of the file that contains the following
Code:
127.0.0.1 s3.amazonaws.com
What this does is redirect any requests to s3.amazonaws.com to 127.0.0.1, aka localhost (your kindle), causing a timeout.
EDIT: alternatively, you could use an application such as AdAway and add it to the blacklist through such a app as well. Most android ad blockers work by modifying the hosts file.
Sent from my Kindle Fire using xda premium
kjwalker said:
You must have root. Use your favorite root file viewing tool, navigate to /etc, open the hosts file in the text editor and add a new line at the bottom of the file that contains the following
Code:
127.0.0.1 s3.amazonaws.com
What this does is redirect any requests to s3.amazonaws.com to 127.0.0.1, aka localhost (your kindle), causing a timeout.
EDIT: alternatively, you could use an application such as AdAway and add it to the blacklist through such a app as well. Most android ad blockers work by modifying the hosts file.
Sent from my Kindle Fire using xda premium
Click to expand...
Click to collapse
i did this then opened a browser and put in s3.amazonaws.com and it still loaded... rebooted, same thing so i would say this doesn't work
screwyluie said:
i did this then opened a browser and put in s3.amazonaws.com and it still loaded... rebooted, same thing so i would say this doesn't work
Click to expand...
Click to collapse
I am skeptical that this will prevent the OTA (simply could come from another source), but when I added this to the hosts file, the site will not load using that URL.
In the silk browser... Web page no available.
In Opera Mini... Network problem loading site.
So I am guessing you didn't do something. ??
Related
Hello all, I am new here so I'm sorry if I am ignorent of anything
I have an Iconia tab, and have been patiently for the netflix app to be released. Well it finally seems like it has been done here
http://forum.xda-developers.com/showthread.php?t=1076150
My problem is when I download the apk and try to open it I get the error ''cannot open file''.
Any suggestions? Thanks
Download the apk with Firefox mobile or your desktop PC instead of the default browser. AFAIK, streaming still doesn't work for us, just queue management.
Its not working on the acer yet.
Edit: ninja'd
I think I read somewhere it's a Honeycomb issue, not just an Acer issue.
the device check disabled apk asks you to upgrade to the latest version on the market (which doesn't exist on our device), and the non-check disabled version will let you browse, but if you try to play a video it pops an error saying the device is not supported.
Hopefully we'll get something that works in the near future. Netflix claims to be working on other devices and it looked like tablets were on the list as well.
Thanks everyone for your answers. Any chance we can keep this thread going as an update to everyone wondering when netflix will be brought over so users do not have to scour the web in search of the answer?
Just a bit of a noob question, but what about changing your build.prop?
If I understand correctly, that requires root, and I do not want do downgrade to gingerbread.
Yup..
dkhuizenga said:
If I understand correctly, that requires root, and I do not want do downgrade to gingerbread.
Click to expand...
Click to collapse
I have heard of doing this and am pretty sure root is required.
Such a shame Netflix has not gotten it together for us yet - this screen rocks as a movie player!
dkhuizenga said:
If I understand correctly, that requires root, and I do not want do downgrade to gingerbread.
Click to expand...
Click to collapse
I have my acer rooted, but not well enough it seems. I still run honeycomb, and in fact still get firmware updates from acer. I rooted it so I can setup my two 1tb external hard drives to it lol. just used gingerbreak and a couple other things post root. However, i did try and edit the build.prop but wont allow me to save, just read only. I havent messed with it extensively, but seems like there should be a way.
phoenixbennu said:
However, i did try and edit the build.prop but wont allow me to save, just read only
Click to expand...
Click to collapse
'mount -o remount,rw' ?
phoenixbennu said:
I have my acer rooted, but not well enough it seems. I still run honeycomb, and in fact still get firmware updates from acer. I rooted it so I can setup my two 1tb external hard drives to it lol. just used gingerbreak and a couple other things post root. However, i did try and edit the build.prop but wont allow me to save, just read only. I havent messed with it extensively, but seems like there should be a way.
Click to expand...
Click to collapse
If you use root explorer it will let you mount the file system read-write so you can edit the file.
Alright guys I am not sure if it has been tested but when I get home. I have the lib files that fixed the playback issue on sense 3.0 I will install the deactive device check version and push the lib Files It may actually work!! I just tested on another device that had playback issues worked flawlessly!! Ill let you guys know in like 2 hours or so when I get home.
Right on!
Crsdr37 - sounds promising! Let us know how it goes - since Netflix is totally dragging on getting their software working. My girlfriend's mother uses a HTC Evo 4 from Sprint - netflix support has been broken for weeks for them, and the OTA patch they tried to push out did not work. Total fustercluck
entropy.of.avarice said:
Crsdr37 - sounds promising! Let us know how it goes - since Netflix is totally dragging on getting their software working. My girlfriend's mother uses a HTC Evo 4 from Sprint - netflix support has been broken for weeks for them, and the OTA patch they tried to push out did not work. Total fustercluck
Click to expand...
Click to collapse
I actually just fixed it on my evo 15 minutes ago. When I get out I will pm you and get some information from you on her evo.
Crsdr37 said:
I actually just fixed it on my evo 15 minutes ago. When I get out I will pm you and get some information from you on her evo.
Click to expand...
Click to collapse
Would be most grateful! Take your time, I am out of classes today and girlfriend is working - got all day to geek out
i am very excited to find out on this
Alright guys so after dismantling netflix.apk the latest version the issue is within one of the files called nrdp.js Think of it as the gate keeper to our netflix enjoyment. It checks certain areas of the device here is the list we need to bypass to get the rsa key injected into our devices for access to the netflix servers.
1.Get Model
2.Get Software Version
3.Get Certification Version
4.Get ESN
5.Get ESN Prefix
Those are all the functions it calls for device checking. That I could find. There is also a certificate file ca.pem that controls how long the app works for before you have to get new certificate that is encrypted up the ass so big roadblock..... Sorry I tried and will continue to try but it does not look good... Damn those large companies with their big sticks.
Installed but error connecting after selecting a vid
I have an stock iconia with 3.1 and tonight I installed the apk mentioned in this article:
http://www.androidpolice.com/2011/0...neycomb-devices-and-possibly-most-phones-too/
App runs but when I select a vid I get:
"Sorry, we could not reach the Netflix service. Please try again later. If the problems persists please visit the Netflix website (12001)."
Anyone else getting this? Any workarounds?
ingrouille said:
I have an stock iconia with 3.1 and tonight I installed the apk mentioned in this article:
http://www.androidpolice.com/2011/0...neycomb-devices-and-possibly-most-phones-too/
App runs but when I select a vid I get:
"Sorry, we could not reach the Netflix service. Please try again later. If the problems persists please visit the Netflix website (12001)."
Anyone else getting this? Any workarounds?
Click to expand...
Click to collapse
Same issue.
I wonder if a build prop for 1.3 would work?
Xoom users seem to be having great sucess
This is my first post here and I'm not entirely sure if I'm posting in the right place....but here goes nothing (Please don't flame me. I'm learning, too!)
I've searched high and low on how to go about this and I can't find a thing about it. So, why not ask the question, right?
Well, since a certain kind XDA member (wink wink) was so wonderful as to root our R800x's, I was wondering if there is a way to disable the OTA that keeps randomly popping up so that we don't squander all his hard work. It would be terrible to grab our phones in the morning and find that we've been forcibly pushed into 2.3.3 with no say in the matter.
Does anyone have any ideas what to do?
Thank you all in advance!!
The rate Verizon goes with their updates you won't have to worry about this till at least next year LOL.
Good point Let's hope they don't decide to get all froggy and pop a release on us. I would cry....a lot, lol.
once you have root you may be able to firewall the ota process or nix it by removing verizon bloatware.
Sent from my R800x using XDA App
I apologize in advance for resurrecting this thread as I have been away for a while and haven't been able to get to XDA for a while. I was unfortunate enough to have my phone do the 2.3.3 update all by itself (if you can believe it) and then it bricked my phone. I used fastboot to bring my phone back to life and I'm wondering....would anyone be kind enough to tell me which firewall program I should get to make this thing stop issuing the OTA with detailed instructions? I'm a little naive when it comes to that. However I am a quick learner.
my phone was bricked by the update as well but luckily for me the updater force closes on me now(I guess a good thing) but it's something along the lines of com.android.updater or something like that. You could probably go through and delete it through root explorer. Don't know what will happen if it's deleted i assume nothing except it won't ask you to update anymore but I haven't had tome to try it
OK so I feel like a complete dumb-dumb now, haha. It seems that all you have to do is go into Titanium Backup, find the Mobile Care and fotainstaller programs, then freeze them. All fixed and no OTA! YAY! lol
I haven't seen any adverse reactions so far, but will post if I do.
Lucky me, I backed up and uninstalled Mobile Care the moment I rooted. However I haven't done anything with fotarebootreceiver 1.0 and I can't remember the last time I was prompted for an update.
I don't know If any has seen this but I have been constantly getting aforce close for the download agent.apk anyone seen this or know how to fix it?
ulaladiva said:
This is my first post here and I'm not entirely sure if I'm posting in the right place....but here goes nothing (Please don't flame me. I'm learning, too!)
I've searched high and low on how to go about this and I can't find a thing about it. So, why not ask the question, right?
Well, since a certain kind XDA member (wink wink) was so wonderful as to root our R800x's, I was wondering if there is a way to disable the OTA that keeps randomly popping up so that we don't squander all his hard work. It would be terrible to grab our phones in the morning and find that we've been forcibly pushed into 2.3.3 with no say in the matter.
Does anyone have any ideas what to do?
Thank you all in advance!!
Click to expand...
Click to collapse
Never got a notification there was an update.. Only found out by lurking around xda, then had to go to software updates to see if I had anything. So, no I have ideas for you.
ulaladiva said:
This is my first post here and I'm not entirely sure if I'm posting in the right place....but here goes nothing (Please don't flame me. I'm learning, too!)
I've searched high and low on how to go about this and I can't find a thing about it. So, why not ask the question, right?
Well, since a certain kind XDA member (wink wink) was so wonderful as to root our R800x's, I was wondering if there is a way to disable the OTA that keeps randomly popping up so that we don't squander all his hard work. It would be terrible to grab our phones in the morning and find that we've been forcibly pushed into 2.3.3 with no say in the matter.
Does anyone have any ideas what to do?
Thank you all in advance!!
Click to expand...
Click to collapse
you can try this
"To turn OFF future OTA updates, there is a file in the /system/etc/security folder. The file is named "otacerts.zip". Rename it "otacerts.zip.bak", or whatever you want. That will prevent future updates." -dont forget to mount r/w
One2many said:
you can try this
"To turn OFF future OTA updates, there is a file in the /system/etc/security folder. The file is named "otacerts.zip". Rename it "otacerts.zip.bak", or whatever you want. That will prevent future updates." -dont forget to mount r/w
Click to expand...
Click to collapse
That doesn't stop the phone from repeatedly downloading the update file and killing your battery.
We need to know the information from the build.prop file for the new update so that the phone will look like it is running with the update already.
doesnt work
renaming the file does nothing. I renamed it reset the phone and I still get the update alert about every hour
fixed it
If you have root explorer or es go to system, apps. then find innopath active care and rename it with .bak. it worked for me.
I Just flash CM7 in my kindle fire and there is 2 probles:
1. Sound don't work.
2. HW Video codec don't work.
Sorry for this forum, i can't post in development forum yet.
Not sure if you noticed but.that.cm7 is only about 2 hours old. So it will probably be awhile until more information comes out about side effects. Times like this patience is a virtue.
Yep, sounds like there may be a flag that needs to be thrown in the build props to get the hardware acceleration going and JackpotCalvin appears to be looking at the sound issue.
I too am new as well to post in the dev thread and wanted to ask if anyone has checked to see if the bluetooth A2DP stuff works (that's the item that I'm really wanting)
it does not matter for me now, my kindle die...
Can you be more specific?
//Tapatalk.EVO3D//
ok - so I got cm7 running, looks great - market fc's.
Read the thread on this, dl'ed and installed - cleared cache. Market runs, finds app, when i click install - fc's. I don't know what to do from here. i have most of my apps sideloaded, but missing a few i would like, and yeah. Sure this will be covered eventually, but somebody has to mention it first. Ideas?
Have you tried the market install method that worked on the stock fire?
//Tapatalk.KindleFire//
yeah - i did. I hadnt rebooted though, so I tried it, recleared the cache, still having some issues. The main thing that was getting in my way was being able to get vending.apk into the system/apps since i didnt have an explorer with root sideloaded, but i found a version of androxplorer and sideloaded that to get everything done. I saw someone's fix to hardware acceleration by editing build.prop, i wanted to use sql editor to do it from fire, but its a purchase file and so it would be easiest to get through market. I got android market on laptop to sync it to my kindle though, apparently.
Someone posted a Market-3.1.1.apk file. Did you try that?
//Tapatalk.KindleFire//
Don't have a Kindle Fire, as I won't get one until either there's support for Amazon services in my area (Spain) or there's a decent recovery and Cyanogen port for it. I use CM7.1.0 on my HTC Desire GSM, and I'm not going back to stock, ever.
Now, the fire is kind of low priority for me, as I already have an Asus Transformer (not yet rooted, as I haven't found it necessary. Might do that once CM9 comes out though)
If market keeps on fc'ing, you can try bookmarking market.android.com and select the app there, should download and install onto your Fire without needing to open the Market app.
Loving the CM7 build so far (no sound is a bit of a downer, but still). I do have a question, though: installing CM7 apparently decided to change my Wi-Fi MAC. Is there any way I can change it back?
Sounds like this cm7 shouldn't of been released as it needs more tweaks still.
ITS ME DAVID said:
Sounds like this cm7 shouldn't of been released as it needs more tweaks still.
Click to expand...
Click to collapse
No. The more people we have playing with it that know what they're doing, the faster we'll get to something more stable. What it really sounds like is people shouldn't be so impatient and flash the first thing that pops up on these forums.
So far everything seems great, obviously other than sound. I've heard youtube messes up but I haven't tried. All in all I would have to say great job by Calvin on giving our Kindles some CM7 love a few weeks after they were out.
I think the youtube issue can be fixed by editing the build.prop.
ITS ME DAVID said:
Sounds like this cm7 shouldn't of been released as it needs more tweaks still.
Click to expand...
Click to collapse
That is why it is listed as ALPHA.
Just getting the word out to everyone. This works without root and makes it super easy for you to remove any Bloatware you would like and fully control it.
http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
gatesjunior said:
Just getting the word out to everyone. This works without root and makes it super easy for you to remove any Bloatware you would like and fully control it.
http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
Click to expand...
Click to collapse
I've already run it but thanks for sharing it in here:good:
didn't you already post it junior ?
Fine job making a Windows program. Unfortunately I do not know most of those apps so I will not select them. Is it too much to ask someone for a list of apk name versus function name?
ronaldheld said:
Fine job making a Windows program. Unfortunately I do not know most of those apps so I will not select them. Is it too much to ask someone for a list of apk name versus function name?
Click to expand...
Click to collapse
The apk name is listed along with the packagename in the list. If you are unsure what things are safe to block/disable. There are plenty of people on the forum that would be willing to help you.
I did not see the package name so I will have run it again and read more carefully or try to change the size of that field.
ronaldheld said:
I did not see the package name so I will have run it again and read more carefully or try to change the size of that field.
Click to expand...
Click to collapse
The apk is on the left and the package name is on the right. Are you saying you would like to see the App Drawer Name ??
That would be really helpful. Thanks.
This says without root then the other page this links to says root required which is it
jolly_roger_hook said:
This says without root then the other page this links to says root required which is it
Click to expand...
Click to collapse
Ability to remove apk on rooted devices and only disables on unrooted kitkat devices.
jpa77 said:
Ability to remove apk on rooted devices and only disables on unrooted kitkat devices.
Click to expand...
Click to collapse
Thanks for the clarification but dang though I'd be able to unistall this Facebook app preinstalled as a system app ughhhhhh...
gatesjunior said:
Just getting the word out to everyone. This works without root and makes it super easy for you to remove any Bloatware you would like and fully control it.
http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
Click to expand...
Click to collapse
Thanks for sharing..
Brilliant!!
Let's start posting in the actual Debloater thread please.. Thank you all for your compliments..
May have blocked one too many, 2 items don't work but other wise great-
Calender
Software updates- there's no error message but the circle just spins with no connection. After a while i simply cancel
Thanks
pbman1953 said:
May have blocked one too many, 2 items don't work but other wise great-
Calender
Software updates- there's no error message but the circle just spins with no connection. After a while i simply cancel
Thanks
Click to expand...
Click to collapse
Yeah, it sounds like you blocked a little too many, Lol. You can simply go and save your blocked list and then Unblock all and start going one by one until you figure out which ones you do need.
Please bring all feedback and questions over to the forum dedicated for this.
http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
gatesjunior said:
Yeah, it sounds like you blocked a little too many, Lol. You can simply go and save your blocked list and then Unblock all and start going one by one until you figure out which ones you do need.
Please bring all feedback and questions over to the forum dedicated for this.
http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
Click to expand...
Click to collapse
Here's one thing to think about also, by accident I blocked the Google stock email , not the Gmail. I went back to unblock and I had to re-enter all my emails back again. So what I'm saying after a block and then an un-block it wipes the app. Did you expect that to happen or should I expect that to happen for most apps be turned back on?
Thanks
pbman1953 said:
Here's one thing to think about also, by accident I blocked the Google stock email , not the Gmail. I went back to unblock and I had to re-enter all my emails back again. So what I'm saying after a block and then an un-block it wipes the app. Did you expect that to happen or should I expect that to happen for most apps be turned back on?
Thanks
Click to expand...
Click to collapse
That's odd, it doesn't wipe any data. Nor have I had an issue like that. Let me look into it.
pbman1953 said:
Here's one thing to think about also, by accident I blocked the Google stock email , not the Gmail. I went back to unblock and I had to re-enter all my emails back again. So what I'm saying after a block and then an un-block it wipes the app. Did you expect that to happen or should I expect that to happen for most apps be turned back on?
Thanks
Click to expand...
Click to collapse
svc.apk
I got lucky, was akind of dumb on one, all I had to do is look at the app name on the right for the calander. The update connection was SyncMLSsvc.apk
Debloater !!!
Thank you for this Program at least we can modify our phones to run better so I can enjoy my phone instead of be mad that the phone is full of stuff i don't want running great Application and simple to use as well
Thank you !!
Hi everyone, I am trying to use my rooted Nook Simple Touch for the first time since early 2020, and when using the Browser app, I keep getting this warning message
Security Warning
There are problems with the security certificate for this site.
The name of the site does not match the name of the certificate.
Click to expand...
Click to collapse
If I use Opera Mini, this problem doesn't happen. But another app which used to work for me back in early 2020 is now having Network Errors, and I found a comment somewhere in the app's github repo that it downloads data using the main browser. So I suspect that the security warning and and the app's network errors are related?
Does anyone know why this warning is happening or how to fix it? Has something changed with regards to how the NST connects to the internet via the browser since early 2020 which could be causing the issue?
sd156 said:
Hi everyone, I am trying to use my rooted Nook Simple Touch for the first time since early 2020, and when using the Browser app, I keep getting this warning message
If I use Opera Mini, this problem doesn't happen. But another app which used to work for me back in early 2020 is now having Network Errors, and I found a comment somewhere in the app's github repo that it downloads data using the main browser. So I suspect that the security warning and and the app's network errors are related?
Does anyone know why this warning is happening or how to fix it? Has something changed with regards to how the NST connects to the internet via the browser since early 2020 which could be causing the issue?
Click to expand...
Click to collapse
The NST still has a lot of life left in it, but not perhaps as a vehicle for internet browsing. You don't identify the "browser", but about the only two options for the NST at this date that I know of are Opera Mobile (or "Classic"--very similar) and Opera Mini. Of the two, the more practical and satisfying is Opera Mini. This is because the security checks are done by Opera's up-to-date servers before the site content is reformatted and sent off to the browser.
It's not perfect and some sites just won't display or won't display properly, but it's "pretty good" for infrequent and casual browsing.
Opera Mobile has settings for TLS 1.2 but their effect is spotty at best. Security requirements at web sites are a moving target and what worked last month may not work this month. And its rendering of HTML on many sites leaves a great deal to be desired. To be fair, some of the newer "tricks" just won't work with Android 2.1, so it's not all the browsers fault.
An app that uses the browser to download something? Not sure exactly what that means, but if it's using the Android Download Manager then you are probably running into the security issue either because of no TLS 1.2 (B&N only dealt with this issue for their own connection to the device) OR because a certificate in the cacerts.bks file has died since the last time you tried it successfully.
If it's the TLS thing, there's no hope. Like I said, websites and servers tighten rules all the time and there is no way to address that on the NST. If it's an expired certificate, it may be possible to track down which one has died and replace it.
For that, a logcat of a download/login/whatever attempt might be helpful (or not). Or maybe the error message mentions the certificate? If you could reference the github and/or app in question, that might help also.
Edit: See the "Edit" at the bottom this post... I looked into this more myself and found some answers
_____________________________________________________________________________
Hi @nmyshkin, thanks for your detailed reply.
You don't identify the "browser"
Click to expand...
Click to collapse
The "browser" that I'm referring to is literally the app called Browser which I think came pre-installed on the NST. (Its icon is a circle showing North and South America... let me know if you're still not sure what I'm referring to)
An app that uses the browser to download something? Not sure exactly what that means... If you could reference the github and/or app in question, that might help also.
Click to expand...
Click to collapse
The app I'm using is called Ankidroid. Here's a link to the github repo/comment which mentions using the browser to download. I'm using v2.4.4 (last stable release to support android 2.1):
- https://github.com/ankidroid/Anki-Android/issues/3075#issuecomment-125547244
- https://github.com/ankidroid/Anki-Android/tree/v2.4.4
A logcat of a download/login/whatever attempt might be helpful (or not)
Click to expand...
Click to collapse
Here is the logcat (but I removed all lines which don't contain the app name (anki) in them to remove clutter, so if it looks like something's missing let me know and I can give you the full log)
- https://pastebin.com/Du5rcT04
It looks like the following exceptions are being thrown:
- javax.net.ssl.SSLException: Not trusted server certificate
- java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found
Does that mean anything to you?
if it's using the Android Download Manager...
Click to expand...
Click to collapse
I tried searching through the code for DownloadManager, and I was able to find one occurrence, but it's in some xml file. Does this seem like it could be relevant?
- https://github.com/ankidroid/Anki-A...iDroid/src/main/res/values/04-network.xml#L71
... because a certificate in the cacerts.bks file has died since the last time you tried it successfully
Click to expand...
Click to collapse
How can I check if a certificate in cacerts.bks has died and fix it if that's the case?
If it's the TLS thing, there's no hope
Click to expand...
Click to collapse
Hopefully not this then :O
_____________________________________________________________________________
Edit:
I looked into that exception a bit more, and
It looks like the following exceptions are being thrown:
- javax.net.ssl.SSLException: Not trusted server certificate
- java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found
Click to expand...
Click to collapse
I found an issue in the github repo which references this same exception
- https://github.com/ankidroid/Anki-Android/issues/6317
A comment says that this is the cause
- https://support.sectigo.com/article...ddTrust-External-CA-Root-Expiring-May-30-2020
And another comment says that the connection won't work on older devices which don't support TLS1.2
- https://github.com/ankidroid/Anki-Android/issues/6317#issuecomment-650341494
There's a workaround mentioned in the comment (installing a sync server) so I'll try that then. Thanks for responding in this thread and helping me identify this issue
sd156 said:
The "browser" that I'm referring to is literally the app called Browser which I think came pre-installed on the NST. (Its icon is a circle showing North and South America... let me know if you're still not sure what I'm referring to)
Click to expand...
Click to collapse
I'm surprised that it worked back in 2020! That old browser is past its expiration date--and then some. I don't even have it on my devices any more.
sd156 said:
The app I'm using is called Ankidroid. Here's a link to the github repo/comment which mentions using the browser to download. I'm using v2.4.4 (last stable release to support android 2.1):
- https://github.com/ankidroid/Anki-Android/issues/3075#issuecomment-125547244
- https://github.com/ankidroid/Anki-Android/tree/v2.4.4
Click to expand...
Click to collapse
Ah. I helped someone with Ankidroid in the past although I can't find the post now.
sd156 said:
Here is the logcat (but I removed all lines which don't contain the app name (anki) in them to remove clutter, so if it looks like something's missing let me know and I can give you the full log)
- https://pastebin.com/Du5rcT04
It looks like the following exceptions are being thrown:
- javax.net.ssl.SSLException: Not trusted server certificate
- java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found
Does that mean anything to you?
Click to expand...
Click to collapse
Yes and no. It's clearly unhappy about the SSL but the certificate that appears to be mentioned is not the one used at anikiweb.net.
sd156 said:
How can I check if a certificate in cacerts.bks has died and fix it if that's the case?
Click to expand...
Click to collapse
I went to ankiweb.net on my PC and looked at the certificates they use. One seems to be USERTrust RSA. This is in the most up-to-date cacerts.bks for the device. Did you ever update your cacerts.bks? There is an updated file at the end of the first post in the referenced thread. You don't need to look at all the other stuff (unless you want to). In any caase, this seems to make no difference since mine is updated.
There is a second certificate from Sectigo but I can't seem to extract that from Firefox the way I do others. That's the certificate the old Browser complains about and that certificate is NOT in the cacerts.bks file.
sd156 said:
There's a workaround mentioned in the comment (installing a sync server) so I'll try that then. Thanks for responding in this thread and helping me identify this issue
Click to expand...
Click to collapse
Yeah, I took a brief look at that. Looks a bit intimidating, but perhaps not if you're motivated to get it working.
I installed 2.4.4 just to see what we were talking about. Since Opera Mini is my browser, that's what opened. It looks promising, but like many sites with non-static content, it does not display completely. You go to a topic and all you get is a search bar, not a listing of what exists (like you see on the PC). Opera Mobile simply fails to establish a connection. Not surprising.
Finally I replaced the old Browser app in /system/app and tried that out . You can get past the certificate errors by just saying to "continue" but the eventual display is just like in Opera Mini. Only a search bar appears if you select a category like "Chemistry", no listing of existing shared decks.