Cerberus Security App Review

I have been using Cerberus (play store) for around a month now. I have been really impressed with the feature set that this app gives you. I purchased it or $4.95NZ, I though this was a real bargain price.

I purchase high end phones, I am a tech geek after all, and for under $5 to potentially get back my phone if it gets stolen....easy choice. But the other feature that is really important to me is remote lock / wipe. My phone builds up some serious personal information about me, so it is important that I have full control over it.

I am quite interested in security in general. So this app is also a good fit for me, I use keepass to keep my all my passwords safe. I will review keepass later.

The available tools on the tracking site are:

• Start / Stop Tracking - this is based on the GPS position of the phone and is accurate 
• Get device info -IP Address, WiFi network ID that it is connected to, network operator, network subscriber ID
• Get location history - this is pretty awesome, it can be opened directly in Google maps and it shows heaps of data on your phones travels.
• Lock device with code - this is fairly self explanitry, send a unlock code to your phone. As another feature if the code is entered incorrectly you can set it up to take a picture....great if you have a front facing camera, snap a pic of the thief.
• Unlock - remove the unlock code.
• Start an alarm with a message - just what it says, start an alarm....display a message, as rude as you please, it then takes a picture using both cameras....very cool.
• Display a message - this does the same thing as the previous one with no alarm, but it is way funnier because there is a "speak" tick box....I may have got my phone to say rude things. Takes pictures also.
• Get call log - as you would expect.
• Get SMS log - as you would expect.
• Call phone - Calls a phone from your phone, to a number you specify, not sure how useful this feature is.
• Send SMS - send an SMS to a phone number you specify. Not really sure how useful this really is.
• Record Audio - very cool, you specify a time; max 300s; and the phone records audio. You then download it and can listen in on what the thieves are talking about. 
• Take picture - takes a picture, you can choose to use the back camera, the flash and to take the picture immediately. 
• Capture video - as with audio except max 30s
• Grab Screenshot - emails you a screen shot of your phone.
• Start / Stop Emergency Mode - Emergency mode will make the device send its location periodically. You can specify the frequency of the alerts. It allows you to send a SMS also.
• Hide from app draw - this is really useful, hids Cerberus from the app draw. Thieves wont know that it is installed and therefore wont know to do anything about it. You can setup a special number to dial from the phone that will get you into the app.
• Show in app draw - Just makes Cerberus show up again.
• Wipe device memory - I guess it does what it says...didn't try this one though.
• Wipe SD card - I guess it does what it says...didn't try this one though.
• Reboot device - Yep, causes the phone to reboot.

Logging into the https://www.cerberusapp.com/ website is easy, it is really important that this isn't the weak point in your security. This app gives some serious control over your phone. Set a strong password!!!

This app is also one that is greatly improved by having root access on your phone, if you have root you can install Cerberus to the system partition. This means that the app is far harder to remove, normally any app is nuked if you do a factory reset, however a factory reset doesn't reset the system partition. A theif would have to have a much better knowledge of android to remove it. They would need to flash a new ROM.

Security is a concern with a app that has so much access to your phone, but if you have a social media app such as Google+ or Facebook with location services enabled then they have basically the same access as Cerberus does. I have read over their privacy policy and detailed it below. There is nothing particularly menacing about it, but have a quick read if you are interested. And you probably are if you have read this far into a review of a security application for your phone.

Security / Privacy main points from their privacy policy:

• You allow the app to use your location to track the device! To be expected since that is one of the main features.
• You consent to the app sending SMS messages, which means that it could cost you money. But this feature needs to be triggered by the user. Not much of an issue here. Unless someone hacks your account and makes you send really expensive text messages. But I also believe that SMS messages can cost to receive in some places in the world, so this could be more of an issue in that case, it is not relevant in NZ.
• You consent to the app being able to use mobile data, you wont be able to track your phone or do any of the main functions if a data connection is not available.
• As part of this LSDroid, the people that make Cerberus don't accept any liability for charges incurred. This is not a surprise at all.

• The sign up info that the privacy policy details is fairly standard, i.e. your sign up info is kept, and data is transferred to your computer.

• Now on to the interesting stuff, LSDroid says that it does not use your information for marketing purposes which is great, because this app has the potential to locate you down to the best possible accuracy. They do use your info to improve their services and functions, but all developers do this so no big deal there.
• They will email you for "non-marketing or administrative purposes", but from my experience over the last month of using it I haven't had any emails from them.

• LSDroid does release aggregate log information to "interested third parties" which basically means marketing firms. This means that the data they collect on all users is rolled together and general trends and patterns can be determined. It does not mean that any personally identifiable information is released, though a determined data mining effort can usually get far more information then is intended to be released, see this description at Securityfocus.com

• LSDroid states also that they will take all commercially reasonable steps to protect your data, but take no responsibility should there be a breach. Which is not surprising.

• In the event of "MERGER, SALE, OR BANKRUPTCY" as a first course they will try to keep the services running and therefore the users should notice no difference in service or privacy of information policy. If they are merged or sold the information you have provided will be moved to the new owner / merged entity.

CM10 Unofficial on my One S, I now have Jellybean :)

Ok so I was going to wait till there was an official build of Cyanogenmod for the One S before I installed it. But I am just too impatient for that, I have been following the progress of the devs at http://ville.giev.de/

I finally decided to go for it a few days ago after seeing a build in the Clockwork Mod lists, it didn't work so I started looking deeper into the state of the build. Turns out that the Clockwork Mod list has a much older build (as much as 2 weeks is "much older").

So I downloaded the latest available build from http://ville.giev.de/ which was CM10 20120815 which is conviently linked on the page. It contains the insecure boot image that you will need to flash using fastboot.

Just drop the whole zip file on your phone and also extract the boot.img into your fastboot folder. You should also download the gapps (Google Apps) zip file if you want to be able to connect to your Gmail and the Play Store. Drop the gapps zip on your phone.

THIS is VERY IMPORTANT, because there is no removable SD card it is much harder to fix your phone after you started if you don't have a working system image already there!!!!! Just maker sure that you drop the .zip file on to your phone before you install the boot.img file.

Boot your phone into fastboot, see that the red fastboot icon changes to fastboot USB. In a terminal window navigate to your android SDK folder and then to your platform tools folder where you dropped your boot.img file earlier.

Run the command:

• sudo ./fastboot devices

You should see your device ID, I always do this to make sure that I have comms to my phone.

If this has worked then the next step is to flash the insecure boot image, this allows you to install new kernels aka the Jellybean kernel, so run the command:

• sudo ./fastboot boot boot.img

It will only take a few seconds to complete. Basically you are writing the file boot.img into the boot partition of your phone.

Once that is done you can now install the latest CM10 build, on your phone go back to the bootloader and then into recovery.

Select install zip from sdcard
Choose zip from sdcard
Naigate to where you dropped your zip file earlier and select it
Scroll down to Yes install cm-10..... .zip

The system will install, it doesn't take too long, you will then be dropped back to the recovery prompt, you can follow the same format to install the gapps zip file.

Reboot your phone. You should see the CM9 boot animation (this is on the low priority list of fixes). After a little bit your phone should boot into CM10, you will see the Jellybean lock screen.

That is it.

Ok now my conclusions, I have only had my phone for about 2 months now, I have never used stock ICS. I was running HTC Sense 4.0 on top of Android 4.0.3. Now I am running CM10 which is based on Android 4.1.1.

The phone is now faster then I have had it so far. My main test for this is Temple Run, which used to studder when first starting when running Sense ICS, it is smooth all the way through now. I know this is not the most scientific testing method but the studder was repeatable on the Sense ICS build and I haven't seen it yet on the CM10 JB build!

There are still a few things not working on CM10 but overall it is in a stable daily usage state now, I will follow the development as they do the final polishes on it. Maybe then it will get the official stamp and become part of the main CM line.

The One S is a great piece of hardware, just needed a software upgrade in my opinion.

Why unlock and root your phone?

A friend of mine asked me "what's the advantages vs disadvantages of even unlocking an Android phone system? You can build apps with tools. Configure the interioir as standard???"

For me the first reason to unlock and root my phone is to have full control over my own devices. It allows me to install a completely new version of android as I did with my Nexus One, I ended up with Cyanogenmod 7.1, which expands the capabilities of the phone significantly over the stock system. And it makes you feel more like a owner rather then just a user.

The second reason is the ability to have a complete backup of my current working system, if this is the only reason that you want root access then it is worth it. I use ROM Manager by Clockwork Mod, to backup my system and load new ROM's in an easy manner. The backups produced include all your data and system partitions, so if you nuke your phone by installing a dodgy app or getting a bad virus (not many around yet). You can restore your phone to a known good state, rather then back to factory default.

The third reason is some apps require root access to install and use. I'm looking forward to ubuntu for android, I hope once the research phase is finished that anyone can install it, not just those running "approved" phones.

The fourth reason is you get a much better understanding of your device when you unlock your device (assuming you do it yourself), doing a little research and understand how some of the underlying technology works.