RC30 can forcibly update your phone

[Koush]

Code:

        long now = SystemClock.elapsedRealtime();
        long nextPrompt = getNextPromptTime(intent, now);
        if (nextPrompt == 0) {
            Log.i(TAG, "Installing overdue OTA update without prompting");
            installUpdate();
            return;
        }

Basically, getNextPromptTime determines the prompt interval and number of prompts to show. So Google can potentially never prompt and just install without asking permission.

If you want to keep root access, I highly recommend doing the following to disable OTA updates:

Go to a root prompt.
Type the following:
# mount -oremount,rw /dev/block/mtdblock3 /system
# cd system
# cd etc
# cd security
# mv otacerts.zip otacerts.zip.bak
# mv cacerts.bks cacerts.bks.bak

That should disable cert checking by disabling (renaming) all the certs on the device. Someone please verify, but I'm pretty sure those are the certs that are checked.

Alternatively, you can follow the instructions to mod your recovery and boot images:
http://forum.xda-developers.com/showthread.php?t=443041

I have confirmed that leaving a shroot/suroot laying around will not work, as Google formats the system partition and resets all permissions upon an update:

Code:

format SYSTEM:
set_perm 0 3004 02755 SYSTEM:bin/ping

In addition, it is not possible to put the shroot/suroot in another partition besides system, as those are all reverted to noexec or nosuid upon reboot.

Code:

/dev/block/mtdblock5 /data yaffs2 rw,nosuid,nodev 0 0
/dev/block/mtdblock4 /cache yaffs2 rw,nosuid,nodev 0 0
/dev/block/mmcblk0 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1000,fmask=0711,dmask=0700,codepage=cp437,iocharset=iso8859-1,utf8 0 0

Anyone know where the underlying update code is? I've only seen the Java front end (/packages/apps/Updater).

[HagbardCelineII]

How do I know if I did this right?

Keep in mind I know next to nothing about Linux.

[ballaholyk84]

Ive done it to mine and have yet to see an update

[IronWolve]

Might want to move telnetd to something, so an app doesnt call it and get root, if you dont want the patch. Also copy sh to something so you can get root, and remove the permissions on sh

Not sure if suid on sh is needed for anything, so beware...

[RyeBrye]

Moving telnetd is not necessary, because telnetd does not become root, nor is it setuid root. The bug was that a root shell was listening on the keyboard (so if you type reboot on your phone while the android is pulsing or after you boot - the phone reboots)

Moving the cacerts will make ALL SSL stuff to work incorrectly because you no longer have a list of trusted root authorities.

The only good long-term solution is to reflash your recovery... etc

[defconoi]

the updates are downloaded to /cache what if we touch "nameofupdatefile" or lock down /cache completely and that may prevent updates

[defconoi]

or we could create a script that kills the update app, deletes any zip files every couple minutes in /cache

[defconoi]

My phone gave me an update notification, I immediately killed the com.android.update process then cd /cache ; rm signed-RC30-from-RC29-fat.1582cace.zip then sudo busybox touch signed-RC30-from-RC29-fat.1582cace.zip then rebooted, and so far no more update notification or update process started

[PAO1908]

Did it, I will inform you what happened....

[defconoi]

for some reason signed-RC30-from-RC29-fat.1582cace.zip got deleted, possibly ln -s /dev/null signed-RC30-from-RC29-fat.1582cace.zip will work