Month: January 2018

Google files: easy to overshare!

Do you want the whole world to see your shared Google files? It’s easy to make this mistake. You can avoid by only sharing with people who have Google accounts. Here’s how.

When viewing a Google file, on the top right is a Share button. Click on it to open the Share with others dialog. That is where you share your file.

In this dialog, if you use the Get shareable link feature, you made a link that anyone can use to see your file:

Share with others dialog with link sharing enabled

Anyone with that link can see this file!

Oh, you only emailed that link just to one trusted friend? What if his email is hacked? What if he shares the link, even accidentally? Suppose the link ends up where Google’s search engine can see it? The file will be in Google’s public search!

Fixing this is easy. In the Share with others dialog, click the Anyone with the link… dropdown, select OFF, then click Done.

Another way to over-share is when you add people. Let me be clear: it’s more secure to add people instead of sharing a view link. When you add people, the person you shared with gets a link to the document, but Google won’t allow viewing unless the person is signed in with the account you shared the link to. If the recipient shares the file’s link with someone else, that other person cannot view the document!

A catch: the people you share with must have Google accounts.

Watch this. It shows what happens when you share with someone without a Google account:

What happens when you share a Google file with someone who doesn’t have a Google account

Did you see this text: “Link sharing is ON. Anyone with the link can view” Don’t use that! If someone doesn’t have a Google account, then Google has no way to know if that person is who is viewing the file. Therefore, it sends the same kind of link mentioned above: it lets anyone view the file!

What does “Google account” mean? It is an account used to sign in to Google systems. The account name is the person’s email address. People with Gmail addresses already have a Google account. People with other email addresses may set up a Google account at https://accounts.google.com/SignUp.

How to avoid sending a view link: When you share to people who don’t have Google accounts, always select the Send an invitation option. With that, the recipient gets an invite to set up a Google account. Until that is done, the link won’t let the recipient view the file.

Samsung S7’s firmware-version eFuses

Recently, I discovered that with the Samsung S7, you can’t downgrade certain firmware versions.

These are firmware releases for Sprint’s branded Samsung S7, the SM-G930P (P means Sprint). Note the number in the yellow column:

List of Sprint S7 firmware versions (source)

In late November, I was on the QJ3 update (last three digits of firmware). Its number is 5.

I tried to switch to the SM-G930U firmware. That would make my S7 an unlocked phone, which should free it of Sprint-specific customizations.

At the time, the latest Sprint-compatible* SM-G930U firmware was G930UUEU4BQJ5. Note the 4! When I tried to install that, I got an error saying that the version I am trying to install is lower than the fused version. This was the error:

SW REV CHECK FAIL : [ABOOT]FUSED 5 > BINARY 4

Note that “ABOOT” means the Android bootloader. This is a small, critical piece of software that kicks off everything else when you start the phone. The yellow-highlighted number in the above picture is in fact the bootloader version!

On the S7, Samsung has eFuses that indicate the bootloader version. When enough eFuses are tripped for bootloader version 5, I can’t install bootloader version 4. When an eFuse trips, the circuit permanently changes. I can’t un-set these eFuses.

Samsung’s eFuses became notorious in the custom ROM community a few years ago. Samsung’s Knox security would trip a warranty fuse if you installed unauthorized firmware. You can’t reset the warranty fuse. Warranty fuse-tripped phones work fine, but there are anecdotal reports of Samsung refusing warranty service due to tripped warranty fuses.

This firmware change didn’t trip the Knox warranty fuse. It’s because all US-market Samsung S7 phones are hardware-identical: the only difference between Sprint, AT&T, unlocked, etc. S7s are the software! All Samsung- or carrier-issued firmware types, intended for the US market, are Samsung-authorized on any Samsung S7.

Back to the story: When you install firmware on Android phones, you are installing four pieces of software: the bootloader, modem (handles the cell network communications), Android core software, and carrier- and region-specific Android customizations. It turns out this version lockout doesn’t stop you from installing older modem software. Due to my determination, I managed to install older SM-G930U (unlocked) modem software. I was still on current-version SM-G930P (Sprint-branded) for everything else. Because of that version mismatch, I got security warnings:

Samsung S7 security warning, for when part of your firmware has a version mismatch

The phone still worked fine.

Why didn’t I just get the newer firmware and be done with it? No download site had QJ3 despite it being out for a few weeks!

About a week later, I could download the correct firmware. I installed it, and everything went back to a happy state. I’ve since installed two more over-the-air updates from Sprint with no problems.

*I don’t understand why an “unlocked” phone has carrier-specific variants! Isn’t unlocked supposed to mean “not carrier-specific”? Here are SM-G930U variants (source):

  • Bluegrass Cellular (LRA)
  • Nextech / C-Spire (ACG)
  • Sprint (cdma) (SPR)
  • Tracfone (TFN)
  • USA (TMK)
  • USA (USC)
  • USA (AT&T) (ATT)
  • USA (T-Mobile) (TMB)
  • USA (Verizon) (VZW)
  • Unknown (AIO)
  • Unknown (BST)
  • Unknown (XAA)
  • Unknown (XAS)
  • Virgin Mobile USA (VMU)