Home > Uncategorized > Missing Android manual

Missing Android manual

We all got Android devices without a proper manual so here are some basics I have learned over time…

It was taken from my internal notes so it’s not very pretty but I decided to share it so it can help more people. I am not an Android expert, this is rather an introduction to basic Android ops. For more, you can visit official Android docs. Fortunately they had been extended over the years.

Basic Paths

  • /system – system partition with read-only system
  • /data – data partition with user data
  • /data/data – application data (each app folder has to have u:object_r:app_data_file:s0:c512,c768 selinux context)
  • /data/user/0 – application data for user 0
  • /storage/emulated (/storage/self/primary) – internal flash memory, number folders for individual android users
  • /sdcard (/storage/self/primary) – internal flash memory for the current user (alias of /storage/emulated/0)
  • /storage/SOME-ID (or /mnt/media_rw/SOME-ID) – shared external SDCARd

Important files

  • /data/system/packages.xml – list of installed packages with their permissions and other metadata, includes package renames
  • /data/system/packages.list – list of installed packages in format “packageID UID isDebuggable PathToDataDirectory otherflags..”

Important Android Commands

  • pm – package manager:
      to list packages pm list packages
      to uninstall pm uninstall package.id
      to freeze/unfreeze pm enable/disable package.id
  • am – activity manager
      to force-stop app am force-stop package.id
    to start an activity (app) am start -a android.intent.action.MAIN -n com.android.browser/.BrowserActivity (package.id/activity.name)
  • dumpsys – dumps various system stuff, you can use dumpsys package package.id to dump various package info including installed version number
  • ime – input method manager. To list all keyboards and other input methods including disabled ones ime list -a, to enable input method ime enable package.id/somePath
  • (more commands and examples in this helpful gist I’ve found recently)

Important Computer Commands

Normal debug mode

  • adb reboot recovery reboot into recovery (TWRP)
  • adb reboot bootloader reboot into fastboot mode
  • adb root – switch adb daemon on the phone to root by default (root required)
  • adb shell – access phone shell
  • adb install [-r] /path/to.apk – install apk, use -r to replace existing package
  • adb push /path/on/pc /path/on/phone – push local file/folder to a destination on the phone
  • adb pull /path/on/phone /target/path/on/pc – pull files/folders from the phone

Fastboot mode

  • fastboot flash recovery /path/to/recovery.img – flash recovery partition (can flash other partitions too)
  • fastboot boot /path/to/image.img – boot the image (image is abootimg – contains kernel, initramfs and potentially other partitions)
  • fastboot reboot – reboot normally
  • fastboot oem unlock / fastboot oem unlock-go – unlock bootloader (different for different vendors)

Booting Process

Booting process is described more in this Magisk article called Android Booting Shenanigans

SELinux and Modern Security

Modern Android builds implement SELinux rules for enhanced security. SELinux complements UNIX access permissions. Additionally some software like Google Play or Google Pay checks that SELinux rules are set up properly and that system has not been tampered.

That basically means that you can’t easily modify /system. Thankfully, people from Magisk managed to implement a system for bind mounts mounted during boot. That way, they can overlay modified files on top of existing /system files without breaking integrity and keeping SafetyNet attestation.

Some apps does check for root. MagiskHide, which is part of Magisk can help. It can be accessed via a tab in Magisk manager, you can select apps to hide the root from.  Only select apps which explicitly complain and rather don’t select system apps. You should also rename Magisk manager to a custom name to hide it (that is done from Magisk Settings).

To make Google Pay working on rooted phone, you need MagiskHidePropsConf and update device fingerprint. Looks like this may not work on all devices, though.

Remove fingerprint data after secure storage invalidation to allow removing old fingerprints and adding new ones

I don’t remember why I needed that in the past but keeping here in case useful. :P

  • rm -rf /data/system/users/0/fpdata
  • (may not be needed) edit /data/system/users/0/settings_fingerprint.xml to remove fingerprint lines
  • restart Settings app and edit fingerprints


Categories: Uncategorized Tags:
Notify of

1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
Alessandro Selli

Both interesting and useful.
Thank you!

Would love your thoughts, please comment.x
deadly laser