Mirror an Android Device on a PC with scrcpy

scrcpy is a free, open-source application that allows Android devices to be mirrored to computers running Linux, Windows, and macOS. It supports mirroring using either a direct USB connection or over TCP/IP.

I needed to do some recording of an Android application recently, and was impressed by how easy it was to install and configure scrcpy. After just a few minutes–most of which was spent figuring out to enable USB debugging on my device–I was up and using my phone on my Windows PC.

The only prerequisites are that it requires an Android device with at least Android 5.0, and to take advantage of all its features it requires Android 11+.

But oh what a feature set:

It focuses on:

  • lightness: native, displays only the device screen
  • performance: 30~120fps, depending on the device
  • quality: 1920×1080 or above
  • low latency: 35~70ms
  • low startup time: ~1 second to display the first image
  • non-intrusiveness: nothing is left installed on the Android device
  • user benefits: no account, no ads, no internet required
  • freedom: free and open source software

    Its features include:
  • audio forwarding (Android >= 11)
  • recording
  • mirroring with Android device screen off
  • copy-paste in both directions
  • configurable quality
  • Android device screen as a webcam (V4L2) (Linux-only)
  • physical keyboard/mouse simulation (HID)
  • OTG mode
    and more…

Boomerang: Email Myself App for Android

Boomerang: Email Myself is a single-purpose Android that does one thing and does it well–it lets users easily send emails to themselves.

I end up doing this quite a lot, and I previously would just open up the Gmail client or share content to Gmail.

But I dislike doing so as I have to enter the email address I want to send to and constantly worry about inadvertently sending a provocative link or message to someone other than myself by accident.

I also have to populate the subject field, which Boomerang takes care of.

Not an app that everyone will need, but an excellent solution for those of us who do need it.

Boomerang: Email Myself Screenshot
Boomerang: Email Myself Screenshot
Continue reading “Boomerang: Email Myself App for Android”

Cult Manager Tycoon

I almost never play mobile games, but Cult Manager Tycoon looks like my kind of game.

Manage resources like Mojo, Money, and Legitimacy, to take your cult mainstream.

Choose Holidays and Revelation Passages that please your followers and keep them Devoted.

The better your Revelation each round, the more followers you Convert. This means more Donations and the chance for better classes of worshipers that increase your Legitimacy.

Achieve 100% Legitimacy for one of three possible endings!

KinScreen–Advanced Screen Control App for Android

I use an open-source notetaking app on Android that will only decrypt synced notes when my device’s screen is on. Since the decryption process can take some time, usually, my device automatically goes into a screen-off mode, and then I have to reopen the device to continue the decryption. This is annoying.

KinScreen is an Android app with a dizzying array of settings to control when the screen turns off and on.

For example, I can whitelist my notetaking app so that the screen never turns off while the app is in use. But I can also add a secondary rule to turn off the phone after more than 15 minutes of screen-on time to reduce burn-in risk.

KinScreen Screenshot
KinScreen Screenshot
KinScreen Screenshot
KinScreen Screenshot
KinScreen Screenshot
KinScreen Screenshot

Universal Android Debloater

Universal Android Debloater is an open-source script designed to remove bloatware from Android phones. Unlike other solutions, this doesn’t require root access to the device, though this also means that some bloatware won’t be removable without that level of access.

The main goal is to improve battery performance and privacy by removing unnecessary and obscure system apps. This can also contribute to improve security by reducing the attack surface. The script has a menu that lets you choose what debloat list you want to use. I strongly encourage you to take a look at the lists because the default selection may not suit you. All packages are as well documented as possible in order to provide a better understanding of what you can delete or not.

This script should be safe with the default selection. The worse thing which could happen is preventing an essential system process to be loaded during boot causing then an unfortunate bootloop. If you used the non-root solution, after about 5 failed system boots, the phone will automatically reboot in recovery mode and you’ll have to perform a FACTORY RESET. So make a backup!

If you have a rooted device you can also physically delete the apks. Ironically this solution is safer because the script saves the apks before their removal. In case of bootloop you just need to run the script from a recovery with ADB support (e.g TWRP) and restore them.

Let’s Encrypt Comes Up With Solution for Bizarre Problem

The problem itself is fairly straightforward. Let’s Encrypt launched in 2016, and while it waited to have its root certificate approved and added to browsers and OSes, it reached an agreement with existing certificate authority IdenTrust to cross-sign it’s SSL certs. This meant that as long as IdenTrust’s widely deployed root certificate was on a device, then Let’s Encrypt certs would be accepted as valid by that device.

But that IdenTrust root certificate expires in September 2021, and Let’s Encrypt will transition to using its own widely deployed root certificate going forward.

Except on one operating system–Android.

Let’s Encrypt was added to Android’s certificate authority store in Android 7.1.1, released in December 2016. So devices using version 7.1.1. or newer will have no problems at all when the IdenTrust root certificate expires. Let’s Encrypt’s root cert is already included in the Android OS, and things will be fine.

The problem is that almost 34 percent of Android devices are running a version older than 7.1.1. That translates to about 845 million devices still running an OS that is more than four years old.

Let’s Encrypt found a workaround, but it’s crazy that 845 million Android devices being actively used have an OS that hasn’t been updated in four years, and that likely can’t receive updates even if their owners wanted to.

Ironically, one of the bug fixes rolled out in 7.1.1 was an update to Android’s CURL/LIBCURL libraries, which had bugs that could allow a malicious actor with a forged certificate to launch a remote code execution attack.

Hell, Let’s Encrypt’s workaround relies on the fact that Android ignores crucial security settings. Even though a root certificate like IdenTrust’s has an expiration date, Android ignores that expiration date. So IdenTrust has agreed to extend its cross-signing of Let’s Encrypt certs for three years.

IdenTrust has agreed to issue a 3-year cross-sign for our ISRG Root X1 from their DST Root CA X3. The new cross-sign will be somewhat novel because it extends beyond the expiration of DST Root CA X3. This solution works because Android intentionally does not enforce the expiration dates of certificates used as trust anchors. ISRG and IdenTrust reached out to our auditors and root programs to review this plan and ensure there weren’t any compliance concerns.