Google Nexus 4 - 4.4, LTE, and encryption

[baileycmatt]

So after I get the 4.4 update I think I'm going to go ahead and flash one of the LTE-capable radios, since I live in DC and T-Mobile has great LTE coverage here. The reason I've held off so far though is that I have to have encryption turned on to support my work email. (Unrelated, the biggest feature in Kitkat that I'm excited about is improvements to the Exchange email app, which I use 100x more than gmail). I'm reading on XDA that this will work, though it's more complicated - I need to do a factory reset to turn off encryption, unlock bootloader, root, flash radio, then re-encrypt.

Anyone have any experience with this?

 

[JDWallace]

I've tried it using ATT and it seems faster after testing different hybrid radios. My status bar shows the "H" though and still after different hybrids it doesn't show "4G" or "LTE" like others have over on XDA. I'm not sure if it's because I am on ATT. A lot of the T-Mob folks got it to show. I did the *#*#4636#*#* and went into that menu to change setting and it still doesn't seem to affect the status bar. I'm at a loss, because there seems to be more T-Mob folks doing it than ATT. I'm not sure if that helps you at all but good luck!

 

[gone down south]

You'll only get LTE on T-Mobile.

Sent from my Nexus 4 using AC Forums mobile app

 

[JDWallace]

Why is that? I thought ATT used Band 4 which is what I thought those radios were. I've been with Android since the beginning but I'm still just a novice ROM'r/Root'r, so any explanation on this would learn me more. LOL!

 

[someguy01234]

So after I get the 4.4 update I think I'm going to go ahead and flash one of the LTE-capable radios, since I live in DC and T-Mobile has great LTE coverage here. The reason I've held off so far though is that I have to have encryption turned on to support my work email. (Unrelated, the biggest feature in Kitkat that I'm excited about is improvements to the Exchange email app, which I use 100x more than gmail). I'm reading on XDA that this will work, though it's more complicated - I need to do a factory reset to turn off encryption, unlock bootloader, root, flash radio, then re-encrypt.

Anyone have any experience with this?

On a second note, just check the sticky threads from this section, it's pretty straight forward: http://forums.androidcentral.com/nexus-4-rooting-roms-hacks/
Follow instructions from : "Nexus 4 - Factory Image Restore" first, then follow: "Nexus 4 - Unlock & Root"
After that, just boot into TWRP recovery and flash these zip packages: http://forum.xda-developers.com/showthread.php?t=2412052
After flashing, factory reset your phone, otherwise the 4g mode won't be set as deafult and won't stick reverting to 3g mode on every reboot.

 

[wiseoldbird]

That feature using *#*#4636#*#* has been turned off. You need to install the software for an older "radio driver" and do a few procedure to actually get LTE working. It will show that you have LTE rather than H.

 

[dan1431]

While at&t does use Band 4 for LTE it is only in a few areas.

I did get at&t LTE on my N4 in Dallas, but not in Houston. I think I remember getting at&t LTE in Los Angeles as well, but I am less sure about that.

Dan

 

[wiseoldbird]

Help, I was able to follow the instructions to unlock and root the phone then I reinstalled Kitkat stock image, per the instructions as well. But I can not figure out what to do with TWRP, LTEhybrid33-84.zip and EnableNexus4LTE.zip. I have tried "fastboot flash and then the zip files" and that didn't work. I get an error message about not identifying the file. Do I need to unzip them and flash a specific file?

Sorry if I am being stupid. Thx

 

[someguy01234]

Help, I was able to follow the instructions to unlock and root the phone then I reinstalled Kitkat stock image, per the instructions as well. But I can not figure out what to do with TWRP, LTEhybrid33-84.zip and EnableNexus4LTE.zip. I have tried "fastboot flash and then the zip files" and that didn't work. I get an error message about not identifying the file. Do I need to unzip them and flash a specific file?

Sorry if I am being stupid. Thx

You're not supposed to flash those zip files using fastboot. Fastboot is to flash official factory images. You should read more next time before flashing things to your device, flashing the wrong things through fastboot and especially though custom recoveries can potentially brick your device and not too uncommon for people who don't read before they flash things.

TWRP is a custom recovery, which is used to flash "flashable zip files" like custom roms or custom patches. To get into the recovery, while in your fastboot mode screen (bootloader menu), use the Volume button to select and launch "Recovery".

If you have not flash or done anything to change your system, the first thing I recommend you do in TWRP is a factory reset and then make a full backup of your device. Doing a factory reset, restoring backups and flashing roms while in TWRP will not wipe your internal storage. (With stock recovery factory reset will wipe your internal storage).

It's a good idea to keep one working backup of your device running stock rom. With custom recovery and modified system files, Google's OTA updates will not work. However, TWRP could flash OTA sucessfully, but it will likely only work on a pure stock system that is unmodified. This only matter if you intend to get OTA in the future, since you already know how to flash factory image using fastboot.

You can put the LTE flash packages in your phone and install it using TWRP, or you can turn on ADB sideload feature in TWRP's Advance menu and install them directly from your computer.

Now that you have TWRP installed, a whole new world is opened to you. Just know how restore your device and flash carefully. Also custom recoveries are not secure unless you encrypt your device, since its possible to boot into it gives full access to your phone.

 

[wiseoldbird]

You should read more next time before flashing things to your device,.

Thank you for your reply. I was looking for how to flash these things yesterday on the web before I posted. I guess my Google-Fu (or is the Google-Force) was not strong with me yesterday. As you can probably tell, I am pretty new to the concept of flashing new drivers to my phone.

I will search how to install TWRP.

 

[someguy01234]

Thank you for your reply. I was looking for how to flash these things yesterday on the web before I posted. I guess my Google-Fu (or is the Google-Force) was not strong with me yesterday. As you can probably tell, I am pretty new to the concept of flashing new drivers to my phone.

I will search how to install TWRP.

The instruction is here http://forums.androidcentral.com/showthread.php?t=224861

Make sure you always have the latest TWRP version if you flash with it to prevent errors.

The twrp database is here, mako is the Nexus 4: http://techerrata.com/browse/twrp2

If you want a secure device keep stock recovery, only boot into TWRP using the command: fastboot boot twrp.img

sent using tapatalk

 

[CoolBeit]

If you want a secure device keep stock recovery, only boot into TWRP using the command: fastboot boot twrp.img

sent using tapatalk

How does this make your device more secure? I'm not trying to contradict you, in asking because I genuinely don't know.



Sent from my Nexus 4 using Tapatalk

 

[someguy01234]

How does this make your device more secure? I'm not trying to contradict you, in asking because I genuinely don't know.
Sent from my Nexus 4 using Tapatalk

This all come down to the fact that Android is a linux-based computer which is very powerful, but when you have root in linux, you can do anything.

Custom recoveries like CWM and TWRP allows full root access to the device. You can modify any partitions of the phone or do anything with the command line with full access, such as:
-Copying all the user datas by a simple command of: adb pull /data \output\folder (this is how you backup your stuff if your phone is bricked).
-Or bypass your lockscreen by: [GUIDE][HOW-TO]Crack android pattern lock! - xda-developers
-Or run any malicious scripts.

I think this loophole can be closed if the custom recovery developers could find out a way to implement a passcode system to the recovery with good encryption.

With stock recovery, adb will not work. There is the "adb sideload" feature, but it only work with signed update packages (which potentially can be exploited, more below).

A good way to protect the phone from theft would be to encrypt your phone. The thief can't get at your private datas unless they can break the password.

However, the thief can create an image of your device (which required adb or root access and using the "dd" command: see the alternative method in the bottom of this page) and try to decrypt it on a more powerful machine. So you have to make sure to not allow any external root access to your device.

The fact that you can use the dd command to image partitions is also reason why Google do not allow physical microSD card (aside from Microsoft patents, many Android manufacturers like Samsung and HTC have to pay royalty to Microsoft). The thief would have to copy the image to your internal storage first, but that is protected by the fact that you encrypted your device before hand. If you have a removable medium like sdcards, the thief would just insert an their own unencrypted sdcard to copy the files over. Also, some devices have USB OTG capability which is used to mount external flashdrives. However, having locked bootloader and stock recovery can protect you from this, since only custom recoveries have these extra features like mounting USB OTG.

In the past, with the Samsung Galaxy S, I rooted the phone by flashing an exploit package in stock recovery, bypassing the signature requirement. I'm sure Google have since improved their stock recovery to make it harder to penetrate (and that was a Samsung device anyway, we all know Samsung had several well known security exploits reported in the past). But Google created a very good security backup with the bootloader. You can simply delete your phone's recovery so it doesn't exist at all (fastboot erase recovery), then lock your bootloader. The only way to install or boot into another recovery to your phone now (on an encrypted phone that the thief can't log in) is to unlock the bootloader, which required a full wipe of your data in the process.

There is one security downside with Nexus devices is that while following the advices above you can protect your data, you can't stop the thief from unlocking the bootloader and flashing a new firmware. You can either call up your carrier and ask them to blacklist the phone's IMEI, or purposefully break the USB port of the phone and use wireless charging (as long as the thief doesn't bother to repair it with a replacement part.)

So a good anti-theft protection for your device would be to:
-Disable USB debugging. (However, Google have improved the security by popping up a toast message on the phone asking to allow USB Debugging to the connected device, so if you have Android 4.3 or newer, it's not as much of a concern if it's still enabled and you have a strong lockscreen).
-Stock recovery, locked bootloader.
-Encrypt your phone.
-Install an anti-theft program like Cerberus. If the phone have root, Cerberus can exist in the phone even after a regular factory reset (but not a factory image flash).

The downside of this is without an unlocked bootloader you can't backup your data if the phone failed to boot. Also with encryption, it's a pain to type the decryption password each time the phone boot up since if you don't type anything soon, the phone make this endless annoying notification sound and leave the screen on, making the phone very hot. Google needs to fix that.

But an easier alternative that I mentioned to someone who asked a similar question: Just keep your phone with you at all time and carry a magnum.

Also this BootUnlocker app can lock and unlock the Nexus bootloader without requiring a data wipe, but it needs root. So you could temporarily unlock your phone for flashing. While the bootloader is unlocked, instead of installing a custom recovery, boot into one by using your PC with the command: "fastboot boot twrp.img (or cwm.img).

 

[CoolBeit]

Thanks for all that! I may have to get that app so I can relock my bootloader between flashes.

Sent from my Nexus 4 using Tapatalk

 

[misterno123]

Anybody in Houston can help me with this?

 

[JDWallace]

Anybody in Houston can help me with this?

I'm not but go there a lot and really would like to see how to make this work with ATT.

 

[someguy01234]

I'm not but go there a lot and really would like to see how to make this work with ATT.

Buy a Nexus 5.

N4 only support LTE Band 4, which ATT enable at a very few places in US. This is for T-Mobile in US only.

 

[2ndrunnr]

Hey some guy. I'm trying to download the zip packages, but they never download as zip files. I have the same problem with superSU 1.80 The files download and turn into folders. What can I do about this? I'm extremely knew at this so please excuse my ignorance. I'm on a macbook pro and my unzipping software is 7zX. Also, will I be able to use tethering/hotspot with this?

 

[someguy01234]

Sorry, I don't have experience with mac. It needed to be in original zip format because you flash the zip file using custom recovery. You can try downloading it on the phone itself.

Also here is the latest radio package, but it only install for 4.4.1 or newer. [4.4.1-4.4.2][12/10][v1.3] Nexus 4 LTE and LTE tethering/hotspot fix - xda-developers

BTW, these packages make changes to the build.prop and change the radio, both of this will cause OTA updates to not work.

 

[2ndrunnr]

Thank you! Just to be clear, I should backup my current stock firmware using adb before rooting and flashing, correct? And can I also make a separate backup file for the rooted LTE once I flash it so that I don't have to re-root and re-flash should I want OTA update? Also, I've downloaded superSU 1.80 directly from my phone. Where would I find the file and how would I move it to the recovery directory it needs to be in?


EDIT: Found the downloaded superSU in "Downloads". Device is rooted and Titanium Backup is currently running. Now just to figure out how all this OTA/restore root/restore backup procedure works.