Uncategorized – Page 175

GSM 900 Use in Cities and the Countryside

Back in 2006, two network operators in Germany who so far only had GSM spectrum in the 1800 MHz range each got assigned a 5 MHz chunk of 900 MHz spectrum to improve rural coverage and urban in-house coverage. Also the move was necessary to equalize the playing field with the other two network operators who already owned 900 MHz spectrum from the beginning. It's 5 years later now so I wondered if and how they have made good use of it.

While I was recently on the countryside in Southern Germany I had a look in a number of places where 900 MHz spectrum would have been very beneficial. While O2 made consistent use of 900 MHz spectrum there in addition to some 1800 MHz carriers, E-Plus only used it very occasionally. I wouldn't have expected that as, after all, it's E-Plus who's always pointing out that they are at such a disadvantage.

The picture is even more interesting in cities. Here, 900 MHz spectrum significantly improves indoor coverage as can be observed with UMTS 2100 coverage being lost indoors much sooner than UMTS. Again, O2 has made use of their 900 MHz spectrum in Cologne in addition to their 1800 MHz spectrum. And again, no traces of a 900 MHz GSM deployment from E-Plus 5 years after they've been awarded spectrum.

On the other hand, their lack of 900 MHz deployment offers some interesting possibilities for UMTS deployment strategies. They've talked about that before in the press but only seeing is believing.

Android Programming – Part 4 – The Telephony Event Handler

In part 3 I've looked at the entry method of my app that is called whenever the app is started and how it registers a listener object to network status events. In this part I'll take a look at the listener object itself.

The code for the listener object is part of my app and is a private class that is only visible to my app but not to the outside world. Here's a code snippet that shows how it looks like:

private class MyPhoneStateListener extends PhoneStateListener {

/* Get the Signal strength from the provider,
each time there is an update */
@Override
public void onSignalStrengthsChanged(SignalStrength signalStrength) {

[…]

try {
    /* output signal strength value directly on canvas of
       the main activity */
    outputText = "v7, number of updates: " +
    String.valueOf(NumberOfSignalStrengthUpdates);
    NumberOfSignalStrengthUpdates += 1;

    outputText += "rnrnNetwork Operator: " +
                   Tel.getNetworkOperator() +
                   " "+ Tel.getNetworkOperatorName() + "rn";
    outputText += "Network Type: " +
                   String.valueOf(Tel.getNetworkType()) +
                   "rnrn";

[…]

To keep things simple the app only uses one listener method in the listener object, "onSignalStrengthsChanges". As the name implies this method is called whenever the signal strength of the current cell changes. It is "overridden" as I don't want Android to execute the default actions of this method but I want to do my own things in my instance of the class. When this method is called I also get other network status information and compare it to previously received values. If, for example, the cell-id has changed, I increase a corresponding counter variable accordingly.

Reading network status information seems to be a dangerous thing. If network coverage is lost and the method is called for whatever reason, one of the status query methods throws an error, known as an "exception" in Java. If that exception is not handled, the application will be terminated with an error message presented to the user. To prevent that from happening, all network status querries are performed in a "try – catch" construct. If an exception occurs in the "try" part of the code, execution continues in the "catch" part where the exception can be handled. In the case of this app, the code for the "catch" part is rather short as it doesn't do anything with the exception and just hopes for a better day when the device finds the network again.

To retrieve the network status information I am interested in, I call the following methods provided by the Android API:

TelephonyManager.getNetworkOperator()
TelephonyManager.getNetworkOperatorName()
TelephonyManager.getNetworkOperatorType()
SignalStrength.getGsmSignalStrength() –> works for UMTS as well…
GsmCellLocation.getCid()
GsmLellLocation.getLac()

There's also objects and methods in the API to get information about neighboring cells. However, this doesn't seem to be implemented consistently accross different devices and network technologies. In fact I tried this on several different types and models and only one would give me neighboring cell information and then only for GSM but not for UMTS. Here's the code for it:

   /* Neighbor Cell Stuff */
   List<NeighboringCellInfo> nbcell = Tel.getNeighboringCellInfo ();
   outputText += "Number of Neighbors: " +
                  String.valueOf(nbcell.size()) + "rn";
   Iterator<NeighboringCellInfo> it = nbcell.iterator();
   while (it.hasNext()) {
     outputText += String.valueOf((it.next()getCid())) + "rn";
   }

And finally, the output text I've generated needs to end up on the screen. There are several ways to do it and I've decided to go for the straight forward approach:

   /* And finally, output the generated string with all the
      info retrieved */
   TextView tv = new TextView(getApplicationContext());
   tv.setText(outputText);
   setContentView(tv);

There we go, this is the core of the app to get network status information via the Android API. I guess one more part in this series is necessary to describe some bells and whistles for smooth user interaction and of course the release of the complete code so you can play around with it as well if you like.

Android Calling Home

If you are a frequent reader of this blog you are probably aware that I prefer to keep my personal data close to myself. I don't want my personal address book, calendar, etc. etc. with Google or anyone else in the cloud, I don't want anyone collecting location information, anonymously or not without my consent and I don't want my devices to frequently call the mother ship. In this day and age, that's quite a challenge with iOS and Android sending information back into the cloud if the settings are left unchanged. So I was wondering how this data collection works in practice today and how much can be prevented from going out.

To have a closer look at what's going on I set-up a test environment with my Android 2.2 based phone connected to the Internet via Wi-Fi. The Wi-Fi access point was not directly connected to the Internet, however, but instead to the Ethernet port of a notebook that had Internet connection sharing enabled via its own Wi-Fi interface and a second Wi-Fi access point. This way, Wireshark can be used to trace the communication between the mobile device and the rest of the world. To see how Android interacts with Google and the rest of the world and how this can be scaled down I tested three scenarios:

A device fully configured with a Google account, but calendar and address book synchronization disabled. Most people won't even deactivate this synchronization but I figured that's where most people who prefer to keep their data to themselves would start.
As above but the Google account inaccessible due to a change of the password.
After a factory reset without a Google account configured.

Lets take a look at the first scenario:

When the device is switched on, the first thing it does is to connect to synchronize the clock with an NTP time server (north-america.pool.ntp.org). Next, it retrieves GPS ephemeris information (xtra1.gpsonextra.net). This is interesting since gpsonextra.net is a domain registed by Qualcomm (and not Google), the maker of the radio chipset of the device.

After that, the device registers with Google (android.clients.google.com). For the interchange of most information, SSL is used so it's not possible to see what kind of data is interchanged inside the encrypted channel.

If registration with Google was successful the device then registers with Google Talk (mtalk.google.com) as Google Talk starts automatically in the background. This even happens when I configure Google Talk not to log me in automatically. I should add that I never registered to use Google Talk so I guess that comes as part of the Android/Google account.

And finally, the device starts talking to another time synchronization service (time-nw.nist.gov). Since this doesn't happen when I set the date and time to be configured manually, this interaction is probably there to check and correct the Android date and time. Again, this is not a Google service, NIST is the National (US) Institute for Standards and Technology. From that I infer that the NTP interaction above might be for the Qualcomm GPS calibration and not for Android itself.

All these interactions take place in the first few seconds after Internet connectivity has been established. After that, the device remains quiet until an app is started that interacts with a server on the network.

I wasn't able to trace an interaction with the Google location server that is reported to scan for WiFi SSIDs and Cell-IDs on a regular basis if this is not disabled in the configuration. This is most likely because my setup was stationary so the device was not able to collect information.

Put together, there is quite some interaction going on with the default settings. As mentioned above, many things can be disabled in the configuration. In a follow-up post or two I'll have a look at what can be prevented from going out and how that limits the use of the device.

GSM, UMTS and LTE ARFCN Calculators

Just in case you every now and then come cross Absolute Radio Frequency Channel Numbers (ARFCNs) and can't tell just from looking at them which band and frequency they represent, here's some interactive help:

An ARFCN Calculator for GSM
And one for UMTS and LTE

Very helpful!

Android Programming – Part 3 – Things Put Into Practice

After the general introduction to the Eclipse programming environment in part 1 and the basic concepts of object orientation and how it is used in Android in part 2, this part now finally takes a look how the theory looks like in practice. The application I had in mind since the beginning of this series is about exploring the network information such as cell-ids, signal strength and other data that Android provides to apps via its Application Programming Interface (API). In the following I'll show an extract of the code. I'll publish the source of the full app once it's a bit more polished.

As described in the previous post, Android apps use an event driven execution approach. When the app is started by the user, Android loads the app into memory and then jumps to the "onCreate" method. The following code snippet shows the beginning of the onCreate method of my app.

    /* Called when the activity is first created. */
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);

        /* If saved variable exist from last run still exist, recover them */
        if (savedInstanceState != null) {
        […]
        }

As I want to do my own things when the app starts, the onCreate method is "overridden". This means that while the original input and output parameters of the method are used in my app so Android can call the method in a defined way, the code in the method itself is unique for my application. In some cases it makes sense to not only have individual functionality in overridden methods but to also execute the code of the original method. This is done in the first line of the method by calling "super.onCreate".

The onCreate method receives a parameter that references data that the app has saved while it was last executed. This way, the app can populate all necessary variables at startup so it can continue from its previous state as if nothing had happened. This is quite helpful as Android closes an app automatically for various reasons such as, for example, when the system runs out of memory. An app is also closed and then automatically reopened when the user rotates the device and the screen orientation changes, something that happens quite frequently. So in my app I use this reference to populate a number of variables, such as the number of cell and location area changes that have occurred before (not shown in the code snippet above).

Once the variables are initialized, my onCreate method puts a number of things in place to get access to the network information. What I am interested in are mainly the cell-id, the location area code, the signal strength and when one of these change. On a machine that only runs a single program, a loop could be used to periodically check if these parameters have changed and then display them on the screen. In practice, however, this would not work as Android is a multitasking operating system so a single program must not lock up the device by running in a loop. Therefore, apps are event driven, i.e. a handler method is called when something happens. The app then performs an action such as updating the display and then goes back to sleep until another event happens and the handler is called again. So the way to get to the network status information I am interested in and to be informed about changes is to create a listener class with listener methods that Android calls when certain cellular network events such as signal strength changes occur. This is done with the following code:

     /* Get a handle to the telephony manager service and install a listener */
     MyListener = new MyPhoneStateListener();
     Tel        = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
     Tel.listen(MyListener, PhoneStateListener.LISTEN_SIGNAL_STRENGTHS);

In the first line I instantiate an object from a class that I have defined further down in my app, the "MyPhoneStateListener" class. In the second line a reference is retrieved to the service object that manages the cellular network connectivity. In Android, this object is called the Telephony_Service, which is, from my point of view, a bit misleading. In the third line of the code, I then install my listener object as a listener of the telephony system service. This way, whenever the signal strength or other properties of the cellular network connectivity changes, the app is automatically notified and can then perform appropriate actions such as displaying the updated signal strength, cell-id and other information on the screen.

I'll describe the details on how that is done in the next post.

Facetime and Skype Video Quality

Today I read an article on the video quality of Facetime and Skype on an iPad2 here (sorry, article is in German). For both, the author came to the conclusion that the video quality is quite bad compared to Skype on a PC. So I wonder why this is so!? Perhaps it has something to do with the available processing power? I can observe similar things on my netbook where Skype video resolution and quality is far behind what I get on my fully-fledged notebook, despite the processor almost running at 100%. While things are probably not going to change on my Atom based netbook with a weak GPU, I wonder if the graphics GPUs built into mobile devices will be able to help in the near future with encoding and decoding the combined real time audio and video stream? I think it's quite an application. Let's see what Google has to say when they release their own video calling application on Android devices soon.

Taiwan Mobile RRC State Change Problems

While TMN doesn't let me use their 3G network with my German SIM card as reported in an earlier post, they do offer SIM cards for Internet access which are interesting for occasional use or travelers in the country for a couple of days. For the details on the offer see here. While the throughput in their network is quite o.k. and in the range of 3 MBit/s, their network has some compatibility issues with my 3G dongles.

I don't see such issues often anymore but TMN is one of those networks that still seem to have a strange RAN software version running that make my 3G dongles get stuck every now and then when an RRC state change occurs. Sometimes the connection recovers after a minute or so, sometimes I have to reset the connection entirely. The only thing that helps is a constant ping to keep the RRC connection in Cell-DCH.

TMN, you might want to run a compatibility check against some mainstream UMTS hardware not necessarily sold in Taiwan…

Programming Android – Part 2 – Objects and Handlers

After the general introduction to the programming environment used for Android App development, the second part of this series now focuses on two major concepts every Android App is based on. This is the basis for the details I’ll then describe about what my experimental app does and how.

The first concept of every Android App is that it is programmed in an object oriented language, namely Java. The core of object orientation can be described in two parts:

First, object orientation means that every line of code of an app is part of a class. On the highest level of abstraction, every app has at least one class and one method in the class that contains the code. This method is called when the app is started by the user. That method then creates what the user sees, i.e. it arranges text, buttons and other things on the display. If things start to get complicated a good approach is to put parts of the code into other methods which are then called by the main method. These methods then do their specific work and then return to the original method with a result that can be further processed.

The question that arises at this point is how Android knows which method to call when the App is launched. This can be answered by looking at the second idea of object orientation. Classes are a kind of blueprint if you will, and to make them come alive, they have to be instantiated. Think of the abstract term “car” as an example and what it represents. Your own (physical) car is an instantiation of the abstract term car. There can be several instances of a car, like for example, your car and my car. In object orientation, an instance is called an object. And to bring the three words together: An object is an instance of a class. What Android does with object orientation is describing the basic principles of how an app is supposed to work and defines the names and parameters of the methods that are called by the OS when specific things happen.

When the app is started, a specific method of an object is called. To make this approach useful the app uses the method definition, i.e. how the method looks to the outside but defines what is inside the method itself. This is called “overriding”. So if there are two apps running they both have the same method that is called by the OS when the app is launched. The content of that method, however, is defined by the programmer of each app.

The method that is called when the app is started is only one of many that are already contained in the basic app class and the application programmer is free to either use methods and variables as they are or override them and do their own things with it. What remains the same in all apps are the method names and the parameters the method exchanges with the external word. Thus, there is a uniform way for the OS to interact with an app as will be discussed in the next paragraph.

Object orientation is a means to an end. How the app interacts with the world is a different matter. For that purpose, the OS needs to provide an Application Programming Interface, an API. Apple’s iOS also offers an object oriented interface to programming but the API is quite different to that of Android. If you want to display an “OK” button on the screen for example, an object of the type “button” is instantiated from the button class. The text displayed on the button and many other things are then defined by the app by calling methods of that object that then do their job inside the class to bring the button to live.

The second major concept of Android app programming is call back methods. Whenever something happens that the app should become aware of, such as for example the user clicking on a button on the screen, the user pressing a hardware button, the app being sent to the background because the user starts another app, data arriving from the network for the app, etc., a callback method is called by the OS. But how can the OS know which method of the app to call? If the callback method is part of the general app class described above then there is nothing special to do because the callback methods are predefined and the programmer can simply override the existing methods for the different events. Most elements a user interacts with such as buttons for example are not part of the general Android app class. As described above, the user instantiates a button object from the button class and then the app object contains a button object. To be informed about the user clicking on the button, the programmer needs to define a method in the app class to receive the event. A reference to that method is then given to the button object. When the user then clicks on the button, the button object calls the given method.

Most apps that interact with the user are fully call-back controlled. When the app starts, everything is put on the screen and callback methods are put in place. Then, while nothing more happens for the moment, no further processing power is needed for the app and no code is executed. Only once the user interacts with the app by, for example, clicking on a button, a callback method is called. The callback method can then perform an action that is supposed to happen when the button is clicked, e.g. a calculation is made and an output is made to the screen, and then go back to sleep until a new event arrives.

And finally, in addition to call-back methods, an app can also spawn background threads for actions that are continuously performed without user interaction or for actions that take a long time to complete. A separate execution thread has to be used for this so the main thread with the callback methods can be called by the OS at any time the user interacts with the app.

There we go, so much for the theory. In part 3, I’ll put the stuff described above into practice.

Does The Verizon Thunderbolt Have A SIM Card?

The Verizon Thunderbolt manufactured by HTC is one of the early CDMA/LTE mobile devices on the market. An interesting question in this regard is whether it has a SIM card or not. Remember, CDMA devices usually do not have a SIM card. But LTE is a 3GPP technology just like GSM and UMTS where SIM cards are part of every device. So what about the Thunderbolt which includes both technology branches!? I would have speculated it doesn't have one. Why bother, Verizon has its own LTE band so the device will only run on Verizon's network!?

But strangely enough, the Thunderbolt does have a SIM card as shown in this Youtube video. While showing the SIM card the reviewer mentions that CDMA service is still available when the SIM card is removed. In other words, the SIM is only used for the LTE part of the device.

Very interesting indeed.

Fraudulent SSL Certificates And How To Protect Yourself (A Bit)

The Comodo SSL hack last month has shown quite dramatically that SSL is prone to man-in-the-middle attack if you live or use SSL protected websites and services in places that make it easy for attackers to spy-on and divert IP packets. The way the attack works is that the data traffic to an SSL protected site is redirected to another server that then poses as the original server by sending a fraudulent SSL certificate. Out of the box, web browsers today don't indicate this to the user if the fraudulent SSL certificate was issued by a trusted but compromised certificate authority. For the technical details, see the excellent article on Ars Technica.

So is there anything that can be done to protect yourself against it? Two things come to mind:

First, whenever in a non trusted part of the Internet, a VPN tunnel can be established to an endpoint that lies somewhere where a man-in-the-middle has no access to. Many VPNs use certificates, too but since they don't rely on certificate authorities, man-in-the-middle attacks with bogous certificates won't work. The only solution for an attacker is to block VPNs from being established, and that the user notices immediately.

The second way to detect against potential fraudulent SSL certificates is to be informed if a different certificate is presented to the web browser for a website than at a previous visit to the same site. There are valid reasons for this such as the old certificate being close to its expiry date but such certificate changes are very rate. The issue here is that web browsers do not show such a certificate change. For Firefox, however, there are add-ons that do just this. An easy and straight forward one is Certificate Patrol.

The problem with both solutions is that the ordinary user without a technical background is unlikely to use either one.

On mobile platforms, using a VPN is not quite as straight forward, as keep-alive packets will drain the battery very quickly. Let's at least hope Firefox mobile and other mobile browsers get a similar add-on soon. However, that still leaves data transfers vulnerable from other apps such as email programs that use SSL to potect SMTP, POP3 and IMAP connections as well as apps that use HTTPS for data exchange.

I agree with Ars Technica, the security architecture of the Internet needs a serious overhaul.