37
OTA and IMEI over HTTP

  1. b1nny
    Eclair Jul 13, 2016

    b1nny , Jul 13, 2016 :
    Awesome, glad it's working out for you! I'll keep an eye out for your app ;)
     

    #41
  2. arjanvlek
    Honeycomb Jul 13, 2016

    arjanvlek , Jul 13, 2016 :
    Yep, and if I write it the same as the Cyanogen one, we'll at least know it uses secure network connections :)

    ssl.png
     

    #42
  3. arjanvlek
    Honeycomb Jul 14, 2016

    arjanvlek , Jul 14, 2016 :
    By the way, the "type" field can be set to either 0 and 1. If it is set to 1, the response contains a full update package (suitable for any prior version) while setting "type" to 0 will return a patch package which only updates to the latest version (suitable only if the with the request supplied version is already installed on the phone).
     

    #43
    b1nny likes this.
  4. b1nny
    Eclair Jul 14, 2016

    b1nny , Jul 14, 2016 :
    Good find! That should help you out quite a bit with your update check application! :)
     

    #44
  5. arjanvlek
    Honeycomb Jul 22, 2016

    arjanvlek , Jul 22, 2016 :
    Is it normal that the Oxygen servers have very low download speed for the updates? It takes almost an hour to download an update file on a very fast connection!
     

    #45
  6. klutch
    Donut Jul 25, 2016

    klutch , Jul 25, 2016 :
    its upsetting that this thread is not gaining as much attention as the others.

    to those that are wondering why people are concern with the IMEI being transmitted in clear text, this is no different to screaming in loud speakers your social security numbers to your friend at a crowded place. you never know who's going to do what with these information.

    while the whole world is takings serious concern on cyber security, OnePlus seems to be lacking in this area..
     

    #46
  7. cssoz
    Honeycomb Jul 26, 2016


    #47
  8. superplus
    Head Moderator Head Moderator Jul 27, 2016

    superplus , Jul 27, 2016 :
    thanks, will pass it on
     

    #48
    runboy93 and cssoz like this.
  9. jak
    Ice Cream Sandwich Jul 27, 2016

    jak , Jul 27, 2016 :
    Lucky you. It took multiple hours for me, with speeds between 5 kbit/s and 120 kbit/s.
     

    #49
  10. arjanvlek
    Honeycomb Jul 27, 2016

    arjanvlek , Jul 27, 2016 :
    Yeah, the whole ota system is very crappy and slow. There is a lot of crap in the responses, like links to Chinese HTML pages, "share" text in Chinese etc. Not to mention it is very easy to generate either an empty response or an http 500 internal server error if manually sending requests to it.

    Cyanogen's server is much better, as it uses proper https, offers very fast downloads and returns all errors in json format. And it doesn't include crap in the responses!!!
     

    #50
  11. shamil
    Donut Jul 28, 2016

    shamil , Jul 28, 2016 :
    I wonder why they aren't stored on a CDN.. I mean, it can't be that expensive.

    That said, mine wasn't slow.
     

    #51
  12. b1nny
    Eclair Jul 28, 2016

    b1nny , Jul 28, 2016 :
    They have to cut costs somewhere. The OTA system is one of them, hence why they don't run their own infrastructure but hop on OPPO's.
     

    #52
  13. shamil
    Donut Jul 29, 2016

    shamil , Jul 29, 2016 :
    I thought as such, but I wonder how separate OP is from OPPO, to the point where they are sharing core information and infrastructure.
     

    #53
  14. Professorchaos1
    Honeycomb Jul 29, 2016

    Professorchaos1 , Jul 29, 2016 :
    I would assume similar to how any 100%-owned subsidiary operates...piggy backing for non-essential services.

    1. Shared Services are same (Accounting, Finance, possibly even CRM/ERP systems)
    2. Same IT systems and shared infrastructure and back-end
    3. Shared supply-chain contacts and manufacturing/packaging partners
    4. I think the main differentiation is that OP is much more global than OPPO (focusing mainly in China/APAC market.) Sales, marketing, analytics, design, OS/software development are probably all done in-house at OP.

    As an aside: notice the new OPPO F1s has the same spec fingerprint sensor and it looks like the exact same mould.

    As for DL speed for the OTA: mine was anywhere from 500KB/s-1.5MB/s. Not as fast as my 100MB/s connection...but respectable considering the heavy load the servers were under at the time of release for 3.2.2, and that's considering the servers are probably located half a world away in Shenzhen. My OTA of 3.2.1 was much faster at around 5-7MB/s back when it was released.
     

    #54
  15. b1nny
    Eclair Aug 26, 2016


    #55
    pastmann likes this.
  16. jakkipoika
    Gingerbread Sep 18, 2016

    jakkipoika , Sep 18, 2016 :
    You don't even have to pay for the cert, you can get them for free from https://letsencrypt.org/ (I use certbot).
    With OCSP stapling making the query via https doesn't even take a lot of time.

    When using HTTP to check for updates there is also a security bug: attacker can tell there are no updates, and NSA or whatever can keep on exploiting buggy device(s).
     

    #56
    Sp000n likes this.