Ask HN: How to maintain an identical "hot standby" Android phone
I'd like to buy two identical devices (eg. latest Pixel) and set one up to mirror the other - so if I accidentally drop one down a volcano I can grab the other and keep on rolling.
I want to keep everything on my own infrastructure, without relying on Google backup or the like. Sync needn't be realtime, nightly is fine. The devices should be kept as similar as possible - settings, apps, data etc. I'll only use one at a time (one "master"). In a perfect world my service provider, appstore platform, app publishers, etc. wouldn't be able to tell the difference (although I realize that might be asking too much). I don't mind using an alternate flavour of Android if needed eg. LineageOS, GrapheneOS, etc.
Has anyone accomplished this and gotten it working smoothly in practice? Any tooling you can recommend to help?
27 comments
[ 3.5 ms ] story [ 73.6 ms ] threadI feel like this is better accomplished with a device snapshot-image that is regularly loaded onto a new device (daily? Hourly?)
Updating a device makes automation non trivial as you have to do something physical most likely and can’t just do it via API
You could even just skip acquiring the device until you need it given the idea that it may be years before you have this volcano situation. However that doesn’t meet your spec precicely
I would better define the idempotency interval you’re ok with losing data between and then using the method that updates the simplest at that frequency
Settings and some apps aside, I otherwise basically do this myself. I keep my last model phone as the fallback and use Syncthing to copy pictures, SMS and call log exports, TOTP exports, Signal backups, and any other useful files automatically to it. Contacts and everything else is cloud already. Would take about 10 minutes to reimport and start using.
With root, some app to do backups and restores of system/app data (which is why you'd need root), + syncthing, you can probably get 99% of the way there.
Buuuut... You now have the problems of root, which means a lot of apps won't work out of the box, you'll have to do some per app config to hide root/unlocked bootloader from them, and that's only getting harder.
So tl;dr don't use smart features, and only deal with syncing calls/sms/photos. The rest you do via the browser.
Devices are a bit more complicated then they were just a few years ago, a cryptographic salt is stored somewhere, and the trim area (TA) plays a role, so you would run into trouble simply writing (dd) the /data partition to your second phone, but all you really need to do is keep the /data partition and /sdcard synced. Surely a script leveraging the features of TWRP seems like it should just work though?
Cheers, lovely question! - threader
The advice would change if you’re domestic (staying in the same country as your service provider) or international. If you’re domestic then eSIM is the way to go here, you can have a new one issued and activated fairly quickly. If you’re international you can either move to a VOIP provider or use some service (like a Matrix bridge) to share SMS messages across. VOIP would be your only real option for calls as well - both phones would just be SIP trunks and can be hot swapped or used simultaneously.
Any application that stores any data in the Secure Element of the phone is, by design, not capable of being backed up, even with root. Examples include various bank apps that serve as 2-factor authenticators.
Without that, one of the possible solutions is to use NeoBackup on a rooted phone so it backs up everything daily to some external server on your infrastructure. It can be, for example, a NextCloud server.
This probably depends a lot on what bank app you have/use. My (large co.) bank app works perfectly fine across my pixel, iPhone and iPad. The “app data” isn’t replicated but since everything comes from the server it’s identical. I can verify and make transactions on either device.
Even 2fa apps like MS Authenticator allow you to use multiple devices by storing/syncing the seed via the cloud.
TBH the app doesn't do much. Open it -> see balance and charges and credit/debit etc.
Trigger opening it from payment portal -> "verify transaction with biometrics/PIN" -> confirm
Open the app the first time, accept the license, it contacts the server (anonymously, as it doesn't have any user data at this point) and establishes a random TOTP seed and a hex ID (which is an unchanging hex string visible in the UI along with the generated codes). There is no need to log in, and the app does not even have a login form. The bank has a database table that maps the hex ID to the corresponding TOTP seed. From that point on, the app never uses the network.
When you open the app the next time, it functions as a regular TOTP generator that keeps the seed in some protected area that cannot be backed up even if you have root (ignoring the license concerns) - except that you can't use the generated codes anywhere.
This also means that reinstalling the application, or installing it on a second phone, will result in a new ID and a new TOTP seed, so the two phones will have different hex IDs and different seeds, and thus will not agree on the codes generated.
To make the application useful, you need to physically go to the bank and present the running app together with your passport. They will inspect your phone for signs of rooting, dangerous settings or unwanted apps, associate the hex ID displayed by their app with your account (so that the generated TOTP codes start working on their online banking website), and disable the previous one (so you can't use two phones).
I still wonder if with something like a root hiding thing like grapheneOS’s software this could be “overcome”.
And yes, root hiding works on a test phone (which has a copy of the app not linked to my bank account), and the TOTP seed can be extracted from memory using Fridump and imported into a different app. But obviously, this won't pass the "manual inspection of the phone" step, because they will likely find the renamed Magisk app.
Out of curiosity, do open source phones like the Librem 5 or Pinephone Pro have a secure element and if so do they provide you with tools to provision and manage it yourself?
So all in TQQQ.
There have been calls to modify Seedvault to impersonate D2D transfer in order to bypass the restriction. Or I wonder if I can patch the OS to ignore/override that app manifest flag? (I gather some people are patching their APK's).
I wrote a little more about this here: https://news.ycombinator.com/item?id=37774254
There also was a free software used by phone repair shops that could clone the entire device... If I find out it's name again, I'm gonna post it here.
[1]: https://www.fjsoft.at/en/ [2]: https://github.com/immich-app/immich