Packages

• F-Droid for open source package management
• K-9 for email
• Apollo for music
• Lighting browser
• OsmAnd for maps
• Signal for messaging
• Atomic for IRC

Rooting/Cyanogen

My directions were a little different from the instructions I found on the net. These directions are for the Nexus S hardware.

First install the Android SDK locally and add-on the fastboot command line tool (google for it).

Put the phone in bootloader and unlock it (deleting all data). Reboot normally and download the signed SuperUser and CyangoGen mod packages. Reboot into bootloader and flash the twrp-crespo-2.0.0RC0.img recovery mode image (mirrored on my static site). Use recovery mode to install SuperUser from the “Install” menu (could skip this step?). Then install the CyanogenMod package the same way.

Full disk encryption

Using a short pin or swipe pattern is generally reasonable on android devices to protect against many attacks because the unlock program will lock up after repeated incorrect attempts, making naive brute forcing impractical. The best technique for brute forcing is to take a full disk image and crack offline, in which case a short pin will be defeated trivially. Notably, off the shelf hardware seems to exist for dump images quickly and easily, eg at a border crossing. So there is a good motivation to have a stronger disk encryption password and a short (convenient) screen unlock pin.

The default policy in android 3.1 doesn’t allow this using the UI, but it can be done from the command line:

$ su -c "vdc cryptfs changepw <newpass>"

Reference

A full set of instructions for the Galaxy Nexus are here.