When software updates go bad(ly)

I received an email overnight that has me re-evaluating what my smart phone will be. But the email also raised a number of other questions in my mind that are more diverse and apply to more than just the decision of what smart phone to upgrade to.

But first, here is the email, with the names changed to protect the guilty:

[Phone company], in their infinite-but-incompetent wisdom, pushed an OS upgrade to [their] Android [model] phones last night that wipes out your contact lists. Of course, [phone company]'s answer is to sync your contact with Google, which I do not do because I have numbers that have to be kept in confidence. This means that the last decade of contacts are gone and I now have to rebuild from scratch.

Clearly, we have all been there before. Some well intentioned software update has wiped out our critical data. It is one of the many reasons we all back up our data, especially our important, critical data. As an IT professional, I could say Too bad, you didn’t back up your data, tough luck. In fact I suspect that many of you are thinking exactly that and why does it matter. In fact, I think it does matter and in many ways that we as open source professionals need to be aware of.

Let me take you back to my article in May where I was discussing my thoughts on migrating to a new phone. One of my important issues was being able to load and back up my important contacts. And based on the email I guess I should add in a secure manner. I too have a number of phone numbers that should never see the outside world. These are not classified numbers, but they are numbers that are considered close hold – backdoor numbers, home numbers for people that would rather not just have anyone call them at home, numbers for access to certain facilities that the public in general just should not have. That sort of thing. So I can appreciate the idea of backing up to Google as being a bad idea. And I am sure I am not alone. Clearly, there has to be another way.

And this is the rub. As an IT professional, I am sure I can cobble up an alternative solution, but my friend is not. In fact, the phone in question is probably the most technologically advanced device they own. And in a number of cases, these devices are the most complicated devices that most people have in their possession and they are being marketed as a phone, rather than the computer they really are. Further, these devices are being marketed as an alternative to that other palm based computing device but with the Open Source moniker writ large across them – and poor PR will affect us, regardless of whether it is our fault or not.

But what really bothers me most is this happened at all. I would like to blame [phone company] for this but I have to wonder, in 2010, why we are still having OS updates that overwrite the data on the device? This is not 1990. We know how to update devices without overwriting personal data, every operating system today does it quite well. So what happened? Is this an Android issue? Or a [phone company issue]? I have not seen a wide spread hue and cry about Androids being overwritten, but if it only started last night, it might take a day or so for the yelling to start – we will have to keep an eye out.

The point here is this. There needs to be provided as a point-of-sale item a simple solution for (securely) backing up user data. There also needs to be a way of ensuring that code flashes do not destroy personal data and pressure needs to be brought to bear on the phone companies and other resellers to educate their customers that these are not your parent’s telephone. They are complex computing devices and need to be treated as such.

______________________

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Possibly "defective by design" ?

Laxator2's picture

All these "glitches" happen quite predictably in connection with recommendations from the phone company.

- Sync your contact list with Google ! (yes, they want your personal contacts)
- You did not ? Well, you list has been deleted. Next time, give then the list and you will be spared the pain.

You've missed the point, Android is about the cloud not privacy

Anonymous's picture

The whole point of Android is that it's a cloud device, Google created Android for the single purpose of giving them access to your private data. They offer a Faustian bargain which you can choose to accept or reject. If you are willing to sync your data with GMail you will be able to access it from any device you own, anytime, anywhere. It's also backed up and trivially and automatically restored in the event that something happens to one of your devices, for example your phone falls out of your pocket and gets smashed on the sidewalk, or a software update blows it away. In return for that service you agree to let Google hold on to the contents of your private life.

It's understandable if that's a bargain you don't want to make. If you are concerned about privacy you have a number of choices the first of which is to use some phone that syncs only with a local computer. If you want the benefits of the cloud without the privacy costs your solution is going to be more expensive and more complicated, you'll have to set up your own server or use your corporate server.

Using new programs

Anonymous's picture

Before using any new program, including programs on new devices, I look at the ways to save/import/export my data. No matter how fancy or pretty a device running a non-compliant program, I won't buy it. Read the device specifications online. From a store display, it is impossible to run backup tests on fake phones but then, this is a matter of life and death for your data. At purchase time, tell the store clerk that the phone you are interested in has to satisfy particular requirements (backup/import/export) and that if the phone doesn't cut it there won't be a sale.

In addition to all the apt

Anonymous's picture

In addition to all the apt comments about there being lots of non-web backup options out there, are you really that naïve?
Confidential PHONE numbers? You are joking aren't you? I recently saw an online version of a presentation: Privacy is Dead - Get over it.
http://video.google.com/videoplay?docid=3079242748023143842#
Anyone with either money or a lot of time and motivation can find out pretty much everything about you. It's scary and the person may not be posting lots of personal information on myspace but a good PI or law enforcement official can find out everything in a short amount of time. So can anyone who is really motivated. Get over it!

Standards needed

Bob Harvey's picture

My ipaq 6305 came with a splendid backup and restore utility that let me save everything - including contacts - to an SD card, and to selectively restore from backups. Splendid. Snag is, the next phones from HP did not include it and could not read it, and no desktop extraction tool was offered. Miserable.

What is needed is some standard file format for saving contacts lists, that all email systems, mobile phones, etc. use, to allow for archiving and transfer. For too long the phone companies have said "use outlook for that" or (now) "use google". No. I should be able to use a file system of my choice.

Come on community, make a standard. Come on ISO, mandate one. Come on GCF, require one.

Oh FFS!!!

Sandrino's picture

"I have numbers that have to be kept in confidence."
Whose numbers are these? Danny De Vito's? Madonna's?
Come On! Mobile numbers ARE the cloud! Phone companies manage them!

Who is he scared could find these numbers... his wife?
NSA & FBI & Co. should not have many problems with that.
If YOUR friends managed to get them......

Contacts backup on Android

Wolf Paul's picture

When you open the Contacts app and hit the menu button, one of the standard options is "Import/Export", and if you select that you get an option to export to SDCARD. Select that, confirm, and it will create a VCF file with all your contacts.

Don't blame your lack of familiarity on the OS or the phone company.

Wait, what?

Anonymous's picture

What am I missing here?...

Two minutes searching through my HTC android phone yielded the following highly technical solution to the 'problem' of backing up a contact list:

People > Menu > Import/Export > Export to SD card

Of course you can import from the SD card as well, and this applies to google accounts and the non-google internal contact list. It also means you can export from the internal (ptivate) contact list to a google account, or vice-versa, depending on how high the google evilness index is that particular week.

In short, there's no excuse for losing your contact list.

Regarding the issue of wiping your phone when a new ROM is installed, any decent upgrade process will save your settings, contacts, messages, etc... to the SD card prior to the upgrade. HTC phones do this, I'm assuming others do as well.

Interesting that they had

Adam Backstrom's picture

Interesting that they had (and then lost) ten years of contacts on a phone that's 1-2 years old.

lol

Anonymous's picture

lol

Not so LOL

Rick's picture

When I moved from a Palm to a Blackberry, I ported over 27 years' worth (yes, 27) of contacts, many imported into the Palm from an old Filemaker Pro database I maintained my contacts in before the days of cell phones and email. And some of those were from an older dBase III+ database.

It is possible.

But I kept backups, and I still have a mySQL database of all of those 'grandfathered' contacts, just in case. At least 30% of those people are dead, if not more, and half the companies are gone-gone-gone, but the historical info is sometimes helpful to know when a certain thing was, and where it came from.

I still work with a few people I have known since before personal computers existed. Life did not start when Android was released.

Also in defense of [Phone company]

someguy's picture

The end user refused to use the provided backup solution (gmail) but didn't bother to find a replacement? Using the same logic, I despise the oil companies so I'm not going to buy any more gas but I will continue to drive my car and see if it just continues to run......silly.

Google was very forthcoming as was Android market by searching for 'backup'. Sorry - no sympathy here.

Why I don't trust ANYTHING to the cloud!

Jimmy the Geek's picture

Cloud is such a buzzword for something that's always been around - the Internet. Stuff isn't magically stored in the ether, there's a hardware server on a hardware wire attached to an Internet Service Provider. The bottom line is, once your data has gone there, it is out of your hands and susceptible to the 'cloud' provider's security (or lack thereof).

As an IT professional, I can't let the responsibility I have to protect my company's data fall into the hands of some other company that may have actually outsourced this aspect of their business to another country to a firm that may have outsourced it even further!

Sorry, Google, but I don't trust you. You are looking quite megalomaniacal these days, and what I have on MY phone is MINE. Local backup is better, and I have a tough time believing that an Android phone doesn't have a memory card that can't be removed and the data pulled off in a card reader to a PC.

Are you sure?

mwallette's picture

I can accept at face value that a firmware/OS upgrade wiped your friend's data. That's not the way it *should* happen, but I can believe it nonetheless. And yes, the phone company certainly deserves some blame for rolling out an upgrade without warning customers that their contact lists would be overwritten (they did test it first, right? Right?) However, I am not entirely sure that the only way, as your friend claimed, to backup the contact list is through Google. Perhaps the phone company told him that, but on my Android phone (HTC Hero, firmware v. 1.5), there is also the "HTC Sync" software installed on the phone, and I've seen prompts to sync my contact list with Outlook. I don't use Outlook, and I don't use Windows (so the HTC Sync doesn't work -- go figure...a Windows-only app installed on a Linux-based smart phone, shrug) so in my case, Google may be the only back-up option. However, for the rank-and-file Android users, I kind of suspect this is a non-issue.

As an afterthought, is there an app in the Android Market to back-up contact lists to local PCs? I'll have to go look.

No backup abilites in a smartphone?

Zachs Kappler's picture

After owning a few older phones and yearning to upgrade to a Android hone, I find this problem really odd. Both Sony Ericsson phones I've owned could backup everything to a Micro Memory Stick card or use their free tool or open syncing ability to backup contacts and organizer data to my computer in some form.

A smart phone without backup tools is rather dumb, especially on a Linux powered phone like [Guy's phone here].

Also since it's Linux powered, WHY does it have to flash the entire memory for a upgrade? Many distributions can keep your data while upgrading (Debian based distros come to mind).

I hope this isn't all there is to the story, or I'm deeply unimpressed by Google...

Maybe it is intended to be

Anonymous's picture

Maybe it is intended to be that way so that you have to sync with the services provided :)

Oh, and a suggestion for your friend;

Rick's picture

They should be using a BlackBerry. Way it is.

But the user is responsible for their data...

Rick's picture

And we need to stop treating our smartphones like phones, and treat them like another computer. And treat our contact list, notes, etc as data to be secured by backup.

I've faced this repeatedly when my smartphone (similar to the one in the article) had to be 'wiped' to solve an issue. Three times. In one month. And there was actually no way to save some of the data at the time. I know better now.

Sadly, don't expect the [Phone Company] to install a backup system, though my [Phone Company] does offer me a tool to save my contacts out to their system. If your contacts are so precious they can't be saved out there in ANY cloud, reconsider your choice to do nothing. Please.

Happens with Windows Mobile 5 updates, too

Dan Scott's picture

There's a very clear warning in the docs for updating your Windows Mobile 5 device that you must back up your data via ActiveSync before flashing it, for good reason: it wipes anything that isn't stored on an external SD card. So it's not just Android.

If your friend has confidential contacts and therefore doesn't want to use the recommended approach for syncing contacts (Google in the case of out-of-the-box Android devices, ActiveSync in the case of Windows Mobile devices, I-know-not-what for Apple devices), then your friend is probably part of a minority of users and needs to invest in some alternative, secure solution for maintaining those contacts.

For what it's worth, I was insanely frustrated with various editions of "my parent's cellphone" (an assortment of Nokia candy bar devices and Samsung phones) because there was (at the time) no good way to sync contacts on those phones with anything useful on my computer. I bought weird USB cables and assorted software, but it all sucked. An "upgrade" in those days was to get a new phone, and "syncing contacts" was manually entering the data into the new phone while flipping through the contacts one-by-one on the old phone.

Not Surprising

Josh's picture

I have read about this elsewhere and it appears to be relatively common on some (older?) Android devices. The reason you probably haven't heard a big stink about it is because most Android users also use Gmail to sync contacts and other Google services. In my opinion, this type of data loss is unforgivable. Period. End of story. People pay for a good experience as much as they pay for good hardware, so the Android folks at Google need to do better.

Tough luck?

smotsie's picture

As someone who has just today bought a new Android based phone, I too am worried about the security of my data, and what happens when my particular phone company decides to push out an upgrade. In some ways I agree that the "tough luck" line is true, but it is also a quick way to lose friends! I tend to take a varying degree of responsibility for my family and friend's data - for my children, parents and wife it's up to me, relatives further out get advice and help, friends get advice, colleagues get laughed at (they're IT pro's too!)

Personally I think the most important thing is portability of data - that it is backed up in a way that it can be restored to a completely different type of phone / email client / contact manager / whatever. For me that means a CSV text file which is used as the master and regularly checked against my list of contacts in other systems.

Having said all that, I do think the phone company could have found some way to preserve their customer's data!

--
Smotsie
Dad.husband.linux-loving-geek.radio-presenter.eco-geek

In defense of [Phone company]

Sarr Blumson's picture

This scenario is recognizable enough to suspect that the company, OS and physical phone match the one in my pocket. In defense of [phone company] I'll say:

It was a major upgrade, Android 1.5 to 2.1.

You did have to explicitly accept the upgrade, after a (I thought) clear warning that it would erase contacts.

It did attack some issues with the contact manager that I found annoying, in ways that I would expect to change how contacts are stored.

As a software developer, I'd be afraid of trying to build an on the fly conversion that had to work perfectly on some enormous number of underpowered devices.

There are free backup tools easily available and [Phone Company} could have installed one, but which one? What mechanism would your friend trust?

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix