For myself, I had everything figured out - how the apps work and connected to the PLCs and internal building network using a dedicated WiFi access point and how exactly the tablet was configured from out of the retail box to the wall-mounted duty. I upgraded it to Android KitKat which seemed to speed it up a little but still I had to disable most apps to make it faster.

But I wanted to help out my neighbors, too and 2 years ago I decided to finally document and share my knowledge. The goal at first was to focus on getting the WiFi password which could enable us to add additional devices to control the smart home and replace the aging original tablets. Also consider that if accidentally pressing "Forget this network" would require a visit from the infrastructure technician to re-establish the connection! This has happened before because some were tempted to fiddle with it.

I had a few options to consider:

• Everyone could take their tablets out of the wall mount, connect it via USB and after flashing a custom recovery, flash an auto root tool and then extract the WiFi password using an app that reads the wpa_supplicant.conf file... This it too complicated for anyone but enthusiasts and could brick the only device in control of the smart home, so out of the question.
• I then explored the shady but apparently popular one-click-root apps distributed outside Google Play as risky APK downloads. They exploited known vulnerabilities to cover a wide list of devices and OS builds. However the x86 came out to bite me as no such app supported our tablet models and in any case, a complete root was overkill for what I was trying to achieve.
• I then focused exclusively on the WiFi credentials file access - /data/misc/wifi/wpa_supplicant.conf - I would develop my own app that only forced its way through the file permissions to read back the contents of this file and display the password to the end-user.