How can you make stock Android as private as possible?
from unicornBro@sh.itjust.works to privacy@lemmy.ml on 09 Jul 00:53
https://sh.itjust.works/post/41806448
from unicornBro@sh.itjust.works to privacy@lemmy.ml on 09 Jul 00:53
https://sh.itjust.works/post/41806448
I know that stock Android itself is spyware.
What tips about setting up my stock Android phone would you give me? It’s not factory unlocked so I’m sticking with Google Android.
Things I’ve done:
- Stopped and disabled all apps that I don’t use or need.
- Replaced all apps that I can with FOSS alternatives from github using Obtainium.
- Not installed things that I can just check on my laptop like email.
Is there anything else that I can do? Thanks in advance
Edit I’ve also:
- Changed my DNS to Mullvad DNS
- Restricted app permissions to only what they need
- Not signed into the phone. I don’t even have Gmail account.
threaded - newest
So one of the gotchas about stopped/disabled apps is that other apps can still call and launch them. I frequently saw my apps pop back up even after being disabled, since I used SuperFreezZ to monitor them. f-droid.org/packages/superfreeze.tool.android/
The alternative to that would be an ADB disable. IIRC it takes the app away from userspace completely. It doesn’t touch the system-level though, so a factory reset will bring it back.
If you can’t handle setting up ADB and it’s hoops, there is an app combo that can set up a bridge and run the ADB disable for you: f-droid.org/en/…/io.github.samolego.canta/
This looks cool, but the dev seems pretty unavailable for updates for the past few years. Does the app still seem pretty solid in spite of that?
I assume you are using F-droid app manager, and also added IzzyonDroid repo to it? There you can get a lot of apps, like firewalls to block apps that call home when you don’t really use them. Replace most of your apps with open source alternatives from F-droid. Get an email hosting alternative that isn’t one of the big (spy, data mining) companies. Use decentralized privacy focused social media options. What type of phone manufacturer do you use and is it unlocked? You could use an android privacy rom like CalyxOS, that is what I use, completely de-googled, uses MicroG instead of Google Play services. A VPN would be my last option to add, especially when connecting to outside wifi.
With Shizuku and Canta, you can remove the spying system apps. You can break your phone though (fixable with a factory reset), so do be careful. If you want to play it safe, use the recommended list in Canta. These should be safe to remove.
Thanks for this
netGuard ☞ f-droid.org/packages/eu.faircode.netguard
And enable network filtering and set a good adblock hosts file.
I like NetGuard, but think that TrackerControl is a bit more privacy focused. It had tracker detection, includes a traffic log as a free feature (NG requires purchase), and a few of the other NG Pro features are implemented in TC as well. In the end having either is better than neither.
Depends on what you mean by stock android. Google’s phones does not come with stock android.
Rethink DNS is both a firewall app, and you can run a VPN at the same time using a wireguard configuration.
I use a VPN system wide, and for some apps like Fennec or a Torrent app (yes I torrent on my phone lol), I use a different wireguard config for each one of these apps. For the systemwide VPN, its using a server in my country, for individual apps, it goes to switzerland or iceland (So the IP used to check for system updates isn’t correlated to the IP used for everyday browsing, watch youtube videos, or torrenting). I block everything from internet access unless it needs internet to function, like a phone app for example (for VoLTE). Enable “block connections without VPN”.
Mullvad has the cheapest VPN at €5 Euro per month, and ProtonVPN have some free servers, but free servers have slower speeds.
Beware that a VPN doesn’t protect your privacy, it just changes who has access to your data.
Does from your ISP unless they do deep packet inspection and related techniques.
As I said, it doesn’t protect, it changes who can see the data.
Your ISP might not be able to see it, but your VPN provider will instead. VPN providers are hardly ever under any kind of regulation, except those run by secret services, of which there are many.
And there are more than enough VPNs that sell customer data while claiming to be amazing for your privacy.
I’'d argue changing who can see your data from either a large group to a smaller one or one you do trust vs one you do not trust precisely is protecting your privacy.
Also FWIW you can host your VPN, you do not have to rely on a commercial VPN provider.
It’s always astounding to me that people put more trust in an intangible rando from the internet than into organizations governed by law. Like those people who don’t accept mainstream medicine but eat random supplements they imported from India by the kilogram.
Sure you can. And where does that traffic go?
If you e.g. host a VPN in your home network and you connect to it from your phone, and then you use this connection to access the internet, then your traffic will just be visible to your home network’s ISP instead of your phone’s ISP.
No idea what your analogy about non conventional medicine is about. Feel free to explain.
Indeed, which is already what I mentioned, namely another group. It’s about the threat model namely if you trust one ISP more than another. I believe your understood that but chose not to acknowledge it and I’m not sure why but maybe it related to your analogy that I didn’t get.
Edit: if you and others are interested in the topic I recommend splintercon.net plenty of resources on the topic.
PS: FWIW I didn’t suggest VPN is the solution to all problems but they do alleviate some. The point is one must understand both how they work and their OWN threat model rather than an idealized one.
The analogy is that on the one hand you have a corporation where you know who they are, where you know which laws they are governed by, where you know how to file a privacy complaint, where you know who to sue in case something goes wrong. And you don’t trust them.
Instead you choose to trust some rando from the internet. Where anyone with a sane mind knows they will get screwed over.
If u use Mullvad, they have a feature called DAITA, it prevents traffic analysis while using VPN.
Thanks, for reference mullvad.net/en/vpn/daita but as it’s an arm race I wouldn’t assume it’s the perfect solution.
thenewoil.org/en/guides/…/mobile-settings/
Have you see the guy that runs the blogs? Look at the kind of earring he wears, man how is that even possible
F-Droid
I would note that the graphene os team has issues with F-Droid from memory, for security reasons. I use f-droid, but its best to be eyes open imo.
F-Droid is more secure.
I guess you mean whatever factory OS is installed on your phone. Nobody uses stock OS.
What phone do you use?
I’m lazy, bought my phone from Murena, they deGoogled it for me.
universal adb debloater and rethinkdns
You can’t. Some might say that the less adversaries monitor you the better. But you will never be private unless you ditch all the proprietary software and practice good opsec on the internet and in real life. Hate to break it to you, but privacy is fundamentally a binary thing: you are either spied upon or you are not, regardless if it’s one hundred companies or just one.