I know that stock Android itself is spyware.
What tips about setting up my stock Android phone would you give me? It’s not factory unlocked so I’m sticking with Google Android.
Things I’ve done:
- Stopped and disabled all apps that I don’t use or need.
- Replaced all apps that I can with FOSS alternatives from github using Obtainium.
- Not installed things that I can just check on my laptop like email.
Is there anything else that I can do? Thanks in advance
Edit I’ve also:
- Changed my DNS to Mullvad DNS
- Restricted app permissions to only what they need
- Not signed into the phone. I don’t even have Gmail account.
I assume you are using F-droid app manager, and also added IzzyonDroid repo to it? There you can get a lot of apps, like firewalls to block apps that call home when you don’t really use them. Replace most of your apps with open source alternatives from F-droid. Get an email hosting alternative that isn’t one of the big (spy, data mining) companies. Use decentralized privacy focused social media options. What type of phone manufacturer do you use and is it unlocked? You could use an android privacy rom like CalyxOS, that is what I use, completely de-googled, uses MicroG instead of Google Play services. A VPN would be my last option to add, especially when connecting to outside wifi.
With Shizuku and Canta, you can remove the spying system apps. You can break your phone though (fixable with a factory reset), so do be careful. If you want to play it safe, use the recommended list in Canta. These should be safe to remove.
Thanks for this
universal adb debloater and rethinkdns
F-Droid
I would note that the graphene os team has issues with F-Droid from memory, for security reasons. I use f-droid, but its best to be eyes open imo.
F-Droid is more secure.
Rethink DNS is both a firewall app, and you can run a VPN at the same time using a wireguard configuration.
I use a VPN system wide, and for some apps like Fennec or a Torrent app (yes I torrent on my phone lol), I use a different wireguard config for each one of these apps. For the systemwide VPN, its using a server in my country, for individual apps, it goes to switzerland or iceland (So the IP used to check for system updates isn’t correlated to the IP used for everyday browsing, watch youtube videos, or torrenting). I block everything from internet access unless it needs internet to function, like a phone app for example (for VoLTE). Enable “block connections without VPN”.
Mullvad has the cheapest VPN at €5 Euro per month, and ProtonVPN have some free servers, but free servers have slower speeds.
Beware that a VPN doesn’t protect your privacy, it just changes who has access to your data.
a VPN doesn’t protect your privacy
Does from your ISP unless they do deep packet inspection and related techniques.
If u use Mullvad, they have a feature called DAITA, it prevents traffic analysis while using VPN.
Mullvad, they have a feature called DAITA
Thanks, for reference https://mullvad.net/en/vpn/daita but as it’s an arm race I wouldn’t assume it’s the perfect solution.
As I said, it doesn’t protect, it changes who can see the data.
Your ISP might not be able to see it, but your VPN provider will instead. VPN providers are hardly ever under any kind of regulation, except those run by secret services, of which there are many.
And there are more than enough VPNs that sell customer data while claiming to be amazing for your privacy.
I’'d argue changing who can see your data from either a large group to a smaller one or one you do trust vs one you do not trust precisely is protecting your privacy.
Also FWIW you can host your VPN, you do not have to rely on a commercial VPN provider.
I’'d argue changing who can see your data from either a large group to a smaller one or one you do trust vs one you do not trust precisely is protecting your privacy.
It’s always astounding to me that people put more trust in an intangible rando from the internet than into organizations governed by law. Like those people who don’t accept mainstream medicine but eat random supplements they imported from India by the kilogram.
Also FWIW you can host your VPN, you do not have to rely on a commercial VPN provider.
Sure you can. And where does that traffic go?
If you e.g. host a VPN in your home network and you connect to it from your phone, and then you use this connection to access the internet, then your traffic will just be visible to your home network’s ISP instead of your phone’s ISP.
No idea what your analogy about non conventional medicine is about. Feel free to explain.
just be visible to your home network’s ISP instead of your phone’s ISP.
Indeed, which is already what I mentioned, namely another group. It’s about the threat model namely if you trust one ISP more than another. I believe your understood that but chose not to acknowledge it and I’m not sure why but maybe it related to your analogy that I didn’t get.
Edit: if you and others are interested in the topic I recommend https://splintercon.net/ plenty of resources on the topic.
PS: FWIW I didn’t suggest VPN is the solution to all problems but they do alleviate some. The point is one must understand both how they work and their OWN threat model rather than an idealized one.
The analogy is that on the one hand you have a corporation where you know who they are, where you know which laws they are governed by, where you know how to file a privacy complaint, where you know who to sue in case something goes wrong. And you don’t trust them.
Instead you choose to trust some rando from the internet. Where anyone with a sane mind knows they will get screwed over.
And enable network filtering and set a good adblock hosts file.
I like NetGuard, but think that TrackerControl is a bit more privacy focused. It had tracker detection, includes a traffic log as a free feature (NG requires purchase), and a few of the other NG Pro features are implemented in TC as well. In the end having either is better than neither.
So one of the gotchas about stopped/disabled apps is that other apps can still call and launch them. I frequently saw my apps pop back up even after being disabled, since I used SuperFreezZ to monitor them. https://f-droid.org/packages/superfreeze.tool.android/
The alternative to that would be an ADB disable. IIRC it takes the app away from userspace completely. It doesn’t touch the system-level though, so a factory reset will bring it back.
If you can’t handle setting up ADB and it’s hoops, there is an app combo that can set up a bridge and run the ADB disable for you: https://f-droid.org/en/packages/io.github.samolego.canta/
This looks cool, but the dev seems pretty unavailable for updates for the past few years. Does the app still seem pretty solid in spite of that?
Have you see the guy that runs the blogs? Look at the kind of earring he wears, man how is that even possible
I’m lazy, bought my phone from Murena, they deGoogled it for me.
Things I have done:
-install adguard and route all my traffic through it
- enable always on VPN and block connections without
-firewall all apps to block internet connection
-only allow apps the apps i want to use internet on
-replace everything I possibly can with FOSS software
-disable everything google and use helioboard as keyboard
-install shizuku and canta to debloat as much as I can
-route all traffic through orbot (except apps that require me to login)
This is probably overkill but that’s the best I could do on stock android 🤭
I guess you mean whatever factory OS is installed on your phone. Nobody uses stock OS.
What phone do you use?
You can’t. Some might say that the less adversaries monitor you the better. But you will never be private unless you ditch all the proprietary software and practice good opsec on the internet and in real life. Hate to break it to you, but privacy is fundamentally a binary thing: you are either spied upon or you are not, regardless if it’s one hundred companies or just one.
To the extent that you still need to use standard apps, consider disabling your advertising ID. EFF has a guide to this at https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now
This won’t stop google of course. You should probably also install a firewall, like other people here have suggested. And keep in mind, disabling features entirely is different from not using them. For example, if location services is turned off, then even google maps doesn’t know your location (in theory anyway), whereas if it is merely unused then google will still check periodically.
Depends on what you mean by stock android. Google’s phones do not come with stock android.
