I know that stock Android itself is spyware.
What tips about setting up my stock Android phone would you give me? It’s not factory unlocked so I’m sticking with Google Android.
Things I’ve done:
- Stopped and disabled all apps that I don’t use or need.
- Replaced all apps that I can with FOSS alternatives from github using Obtainium.
- Not installed things that I can just check on my laptop like email.
Is there anything else that I can do? Thanks in advance
Edit I’ve also:
- Changed my DNS to Mullvad DNS
- Restricted app permissions to only what they need
- Not signed into the phone. I don’t even have Gmail account.
universal adb debloater and rethinkdns
F-Droid
I would note that the graphene os team has issues with F-Droid from memory, for security reasons. I use f-droid, but its best to be eyes open imo.
F-Droid is more secure.
I’m lazy, bought my phone from Murena, they deGoogled it for me.
Have you see the guy that runs the blogs? Look at the kind of earring he wears, man how is that even possible
Rethink DNS is both a firewall app, and you can run a VPN at the same time using a wireguard configuration.
I use a VPN system wide, and for some apps like Fennec or a Torrent app (yes I torrent on my phone lol), I use a different wireguard config for each one of these apps. For the systemwide VPN, its using a server in my country, for individual apps, it goes to switzerland or iceland (So the IP used to check for system updates isn’t correlated to the IP used for everyday browsing, watch youtube videos, or torrenting). I block everything from internet access unless it needs internet to function, like a phone app for example (for VoLTE). Enable “block connections without VPN”.
Mullvad has the cheapest VPN at €5 Euro per month, and ProtonVPN have some free servers, but free servers have slower speeds.
Beware that a VPN doesn’t protect your privacy, it just changes who has access to your data.
a VPN doesn’t protect your privacy
Does from your ISP unless they do deep packet inspection and related techniques.
As I said, it doesn’t protect, it changes who can see the data.
Your ISP might not be able to see it, but your VPN provider will instead. VPN providers are hardly ever under any kind of regulation, except those run by secret services, of which there are many.
And there are more than enough VPNs that sell customer data while claiming to be amazing for your privacy.
I’'d argue changing who can see your data from either a large group to a smaller one or one you do trust vs one you do not trust precisely is protecting your privacy.
Also FWIW you can host your VPN, you do not have to rely on a commercial VPN provider.
I guess you mean whatever factory OS is installed on your phone. Nobody uses stock OS.
What phone do you use?
I assume you are using F-droid app manager, and also added IzzyonDroid repo to it? There you can get a lot of apps, like firewalls to block apps that call home when you don’t really use them. Replace most of your apps with open source alternatives from F-droid. Get an email hosting alternative that isn’t one of the big (spy, data mining) companies. Use decentralized privacy focused social media options. What type of phone manufacturer do you use and is it unlocked? You could use an android privacy rom like CalyxOS, that is what I use, completely de-googled, uses MicroG instead of Google Play services. A VPN would be my last option to add, especially when connecting to outside wifi.
With Shizuku and Canta, you can remove the spying system apps. You can break your phone though (fixable with a factory reset), so do be careful. If you want to play it safe, use the recommended list in Canta. These should be safe to remove.
Thanks for this
I like NetGuard, but think that TrackerControl is a bit more privacy focused. It had tracker detection, includes a traffic log as a free feature (NG requires purchase), and a few of the other NG Pro features are implemented in TC as well. In the end having either is better than neither.
And enable network filtering and set a good adblock hosts file.
So one of the gotchas about stopped/disabled apps is that other apps can still call and launch them. I frequently saw my apps pop back up even after being disabled, since I used SuperFreezZ to monitor them. https://f-droid.org/packages/superfreeze.tool.android/
The alternative to that would be an ADB disable. IIRC it takes the app away from userspace completely. It doesn’t touch the system-level though, so a factory reset will bring it back.
If you can’t handle setting up ADB and it’s hoops, there is an app combo that can set up a bridge and run the ADB disable for you: https://f-droid.org/en/packages/io.github.samolego.canta/
This looks cool, but the dev seems pretty unavailable for updates for the past few years. Does the app still seem pretty solid in spite of that?
Depends on what you mean by stock android. Google’s phones do not come with stock android.