Related
Hi,
Sometimes an app (.apk) is either simply not available through Google's store, or it might say "not compatible with your device", etc. There can be various reasons why a person might download a .apk from somewhere other than a "trusted" source.
If this was a file for my PC I could test it in a "sandbox", and I could scan it with both Microsoft Security Essentials and Malware Bytes Antimalware.
On my Android phone(s) I'm not aware of something like the "sandbox" option, and I don't really want to run an "antivirus" program on my phone. Is there an easy way to scan .apk files on the PC to see if they are rogue apps, might send SMS, "phone home", or otherwise mess with other applications or the system software installed on my phone?
Lets give another example: say I thought 15 minutes was not long enough to evaluate a relatively expensive Android game (it certainly isn't!) and I want to test it out first. Let's assume my only option in that case might be an illegally downloaded copy from unknown sources. Of course, we shouldn't do that. But if we did, how could we know if the file is safe and not risk installing some Chinese spyware?
About Android AV programs: anybody know how effective they are? Do some defend against "trojans" - I would think these days trojans are 99% of problems and viruses mostly a relic of the past?
My biggest concern is actually just unwanted crap that runs in the background which eats up battery, makes my phone warm (which I hate), or, perhaps even sends SMS message [this would be even worse because I don't have a text message plan].
EDIT: I see web pages with tiles like "new study finds Android antivirus apps not effective" and articles like this one: http://www.zdnet.com/blog/hardware/...bouncer-does-it-offer-enough-protection/17981
Do we have an easy way to boot Galaxy S3 off of "external" SDCARD instead of internal memory?
Search play store for avast antivirus, completely free, updates daily and works really well (firewall. Anti theft. And many more Features
sony xperia ray ics 4.0.4
stock rom unrooted
I found this website, maybe it can help someone.
h t t p://scan.netqin.com/en/
Maybe someone can post another one...
an easy way to check for safe apk
The easiest way to check for safe apk is to have one gmail account and another "whatever" email account. Then just send the apk from the gmail one to the second account, gmail always find viruses in any apk and stop the process to join the file (virus alert). Bad point is you are limited with the size of the file you wanna send.
Nowadays, even pc antiviruses can detect viruses in apks. I would rather not burden my phone with any android antivirus,since they are literally battery hogs.
sent using my HTC One S
Go here and upload the APK
http://anubis.iseclab.org/
Anubis is a service for analyzing malware.
Submit your Windows executable or Android APK and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL.
Andrubis executes Android apps in a sandbox and provides a detailed report on their behavior, including file access, network access, crypto operations, dynamic code loading and information leaks. In addition to the dynamic analysis in the sandbox, Andrubis also performs static analysis, yielding information on e.g. the app's activities, services, required external libraries and actually required permissions.
Found a good one too
apkscan.nviso.be - give it a try. Drag and drop - wait for the upload - than click SCAN . Wait for a few minutes. That`s all. Unlike ANUBIS it has a resolution at the end of the analysis . Usually helpful.
You can also email the file to [email protected] and it will email the report back in about ten minutes. Virustotal can display some interesting info, for example it said that Lucky Patcher is a "Potentially Infected Hosts File (v)", as reported by VIPRE and AVware.
Virustotal also has an official android app.
The Netqin scanner is also an android mobile app.
Late answer, sure, but I think ClamAV is what you want. You also want its bytecode signature file, and to speed things up, you only want that single file (speeds up things quite a bit).
It is the only offline apk scanner i know of, and as for its efficiency i cannot say, but it seems like it is what you are asking for.
An alternative would be to install something like BlueStacks and remap your "Windows shared folder" (through registry) to the folder you have your apk files in, and then run BitDefender on it. BD is by far the most pernickety AV app out there for Android.
I'll have to check out bitdefender (it's also included on virustotal.com)
apkscan.nviso.be seems to be pretty good at analyzing files for suspicious activity, and it also uploads the file to virustotal for you. Then you can copy the sha256 hash into the virustotal's search, to get all the gory details.
anubis.iseclab.org limits files to 8 megabytes.
Another way to avoid malware is:
when installing an update to an already-installed version of an application, it will 99% of the time prompt you to update an existing app. There's been rare instances where some apps do use a new digital signature (for example when spotify had a big security hole, and for awhile there were two apps by spotify in the app store).
One other way to tell, as a final check when launching the apk for installation on the phone: the icon will not have the right icon. I've installed apps before that I thought came from a trusted source, but the icon was not right. In fact, I was considering not posting this publically, so the "bad dudes" would not update their methods.
Another tool I found:
http://andrototal.org/
Although it might be a duplicate of virustotal.
nintendo1889 said:
Another tool I found:
http://andrototal.org/
Although it might be a duplicate of virustotal.
Click to expand...
Click to collapse
I just tried out this site. To me, it appears to be the most thorough virus testing site that I have seen. It takes some time for it to complete the scans. mainly because it scans the file with about 7 or 8 different scanning engines. Just just have to keep refreshing the page every few minutes to see if the results have updated.
I will be using this one as my go to site for apk scanning.
Just install it on the default emulator in the Android SDK
You can also install your apps on other emulator live bluestacks(best for games), jar of beans(best for rooted app) and windroy(the lightest)
Hit thanks if this helps
nintendo1889 said:
I'll have to check out bitdefender ...
Click to expand...
Click to collapse
Your signature photo ... awesome ... Bad Dudes
By using GDATA security , When you want to install an app the GDATA will scan it befor installing
Sent from my LG-D855 using Tapatalk
Use google scanning service VirusTotal to scan any app, secondly always use secure source. There are many well reputed apk sites but I personally use apklink.com , on this site required apk file is just a click away and its quite easy as well...
be safe & secure
This threads out of date, but it has me thinking I want to use something as mentioned in several replies to OP.
Are there any sites, or apps that can warn me if an .apk (for example) has malware etc.?
Thanks in advance for any help, including a link to another discussion that may have my answer
denise1952 said:
This threads out of date, but it has me thinking I want to use something as mentioned in several replies to OP.
Are there any sites, or apps that can warn me if an .apk (for example) has malware etc.?
Thanks in advance for any help, including a link to another discussion that may have my answer
Click to expand...
Click to collapse
Malwarebytes can detect malware.
Sent from my LGL84VL using Tapatalk
I tried this site and I like it because it goes into a lot of detail after analyzing and sends me a report in email. It was mentioned, and it is still available to use: https://apkscan.nviso.be/
Thank you for the heads up on MB, I use that on my PC and works great
You can use virustotal.
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Kblavkalash said:
Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Kblavkalash said:
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
edit
MichaelTunnell said:
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Click to expand...
Click to collapse
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Security Apps
Hi,
in my eyes the best way is to use programs like PDroid. You cann adjist the rights of every App regarding send SMS for example.
LBE Privacy Guard may be also an Option. (runs not on my Device - SGS+)
(i use Pdroid 2.0)
you should also read the comments in the store, and the needed rights from the app before install. The best Apps to trust are open source apps.
Kblavkalash said:
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Click to expand...
Click to collapse
Research generally involves a Google search...
Editor's Choice in the market are safe bets, you know, the blue icon.
But then there are the millions of other apps, and frankly, I tend to toe the app name plus xda for instance, Google will show you xda threads about the app, if the posts are normal, you can be sure it's not malicious.
Stuff like that...
Also, fake market comments are really easy to spot and are a dead giveaway
Sent from my GT-I9000 using xda premium
"Hello Android buddies!". Sounds really cool, right??
Obviously, Android has created a new revolution in the mobile world because of its Open Source features. Though it is Open Source, we can see lot of advantages and disadvantages. I've seen many geeks in android also lot more noobs. More than 1 Billion android users are there in this world and the count is getting increased day by day. Even now many users are reading this blog in your android phones. If so, a Happy news in waiting for you guys.
We are spending huge bucks in buying a Android device but How you feel when it got stolen are Misplaced somewhere? Don't worry guys, you are at right place. Yeah, here we gonna see how to secure your device from thieves hand also how to track it effectively. You know what the word "Effectively" means and you really agree it once you are done with this cool method.
For Android geeks - Best method to track/protect your droid (Rooted devices)
For Noobs - Sorry for you guys, small loop hole is there (NON Rooted devices)
Before we customize our device for tracking, lets consider what a thief will do if he/she steals your mobile.
Power Off your mobile to prevent getting calls and sms or simply to get off from tracking.
If lockscreen protection is enabled, he/she tries to remove the phone battery (in case of removable battery mobiles).
Remove SIM card from your mobile. At this point all users will lose their hope in getting their mobile back.
Factory reset your mobile.
If he/she is a geeky, flashing new ROM is also possible(bit funny but its fact).
To overcome all these darkest part, we gonna use 3 different apps in our process.
STEP 1:
Enable Password protected lock-screen from settings and I hope all users know how to do it. Now your droid's data is protected securely.
STEP 2:
Install Smart Lockscreen protector app from Playstore and ON the Enable Lockscreen option under Power menu settings.
Now this app won't let you to Power Off your mobile from Lockscreen. Its one of the best app for devices with non-removable battery. Problem 1 is solved.
STEP 3:
Install AutomateIT app from Playstore or spend few bucks on AutomateIT PRO which unlocks all features. This app allows user to enable Data/WIFI/GPS using SMS commands. For devices running android version prior to GingerBread 2.3, GPS can be enabled by any third party apps however devices above GB 2.3, Google has blocked the access hence ROOT permission is required to enable this feature. Sorry for the users with non-rooted droids. Check the picture to create trigger and action if you are using the app for the first time. To enable the "Composite Action" in the Action column, you need to unlock the feature at the bottom of the list which asks you to create account. Just Go ahead.
Once you are done with the configuration, test it by sending the sms with specified format gpson from another number and see what happens. You'll receive an acknowledgment sms that the config has been applied and all the options which you've specified are enabled. So if you come to know that your mobile has been stolen, this sms commands let you to activate GPS remotely and we can track effectively compared to Network location. Big thanks to the developer of this awesome app.
STEP 4:
Now we are going to use 2 different steps to track the devices running android version 2.2 and above.
Using Android Device Manger
Using Cerberus Antitheft app
Android Device Manger:
Thanks to Google for allowing us to track our device associated with the Gmail account. To locate your device in ADM, you need to apply some settings. Open Google Settings app and enable the options in picture.
Goto Settings->Security->Phone administrator and Enable Android Device Manger. Now open Android Device Manager from the browser and you can track the device, also it allows you to remotely lock and wipe user data.
Though ADM allows you to locate your device, the features are very limited and I hope Google will update more features in near future.
Cerberus Anti-theft:
I'm sure you guys will surely attracted by this awesome app. Many have heard about this app but still I need to explain its features here but sadly I don't have time for it. Hope you know what I mean. It has hell lot of features which allows user to get device info remotely, call logs, sms logs, Send sms to specified number about the SIM change which is one of the best feature which solves problem 3.
Install Cerberus Antitheft app from Playstore. You'll get one week trail period after that you need to buy license to continue the service and its worth spending few bucks on this app. First installation allows you to create User account and enable the following options
You can register 3 mobile numbers to receive notification about the SIM change. Login to the Cerberus site and there you can see all the features provided by this app and I'm damn sure that you can surely locate your device using any one of the features.
STEP 5:
Catch the thief and show who you are..!! :good:
DEVICE NOW SECURED
Even though we considered so many things in mind to protect our device, you must be very careful from looters. I can't guarantee that this method will work 100% but surely I'll give 95% to rooted mobile and 90% to others. Also keep in mind that you've limited time period to track & recover your mobile as it decreases along with the device battery percentage.
Found this thread useful..??...Rate & Hit Thanks...:good:
Visit My Blog too..
Reserved for future....!!
****deleted****
Using XPRIVACY*****won't be adding any more stuff to this guide for a while. will continue this when i have enough free time*******
XPRIVACY is undoubtedly the best privacy app out there. Its because of the options it supports almost all the android versions.
But it is not as easy to understand as App Ops or Pdroid privacy guard. Thats why inspite of my many attempts to use it, i gave up after few hours or days and switched back to App Ops.
It has come along way from when i made those attempts, it has become more user friendly and interactive but so many options which is its biggest plus point, also makes it hard for new users to switch from other privacy app to XPRIVACY.
I recently made a small guide about HOW TO USE APP OPS MORE EFFECTIVELY.
So the next obvious step was GUIDE on XPRIVACY. i have been putting it off from many days but now no more will add more videos whenever i can but its about time i that i finally get started with it.
I hope this guide will help my fellow XDA members to make the required switch or to introduce them to the world of XPRIVACY
Installation instruction, minimum requirements and other usefull stuff can be found at the official thread of XPRIVACY
What this Guide is ABOUT???
>This guide is for NOOB users, so that they can understand how to use XPRIVACY. Also as i ahven't purchased the PRO version yet this huide will only cover functions of FREE version. I will be buying the PRO version soon and then it will cover use of PRO features as well
>I will try to explain different restriction using different apps.
>Examples will be video of the app with and without those restrictions and the effect that those restriction will have on that app
>NOTE 1 - this is not full blown guide and it is just to get you started. However it can turn into full blown guide depending on the inputs from various users and also after a certain time as i get better in using this app.
>Note 2: Differnet categories are explained using different app. Most of the times category name will be used as heading as you can see in 3rd point, but at some places where permissions like location, contacts , clipboard etc are explained i will use these words only as these words will result in easier understanding.
> More and more videos will be added as i find the appropriate app and a way to demonstrate the use of a particular permission using that app.
LETS STARTYoutube playlist link
1) Faking or restriction location
I am pretty sure this is going to be very useful to many people for playing location based games or to become mayor of certain place in foursquare and i am sure you can think of using it in many other apps.
Please note that you cannot fake location for some apps like google maps and facebook. these are the only two apps that i know of. you cannot fake location for these two apps but you can restrict it.
Also as you can see in the video you will be able to fake location in foursquare but when you will try to access google maps view from inside Foursqaure app you will get no location. But still you can check in and get suggestion from foursquare based on your fake location. default fake location is CHRISTMAS ISLAND. but you can change it through XPRIVACY(which is covered in the video).
2) Blocking access to the different accounts configured in your device
For this i have used Chrome beta as you can see in the video that blocking the account permissions will result in chrome not seeing the different google accounts that are present on my device. Thus i am unable to sign in chrome beta to sync my bookmarks and other stuff.
You can use this to block access from those app which try to gain access to the different accounts configured in your device.
Note: if you block access to 9gag, Ifunny etc apps like these for which you sign in using your configured google account. You wont be able to sign in those apps as these apps won't be able to see the configured account.
Although if a you sign in using username or email id which you use only for that particular app. You can block restrict this permission as it will have no negative effect on that app behaviour
3) Xprivacy Category - View Browser
For explaining what this permission does i have used DIGG app. This permission will restrict app from opening external links. or more precisely hyperlinks from withing app. If this permission is restricted you will be displayed warning from xprivacy when you try to open any link from withing the app(shown in the video).
4) More Videos to come soon..........
More videos to be added whenever i can find time and based on users input. I am also a beginner when it comes to XPRIVACY so be patient with me and if you have any ideas to make this thread better please do share it with us.
Once you have enough understanding to use Xprivacy on daily basis you can head over to XPRIVACY thread and post you advanced question there.
Currently i have some personal stuff to take care of so updating this thread is on hold. Will update it with more videos as soon as i can. I have made the videos just need to edit them and upload.
Reserved
reserved
Other Useful threads by Me
[GUIDE] Using Apps Ops (or Privacy Guard) 4 blocking wakelocks & saving battery
[App] Samachar - Indian News app and more
thanks
thanks for this helpful tutorial.
can u please tell me if I could use xprivacy to block adds on apps , cheers
drreality said:
thanks for this helpful tutorial.
can u please tell me if I could use xprivacy to block adds on apps , cheers
Click to expand...
Click to collapse
You can block internet permission. That will block ads but that can also make app useless if it needs internet to function.
Why don't you use adaway or adblock pro to block ads?
I know this is a dumb question but I've been using Xprivacy for a few years now and I never could figure out what the two boxes to the right of the application names are for. I believe one is for restrict and one is for allow? If someone could let me know which each of those boxes means it would be much appreciated.
Good question. The two-column system is a later addition to xprivacy and many of the newbie tutorials don't cover it.
Let's take a simple example like location.
For starters, let's say the second column is unchecked. This is the easiest situation to understand. Then what happens depends on the first column.
The first column -- if it's checked then xprivacy will always deny access to location and will instead feed the app fake information as set up in the xprivacy settings.
If however the first column is unchecked then the app will be able to get to your actual location.
This is what you want with an app where the answer to "can it use this permission?" is always the same (either "always" or "never"). Second column unchecked, first column choice telling the app yes or no.
The second column controls the pop-ups that you see with xprivacy. If the second column is checked then you'll get a pop-up asking whether to allow the app the permission or not (whether or not the first column is checked).
There are four choices -- "allow", "deny", "don't know", and "oops I timed out".
"oops I timed out" will give the app whatever the answer in the first column is. You can tell what the first column is because the app says "Timeout will: allow/deny" depending on whether the first column is unchecked/checked.
If you click "allow" in the pop-up then xprivacy unchecks the second column in its settings, unchecks the first, and gives the app access to your true location. The popup will then not appear again unless you recheck the second column in the xprivacy settings.
If you click "deny" then xprivacy unchecks the second column, checks the first column and feeds the app fake location. Again you'll not see the popup again.
If you click "Don't know" then I *think* xprivacy denies access (whether or not the first column is unchecked) and leaves the second column checked, so it will ask again the next time.
How did I find this out? Well I didn't read it from a FAQ! I just downloaded xprivacy yesterday and I found it incredibly difficult to work out from scratch. In the end I just downloaded an app which prints out your gps location and nothing else, and I just experimented with it. The above is a report on my conclusions. I hope it helps other people because it is the post which I wish I could have read this time yesterday.
Note that other permissions might work slightly differently. For example it is not really possible to feed an app fake internet information, as this would require carrying around a fake internet on your phone. You can get a quick idea about what data can be faked by looking at the xprivacy settings. For example, you can fake your phone number and your MAC address. But as I've said you can't fake your internet and you can't fake your storage either -- which is quite a good idea because if you pretend to let an app write to your SD card and then pretend to let it read it and it can't find what it just wrote, this is bound to lead to trouble, probably more trouble than if you'd just denied it access in the first place.
Nice tutorial
@yannick.12
Many many thanks for you're well explained tutorial.
This is was definitley needed because is still (incredibly) very hard to find out some good guide out there, expecially for the "second column" options, as you mentioned.
Thank you, again my friend :good:
I got also another question (if someone knonw the answer) about the "shared rules". I mean, if I download the rules for some app, from the XPrivacy server, it's supposed to be the settings that someone has configure, ok. But what if I send my rules and, later in time, I download it again for that app? I got my rules (the rules that I uploaded before) or I got the " common" rules setted shared by the XPrivacy?
Sent from my Xperia E4g using XDA-Developers mobile app
Is it possible for xPrivacy to allow app's permission? I'm using a phone that runs android 5.1.1 and some apps just don't ask for permissions which makes it impossible for me to access storages. It will only respond that app has no permission to write over storages which makes the app not functional.
rUx_Gaming said:
Is it possible for xPrivacy to allow app's permission? I'm using a phone that runs android 5.1.1 and some apps just don't ask for permissions which makes it impossible for me to access storages. It will only respond that app has no permission to write over storages which makes the app not functional.
Click to expand...
Click to collapse
Won't work like that.... And that issue is still there.. Even with pie... App's developer fault..
Sent from my Redmi Note 5 Pro using Tapatalk
Kapiljhajhria said:
Won't work like that.... And that issue is still there.. Even with pie... App's developer fault..
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
Thanks for info. Is there any possible workaround for this other than contacting the devs to fix storage permission issue?
rUx_Gaming said:
Thanks for info. Is there any possible workaround for this other than contacting the devs to fix storage permission issue?
Click to expand...
Click to collapse
No, give permission manually from app info
Sent from my Redmi Note 5 Pro using Tapatalk
Kapiljhajhria said:
No, give permission manually from app info
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
I guess there'snothing I can do other than look for an alternative app, android 5.1.1 won't let you edit app permission.
rUx_Gaming said:
I guess there'snothing I can do other than look for an alternative app, android 5.1.1 won't let you edit app permission.
Click to expand...
Click to collapse
I mean give app permission from app's info. I think u can do that... Dont remember 5.1.1 interface now but it should be possible
Sent from my Redmi Note 5 Pro using Tapatalk
Kapiljhajhria said:
I mean give app permission from app's info. I think u can do that... Dont remember 5.1.1 interface now but it should be possible
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
My phone doesn't seem so. Here's how it looks like in the app settings.
Situation:
I have somewhat of a "love-REALLY HATE" relationship with Google apps and ecosystem.
On one hand, they are great at what they do.
On the other, it's like having a spy satellite overhead, given how much telemetry it does.
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
What I've done so far:
My current way-to-go method involves installing RethinkDNS+firewall, then blocking every single one of google apps including Gboard. It sort-of works, but very inconvenient, as I have to manually enable internet access for a particular app and/or service when needed. I also tried edXposed's XluaPrivacy module to cut off access to certain permissions. Again, cumbersome.
After going through F-Droid, I found an app called "Insular", that claims being able to put all of the "big brother" apps (such as Gapps) behind an isolated sandbox, a digital gulag of sorts.
Thanks for the pointer to Insular whose advertising on F-Droid says:
Insular is a FLOSS fork of Island.
With Insular, you can:
Isolate your Big Brother apps
Clone and run multiple accounts simutaniuosly
Freeze or archive apps and prevent any background behaviors
Unfreeze apps on-demand with home screen shortcuts
Re-freeze marked apps with one tap
Hide apps
Selectively enable (or disable) VPN for different group of apps
Prohibit USB access to mitigate attacks with physical access
Click to expand...
Click to collapse
Based on that, I suspect this XDA thread about "Island" may be useful.
[APP][5.0+][BETA] Island - app freezing, privacy protection, parallel accounts
"Island" is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data is still accessible (SMS, IMEI and etc).
Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked.
Click to expand...
Click to collapse
Totesnochill said:
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
Click to expand...
Click to collapse
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
I don't have a contacts.db sqlite database for that reason too, so my favorite communication apps are all designed to store their own contacts db internally to the app itself.
I replace Google apps with FOSS equivalents such as NewPipe (or, more recently, Vanced YouTube) for example.
And I spoof my GPS location by default (using Lexa Fake GPS, for example).
Of course, given I don't have a Google Account on my phone, I use the Aurora Store instead of the Google Play Store. Of course, I strive for apps that don't require Google Framework Services (GSF) which Aurora neatly filters out for us.
Since I'm not rooted, I can't delete Google Play Store, but I can disable it, which is almost as good.
And, I use privacy-aware apps for my messenger, calendar, contacts, and dialer apps (many of which come from Simple Mobile Tools' suite which are available on F-Droid).
To keep my WiFi SSID/BSSID/GPS/Strength/etc. out of the hands of Google (& Mozilla and Kismet and Wigle, etc.), I add "_nomap" to the SSID and I turn off the SOHO router SSID broadcast (which "hinders" most cellphones from uploading my BSSID information to Google public servers); but then I have to also turn off "AutoReconnect" on Android 12 and also I have the Developer Options set in Android 12 to randomize the MAC address on EACH connection; however that means I need to set any "static" connections on my LAN from the phone and not with address reservation on the router (which typically utilizes the MAC address).
And it's not just Google we need to keep our data out of their hands, as I even use WhatsApp privacy aware tools such as the WhatsApp dialer and WhatsApp Click to Chat mechanisms (to keep my contacts out of Facebook's hands too).
For offline maps, I use a quick web browser lookup on a privacy browser (such as Tor or Epic or Opera), since the Google address lookup is still the best in the world... (which is the love/hate relationship, right?)... and then I paste the GPS coordinates that the privacy browser found on the maps.google.com web site into a local routing application (such as a shortcut to a browser to google maps on the phone or better yet, to a dedicated offline map program such as OSM And~), and even traffic can be gotten without Google (e.g., Sigalert & 511 apps).
I used to reset the Advertising ID with a homescreen shortcut that could be activated from Windows via a batch file over Wi-Fi, but now with Android 12 we can wipe out the Advertising ID altogether (i.e., reset it to all zeroes). However, I still periodically change my GSF ID and other supposedly unique identifiers.
I'm still trying to figure out the implication of "trackers", so if anyone has more information about them, please advise.
Off hand there must be scores more things I do for privacy, where we probably should have a main thread on this site of all the myriad things people can do to increase their privacy on Android (some of which I've screenshotted for you below).
GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Thanks heaps for the very in-depth response. Really opens up on a lot of things I wasnt aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Are there any guides where I can do some reading on the concepts and techniques you've described? Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Also, what are your thoughts on MIcroG?
Totesnochill said:
Thanks heaps for the very in-depth response.
Click to expand...
Click to collapse
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
For example, when I mentioned I spoof my GPS, I looked up the app I used and linked to it so that you wouldn't have to test a score of apps like I did to find the best one.
Totesnochill said:
Really opens up on a lot of things I wasn't aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Click to expand...
Click to collapse
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
A lot of the protection is to protect ourselves from others who don't know how to configure their phone, so they are uploading our private information (like our contacts and home locations) to Google databases.
For example, the typical Android phone when it drives by your front door uploads to google your exact location, your signal strength, your unique BSSID and your SSID... where you'll note in my response above I had to do a half dozen things on my phone and router to prevent that from happening (i.e., just adding "_nomap" doesn't work but most people don't realize that because they don't think about it).
Totesnochill said:
Are there any guides where I can do some reading on the concepts and techniques you've described?
Click to expand...
Click to collapse
I'm sure there are plenty.
But I have been in MANY situations where there are none.
Take, for example, changing the GSFID... almost nowhere on the net is that described how to do it. Almost nobody does it, but it can be done if you know how.
I really should write a set of privacy tutorials so that everyone can do it but I have to find the time, and this web site doesn't like text tutorials I found out recently. So they make it a PITA in the end to help people. Sigh.
Totesnochill said:
Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Click to expand...
Click to collapse
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Now that you don't have a contacts.db sqlite database, you need to find the contacts and dialer and mms/sms apps that can suck in their own contacts.vcf file, which I pointed you to in the Simple Mobile Tools suite.
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that. Once you turn that on, you can just select the mock location app of your choice (where I suggested one above which isn't perfect but none of them are).
That particular app moves your location every few feet and it gets the altitude and it can easily be stopped and started, etc., but I'd like it if it didn't move just "west by 10 feet every minute" but instead if it would follow a pre-determined route that I could give it. So they need a lot more work to be as good as we'd like them to be.
For What'sApp privacy, look at the two apps I linked to in the prior post as they don't need the contacts.sqlite database to work.
Your WhatsApp should only have an icon in your folders for the people you contact and nothing else, IMHO. That's the best privacy you can get, although WhatsApp does decent hashing on the contacts file when it uploads it to their servers - but still - why give them your entire contacts when you only contact 10 people (or whatever) on WhatsApp. Right?
Totesnochill said:
Also, what are your thoughts on MIcroG?
Click to expand...
Click to collapse
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Especially if almost nobody reads these threads.
GalaxyA325G said:
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
Thank you for doing God's work out there. Ethics like these are what creates the content that keeps the internet from becoming a dumpster fire otherwise. Tutorials and explanations that come from the fellow users are THE best and usually directly on-point.
When I was just starting setting up Linux environment, I wrote "how-to notes" on every successful step. At first it was more like the "sticky notes" to help me remember, but eventually (as the list grew) I started writing these tips in a way as if they were to be read by someone with little background in the subject. What used to be the "Linux notes" file became 10563 lines monstrosity now... So every time I need to answer someone's question I just copypaste from this file.
GalaxyA325G said:
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
Click to expand...
Click to collapse
Absolutely. I've spent about 2 weeks tweaking my new phone (Nokia X6), trying out different roms/recoveries and app setups. Pissed off a bunch of people in the process - most wouldn't understand that I'm setting up a system to last another 7 years, just like my previous phone (Galaxy Gprime). Not to mention that with the amount of sensitive info on the phone, security and privacy are a legit concern, and worth learning about just how one learns to install and use the lock on the front doors.
Phones became disposable both in software and hardware, and so have the general attitude towards the devices.
My final setup became AOSP PixelPlusUI Rom (comes with about openGapps nano worth of Google stuff) with most other stock apps (contacts , dialer, keyboards, msg etc) removed via ADB and replaced with F-Droid alternatives.
I've also used Rethink DNS with whitelist set up/AppInspector to put Google in the Goolag - no internet access for anything google-related at all times. So far my phone has 253 apps blocked (including almost all of the system apps). Surprisingly, all of the necessary apps off google play store (Whatsapp, FB messenger) still function well. Whenever I need a particular Gservice (like a translator), I just enable access for that (and only that) until I dont need it anymore.
GalaxyA325G said:
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Click to expand...
Click to collapse
Thanks! I'm not sure why the links didnt show up at first. I'll give this a look. I've been using "simple mobile tools" for quite a while, and I must say I like how they are completely autonomous and transparent about what prems they need and why.
GalaxyA325G said:
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that.
Click to expand...
Click to collapse
I definitely saw the option in the dev settings, but didnt experiment with it. Well, now I know, thanks!
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
I will give microG a try (in a form of LineageOS for MicroG). In fact I did install this rom before but I was a bit confused about what it did and assumed that it is a regular LinOS repack with Gplay store and apps built-in. Time to test again.
Especially if almost nobody reads these threads.
Click to expand...
Click to collapse
Threads like these is how I passed my uni exams. Not even exaggerating XD. Thanks again for a very detailed insightful read!
Hello my friends, very happy to meet good hearted people who think alike about Gugle.
as my name suggests I'm noob still and didn't understand much of discussion but very happy to meet you friends. My love & warm regards to all here. Here is what I did uptill now before I saw this thread :
1> Load GSI/ROM.
2> Load TWRP
3> Load Magisk
4> Load microG
5> Install Service Disabler
5.1> Disable bunch of internal services like telemetry, analytics, location (FusedLocation not possible to disable) for every app (3-rd party & system app), contacts sync etc.
6> Install SD-Maid Pro
6.1> Freeze apps like Gugle Calendar Sync Adapter & Gugle Contacts Sync Adapter
7> Install CIAFirewall Fake VPN & configure it.
8> I use Opera browser for Banking, Youtube, Cab booking, Surfing, Gmail, Food Order etc.
9> Install Aurora Store for general app management & installation
10> For contacts I save all contacts in notepad app, and let all calls purposely bounce then I call back aftter checking whose call it was & state false apologies.
#FYI :- Gugle, Mycrowsowft , eFbee are not really to be blamed, rhey are having to comply with FBI, Phentagon, Central Intelligence Agencies, Interpol, etc. or they have to shut bizness.
GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Hi, I’m glad to have found this thread as I’m not happy with how my normal Android phone is spied upon by google. But I’m not technically knowledgeable and I don’t want to risk bricking my phone by trying amateur attempts at rooting, or installing Insular, etc…
So far I have not signed in, I allow only minimum permissions, use Netguard, Aurora and FDroid, and have disabled bloatware. I also force-stop apps as much as possible when not in use, and enable Location and Bluetooth only when needed.
I know this is just an amateur, token attempt to reduce spying - so I may have to eventually buy a degoogled phone.
I’ve also done some of the privacy suggestions in the attachments you posted.
Could you help me with a couple of newbie questions…
1): I might have minimised some personal data harvested by most of the apps I use, but I guess my privacy precautions will have no significant effect on the amount of telemetry collected by google?
2): If my precautions really have no significant effect, I’m wondering if would it make any real difference if I was signed in as I don’t use any of the google backup services anyway?
Thanks.