Authenticator Plus generates 2-step verification codes which will protect your accounts with both your password and your phone / tablet.
With Authenticator Plus you can seamlessly sync and manage all your 2-step enabled accounts in phones / tablet / kindle.
Notable features:
* Seamlessly sync accounts across your phone, tablet and kindle
* Restore from backup to avoid being locked out if you upgrade or lose your device
* Strong 256-bit AES encryption, so even in rooted devices you accounts are safe
* Personalize as per you needs (Themes, Logos, group your most used account and more)
* battle.net accounts can be added
* Hardware based encryption key support, even rooted apps cannot access the encryption keys - http://help.authenticatorplus.com/hardware-backed-keys/
* Easily import from Google Authenticator
* Import / Export to WinAuth (Authenticator Plus -> Settings -> Backup & Restore -> Import from text file)
Detailed compare with Google Authenticator - http://compare.authenticatorplus.com/
Technical Details - http://design.authenticatorplus.com
Authenticator Plus in Press
I was super excited to find this application. It solves my biggest grievances with Google Authenticator, and does it in a way that is largely invisible to the user (until it matters!). -techThreads
Recommended by Wordpress Authenticator plugin - http://s.www.authenticatorplus.com/wp
NOTE : As a commitment to XDA users, where I have uploaded my first release, I can provide free trial version of the application on request to [email protected]
It's mind-blowing that Google's own Authenticator on its own Android platform lacks the feature to re-order the account entries, while the iOS version does support this.
And also mind-blowing that it lacks PIN control, any option to sync/ backup, and several of the other highly desirable (even necessary!) features which Mufri has built-in to the Authenticator Plus app.
I've also been pleased by Mufri's responsiveness and willingness to work to make the app have only the needed permissions. We've exchanged several detailed technical and philosophical messages; it's very nice to see yet another developer devoted to our community.
I can't make any claims about the security of the app as I'm not a developer (well, haven't been since twenty years ago) and I lack the tools, but I hope that others with more skills than I have will analyze the app and can confirm the app's health so the app can be established as a much better reference than Google's own minimally featured Authenticator, and that we can get Mufri lots of users!
Thanks Mufri,
-Jay
Requesting security analysis
libove said:
It's mind-blowing that Google's own Authenticator on its own Android platform lacks the feature to re-order the account entries, while the iOS version does support this.
And also mind-blowing that it lacks PIN control, any option to sync/ backup, and several of the other highly desirable (even necessary!) features which Mufri has built-in to the Authenticator Plus app.
I've also been pleased by Mufri's responsiveness and willingness to work to make the app have only the needed permissions. We've exchanged several detailed technical and philosophical messages; it's very nice to see yet another developer devoted to our community.
Click to expand...
Click to collapse
Thanks Jay for the review.
libove said:
I can't make any claims about the security of the app as I'm not a developer (well, haven't been since twenty years ago) and I lack the tools, but I hope that others with more skills than I have will analyze the app and can confirm the app's health so the app can be established as a much better reference than Google's own minimally featured Authenticator, and that we can get Mufri lots of users!
Thanks Mufri,
-Jay
Click to expand...
Click to collapse
I am open for the security related queries about Authenticator Plus, I myself use it daily and I would be happy to improve its security.
If anyone have questions kindly post your queries here or @ [email protected]
This APK is version 1.3
(Latest is 2.9.x, a lot of development has been done in this year as it seems!)
I downloaded the APK to try it out.
It first works when it is installed and I was able to import my accounts from the original Google Authenticator.
Then I closed the app.
I can open it again but the keyboard pops up saying "sign in" (where usually the "enter" button is).
Even when I enter the correct passphrase it shows only an empty app without the codes.
I can also install and add the import plugin but then I don't see the codes anymore.
Used on: CM 10.2 and CM11.
Very strange...
i just installed the app and i have some issues. first of all i would like the option to not choose a passphrase to open the app, but well thats not a big problem. after i choose a passphrase and set the app up and want to start it again it just shows me the header with the logo of the app but everything else is blank, there is no password field to type in the selected password and even if i type it in, without anything showing, it doesnt open the app. i can just use it once and thats it
also import from google authenticator doesnt work. it tells me no root or script not in xbin. well its all there. the problem is probably root, because the dialogue to grant root never shows up. I try to get it now manually granted but still that doesnt help if i can start the app only once :/
I am on a galaxy note 3. hope someone can help me...
Yes, attached APK was outdated, I have removed it now.
i see to get a blank web site when i visit http://authenticatorplus.com/ ?
devtools reports 404 error
GET https://www.authenticatorplus.com/js/jquery.cycle2.js.map 404 (Not Found)
Click to expand...
Click to collapse
That's weird, might be adblock or some other issues ...
you can try Google cache here, its a simple site, google cache displays well
http://j.mp/1tBGjhH
connectandroid said:
i see to get a blank web site when i visit http://authenticatorplus.com/ ?
devtools reports 404 error
Click to expand...
Click to collapse
Just FYI, I also get a blank page in Firefox with AdBlockPlus, but the page displays properly in an IE (InPrivate) session.
Thanks for the info, I couldn't reproduce this myself in various browsers, is https version working fine?
https://www.authenticatorplus.com/
I will check for cross platform browser tests.
oyam said:
Thanks for the info, I couldn't reproduce this myself in various browsers, is https version working fine?
https://www.authenticatorplus.com/
I will check for cross platform browser tests.
Click to expand...
Click to collapse
Ah, oops, my bad - had nothing to do with AdBlockPlus; I use NoScript, and hadn't enabled script on the authenticatorplus.com page. Works fine in both http:// and https://
Sorry.
Cool, thanks for the info, I will add a noscript info in site.
Compatibility with Pebble Smartwaches
Hi !
Has anyone tried to use Authenticator Plus with a Pebble smartwach, through Android Wear integration ?
I'll get an Pebble Time in May and hope it will work with it, that's why I'm asking for a clue
Interesting, I never heard of anyone tried it, let me know how it goes .
Store site order in cloud sync?
I use Authenticator Plus with cloud sync via Google Drive.
It seems that the order in which I have the accounts in Authenticator Plus does NOT get sync'd to the cloud (or, if it does get sync'd up, then when the sites are imported back down from the cloud, the order is not maintained).
Can the author comment please?
thanks,
Jay
from last release(3.3.5), app shows more details about sync status in Settings -> Cloud -> last sync status and let me know, what's the last status.
Also please contact [email protected] for faster response.
oyam said:
Interesting, I never heard of anyone tried it, let me know how it goes .
Click to expand...
Click to collapse
Pebble don't get it working through Android Wear, I think a layer is missing, maybe like an "emulator" (not the way Google implemented it) that can send other things but notifications to Pebble (it's the only thing supported for now).
Anyway, IMO for Authenticator Plus it will requires an Pebble OS app and a modification to makes it work as a companion.
Hi,
I would like to add a Battle.net account but the app fails to connect to battle.net server, is this something you can fix ?
edit : and do you think you can add Steam support in future release ?
Same problem with the battle.net server. No matter if I try it at home or at work or via LTE.
Since the Blizzard battle.net Authenticator works and I can access the battle.net site without any problem I suspect a problem with the Authenticator+ App. Syncing time with battle.net is also not working btw (in the settings)
Is the app working in 6.0? If Yes, could u send me a trial?
Related
!!! AppSync requires a rooted device !!!
About
AppSync syncs your apps data over your local network from one Android device to another. Devices will find each other using multicast (just like UPnP/DLNA).
Features
- Syncing apps data over local network
- Auto-detection of devices in network
- Comparing hashes and timestamps of app data
- All communication is encrypted
- (Pro) No ads
Future Features
- Transfer APK [v1.1]
- Background Discoverability [v1.1]
- Sync over Bluetooth [v1.2]
- Shortcuts [v1.2]
- (Pro) Sync over NFC [v1.3]
- (Pro) PC App (Win/Linux/Mac) for backups over local network [tbd]
- (Pro) Cloud Sync (Google Drive, Dropbox, etc.) [tbd]
Pro version
As mentioned above, the Pro version removes ads and will give you more features in future. Purchasing it will support me and help me investing more time into projects like this.
Known Bugs
- v1.0: WhatsApp does not work, this will be fixed in v1.1
- v1.0: Connectivity issues, this will be fixed in v1.1
Change Log
v1.0.3) hotfix: fix ads
v1.0.2) hotfix: fix force closes
v1.0.1) hotfix: fix "tools not found" and force closes on start
v1.0) initial release
Download
Videos
Review by wwjoshdew
Very interesting application!
good work!
This app looks great. Thanks a lot.
awesome!!!
just what i needed to sync apps and angry birds levels between me and my brother
chrulri said:
Future Features
- (Pro) Sync over Bluetooth
Click to expand...
Click to collapse
NFC would be great too
FunkyELF said:
NFC
Click to expand...
Click to collapse
NFC sounds interesting since it's quick and easy to use. I'll keep that in mind and start looking around for another NFC device for testing since my only NFC device at this time is my Galaxy Nexus.
Can this app be use to backup app data? Like ID and Password.
doesnt work with whatsapp... its wipe the app data...
working with anothers apps
its a good application and good luck
@nelsdzyre You can use this app to save your app data on another device and see this as a backup. If you want to do a backup using a single device you would need something like a backup tool like TitaniumBackup. If a backup succeeds depends on the app you want to backup because some apps encrypt their data with a device specific key so this will not work but maybe a local backup using TitaniumBackup will.
@yogevx this may be a limitation by WhatsApp, does syncing WhatsApps data work if you try to push the app data manually using TitaniumBackup or any similiar backup tools?
chrulri said:
@yogevx this may be a limitation by WhatsApp, does syncing WhatsApps data work if you try to push the app data manually using TitaniumBackup or any similiar backup tools?
Click to expand...
Click to collapse
yes, work with titanium backup, but push app+data.. i didnt try to push only the data
edit: try now and its working with TB (only push data)
yogevx said:
edit: try now and its working with TB (only push data)
Click to expand...
Click to collapse
Thank you for testing, I took this on my todo list and will look into it soon. I'll report back in this thread when I got news.
chrulri said:
Thank you for testing, I took this on my todo list and will look into it soon. I'll report back in this thread when I got news.
Click to expand...
Click to collapse
thank you... good luck!
Now this is what I call an app. My drag racing will never be lost again. You got my support on this one!
Great app! 10/10
Was wondering if on future updates you could add some functionality to not only share App data, but apps themselves? I find myself having to manually pull the apk for Whatsapp from my phone using TiBu every time I want to update Whatsapp on my WiFi Tablet and thought this would help alleviate those issues. :laugh:
littleemp said:
Was wondering if on future updates you could add some functionality to not only share App data, but apps themselves?
Click to expand...
Click to collapse
I was discussing this with a friend last week. I just added it to my list :good:
chrulri said:
I was discussing this with a friend last week. I just added it to my list :good:
Click to expand...
Click to collapse
the only risk to consider is "piracy" .. you may want to consider some sort of google acct authentication or something similar so ppl cant just share any app with anyone.. you'll run into some major legal issues
idea
talk with google about mix it with google drive
@mcmb03 piracy was one of our discussion points but since apps aren't saved in a "special" location anymore and even paid apps can be moved to sdcard without rooting but are protected using some kind of license verification like Google's LVL (License Verification Library), this is not a problem and especially no legal issue.
You can share any app with anyone as soon as you root your device. But your friend will not be able to run it, because paid apps have built in license verification libraries.
tl;dr: No piracy possible without modifying (e.g. hacking) paid apps.
TF201 (Stock) ICS
HD2 (Typhoon CM7 3.8.8) Gingerbread
Both using the same sync key.
The HD2 finds the TF201.
The TF201 struggles to find the HD2 sometimes. A closing and re-opening of the app is needed.
Sync from the HD2 to TF201:
Click on TF201. The TF201 displays the big AppSync logo.
The list of apps on the TF201 appear. Nice.
Tried "Cut the Rope" and "Wold of Goo" push from HD2 to TF201.
Failed.
Drops back to the device selection screen on both devices.
Sync from the TF201 to HD2:
If the HD2 appears (it usually doesn't)
Click on HD2. The HD2 displays the big AppSync logo.
The list of apps on the HD2 appear.
Tried several games push from HD2 to TF201.
Sync Done appears, but nothing actually works.
Tried push from TF201 to HD2 (Hungry Shark).
Failed.
Drops back to the device selection screen on both devices.
Bug 1: The screen turned off as I clicked HD2. When I turned the screen back on, the listening for device screen appeared on the HD2. On the TF201, the apps list still stayed. When clicking on an app, "an unknown error occurred" followed by a "connection timed out" error. The app doesn't like the screen turning off. It seems to drop the connection when this occurs.
Bug 2: On the HD2, the TF201 appears multiple times. Each time it goes back to the device selection screen after a sync failed, it adds another device. Same name, same IP address. Clicking each one had the same functionality. An annoying bug, The same issue happened on the TF201 when the sync failed. Getting devices to connect to each other (I think after clicking on the other device) removes some, if not all the multiple entries.
Overall, the app did not work for me, but a good idea. This app has great potential.
Automatic sync of selected apps would be awesome, and more intuitive icons than >> and << . I need to click them to see what they do, and I think on ICS, they may be swapped around.
@xebozone thank you very much for your detailed report, I will have a look into this asap and include the fix in next version. :good:
Dear all,
First, a big thanks to the communauty ot provide such great jobs. We really enjoy this !
Now, a quick question about restricted accounts use and their possible consequences regarding applications:
I've got a ASUS Tranformer 101 device.
I've followed the procedure provided in this thread (http://forum.xda-developers.com/showthread.php?t=2392087) to install the KatKiss rom 4.3 provided by Timduru which works really well. :good:
Context description:
I am the defaut account (admin I guess ?) for the tablet.
I've got two (lovely) children.
Each one have a Restricted account. Those restricted accounts have permissions to see onyl specific (games) applications.
Now, using my (admin) account, if I try to launch any application -> it works fine.
If I switch to one of the two restricted accounts, I can see and launch those 'shared' applications, but, for SOME of them, I observe the following behaviors:
Error encountered:
-> [Error message shown on the screen immediately after launch complaing about a "license verification error"]:
Example of applications impacted:
Grimm's Snow White (https://play.google.com/store/apps/details?id=com.storytoys.GrimmsSnowWhite.GooglePlay&hl=en)
Grimm's Sleeping Beauty (https://play.google.com/store/apps/details?id=com.storytoys.GrimmsSleepingBeauty.GooglePlay&hl=en)
(For what matter I've already sent an email regarding this behavior to the editor "Story toys" and I'm waiting for an answer on their side ...)
-> Application launched but nothing is clickable on the screen:
Example of applications impacted:
Lep's World 2 (https://play.google.com/store/apps/details?id=at.ner.lepsWorld2&hl=en)
This Could Hurt Free (https://play.google.com/store/apps/details?id=com.chillingo.thiscouldhurtfree.android.row&hl=en)
-> Application which works fine using a restricted account:
4 in a Row Multiplayer (https://play.google.com/store/apps/details?id=org.pjf.fourinarow&hl=en)
Glow Hockey (https://play.google.com/store/apps/details?id=com.natenai.glowhockey&hl=en)
Hence, does someone already faced these issues ? Is it related to the applications themsleve not being designed to run in a restricted account environment or is it related to the current state of the rom ? (android 4.3)
Thanks you for shedding some light on these questions.
If it is not the best place to post this question could you please redirect me to the right place ? (knowing I can not post into DEV forums yet).
regards,
Are all the multi user accounts using the main Google id, as this can cause problems with some apps which check with Google Play Store at run time to see if the current user has the valid Google id associated with his profile.
Theziggy said:
Are all the multi user accounts using the main Google id, as this can cause problems with some apps which check with Google Play Store at run time to see if the current user has the valid Google id associated with his profile.
Click to expand...
Click to collapse
Thanks you Theziggy for your quick answer.
Regarding the use of the GoogleID, I don't know how to check this. Do you have a procedure ?
However, I confirm those applications have been installed, using my account, directly from the GooglePlay store. (noTitanium Backup recovery attempt or anything else).
In the meantime, I've received an answer from Story Toys (editor of "White Snow' and "Sleeping Beauty" saying their development team is aware of an issue with restricted accounts and they are working on this subject.)
Hence it seems the source of the problem is per application ? Maybe, depending of what the application attempts with the account data, this might work or fail in a restricted account context (as you've pointed in your answer Theziggy).
Regards,
Hello every body, I have been provided a solution regarding my problem with the "Story toys" applications licensing and usage of restricted accounts.
The editor kindly provided me this step by step a mini-guide (kudo to them for providing the solution !) which solved my issue.
I put it below hoping it can help others people in the same or similar context:
1. Delete the app from the device
2. Turn off the device, wait a moment, then turn the device back on again
3. Ensure you have a working internet connection
4. Clear the cache and data of both the Google Play store app and the download manager. Here's how:
- Visit Menu > Settings > Applications > Manage applications
- Tab over to All
- Select the Google Play store app, and then tap Clear data and Clear cache.
- Then, select Download manager and tap Clear data and Clear cache.
5. Ensure you are logged in to Google Play with the same account you used to make the purchase.
6. Download the app and launch it straight away using the restricted account.
Once the app has been launched from the restricted account with the wifi/internet connection still running, you can then turn the wifi off again and the license won't be re-checked for another year.
Hope it helps,
Regards,
I have also been investigating a similar setup for a tablet used by kids, and looking into whether to create separate users or the restricted profile users. The one downside of using restricted users seems to be that I believe it is still a shared install of the app/game, so all users share the same user data. What this means is that all of those users would share the same game progress (i.e., levels completed, achievements, points/coins collected, etc.). Is that what your experience has been?
The alternative is to setup separate users and install the app for each user. It doesn't actually take up more space (the actual app files are only saved once for each user install), but each user has its own app data.
I have also been investigating a similar setup for a tablet used by kids, and looking into whether to create separate users or the restricted profile users. The one downside of using restricted users seems to be that I believe it is still a shared install of the app/game, so all users share the same user data. What this means is that all of those users would share the same game progress (i.e., levels completed, achievements, points/coins collected, etc.). Is that what your experience has been?
Click to expand...
Click to collapse
Good question, I've done a quick test using the game "Jewel Saga" and switched between the two restricted profiles. I confirm that, at least with this game (I did do perform other tests), each restricted account get its own progress and settings saved properly (Ej.: music on/off, level reached, number of stars earned per level ... ) .
As I said, this is just one test quickly performed on one application. So maybe the user experience varies regarding how applications handles data save with retricted profiles ?
Anyway, as long as my kids are not complaining, I'm fine
The alternative is to setup separate users and install the app for each user. It doesn't actually take up more space (the actual app files are only saved once for each user install), but each user has its own app data.
Click to expand...
Click to collapse
Good to know, thanks for the tip !
Has anyone managed to get lep's world 1 or 2 working in a restricted profile?
The developer doesn't seem interested in fixing the apps to allow it.
Lep's world 3 seems to work, despite the game spitting messages to the contrary
Create and run unlimited multiple accounts for WhatsApp, Messenger, Facebook, Line, Instagram, most social app and game.
Do you want to manage multiple social accounts and fast switch between them?
Do you want to play games with different roles or multiple accounts to enjoy more fun?
Clone App can help you out from the trouble of managing multiple accounts!
- Easily use one phone to log in multiple accounts and keep them all online at the same time!
- Create as many accounts as you want, customize them with different icons and name, and protect them with privacy locker.
Fully support 64bit apps and no need to install supported lib for most apps. If you are trying to clone legacy apps that only have 32bit library, please upgrade the app or install the 32bit support library.
Download:MEGA download
Please see this topic for the latest events and apps:https://forum.xda-developers.com/t/...n-free-premium-code-2021-10-25update.4134925/
Hi im honestly kinda new to all this as far as phone moving but im very much wanting to learn everything I can. Would it be possible to get a redeem code for the clone app plz.
may i plz have the code as well, i have been waiting for someone to run with this idea. i tried a few years back to start figuring it out and as time went on my progress unfortunately did not.
Will the app get Android 12 support?
Will it work on Android 12? Several app's have refused to work for me since Samsung's One UI 4 update. I want to try this app, but I need to know it won't screw my primary accounts up. I would really appreciate any advice,
loosht said:
Will the app get Android 12 support?
Click to expand...
Click to collapse
Android 12 is not supported yet
hello sir i want f codes
Hey !!
Do Andriod phones need antivirus or internet security as a must? If so provide me some links..
Thankxxxx in advance
The Answer Has been moved to a thread dedicated to security question and other advices to modify safely our Android Devices
Here is the post
Raiz said:
It absolutely doesn't, please don't download them, those are mostly commercial sh*t apps full of ads that plays with the fears of users.
Android Security advice :
• Just don't install apps that you don't trust (apk files and weird looking Google play apps)
• Never share your passwords with somebody not trusted, use a different one for each of you accounts.
Find more here :
https://forum.xda-developers.com/general/security
General security and privacy:
• a VPN isn't a magic app that allows you to go completely invisible, even I can find who you are simply by using your latest Instagram post, the government doesn't have money to spend spying on you anyway
• Public WiFi internet browsing is like taking a bath naked around other people, everybody can see what you're doing and can interact with your browsing by sending you pop up messages on your browser. In that case the VPN is useful. But please don't use anything other than your WiFi network to pay online.
• Change password at least once a year
• For God sake be careful on what you share on social medias !
• If someone blackmails you, just ignore him even if he show you he has your real password/footage of you doing nasty things, most of the time they haven't and tries to scare you. But take action on your account, just don't answer them.
• Not having any of your IRL infos online is a good idea, but it tends to be more and more difficult because of Google assistant, and other Google services that are super intrusive (I mean even with your YouTube Google know your tastes better than your buds). But don't panic, if you're not a terrorist or a criminal you're not risking your life.
Keep in mind that your security is fine most of the time if you have solid password, and you don't give them away, but your privacy is not if you have a social media account of any type. If you post something on the internet, remember it'll stay forever out there, whatever you do !
App that I use to keep my Android phone in good health (install them sometimes to clean up/check on my phone's state then I uninstall them):
Google File Go (cleans files)
AccuBattery (check the battery health)
CPU-Z(has everything you want to know about your device)
When I need to backup an app's data or the entire app:
Titanium Backup
Here you go, I gave you very few the security advises, there are plenty more, don't hesitate to check the internet out for more !
Have a nice day
Click to expand...
Click to collapse
I have 2 edits to your suggestions
1. Change your passwords monthly, preferably using a password manager that suggests really hard random passwords
2. Swift backup is much newer and more efficient than titanium backup ever was.
Sent from my OnePlus7Pro using XDA Labs
spart0n said:
I have 2 edits to your suggestions
1. Change your passwords monthly, preferably using a password manager that suggests really hard random passwords
2. Swift backup is much newer and more efficient than titanium backup ever was.
Click to expand...
Click to collapse
I'll update my first post continuously with every recommendation that'll follow on this thread to create the sort of "Index of Android Security". I created a new thread for security questions
Didn't knew about swift backup, what a great app!
patricia123 said:
Hey !!
Do Andriod phones need antivirus or internet security as a must? If so provide me some links..
Thankxxxx in advance
Click to expand...
Click to collapse
Viruses don't really exist in android. You can be targeted with malicious code but that is only if you open, tap on or accept something without knowing what it is.
For instance, someone could send you a link or a photo that has malicious code embedded in it, when you open it or accept it, then the malicious code has access to your device and your data.
As long as you know that you are dealing with a trusted source, you should be fine. But, if you are the kind of user that goes all over the internet opening things without knowing what it is, you will quickly find yourself targeted by malicious code.
Become a responsible, informed user that is aware of the dangers and what kinds of things can be a problem and you should be fine.
Sent from my SM-S767VL using Tapatalk
Situation:
I have somewhat of a "love-REALLY HATE" relationship with Google apps and ecosystem.
On one hand, they are great at what they do.
On the other, it's like having a spy satellite overhead, given how much telemetry it does.
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
What I've done so far:
My current way-to-go method involves installing RethinkDNS+firewall, then blocking every single one of google apps including Gboard. It sort-of works, but very inconvenient, as I have to manually enable internet access for a particular app and/or service when needed. I also tried edXposed's XluaPrivacy module to cut off access to certain permissions. Again, cumbersome.
After going through F-Droid, I found an app called "Insular", that claims being able to put all of the "big brother" apps (such as Gapps) behind an isolated sandbox, a digital gulag of sorts.
Thanks for the pointer to Insular whose advertising on F-Droid says:
Insular is a FLOSS fork of Island.
With Insular, you can:
Isolate your Big Brother apps
Clone and run multiple accounts simutaniuosly
Freeze or archive apps and prevent any background behaviors
Unfreeze apps on-demand with home screen shortcuts
Re-freeze marked apps with one tap
Hide apps
Selectively enable (or disable) VPN for different group of apps
Prohibit USB access to mitigate attacks with physical access
Click to expand...
Click to collapse
Based on that, I suspect this XDA thread about "Island" may be useful.
[APP][5.0+][BETA] Island - app freezing, privacy protection, parallel accounts
"Island" is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data is still accessible (SMS, IMEI and etc).
Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked.
Click to expand...
Click to collapse
Totesnochill said:
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
Click to expand...
Click to collapse
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
I don't have a contacts.db sqlite database for that reason too, so my favorite communication apps are all designed to store their own contacts db internally to the app itself.
I replace Google apps with FOSS equivalents such as NewPipe (or, more recently, Vanced YouTube) for example.
And I spoof my GPS location by default (using Lexa Fake GPS, for example).
Of course, given I don't have a Google Account on my phone, I use the Aurora Store instead of the Google Play Store. Of course, I strive for apps that don't require Google Framework Services (GSF) which Aurora neatly filters out for us.
Since I'm not rooted, I can't delete Google Play Store, but I can disable it, which is almost as good.
And, I use privacy-aware apps for my messenger, calendar, contacts, and dialer apps (many of which come from Simple Mobile Tools' suite which are available on F-Droid).
To keep my WiFi SSID/BSSID/GPS/Strength/etc. out of the hands of Google (& Mozilla and Kismet and Wigle, etc.), I add "_nomap" to the SSID and I turn off the SOHO router SSID broadcast (which "hinders" most cellphones from uploading my BSSID information to Google public servers); but then I have to also turn off "AutoReconnect" on Android 12 and also I have the Developer Options set in Android 12 to randomize the MAC address on EACH connection; however that means I need to set any "static" connections on my LAN from the phone and not with address reservation on the router (which typically utilizes the MAC address).
And it's not just Google we need to keep our data out of their hands, as I even use WhatsApp privacy aware tools such as the WhatsApp dialer and WhatsApp Click to Chat mechanisms (to keep my contacts out of Facebook's hands too).
For offline maps, I use a quick web browser lookup on a privacy browser (such as Tor or Epic or Opera), since the Google address lookup is still the best in the world... (which is the love/hate relationship, right?)... and then I paste the GPS coordinates that the privacy browser found on the maps.google.com web site into a local routing application (such as a shortcut to a browser to google maps on the phone or better yet, to a dedicated offline map program such as OSM And~), and even traffic can be gotten without Google (e.g., Sigalert & 511 apps).
I used to reset the Advertising ID with a homescreen shortcut that could be activated from Windows via a batch file over Wi-Fi, but now with Android 12 we can wipe out the Advertising ID altogether (i.e., reset it to all zeroes). However, I still periodically change my GSF ID and other supposedly unique identifiers.
I'm still trying to figure out the implication of "trackers", so if anyone has more information about them, please advise.
Off hand there must be scores more things I do for privacy, where we probably should have a main thread on this site of all the myriad things people can do to increase their privacy on Android (some of which I've screenshotted for you below).
GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Thanks heaps for the very in-depth response. Really opens up on a lot of things I wasnt aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Are there any guides where I can do some reading on the concepts and techniques you've described? Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Also, what are your thoughts on MIcroG?
Totesnochill said:
Thanks heaps for the very in-depth response.
Click to expand...
Click to collapse
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
For example, when I mentioned I spoof my GPS, I looked up the app I used and linked to it so that you wouldn't have to test a score of apps like I did to find the best one.
Totesnochill said:
Really opens up on a lot of things I wasn't aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Click to expand...
Click to collapse
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
A lot of the protection is to protect ourselves from others who don't know how to configure their phone, so they are uploading our private information (like our contacts and home locations) to Google databases.
For example, the typical Android phone when it drives by your front door uploads to google your exact location, your signal strength, your unique BSSID and your SSID... where you'll note in my response above I had to do a half dozen things on my phone and router to prevent that from happening (i.e., just adding "_nomap" doesn't work but most people don't realize that because they don't think about it).
Totesnochill said:
Are there any guides where I can do some reading on the concepts and techniques you've described?
Click to expand...
Click to collapse
I'm sure there are plenty.
But I have been in MANY situations where there are none.
Take, for example, changing the GSFID... almost nowhere on the net is that described how to do it. Almost nobody does it, but it can be done if you know how.
I really should write a set of privacy tutorials so that everyone can do it but I have to find the time, and this web site doesn't like text tutorials I found out recently. So they make it a PITA in the end to help people. Sigh.
Totesnochill said:
Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Click to expand...
Click to collapse
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Now that you don't have a contacts.db sqlite database, you need to find the contacts and dialer and mms/sms apps that can suck in their own contacts.vcf file, which I pointed you to in the Simple Mobile Tools suite.
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that. Once you turn that on, you can just select the mock location app of your choice (where I suggested one above which isn't perfect but none of them are).
That particular app moves your location every few feet and it gets the altitude and it can easily be stopped and started, etc., but I'd like it if it didn't move just "west by 10 feet every minute" but instead if it would follow a pre-determined route that I could give it. So they need a lot more work to be as good as we'd like them to be.
For What'sApp privacy, look at the two apps I linked to in the prior post as they don't need the contacts.sqlite database to work.
Your WhatsApp should only have an icon in your folders for the people you contact and nothing else, IMHO. That's the best privacy you can get, although WhatsApp does decent hashing on the contacts file when it uploads it to their servers - but still - why give them your entire contacts when you only contact 10 people (or whatever) on WhatsApp. Right?
Totesnochill said:
Also, what are your thoughts on MIcroG?
Click to expand...
Click to collapse
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Especially if almost nobody reads these threads.
GalaxyA325G said:
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
Thank you for doing God's work out there. Ethics like these are what creates the content that keeps the internet from becoming a dumpster fire otherwise. Tutorials and explanations that come from the fellow users are THE best and usually directly on-point.
When I was just starting setting up Linux environment, I wrote "how-to notes" on every successful step. At first it was more like the "sticky notes" to help me remember, but eventually (as the list grew) I started writing these tips in a way as if they were to be read by someone with little background in the subject. What used to be the "Linux notes" file became 10563 lines monstrosity now... So every time I need to answer someone's question I just copypaste from this file.
GalaxyA325G said:
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
Click to expand...
Click to collapse
Absolutely. I've spent about 2 weeks tweaking my new phone (Nokia X6), trying out different roms/recoveries and app setups. Pissed off a bunch of people in the process - most wouldn't understand that I'm setting up a system to last another 7 years, just like my previous phone (Galaxy Gprime). Not to mention that with the amount of sensitive info on the phone, security and privacy are a legit concern, and worth learning about just how one learns to install and use the lock on the front doors.
Phones became disposable both in software and hardware, and so have the general attitude towards the devices.
My final setup became AOSP PixelPlusUI Rom (comes with about openGapps nano worth of Google stuff) with most other stock apps (contacts , dialer, keyboards, msg etc) removed via ADB and replaced with F-Droid alternatives.
I've also used Rethink DNS with whitelist set up/AppInspector to put Google in the Goolag - no internet access for anything google-related at all times. So far my phone has 253 apps blocked (including almost all of the system apps). Surprisingly, all of the necessary apps off google play store (Whatsapp, FB messenger) still function well. Whenever I need a particular Gservice (like a translator), I just enable access for that (and only that) until I dont need it anymore.
GalaxyA325G said:
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Click to expand...
Click to collapse
Thanks! I'm not sure why the links didnt show up at first. I'll give this a look. I've been using "simple mobile tools" for quite a while, and I must say I like how they are completely autonomous and transparent about what prems they need and why.
GalaxyA325G said:
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that.
Click to expand...
Click to collapse
I definitely saw the option in the dev settings, but didnt experiment with it. Well, now I know, thanks!
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
I will give microG a try (in a form of LineageOS for MicroG). In fact I did install this rom before but I was a bit confused about what it did and assumed that it is a regular LinOS repack with Gplay store and apps built-in. Time to test again.
Especially if almost nobody reads these threads.
Click to expand...
Click to collapse
Threads like these is how I passed my uni exams. Not even exaggerating XD. Thanks again for a very detailed insightful read!
Hello my friends, very happy to meet good hearted people who think alike about Gugle.
as my name suggests I'm noob still and didn't understand much of discussion but very happy to meet you friends. My love & warm regards to all here. Here is what I did uptill now before I saw this thread :
1> Load GSI/ROM.
2> Load TWRP
3> Load Magisk
4> Load microG
5> Install Service Disabler
5.1> Disable bunch of internal services like telemetry, analytics, location (FusedLocation not possible to disable) for every app (3-rd party & system app), contacts sync etc.
6> Install SD-Maid Pro
6.1> Freeze apps like Gugle Calendar Sync Adapter & Gugle Contacts Sync Adapter
7> Install CIAFirewall Fake VPN & configure it.
8> I use Opera browser for Banking, Youtube, Cab booking, Surfing, Gmail, Food Order etc.
9> Install Aurora Store for general app management & installation
10> For contacts I save all contacts in notepad app, and let all calls purposely bounce then I call back aftter checking whose call it was & state false apologies.
#FYI :- Gugle, Mycrowsowft , eFbee are not really to be blamed, rhey are having to comply with FBI, Phentagon, Central Intelligence Agencies, Interpol, etc. or they have to shut bizness.
GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Hi, I’m glad to have found this thread as I’m not happy with how my normal Android phone is spied upon by google. But I’m not technically knowledgeable and I don’t want to risk bricking my phone by trying amateur attempts at rooting, or installing Insular, etc…
So far I have not signed in, I allow only minimum permissions, use Netguard, Aurora and FDroid, and have disabled bloatware. I also force-stop apps as much as possible when not in use, and enable Location and Bluetooth only when needed.
I know this is just an amateur, token attempt to reduce spying - so I may have to eventually buy a degoogled phone.
I’ve also done some of the privacy suggestions in the attachments you posted.
Could you help me with a couple of newbie questions…
1): I might have minimised some personal data harvested by most of the apps I use, but I guess my privacy precautions will have no significant effect on the amount of telemetry collected by google?
2): If my precautions really have no significant effect, I’m wondering if would it make any real difference if I was signed in as I don’t use any of the google backup services anyway?
Thanks.