Is there any secure custom roms or os? - Moto G Q&A, Help & Troubleshooting

I wish to know if there are any custom roms or os'es that wouldn't touch my data using background processes that doesn't ask for permission to do so. Because these apps are either pre-installed or installed by me (which ask for permissions up front)? Or at least that I would be able grant app permissions when it needs them? It's like a real time permission request service.
Thanks.

I don't understand your question very well but I think you'll need an AOSP 6.0 ROM like the one made by Flashhhh beacuse AOSP is the most secure beacuse just Google modifies it and the developer (Flashhhh in our case). You can't make it 100 % secure beacuse you need to encrypt the partition and lock the bootloader. Encryption slows the device like hell and locking the bootloader with costum software cannot by made except if some of the great develoeprs of the falcon can reprogram the bootloader and the other low level bootloaders. Hardware encryption isn't supported on falcon I don't know why beacuse my Lumia 435 has encryption enabled via settings as you can see here:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
And yes the device is as fast as with the option disabled ! So hardware encryption is supported on Snapdragon 200 and our device has Snapdragon 400. I don't know why but that's the life...I am also interested in a secure OS with encryption that can run on our Moto G without performance loss.

I was really looking forward to cyanogen-mod, because it was looked as safe. But after I've read their DISCLAIMER stating "Modifying or replacing your device's software may void your device's warranty, lead to data loss, hair loss, financial loss, privacy loss, security breaches, or other damage, and therefore must be done entirely at your own risk. No one affiliated with the CyanogenMod project is responsible for your actions. Good luck." I changed my mind. I am paranoid about my privacy and security therefore this disclaimer put all my excitement and hopes to find privacy and security in their custom rom down. On the other had they're stating the things that could happen to my phone through the use of their custom rom, which I am thankful for their honesty and precautions. I was looking for official carbon rom, because of it's flexibility in customization and some other useful features, but sadly they don't support our device so yet again I was let down. Even if there is ports of it. Yet again my paranoia for privacy and security appears to be in action and I just can't help it when It come to it. It's my need and I believe it is everyone's need that sadly seems to be not met... even my keyboard sends data through background services... The more I see what android does the more I want to switch back to windows phone... it was easy to use, simple, and at least secure. I loved the thing that you could use one app for text messaging and social network messaging and I found it really handy feature. Android is highly customizable, but not as secure as WP. Also did everyone else noticed that Android version names are alphabetically ordered which could mean that they have plans up front for Z? Ohhh and google is in alphabet now...

Was WP really more secure or did you simply don't know what it did in the background?
Concerning your question: to find a "perfect" system might by impossible. However, you should not completely give up on Cyanogenmod (or on custom roms in general). You do get the possibility to manage permissions and you get root. The latter you can use to uninstall system-apps you dont like or to set up a firewall for apps and services you dont trust (for instance your keyboard). As a further step you could try if a Google-free device would work for you (i.e. not flash gapps after rom). That might be less convenient in some aspects but you would get rid of the no. 1 risk for privacy. And dont worry too much about the disclaimer! Sure, flashing a custom rom can turn your device into electronic scrap and things like root are risky anyway, the crucial point is that stuff needs to be handled the correct way. With enough information acquired in the first place the risks arent too big

Hwyl.Fawr said:
Was WP really more secure or did you simply don't know what it did in the background?
Concerning your question: to find a "perfect" system might by impossible. However, you should not completely give up on Cyanogenmod (or on custom roms in general). You do get the possibility to manage permissions and you get root. The latter you can use to uninstall system-apps you dont like or to set up a firewall for apps and services you dont trust (for instance your keyboard). As a further step you could try if a Google-free device would work for you (i.e. not flash gapps after rom). That might be less convenient in some aspects but you would get rid of the no. 1 risk for privacy. And dont worry too much about the disclaimer! Sure, flashing a custom rom can turn your device into electronic scrap and things like root are risky anyway, the crucial point is that stuff needs to be handled the correct way. With enough information acquired in the first place the risks arent too big
Click to expand...
Click to collapse
Well yes WP doesn't have such feature as seeing what backgroung processes are active, what they're doing which should be a concern, but I think there are some devices that doesn't support multi-tasking which probably deals with the issue. Well the cyanogen mod does offer that security and frees you from app permission chains, but I don't want to rush on flashing it.
What about ubuntu os? They provide tutorial to port it for your own device which I am really interested in. But is there any advantages over cyanogen mod in terms of user privacy and security? Should I consider porting it myself or flashing a port made by community?

This ROM was created with privacy in mind: (Read the first post carefully and follow the instructions)
http://forum.xda-developers.com/moto-g/4g-development/rom-identity-crisis-6-lte-extreme-t3328861​
It will boot on Falcon; if after flashing the ROM, you immediately flash the Stock 6.0 Kernel available here:
http://forum.xda-developers.com/showthread.php?t=2649763​

lost101 said:
This ROM was created with privacy in mind: (Read the first post carefully and follow the instructions)
http://forum.xda-developers.com/moto-g/4g-development/rom-identity-crisis-6-lte-extreme-t3328861​
It will boot on Falcon; if after flashing the ROM, you immediately flash the Stock 6.0 Kernel available here:
http://forum.xda-developers.com/showthread.php?t=2649763​
Click to expand...
Click to collapse
Is it only for LTE version?
Thank you for your time spent on developing this rom for the community. I will flash it straight away.

zgodig said:
Is it only for LTE version?
Thank you for your time spent on developing this rom for the community. I will flash it straight away.
Click to expand...
Click to collapse
As I said, the ROM will boot and work fine on your phone if you flash the Falcon kernel. @minimale_ldz created this ROM based on my previous work.

lost101 said:
As I said, the ROM will boot and work fine on your phone if you flash the Falcon kernel. @minimale_ldz created this ROM based on my previous work.
Click to expand...
Click to collapse
This is madness.

Also

lost101 said:
This ROM was created with privacy in mind: (Read the first post carefully and follow the instructions)
http://forum.xda-developers.com/moto-g/4g-development/rom-identity-crisis-6-lte-extreme-t3328861​
It will boot on Falcon; if after flashing the ROM, you immediately flash the Stock 6.0 Kernel available here:
http://forum.xda-developers.com/showthread.php?t=2649763​
Click to expand...
Click to collapse
Okay. The rom looks good and seems to offer what I need, but that bug when you dim your brightness and flickering occurs can be annoying, since I like to dim it as much as possible, to save my battery from draining. I guess I will have to keep on using the stock rom till port of your rom will be fixed.

zgodig said:
Okay. The rom looks good and seems to offer what I need, but that bug when you dim your brightness and flickering occurs can be annoying, since I like to dim it as much as possible, to save my battery from draining. I guess I will have to keep on using the stock rom till port of your rom will be fixed.
Click to expand...
Click to collapse
There's also Lollipop version of this rom available, and it doesn't flicker. Installing the rom itself, however, won't be enough - even removing GApps doesn't prevent Google and from collecting "anonymous" data as there are still some leaks through kernel and modem debug settings. They can be blocked by firewall (like AFWall+). You may also want to install Network Log to see all the traffic. XPosed Xprivacy module is also very helpful in restricting internet, network, location, sensors, etc. access to the apps. You can also disable location services and bluetooth (and other things) with Servicely for extra protection and battery life.
All of it will give you SOME protection as obviously your carrier will have a lot of data about your device and this can't be avoided as long as you use its phone services.

minimale_ldz said:
There's also Lollipop version of this rom available, and it doesn't flicker. Installing the rom itself, however, won't be enough - even removing GApps doesn't prevent Google and from collecting "anonymous" data as there are still some leaks through kernel and modem debug settings. They can be blocked by firewall (like AFWall+). You may also want to install Network Log to see all the traffic. XPosed Xprivacy module is also very helpful in restricting internet, network, location, sensors, etc. access to the apps. You can also disable location services and bluetooth (and other things) with Servicely for extra protection and battery life.
All of it will give you SOME protection as obviously your carrier will have a lot of data about your device and this can't be avoided as long as you use its phone services.
Click to expand...
Click to collapse
I think that I should wait for the marshmallow patch. Because I wouldn't have to use the apps you have mentioned in order to protect myself. I've read that you recommend these apps to use on marshmallow too. Which one would you recommend? Lollipop ir marshmallow? From the things you have mentioned it made me an impression that there has to be done more on lollipop to protect yourself as much as possible, than on marshmallow. Besides I suspect that marshmallow is more advanced than lollipop. Anyways an expert opinion is allways worth to concider. A big thank you xda developers for your hard work and time put in developing all of the software available for us. You're the best!

zgodig said:
I think that I should wait for the marshmallow patch. Because I wouldn't have to use the apps you have mentioned in order to protect myself. I've read that you recommend these apps to use on marshmallow too. Which one would you recommend? Lollipop ir marshmallow? From the things you have mentioned it made me an impression that there has to be done more on lollipop to protect yourself as much as possible, than on marshmallow. Besides I suspect that marshmallow is more advanced than lollipop. Anyways an expert opinion is allways worth to concider. A big thank you xda developers for your hard work and time put in developing all of the software available for us. You're the best!
Click to expand...
Click to collapse
Well, I don't consider myself an expert - just spent some time reading security and privacy related stuff in the web and used some of the information to help myself. Please also mind all the things I mentioned (firewall, XPrivacy, etc.) don't come with Marshmallow and need to be installed and set up anyway so it doesn't make much difference if you use Lollipop or MM version. The biggest privacy-related changes that come with MM are built-in permissions manager (which is good but insufficient) and more up to date security patch. And I think that is it, so it's up to you if you want to wait. The thing with Android updates is that they bring new stuff that OEM and carriers need to implement and optimize, so I wouldn't say that Marshmallow is better in every aspect than Lollipo. I was using 5.1.1 for a few months on Moto G and was very happy - I'm using 6.0.1 on Moto X Play now, and see some annoying bugs that came with it. Interesting thing is they only appeared after removing GApps from the rom. So again - it's up to you.
The other fact is that the more you protect yourself from intrusive Google services the more new privacy and security issues appear. For example - if you use stock rom there's no need to unlock bootloader nor using custom recovery which are actually negatively affecting your privacy. You can access all the system and data in TWRP, so your privacy is pretty much none in case someone steals your phone. Good practice is not to keep too much private stuff on it, because there's always a risk someone can get it - one way or another.

minimale_ldz said:
There's also Lollipop version of this rom available, and it doesn't flicker. Installing the rom itself, however, won't be enough - even removing GApps doesn't prevent Google and from collecting "anonymous" data as there are still some leaks through kernel and modem debug settings. They can be blocked by firewall (like AFWall+). You may also want to install Network Log to see all the traffic. XPosed Xprivacy module is also very helpful in restricting internet, network, location, sensors, etc. access to the apps. You can also disable location services and bluetooth (and other things) with Servicely for extra protection and battery life.
All of it will give you SOME protection as obviously your carrier will have a lot of data about your device and this can't be avoided as long as you use its phone services.
Click to expand...
Click to collapse
minimale_ldz said:
Well, I don't consider myself an expert - just spent some time reading security and privacy related stuff in the web and used some of the information to help myself. Please also mind all the things I mentioned (firewall, XPrivacy, etc.) don't come with Marshmallow and need to be installed and set up anyway so it doesn't make much difference if you use Lollipop or MM version. The biggest privacy-related changes that come with MM are built-in permissions manager (which is good but insufficient) and more up to date security patch. And I think that is it, so it's up to you if you want to wait. The thing with Android updates is that they bring new stuff that OEM and carriers need to implement and optimize, so I wouldn't say that Marshmallow is better in every aspect than Lollipo. I was using 5.1.1 for a few months on Moto G and was very happy - I'm using 6.0.1 on Moto X Play now, and see some annoying bugs that came with it. Interesting thing is they only appeared after removing GApps from the rom. So again - it's up to you.
The other fact is that the more you protect yourself from intrusive Google services the more new privacy and security issues appear. For example - if you use stock rom there's no need to unlock bootloader nor using custom recovery which are actually negatively affecting your privacy. You can access all the system and data in TWRP, so your privacy is pretty much none in case someone steals your phone. Good practice is not to keep too much private stuff on it, because there's always a risk someone can get it - one way or another.
Click to expand...
Click to collapse
If you're not an expert then you're not far from it, because I don't think it's easy to do the things you did.
Is it possible to re-flash stoch recovery and re-lock bootloader after flashing one your roms to improve security, or are they essential to make rom work?

zgodig said:
If you're not an expert then you're not far from it, because I don't think it's easy to do the things you did.
Is it possible to re-flash stoch recovery and re-lock bootloader after flashing one your roms to improve security, or are they essential to make rom work?
Click to expand...
Click to collapse
As far as I know relocking bootloader will fail if installed system is not original, but I'd ask @lost101 as he's got much more expertise in Motorola issues.

minimale_ldz said:
You can access all the system and data in TWRP, so your privacy is pretty much none in case someone steals your phone.
Click to expand...
Click to collapse
Using encryption helps in this case. Just remember that when you get your phone back, don't trust it anymore.

zgodig said:
Is it possible to re-flash stoch recovery and re-lock bootloader after flashing one your roms to improve security, or are they essential to make rom work?
Click to expand...
Click to collapse
Originally Falcon (and Peregrine I suspect) did not support Factory Reset Protection (FRP) - this may have changed for those with locked Bootloaders who updated to Lollipop via official OTA Update. Even with FRP, all you are doing is stopping someone who stole / found your phone from accessing your data. Obviously you must unlock Bootloader to gain real control over your data by flashing a ROM just as those created by @minimale_ldz. Once Bootloader is unlocked, it's permanent. So-called 'relocking' is purely superficial and can be simply undone by anyone with fastboot access.
So the answer is no, flashing Stock Recovery and 'relocking' Bootloader does absolutely nothing for you in terms of security.
Newer phones such as Moto G (3rd Gen) support FRP out of the box. But again, you are at the mercy of Google and Motorola when it comes to privacy as long as the Bootloader remains locked. You cannot root, nor install a custom ROM.
I fear ultimately you must examine your own psychological / egoic need for control and privacy, as the world outside your mind is unlikely to deliver what you seek.

lost101 said:
Originally Falcon (and Peregrine I suspect) did not support Factory Reset Protection (FRP) - this may have changed for those with locked Bootloaders who updated to Lollipop via official OTA Update. Even with FRP, all you are doing is stopping someone who stole / found your phone from accessing your data. Obviously you must unlock Bootloader to gain real control over your data by flashing a ROM just as those created by @minimale_ldz. Once Bootloader is unlocked, it's permanent. So-called 'relocking' is purely superficial and can be simply undone by anyone with fastboot access.
So the answer is no, flashing Stock Recovery and 'relocking' Bootloader does absolutely nothing for you in terms of security.
Newer phones such as Moto G (3rd Gen) support FRP out of the box. But again, you are at the mercy of Google and Motorola when it comes to privacy as long as the Bootloader remains locked. You cannot root, nor install a custom ROM.
I fear ultimately you must examine your own psychological / egoic need for control and privacy, as the world outside your mind is unlikely to deliver what you seek.
Click to expand...
Click to collapse
Is it possible to make or do something that no one would be able to enter recovery mode without password or at least pin code?

_that said:
Using encryption helps in this case. Just remember that when you get your phone back, don't trust it anymore.
Click to expand...
Click to collapse
So encrypting the phone would help to protect data. In case of loost or stolen phone, the person would only be able to delete my data through recovery mode?
And what do you mean that after I'd get my phone back I shouldn't trust it?

Related

Android custom ROM for security + minimal of Google?

Hi everyone,
can you recommend me some custom Android ROMs with focus on better security? Or isolate of dependence on Google?
Both of them together will be the best.
My phone is Samsung Galaxy S2.
Many thanks
dj.houba said:
Hi everyone,
can you recommend me some custom Android ROMs with focus on better security? Or isolate of dependence on Google?
Both of them together will be the best.
My phone is Samsung Galaxy S2.
Many thanks
Click to expand...
Click to collapse
Cyanogen or GingerBread are some good ROMS for good security, as I know.
D-J Mutant said:
Cyanogen or GingerBread are some good ROMS for good security, as I know.
Click to expand...
Click to collapse
Thanks, yes, I know about Cyanogen.
Oh you mean GingerBread from Google? This is exactly what I don't want. I want to separate from Google, coz we all know about NSA case. So I thought, there will be some developers, who will try to build some custom ROM and try to eliminate "Big brother" and focus mainly on security.
Omnirom is supposed to be security and privacy consious.
Sent from my Nexus 7 using XDA Premium 4 mobile app
Well I'd suggest the cyanogenmod, but without the google apps. They're optional.
In the nexus 4 section there is an aokp that is patched so built in Google analytics are gone. There is a patch that can be applied to other ROMs.
Custom roms, including Cyanogenmod, have a history of BAD security. Many rom developers end up introducing new vulnerabilities. In the past, some hardened Android builds existed, but I know of no current hardened roms.
I personally would stay away from custom roms, and stick to as close to AOSP as possible, signed with your own private keys. (and no Omnirom, AOKP, Cyanogenmod are NOT AOSP in any way shape or form.)
jcase said:
Custom roms, including Cyanogenmod, have a history of BAD security. Many rom developers end up introducing new vulnerabilities. In the past, some hardened Android builds existed, but I know of no current hardened roms.
I personally would stay away from custom roms, and stick to as close to AOSP as possible, signed with your own private keys. (and no Omnirom, AOKP, Cyanogenmod are NOT AOSP in any way shape or form.)
Click to expand...
Click to collapse
Is that so , see from what u saying ,,, the ASOP is better then the other build rite
Sent From GT i9300
jcase said:
Custom roms, including Cyanogenmod, have a history of BAD security. Many rom developers end up introducing new vulnerabilities. In the past, some hardened Android builds existed, but I know of no current hardened roms.
I personally would stay away from custom roms, and stick to as close to AOSP as possible, signed with your own private keys. (and no Omnirom, AOKP, Cyanogenmod are NOT AOSP in any way shape or form.)
Click to expand...
Click to collapse
How do you get your own private key and what does that do? Sorry, I have never heard of this, so I'm sure others are probably also wondering.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Thanks
Thanks, I was trying different ROMs, finally I chose PAC-MAN ROM without Google apps
Hello !
does it mean that any modded stock rom with GApps will be insecure ?
Thx
just youtube some galaxy s2 roms you'll find reviews on some good roms
JamieFL said:
How do you get your own private key and what does that do? Sorry, I have never heard of this, so I'm sure others are probably also wondering.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
http://www.kandroid.org/online-pdk/guide/release_keys.html
something like this
I think you can skip "make dist" part, just do a regular build as you would normally (CyanogenMod ==> brunch your_device
you can fine the need file under "out/target/product/hammerhead/obj/PACKAGING/target_files_intermediates/cm_hammerhead-target_files-")
for Cyanogenmod Nexus 5 for ex (hammerhead )
source build/envsetup.sh
brunch hammerhead
and you'll fine the target_files zip under
out/target/product/hammerhead/obj/PACKAGING/target_files_intermediates/
that the one you need to feed to build/tools/releasetools/sign_target_files_apks
There are some really exciting Android security projects out there... For instance, one awesome function a-la-Truecrypt involves full disk encryption with plausible deniability. You are able to give out a first-layer passphrase if you are coerced - yet a truly private volume remains secure and disguised within the apparent unused portion of the storage disk.
Yet it's unlikely that any of this is relevant to you, otherwise you wouldn't be asking this sort of thing. When it comes to security leaks, try to barricade off the paths of least resistance from the ground up. For instance, even all of that wouldn't do much good if you had forensic evidence of your phone config on your computer, a lockscreen that could be bypassed, a phone seized whilst still turned with encryptions keys remaining in RAM, etc. Also keep in mind all of the data you are sending out in the clear via your cloud storage, SMS/IM, WiFi, etc.
So in the end, just pick a ROM that runs smoothly and you enjoy. Whatever you end up deciding, make absolutely certain to:
- encrypt with strong passphrase (then use cryptfs app to create a shorter lock screen key)
- disable USB debugging
---------- Post added at 06:06 AM ---------- Previous post was at 05:32 AM ----------
JamieFL said:
How do you get your own private key and what does that do? Sorry, I have never heard of this, so I'm sure others are probably also wondering.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
This probably isn't exactly spot on, but here's a rough sysnopsis... When a ROM is built from source, the creator "signs" their creation (i.e. the ROM and the apps within). This way you can be sure that you're indeed getting an official ROM built by AOKP (or whomever) and not by some malicious 3rd party. Likewise, the Android OS uses signatures to ID which files are legitimate and given permission to run (i.e. official updates). However, there have been incidents with custom ROMs when this functionality has been exploited. This could allow an otherwise innocuous seeming app to deploy hidden malware and cloak itself as a legitimate app, gaining full rights to the phone.
A self-built ROM with your own private key is presumably safer against such an attack. I don't think most people would need to be concerned about this, but still something to keep in mind. Unfortunately jcase is spot on about custom ROMs almost always creating or exposing more vulnerabilities than stock. For instance, features like ADB or USB-OTG are often enabled by default. If that wasn't bad enough, in the event that your phone is ever lost/stolen/seized, having a custom recovery installed is pretty much handing over your identity with a bow wrapped on top. It makes it easy for anyone to bypass PIN/password/face/gesture-lock or dump off the entire disk image. Not to mention analysis can reveal your account passwords, WiFi keys, SMS, phone records, photos. Most of these vulnerabilities can be safeguarded against with careful consideration, but you certainly won't get there by default.
dj.houba said:
Thanks, yes, I know about Cyanogen.
Oh you mean GingerBread from Google? This is exactly what I don't want. I want to separate from Google, coz we all know about NSA case. So I thought, there will be some developers, who will try to build some custom ROM and try to eliminate "Big brother" and focus mainly on security.
Click to expand...
Click to collapse
The only way to eliminate the ability of a nation-state interfering in your data would be to not generate any. If they're watching you, then stopping them from watching you isn't going to be possible. So it's better to ensure that when they watch you appear innocent.
Granted, I'm not saying you shouldn't take any precautions. But to truly get away from their snooping you're probably better of without a phone.
fadedout said:
There are some really exciting Android security projects out there... For instance, one awesome function a-la-Truecrypt involves full disk encryption with plausible deniability. You are able to give out a first-layer passphrase if you are coerced - yet a truly private volume remains secure and disguised within the apparent unused portion of the storage disk.
Yet it's unlikely that any of this is relevant to you, otherwise you wouldn't be asking this sort of thing. When it comes to security leaks, try to barricade off the paths of least resistance from the ground up. For instance, even all of that wouldn't do much good if you had forensic evidence of your phone config on your computer, a lockscreen that could be bypassed, a phone seized whilst still turned with encryptions keys remaining in RAM, etc. Also keep in mind all of the data you are sending out in the clear via your cloud storage, SMS/IM, WiFi, etc.
So in the end, just pick a ROM that runs smoothly and you enjoy. Whatever you end up deciding, make absolutely certain to:
- encrypt with strong passphrase (then use cryptfs app to create a shorter lock screen key)
- disable USB debugging
---------- Post added at 06:06 AM ---------- Previous post was at 05:32 AM ----------
Click to expand...
Click to collapse
:good: Excellent advice.
I still wonder if AOSP or any of the bigger custom ROMs without Gapps is truly Google free. I have been browsing the forums for a while on that question but cant really find a good answer. Google free meaning: it doesn't communicate in any way on any moment with Google.
Anyone who can verify that? Has there ever been a XDA'er who researched this? For some it seems an assumption and some think since Android is developed by Google they surely try to analyze even AOSP roms or derivatives.
Liberr said:
I still wonder if AOSP or any of the bigger custom ROMs without Gapps is truly Google free. I have been browsing the forums for a while on that question but cant really find a good answer. Google free meaning: it doesn't communicate in any way on any moment with Google.
Anyone who can verify that? Has there ever been a XDA'er who researched this? For some it seems an assumption and some think since Android is developed by Google they surely try to analyze even AOSP roms or derivatives.
Click to expand...
Click to collapse
It only sends version statistics to Google, and there's a build.prop setting that allegedly disables it (ro.config.nocheckin=1) -- haven't tried it because I'd rather show my pride in Gingerbread
smartymcfly said:
There is a patch that can be applied to other ROMs.
Click to expand...
Click to collapse
What and where is this patch?
I would think you could block all of Google's ip address's in your host file on any rom also.
You could edit the host file before flashing it.

How can I anonymize and secure my Samsung Galaxy as much as possible?

I would like to setup my phone to be able to browse/use apps as anonymously as possible. I realize that will require Tor/VPNs, and I am working on getting that information elsewhere. Here I am focusing on the phone itself.
It will be a new Samsung on Verizon. I would like to anonymize and secure it as much as possible. For example, I know that Verizon and Google are shipping new phones with spyware and other tagging features. I am not very tech saavy (I cant code), but I am a fast learner.
I will be trying to avoid using Google products at all costs (No Play Store, GMail, etc) - except for Android system updates (I assume this is a necessity?). I am willing to do anything, *except*: Replace the OS - it has to be regular Android (Unless someone can show me an add-on/alternative that wont require constant maintenance/detailed knowledge of how a phone OS works), or compromise the basic software so that it become unstable or wont work with basic apps.
I assume rooting is a must - but I will need some direction as to how this can be done safely, and what I will then need to do to keep the phone updated and stable.
Specifically I am looking for:
- How to remove all native spyware/malware/unnecessary apps (without accidentally deleting something critical).
- Remove any features that could ID my device over the internet
- What kind of software/app I need to set up to protect against future malicious software (some kind of anti-virus/malware scanner?).
- How to most securely encrypt the phone and any data on it (so that if someone was able to get control of it, accessing it's contents without the pass key would be as difficult as possible).
- If necessary, before I web connect it, I could download any apps/programs on another device and trasfer via MicroSD
- Any general tips that might help with this.
Thank you.
EDIT: I was originally planning on getting an S8, but I have read that it might have some issues, so I can get an LG G6 or even Galaxy S7 if it is still preferred for privacy/security.
If you didn't read it, it could be a good start in your search.
https://forum.xda-developers.com/general/security/tuto-how-to-secure-phone-t2960077
VPN!!!!
I think, regular updates with security patches is a must. But if you don't trust your original OS, how can you trust it's updates? I use mokee OS for this reason. And no gapps.
ThirdEchelonSam said:
I would like to setup my phone to be able to browse/use apps as anonymously as possible. I realize that will require Tor/VPNs, and I am working on getting that information elsewhere. Here I am focusing on the phone itself.
It will be a new Samsung on Verizon. I would like to anonymize and secure it as much as possible. For example, I know that Verizon and Google are shipping new phones with spyware and other tagging features. I am not very tech saavy (I cant code), but I am a fast learner.
I will be trying to avoid using Google products at all costs (No Play Store, GMail, etc) - except for Android system updates (I assume this is a necessity?). I am willing to do anything, *except*: Replace the OS - it has to be regular Android (Unless someone can show me an add-on/alternative that wont require constant maintenance/detailed knowledge of how a phone OS works), or compromise the basic software so that it become unstable or wont work with basic apps.
I assume rooting is a must - but I will need some direction as to how this can be done safely, and what I will then need to do to keep the phone updated and stable.
Specifically I am looking for:
- How to remove all native spyware/malware/unnecessary apps (without accidentally deleting something critical).
- Remove any features that could ID my device over the internet
- What kind of software/app I need to set up to protect against future malicious software (some kind of anti-virus/malware scanner?).
- How to most securely encrypt the phone and any data on it (so that if someone was able to get control of it, accessing it's contents without the pass key would be as difficult as possible).
- If necessary, before I web connect it, I could download any apps/programs on another device and trasfer via MicroSD
- Any general tips that might help with this.
Thank you.
EDIT: I was originally planning on getting an S8, but I have read that it might have some issues, so I can get an LG G6 or even Galaxy S7 if it is still preferred for privacy/security.
Click to expand...
Click to collapse
Assuming you are just talking about general privacy and security, then you are in with a chance to minimise data available to Google etc and be largely secure. If you are trying to prevent the likes of the NSA then you have no chance. At the very least your cell provider will know somethings about you (you have to show id in the US don't you?)
Without going to extremes as in the first link below and ending up pretty much with a dumb phone your best bet is to follow something more like this
https://privacytoolsio.github.io/privacytools.io/
As for security you can "harden" your system, there are some good threads etc on this. Or you could just buy a phone that is already hardened see Copperhead OS.
You are your phones best security, but I would say EVERYONE is fallible and could be tricked into opening a malicious email etc under the right circumstances so you should run a good antivirus, it may just save you one day. However they are not even 100% against all known malware let alone future ones or other exploits, it's just another layer of defence. Keeping your phone up dated with monthly security patches is probably your 2nd best defence after you! At some point you are trusting whoever provides your OS, network and any apps installed. Then of course this level of security must extend to all your devices that may link to your phone, no good running a router which doesn't get regular firmware updates, just this week all Linksys ones were found to be vulnerable, before that some Netgear ones, before that ....
Even using TOR does not guarantee anonymity as the NSA, GCHQ etc have been able to identify users in several ways, and no doubt still can, but it is the best way, though can be slow
Use your phones built in encryption, though this only works on a looked phone, anyone can see your data if they lack it up unlocked, or if using remote admin. Using an app to encrypt folders/files can prevent a local person viewing saved files though.
Rooting & removing bloatware would certainly help reduce data "leaks", but it has it's own risks and will void your warranty (though not up to date on S8 & tripping knox etc or on unlocking bootloaders on Verizon phones as I'm not in the US.) If it was me I'd buy an older model that has great support on xda & that you know you can unlock bootloader/root which has a good choice of roms from reputable devs that release monthly security updates quickly & then get a limited set of apps from fdroiod or similar.
whirlpool95 said:
VPN!!!!
Click to expand...
Click to collapse
But be choosy!
https://blog.csiro.au/tinker-torrentor-streamer-spy-vpn-privacy-alert/
(some vpn's are named in the full report, link at bottom of page)
Yea just don't use the internet on your phone, that's my advice .

How can I secure my S7 as much as possible, short of a custom ROM

Ok, so I'm a little new to this. I am pretty much unfamiliar with root (I've only done it once, a few years ago, on a completely different kind of device, via KingoRoot without even having to plug in to a PC), but I am very good at following directions/making sense of tutorials . But recently I have have become very aware of privacy concerns, and I realize that the form my phone is in now is very insecure.
But I'm a little confused by "rootable" vs "unlocked bootloader"
So, I though I understood these terms, but apparently I don't. I thought that *root access* was an admin level (the highest), and that it required an unlocked bootloader to achieve it. However, my device, Galaxy S7 US version, is supposedly rootable(https://forum.xda-developers.com/tm...eres-how-rooted-nougat-s7-edge-g935t-t3567502), but does not have an unlocked boot-loader, like the international/Exynos version, that would allow you to install a custom ROM. How is this possible?
Either way, I cannot use a custom ROM, since none of the even remotely trustworthy ones (Copperhead, Lineage, Replicant) work on the US version.
So, if I am stuck with Samsung version android, what else can I do (If any of these are possible, a little direction or at least a link to a good guide would be very helpful)?
- Without an unlocked boot loader, can I still remove all GAPPS and bloatware?
- Can I remove Googe Play Services and replace it with MicroG, and still use the apps with the Play dependency?
- Is Xposed/Xprivacy an option? (Are these still considered safe?).
- If not, how can I get the most specific control over device processes: being able to see and control permissions for each app, moniter all incoming/outgoing data stream (everything apps send to other parties/devices and what they receive),
- Any possibility for a firewall?
I realize that this is asking a lot, but Reddit was thoroughly unhelpful, so I throw myself at your charity.

Dangers of rooting

Hi,
I just bought a Oneplus 6 256gb version and now I'm thinking about rooting it for the likes of adaway and lucky patcher.
But what exactly are the dangers? I researched quite a while but I'm still not sure if it's safe enough. I am only planning on rooting, so no custom rom. So a few questions here:
1. Can I still update Oxygen OS after root? Would I need to reinstall Magisk (root) if yes?
2. Is it really that unsafe to use banking apps with a rooted device?
3. Anything else that affects a phone with root in a negative way?
I have rooted my old galaxy s5 quite a bit, so I know how to not brick my phone. So, yes, I know I could potentially brick it if somethings goes wrong.
Thanks for the help.
Elekted
You can update while rooted but you will have to reflash the Magisk zip as the new update will install the stock boot.img and Magisk patches the boot image. So with a stock boot image, you will need to flash Magisk again for root.
On the banking apps, yes. I do not use banking apps on my phone, but I use Android pay. The reason being, is I have a friend that works for Chase Bank in the fraud department for mobile devices. He said the risk is when you are adding a credit card to the Android app, never in using the app to make a payment as they generate a token for the specific amount of that transaction and they use a ID and not your credit card number in the transaction.
And nothing will affect your phone negatively unless you do something to cause the issue. It's virtually always user error. Know what you're doing and if your new to modding, don't be a guinea pig or early adopter. Let others who know what they are doing and report on what works and doesn't. That's the best advice I can give you.
1. You can upgrade your Oxygen OS but u will lost your root Xposed etc.
2. If you know all application installed in your phone and you know who published it, then it will be safe (don't install such like *Free Minecraft Giveaways* lol)
3 .Oneplus is NOT Samsung. Unlock and root your phone will not cause permanent negative effects.
Another thing to be aware of is that unlocking the bootloader (not the rooting) will cause your devices widevine security level to go down. This means netflix/amazon video will be limited non HD resolution. You can still cast the video to your tv at HD or higher resolution though.
Does this also affect youtube and all other streaming devices or just amazone prime and netflix?
@Eric214 thank you for the quick response. With negative effects i was thinking battery, security or other issues. Or how peltus mentioned the issue with widevine. Are there any other apps i can't use anymore after root or limitations?
peltus said:
Another thing to be aware of is that unlocking the bootloader (not the rooting) will cause your devices widevine security level to go down. This means netflix/amazon video will be limited non HD resolution. You can still cast the video to your tv at HD or higher resolution though.
Click to expand...
Click to collapse
I assume that's to try to prevent people from ripping data from a video stream and pirating/distributing it?
That's why I only bought netflix with the intention to use it on my TV when I'm bored of all the stuff I've downloaded on my computer lolol
Elekted said:
@Eric214 thank you for the quick response. With negative effects i was thinking battery, security or other issues. Or how peltus mentioned the issue with widevine. Are there any other apps i can't use anymore after root or limitations?
Click to expand...
Click to collapse
You can use Android pay with Magisk but if you install Xposed, you will fail safety checks
1.
It's really easy with A/B... You install the update, automatic or manual via the system updater. Then BEFORE rebooting, you install Magisk again to the inactive slot. Reboot, that's it. I never had such easy updates before.
2.
When rooting a phone, you usually read the details and how all this works. You keep your phone up to date. Every app requesting root rights needs your confirmation. Look before acknowledging and use reliable sources especially for apps requiring root. But with root, you can use an adblocker, a low level firewall, a good backup software and more to keep yourself away from risky content behind banners.
3.
You can relock the bootloader and flash the stock image and the phone is in its original state.
Beside that, if you do not use Xposed, with Magisk Hide I did yet not find an app which refused to work on my phone. Also Android Pay does work.
akxak said:
1.
It's really easy with A/B... You install the update, automatic or manual via the system updater. Then BEFORE rebooting, you install Magisk again to the inactive slot. Reboot, that's it. I never had such easy updates before.
2.
When rooting a phone, you usually read the details and how all this works. You keep your phone up to date. Every app requesting root rights needs your confirmation. Look before acknowledging and use reliable sources especially for apps requiring root. But with root, you can use an adblocker, a low level firewall, a good backup software and more to keep yourself away from risky content behind banners.
3.
You can relock the bootloader and flash the stock image and the phone is in its original state.
Beside that, if you do not use Xposed, with Magisk Hide I did yet not find an app which refused to work on my phone. Also Android Pay does work.
Click to expand...
Click to collapse
Thank you that i exactly what i wanted to know. Guess im going to root my oneplus then.
This phone seems pretty brick-resistant. Lots of people getting into bootloops, but fixes are easy. I haven't seen a single hard-brick yet.
OP provides a tool for getting out of major errors, and it seems to work well.
iElvis said:
This phone seems pretty brick-resistant. Lots of people getting into bootloops, but fixes are easy. I haven't seen a single hard-brick yet.
OP provides a tool for getting out of major errors, and it seems to work well.
Click to expand...
Click to collapse
What tool is that?
Elekted said:
What tool is that?
Click to expand...
Click to collapse
https://forum.xda-developers.com/oneplus-6/how-to/tool-msmdownloadtool-v4-0-international-t3798892
I have not used it, but many people have reported good results.
iElvis said:
https://forum.xda-developers.com/oneplus-6/how-to/tool-msmdownloadtool-v4-0-international-t3798892
I have not used it, but many people have reported good results.
Click to expand...
Click to collapse
Thanks, nice to have that in case thing goes wrong.

What's really at stake if rooting an older phone?

My phone is 5 years old, and hasn't had any OTA updates in years and its got no warranty. Apparently my older version of Android 8, isn't recognized as much and I'm starting to encounter more and more Play store apps that want a newer version of android and refuse to load. Hence I had to learn how to sideload stuff which is really annoying.
After a quick google search I learned you can root your phone and there is an Android 11 image called Lineage OS 18.1 ... which sounds pretty sweet. BUT after additional searches, I'm reading so many cons about rooting a phone. If bricking it isn't a concern, and I don't have a warrantee to void. What's at risk? I was probably going to buy a new phone anyways but now I'm intregued with this rooting process and wondiering if it might buy me time on a older phone that still works amazingly well. Why replace it if it still works, it just needs new software.
Questions: If I install Lineage OS 18.1 successfully...
Will the Play Store and Apps continue to update, or will I stop receiving notifications regarding available updates? Or am I forever stuck with sideloading?
If I don't install G Apps is this bad? I don't use stock Google Apps, I've opted to use the Microsoft equivalent like Outlook for email and calendar... or do I still need to install Google Apps to gain the ability to layer Microsoft products on top?
Why is there so much negative talk about malware infection with rooted phones? If I'm not downloading and installing apps constantly, the risk would still be no more threatening than it is now correct?
Are there any apps that would realize the phone is rooted and refuse to run? Some searches told me that security apps may not like a rooted phone. Does rooting it affect Microsoft Authenticator app?
Lastly, if I only want to pick and choose specific G Apps - can you install only the ones you need? or do they come all bundled together?
Thanks in advance,
What's really at stake if rooting an older phone?​
Click to expand...
Click to collapse
Ii is easy to answer:
Pro: Complete Control Over Your Device​
One of the most significant benefits of rooting your Android device is the ability to have complete control over it. You can remove any pre-installed apps that you don’t need, customize the look and feel of your device, and control every aspect of its performance. With rooting, the possibilities are endless, and you can make your device truly your own.
Con: Risk of Bricking Your Device​One of the most significant risks of rooting your Android device is the potential to brick it. Bricking is when your device becomes completely unusable due to a software malfunction. If you’re not careful, you can render your device useless. However, if you follow the instructions carefully and take the proper precautions, you can minimize the risk of bricking your device.
Speed up older Android hardware with a custom ROM​
Click to expand...
Click to collapse
Installing a custom ROM ( or a 3rd-party OS ) allows your device to live a second life, provided you can stomach the somewhat lengthy process. Custom ROMs become especially useful once your smartphone’s manufacturer stops delivering software and feature updates. Most ROMs are also based on vanilla Android ( AOSP ), which means you get a lighter and faster experience than default manufacturer skins.
Having said that, it’s worth noting that custom ROMs are completely unofficial. Some work perfectly, while others may exhibit bugs and instability - you’ll need to do some due diligence for your specific device model. But don’t worry, here is a guide on how to install Lineage OS, one of the most popular custom ROMs.

Categories

Resources