Privacy Browser is an open source Android web browser focused on user privacy. It is released under the GPLv3+ license. The source code is available from git.stoutner.com.
The only way to prevent data from being abused is to prevent it from being collected in the first place. Privacy Browser has two primary goals.
Minimize the amount of information that is sent to the internet.
Minimize the amount of information that is stored on the device.
Most browsers silently give websites massive amounts of information that allows them to track you and compromise your privacy. Websites and ad networks use technologies like JavaScript, cookies, DOM storage, user agents, and many other things to uniquely identify each user and track them between visits and across the web.
In contrast, privacy sensitive features are disabled by default in Privacy Browser. If one of these technologies is required for a website to function correctly, the user may choose to turn it on for just that visit. Or, they can use domain settings to automatically turn on certain features when entering a specific website and turn them off again when leaving.
Privacy Browser currently uses Android’s built-in WebView to render web pages. As such, it works best when the latest version of WebView is installed. In the 4.x series, Privacy Browser will switch to a forked version of Android’s WebView called Privacy WebView that will allow for advanced privacy features.
Warning: Android KitKat (version 4.4.x, API 19) ships an older version of OpenSSL, which is susceptible to MITM (Man In The Middle) attacks when browsing websites that use outdated protocols and cipher suites.
Features:
Integrated EasyList ad blocking.
Tor Orbot proxy support.
SSL certificate pinning.
Import/Export of settings and bookmarks.
Further information:
News
Changelog and Downloads
Roadmap
Permissions
Privacy Policy
Bug Tracker
Security and Privacy Canary
Mastodon
The standard version is available on F-Droid, Google Play, the Amazon Appstore, and the Galaxy App Store. The free version has all the features of the standard version with the addition of a banner ad across the bottom of the screen. It is available on Google Play, the Amazon Appstore, and the Galaxy App Store.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
One thing I thought I'd mention, using the default html ddg page I get a forbidden message any time I do a search. Using the toolbar works fine though.
Thanks for the app!
blk_jack said:
One thing I thought I'd mention, using the default html ddg page I get a forbidden message any time I do a search. Using the toolbar works fine though.
Thanks for the app!
Click to expand...
Click to collapse
I'm assuming that you are having this problem with the DuckDuckGo's .onion website. If so, this is a bug in their website that I have already tried to submit to them, but so far have not got any response.
https://forum.duckduckhack.com/t/searches-fail-on-the-onion-site-if-javascript-is-disabled/1927
https://www.reddit.com/r/duckduckgo...earches_fail_on_the_onion_site_if_javascript/
There are a couple of workarounds you can use until DuckDuckGo fixes their problem.
1. Set the Tor homepage setting to be https://start.duckduckgo.com instead of https://3g2upl4pq6kufc4m.onion/. The normal website works fine with JavaScript disabled.
2. Use domain settings to automatically turn on JavaScript for https://3g2upl4pq6kufc4m.onion/. You should also set the Tor search to be JavaScript enabled to match.
You might also add your voice to either of the websites above where I submitted the bug report. If enough people mention the problem it will probably get to the person who can fix it.
Problems with the default homepage.
blk_jack said:
One thing I thought I'd mention, using the default html ddg page I get a forbidden message any time I do a search. Using the toolbar works fine though.
Thanks for the app!
Click to expand...
Click to collapse
This problem will be fixed in the next release of Privacy Browser by changing the default homepage to https://duckduckgo.com/?kao=-1&kak=-1, which works with both JavaScript enabled and disabled. See https://www.reddit.com/r/duckduckgo...hes_on_startduckduckgocom_fail_if_javascript/ for more information.
So, this browser starts in an incognito or..?
Privacy Browser Defaults
Freddy1X said:
So, this browser starts in an incognito or..?
Click to expand...
Click to collapse
Privacy Browser starts with the following defaults, which can be configured on-the-fly, by domain, or globally:
JavaScript disabled.
First-party cookies disabled.
Third-party cookies disabled.
DOM storage disabled.
Form data disabled.
Incognito mode is off by default, but can be turned on in the preferences. Incognito mode clears the history and cache after each webpage finishes loading.
There is also a Clear and Exit button, which clears all cookies, DOM storage, form data, cache, and removes Privacy Browser from memory.
How to switch tabs ?
jerryn70 said:
How to switch tabs ?
Click to expand...
Click to collapse
Tabbed browsing is not yet implemented. See the roadmap for more information.
Privacy Browser 2.5 has been released.
Changelog:
• Add SSL certificate pinning to domain settings.
• Add searx.me to the list of search engines.
• Update the default homepage to work with both JavaScript enabled or disabled.
• Fix a bug that caused the website title to be lost on rotate.
• Ghost the “Clear DOM Storage” options menu item if there is nothing to delete.
• Use non-bolded red text to indicate unencrypted websites.
• Fix a bug that sometimes caused custom domain user agents to fail.
• Fix a bug that caused website modifications (like the sorting of a list) to be lost if Privacy Browser was moved to the background.
• Many small improvements were made to the Domains activity.
• Updated Italian translation provided by Francesco Buratti.
• Updated Spanish translation provided by Jose A. León.
There is a blog post with more information about the new features.
Privacy Browser 2.6 has been released.
Changelog:
• Add night mode rendering.
• Update the dark theme rendering of the About and Guide sections.
• Add support for HTTP authentication.
• Color code the Common Name in the view SSL certificate dialog.
• Updated Italian translation provided by Francesco Buratti.
• Updated Spanish translation provided by Jose A. León.
There is a news post with more information about each of these items.
Awesome privacy browser..I have already purchased it from google play store. Please add tabbed browser option.
Please update it soon.
Tabbed Browsing
nausha7 said:
Awesome privacy browser..I have already purchased it from google play store. Please add tabbed browser option.
Please update it soon.
Click to expand...
Click to collapse
nausha7, I'm glad you like it.
Tabbed browsing will be part of the 3.x series. You can read the roadmap for more information.
Privacy Browser 2.7 has been released.
Changelog:
• Add a bookmarks drawer that is accessed by sliding from the right.
• Prevent Night Mode from flashing a white background when loading new pages.
• Update the user agents.
• Bump target API to 26 (Android Oreo, 8.0.0).
• Updated Italian translation provided by Francesco Buratti.
• Updated Spanish translation provided by Jose A. León.
There is a blog post with more detailed information about the changes.
How is webRTC IP leaks handled?
WebRTC
m0d said:
How is webRTC IP leaks handled?
Click to expand...
Click to collapse
Privacy Browser currently uses Android's WebView to render web pages. WebView does not provide any controls over WebRTC, which is a privacy problem.
WebRTC requires JavaScript. By default, JavaScript is disabled in Privacy Browser. So when browsing the web with the default settings, WebRTC will not function and will not leak a user's IP address.
In Privacy Browser, JavaScript may be enabled on the fly or automatically by domain. Because of risks like WebRTC, users should only enable JavaScript for domains they trust.
In the 4.x series, I plan on forking Android's WebView to make Privacy WebView. I will then add WebRTC privacy controls, which will allow a user to disable WebRTC even when JavaScript is enabled.
https://redmine.stoutner.com/issues/62
https://www.stoutner.com/category/roadmap/
Hello! I first download Privacy Browser from F-Droid, then bought in Play store. Updates first appears in Play store, but I haven't update option, only uninstall.
Is it possible to update app installed from F-droid by Play store, or I have to uninstall F-droid version and than install Play store version? Is it possible to keep setting or export and import them?
APK Signatures
CubaoX said:
Hello! I first download Privacy Browser from F-Droid, then bought in Play store. Updates first appears in Play store, but I haven't update option, only uninstall.
Is it possible to update app installed from F-droid by Play store, or I have to uninstall F-droid version and than install Play store version? Is it possible to keep setting or export and import them?
Click to expand...
Click to collapse
Android will only let an app update if the signature on the new APK matches the signature on the currently installed APK. The APKs on Google Play, XDA Labs, and stoutner.com are all signed with my personal key. The APKs on F-Droid are built from source by F-Droid and signed by their key. I believe that the Amazon Appstore strips my signature from the APK I upload to them and applies their own signature, but I have not taken the time to verify that is the case.
As such, when Privacy Browser is installed from Google Play, XDA Labs, or stoutner.com it can afterwords be updated using APKs from any of these three locations. Note, however, that Google Play will only offer to update Privacy Browser if the signature matches and the Play Store database indicates the user has purchased the app through them. I would imagine that XDA Labs performs a similar check, but I have not verified that such is the case.
Because F-Droid builds the app from source there is a delay between when a new version is released and when it becomes available on F-Droid. Some information about the current status of the build can be found at:
https://f-droid.org/wiki/page/com.stoutner.privacybrowser.standard
See also this forum thread:
https://forum.f-droid.org/t/is-the-f-droid-build-process-currently-broken/195
It is not currently possible to export and import settings, but that is a planned feature that will likely be implemented in the next few months:
https://redmine.stoutner.com/issues/23
https://www.stoutner.com/category/roadmap/
Of course, if you have root access, you can use a program like Titanium Backup to backup and restore the bookmarks and settings.
It is also now possible to get F-Droid to include the original APK with my signature on their platform using reproducible builds. As far as I know this was not an option when I first uploaded Privacy Browser to F-Droid. Switching to it now would cause difficulty for those who already have Privacy Browser from F-Droid installed because they would no longer be able to update. So at a minimum I would want to have the ability to backup and restore bookmarks before implementing reproducible builds. Also, there is some infrastructure that would be required. I have not made a complete decision about reproducible builds for F-Droid, but it is likely that at some point in the future I will implement them.
https://f-droid.org/docs/Reproducible_Builds/
https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds
Thank You for answer. So now I'm really waiting for import/export option!
CubaoX said:
Thank You for answer. So now I'm really waiting for import/export option!
Click to expand...
Click to collapse
The next release, version 2.8, will likely be the last release in the first half of the 2.x series. Version 2.9 will move to the second half of the 2.x series and introduce the dangerous file permissions. Once those permissions are added, the features will be implemented to make the default download location public, allow uploading of files to webpages, and export and import of bookmarks and settings, likely in that order.
Privacy Browser 2.7.1 has been released.
Changelog:
• Fix a crash when editing a bookmark in the new bookmarks drawer.
There is a blog post with further information.
Related
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
BitDefender Mobile Security (BETA) is a next-gen security solution for Android devices focused on little (to zero) system or battery impact while providing access to a number of security functions in order to help you have a safer and more informed Android experience.
Currently in BETA, we’re aiming at validating a small array of features while, in background, we’re working hard on adding a host of new functionalities to add extra layers of security for your device. Our main focus is to provide as much as possible while sticking to a very strict policy in terms of performance and battery impact.
Key Features:
- Very small battery or performance impact
- On-demand malware scanner, relying fully on Cloud technology (read: no updates required)
- On-install scan - a hook on the application install event allows us to scan each application the moment it gets installed
- Security Audit - Have you ever wondered how many applications installed on your device have been granted permission to access your private data ? Or connect to the internet ? Or send text messages ? The Security Audit screen grants you the possibility to have an overview on what applications match various permissions.
FAQ:
Q: Where do I send my compliments, suggestions, bug reports and feedback ?
A: http://bdmobilesecurity.betaeasy.com
Q: Will BitDefender Mobile Security work on my device?
A: BitDefender Mobile Security works on any device running Android 2.0 and up.
Q: Does BitDefender Mobile Security require an Internet connection?
A: The application needs to communicate with the BitDefender servers in order to determine the security status of the applications which are being scanned. Therefore, it only connects to the Internet when an on-install or on-demand malware scan is performed.
Q: How will BitDefender Mobile Security impact my device’s performance and battery autonomy?
A: The impact on both parameters is very low because the application only runs when it absolutely has to - during on-install or on-demand scans and when you are browsing the application interface. BitDefender does not run in the background when you call your buddies, type a message or play a game on your device.
Q: I have A LOT of apps (and a not so powerful phone). How long will a scan usually take ?
A: It doesn’t matter how powerful your phone is since all the processing is done in the cloud. It took about 30seconds on a device with roughly 100 apps installed during our tests
Q: What does the Security Audit tell me about the applications I installed?
A: By tapping Security Audit in the application interface you can see the permissions required by each of the applications installed on your device. The permissions are grouped into three categories and you can filter the applications using any combination of the three:
- applications that require Internet access.
- applications that require access to sensitive data such as your contacts, messages, calendar entries or photo gallery.
- applications that may produce additional charges on your phone bill by sending messages or initiating phone calls.
Q: What kind of information can I see in the Event Viewer?
A: BitDefender Mobile Security keeps a log of all important actions, status changes and other critical messages related to its activity. You can access this information at any time by tapping Event Viewer in the application interface.
Screenshots:
Full album on imgur: http://imgur.com/a/1oJvi
Download http://m.bitdefender.com or from the Android market https://market.android.com/details?id=com.bitdefender.security
Since yesterday, the Bitdefender Mobile Security for Android application benefits from 2 new key features: Anti-Theft and SD Card Scanning. All the current installations will benefit from this update automatically through Android Market. Right now, Bitdefender Mobile Security sports the following functionalities:
On Demand Anti-Malware scan for the installed applications and SD Card
On install scan for applications
On mount scan for SD Card
Privacy Audit - detailing key permission-related information about installed applications
Web Security - preventing access to dangerous web content (phishing, malware, etc) by making use of the Bitdefender cloud
Anti-Theft - allowing the remote locate or wipe of a device
Anti-Theft:
In the simplest of terms, the user only has to link the device with his (or her) Bitdefender account. Once that's set, when accessing https://my.bitdefender.com, the device will be present in his "Mobile Security" area and the "Remotely wipe" and "Remotely locate" buttons will be available, as in the screenshot below
2) SD Card scanning is also a new function added in this release. Whenever an on-demand scan is performed, BMS will also check the SD Card for apps that may pose a threat to the system. Optional, the SD Card will also be scanned "on-mount" (whenever a new sd card is inserted or mounted after being connected to a computer)
Right now, the application has over 60 thousand total installations with an average of 4.4 stars rating on Android Market.
If you have any questions, don't hesitate to ask here or via private message.
Hi, i've just installed this app, i've created mu account on bitdefender website, now i think i was suppose to assigned my phone to my account...i just don't find the place to do it...can anyone help me out?
Thx
Hello,
Sorry for my late response. You can do like this:
On your Android device, start Mobile Security and click on the Anti-Theft button (the 4th button). Then, click on the Login button and enter the username and password from my bitdefender.
There you go.
Hi, thank you for the reply, well i've done that and i allways get Login failed even though i enter my credentials correctly...
For the moment there is a problem with the Bitdefender cloud servers. I will post further informations later.
okay, thank you once again, will wait for an update
It's up and ready now.
Sorry for the inconvenience.
thank you, login worked
Was looking at this, but I am still torn on whether or not Mobile Antivirus does anything beneficial or just wastes batteries.
ddemlong said:
Was looking at this, but I am still torn on whether or not Mobile Antivirus does anything beneficial or just wastes batteries.
Click to expand...
Click to collapse
the day your phone gets a virus will be the day you will regret asking this question. its better to be safe than sorry. (im not assuming that you dont have mobile security; im just saying this because i just am )
and apps like this hardly waste battery. even if they do, it doesnt hurt to charge your phone
sweetnsour said:
the day your phone gets a virus will be the day you will regret asking this question. its better to be safe than sorry. (im not assuming that you dont have mobile security; im just saying this because i just am )
and apps like this hardly waste battery. even if they do, it doesnt hurt to charge your phone
Click to expand...
Click to collapse
Well, when they find an actual Virus, I will definitely get one. Until then I think just watching what u install is doing to do just as good as long as Google still manages the market and controls remote delete.
Just 10-20mb of ram running in the background all the time is a little much.
Bitdefender Mobile Security doesn't run actively. So, it doesn't occupy the resources all the time.
Also, Bitdefender Mobile Security doesn't scan only for Android viruses but also searches for Windows viruses which can affect your PC when you connect your phone at it.
The Android viruses can do a lot of "damages" (visible or not):
- access your phone functions: send SMS, make calls;
- access your privacy: search for accounts from Google, Facebook etc.
- access your email messages and so your personal things can get to a possible "hacker"
- etc.
I have a Motorola Milestone with only 256mb ram and Bitdefender Mobile Security doesn't affect the performance of my phone.
If you login to mybitdefender using your Gmail acct what is your user name and password? I tried my email address and the password associated with it and it tells me that login failed...
Hello All,
It gives me great pleasure to announce that as of today, Bitdefender Mobile Security has been updated with new features along with several bugfixes. All Bitdefender Mobile Security users should receive notifications from their Market application and will be able to easily upgrade to the latest version. If there are still people who don't have it installed, you can get it here or by scanning the QR Code below
The current list of features included in BMS is
- NEW!!! Remotely Lock the device
- NEW!!! Remotely make the device play a sound
- NEW!!! Remotely send a message to the device
- Remotely locate the device
- Remotely wipe the device
- On-demand (and fully cloud accelerated) malware scanning for all installed applications and SD Card contents
- On-install scanning for each newly installed app
- On-Mount scanning for SD Cards in order to make sure no malware is transmitted when the device is connected to a PC
- Security Audit - outlining and classifying the applications based on the granted permissions
- Web Security - seamlessly integrated with the Android Default browser, providing cloud-based phishing and fraud protection
- Little to zero battery impact. Bitdefender Mobile Security is currently ranked as being the lightest and with the least (not sensible) impact on the device's battery performance
What's next ?
- OAUTH support in order to allow all Android users to login into MyBitdefender by using their already linked Google account
- BETA EXIT & Feature splitting into Free and Premium (more details on this soon)
Known Issues:
- The Antitheft section isn't protected (yet). We're considering adding support for password protecting the application or just the anti-theft module
- The interface is starting to get a bit cluttered. We've started talks with the UX/UI team(s) in order to adjust the interface and beautify it a bit
Here are some screenshots with the new features available through MyBitdefender (our ongoing thanks to the MyBitdefender team for their continued support)
Login not working
Login isn't working for me. I did exactly as described - created an account, then inserted the credentials in bitdefender mobile but to no avail - error message: login failed.
Would be nice if you could help!
Love this app but the malware scanner is not working on my 3g moto xoom. it starts the scan but when it gets to querying the server it fails. it said to check my Internet conn. but have tried 3g an wifi, same result. any ideas?
- NEW!!! Remotely Lock the device
- NEW!!! Remotely make the device play a sound
- NEW!!! Remotely send a message to the device
The new features are not appear in my.bitdefender.com , why?
thanks
Frogkiller
Did you activate the options in the installed application?
Sent from my Optimus 2X using xda premium
m0fizor said:
Did you activate the options in the installed application?
Sent from my Optimus 2X using xda premium
Click to expand...
Click to collapse
Yes
Figured out where is the problem is in the my.bitdefender.com
If I switch from Portuguese to English as everything appears
Privacy-Focused, Open-Source apps alternatives & unwanted content blocking
Useful apps, alternatives, solutions, unwanted content blocking - discussion and ideas
Additional Information:
If you use xda app It's recommend to launch this thread in browser - BBCode doesn't work properly. I used it a lot...
I created thread for everyone that want to use some apps alternatives which may be better for your privacy.
I'm not paid, I don't promote any apps or products I don't suggest anything (e.g. these apps are bad), I just share information from what I or others found.
You choose what apps you use, I'm not responsible for any of them or for influence on your choice.
You choose what you block and what is "unwanted content" for you.
I do it in my spare time, so do not expect everyday updates and fast news.
Apps Alternatives for the most common solutions
of course, there are more, here I picked only some of them, for people who don't want to search whole internet and read separated articles.
You may also make a glance into post #6 for lightweight apps collection prepared by HemanthJabalpuri
If app pledges to respect privacy I write green RP
If app needs root (super user) permission to work I write red SU (It doesn't include additional features after granting) because you have a choice
If app uses root for additional features, that are not required I write orange SUF
If app is open source I write blue OS (check I want something more if you want know what role it plays)
If app is "pay to use" I write yellow PTU It doesn't include in app additional purchases, because you have a choice to use basic form or more advanced.
If app has additional features paid I write orange PF
Keyboards:
AOSP keyboard - often included in aosp-based os. [ OS ]
show image
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
AnySoftKeyboard - really good customizable keyboard with language packs and gesture typing support [ OS ]
show image
SMS & MMS:
Silence - messaging app with encryption [ OS ]
show image
Video Conferences:
Jitsi Meet - encrypted meeting app [ OS ]
show image
Browsers:
Firefox - browser with add-ons that may help you. If you think, that Firefox is slow especially on android, check
this version Helpful add-ons: NoScript, Ublock Origin, privacy badger, privacy possum, decentraleyes [ OS ]
show image
Onion Browser
Mail:
Tutanota - free e-mail app with encryption [ OS , PF ]
show image
ProtonMail - free encrypted email service, free plan is worse than tutanota's one but someone may find it better [ OS , PF ]
K-9 Mail - POP IMAP Mail Client [ OS ]
FairEmail Client [Downloads from F-droid or playstore]
Chat:
Matrix is an open source project that publishes the
Matrix open standard for secure, decentralized, real-time communication, and its Apache licensed
reference implementations.
Click to expand...
Click to collapse
I got quote from their site additional info: you can either host your own or use public ones.
Element - most advanced client of matrix server [ OS ]
show image
If you don't like elements look, you can use other client like Fluffychat but there are not all features available. Add this repository to F-droid or Aurora Droid to download, or download it from play store[ OS ]
show image
Pattle - other matrix client [ OS ]
show image
MiniVector - other matrix client [ OS ]
show image
Tensor - other matrix client [ OS ]
Rocket.chat - encrypted chat [ OS ]
aTox - TOX client - encrypted p2p chat [ OS ]
Briar - encryped p2p chat [ OS ]
Jami - encryped p2p chat [ OS ]
App store:
F-droid - AppStore.
"F-Droid is a robot with a passion for Free and Open Source (FOSS) software on the Android platform. On this site you’ll find a repository of FOSS apps, along with an Android client to perform installations and updates, and news, reviews and other features covering all things Android and software-freedom related."
Click to expand...
Click to collapse
- got this quote from their site so if you want to search for open-source apps for android, check their repository, and everything from there should be open-source! [ OS ]
show image
Aurora Droid - F-droid but with additional features, with other UI. If you want to download, scroll down and choose direct apk download [ OS ]
show image
Maps and Navigation:
OSMAnd Maps and navigation (can be offline) [ OS ]
show image
Calendar:
DAVx⁵ synchronized calendar [ OS ]
Social:
New Pipe - YouTube, SoundCloud replacement with additional features. [ OS ]
show image
SlimSocial - other Facebook client
Notepad & To-Do list:
Notepad [ OS ]
OpenTasks - Advanced To-Do list [ OS ]
Launcher:
Lawnchair - simple similar to pixel launcher [ OS ]
show image:
Privacy protecting apps:
Xprivacy - choose to successfully block permission and spoof data [ SU , ]
show image
XprivacyLua - continuation of Xprivacy for newer android. [ SU , PF , ]
show image
Exodus - Show trackers and permissions from other installed apps (inbuilt in Aurora store) [ OS ]
TrackerControl - allows users to monitor and control the widespread, ongoing, hidden data collection in mobile apps about user behaviour ('tracking'). [ OS ]
Warden - app from the developer of Aurora Store that lets you disable trackers/loggers [ SU, OS ]
ClassyShark3xodus - Checks apps for code signatures of known trackers (provided by Exodus).Also can list all classes for launchable (via the app drawer) packages. [OS]
Multimedia:
VLC - media player [ OS ]
show image
e-book Reader:
KOReader [ OS ]
Alreader - I have to check if it's open source, but it "respects privacy" RP
[/list]
Unwanted content blocking
include: Ads, adware, malware, pornsites blocking
For rooted devices
Adaway app where you can add external hostlists and whitelist/blacklist your choices. It supports Wildcard characters * and ?.
For not rooted devices
Blokada App
AdGuard
Self hosted vpn with set pihole as a DNS check Want know something more? if you want know how it works
Host Lists
Steven Black Steven Black Host (in different variants)
Energized protection (in different variants)
Cryptocurrency digger blocker
"Peters love"
Dans Pollocks host file
AdAway host file
MVPS
HP Host
Goodbye Ads by Jerryn70
YT ads
Other - list of recommended pi-hole hosts (scroll down), some of them are unfortunately discontinued.
Other package same as above
Source: blokada.org app and projects on github
I want more!
Here will be explanations, sources, experiments and other useful information.
Why using open-source apps are good?
Open-source software (OSS) is a type of computer software in which source code is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software to anyone and for any purpose. Open-source software may be developed in a collaborative public manner.
Click to expand...
Click to collapse
(copied from Wikipedia) So what does it mean for every of us? We are able to check code if there may be something unwanted e.g. trackers. The question is: does anyone really do that? Yeah... However It's better when you can do that and it's not forbidden by license or any law. Now compare it with closed-source, really long, unclear licenses. (Don't understand me wrong - I do not point any of company).
how DNS ads blocking works? - It's really smart. You have to know what is DNS So basically pihole is DNS server which doesn't allow ads servers to be loaded. The problem is that it works in your local network. that's why you have to have VPN. With VPN your internet traffic will be going through your local network, so pihole DNS will be found and ads will be blocked (not loaded). If you want some guide how to set up it, write down here, or just type it helpful things you should know something about: DNS, pihole, pivpn, openvpn, wireguard, raspberrypi, ubuntu server, ssh, port forwarding, unattended upgrades.
Is it possible to flash Linux instead Android? Do Linux preinstalled smartphones exist?
Yes! You should be able to replace android on certain smartphones. Check PostmarketOS and Ubuntu Touch and SalfishOS Write down here if you want some PostmarketOS installation tips for newbies (everything you need you should find in their Wiki page)
There are only three Linux designed phones check Librem 5, VollaPhone and PinePhone. PinePhone sholud have maintain Linux kernel!
OK, I want linux on my phone now! - Check if you have compatible device with Ubuntu Touch or PostmarketOS and proceed with steps in installation guide. You need unlocked bootloader and ADB on your computer
There might be a problem... - Many apps are just WebApps, not fully working, without some features like push notification. Look into OpenStore - official Ubuntu touch appstore and search for what you need.
Tutanota is PF!? What are limitations? - Yes, on their site you have choice to have free account which has some limitations... for now [2020/07.05] 1GB space, one account, one calendar, possibility to log in app to one account. Second thing is you are "forced" to use their app their UI because If I'm not wrong they don't provide POP or IMAP. However it's usable
Other Tips to save privacy
Stay offline when you can. (whenever you don't trust the provider)
Become self-hoster. You can easily and ethically replace some services like online drives, music streaming clients, DNS.
Mix your data, don't allow to be identified by one email, one name, one account everywhere. (Of course if Terms allows)
Use proxies, Onion Routing, VPNs,
Dont' be lazy and read the terms of use, privacy policies when you feel something is wrong. be aware of different types of licenses.
Search for alternatives. There are always some. You can use: https://alternativeto.net to find app with open-source license.
Feel free to suggest what apps may be good for privacy, post your observation, app pros and cons
I collect information in 1st post, and make up "Changelog" in second post.
Sometimes I make mistakes, please forgive me and correct by sending pm.
Important Notice - Since I moved to Linux Smartphone I won't be searching for new android apps, maybe occasionally (and for cross-platform). Then, you can help! I'll update
Changelog
2021.02.22
#8 apps update, #7 mistake corrected, thanks, added tox, briar, jami
2020.12.22
Cosmetic changes, #6 request applied. Added Tips under I want more section. BBCode correction.
2020.11.15
Added FairEmail to the list, Thanks to @mrrocketdog
2020.07.26
Updated Host list - deleted HP host added YT ads
2020.07.25
Updated Riot.im and riotX - they changed to Element. See: https://element.io
2020.07.08
Added OpenTasks, Exodus, K-9 Mail.
2020.07.05
Organized by section like jitsi meet ==> meeting apps, added some pictures, added launcher app, added marks orange r and orange p, assigned marks to known apps, added two quotes about f-droid and matrix.org server, probably something more that I forgot to write here ...
2020.06.27
Updated Energized link, added anysoftkeyboard
2020.06.18
Topic change
2020.05.06
Topic Creation and UI improvements, BBcode "hide" doesn't work in XDA Labs app
stop tracking
Hello
It seems that the technology products produced are in it a tool to track users on different levels. Big guys want to exploit that more because they have many partners that pay for it.
I don't want to be a negative person, but if the technology manufacturer installs an eavesdropping tool or tracks a user through device activities, it's hard to prevent this, instead only may be unused.
Or maybe you say we use some ad blocking software (but we are being followed by another party).
Or accept using and getting used to the things that happen to avoid becoming more negative. :angel:
innguyengia said:
Hello
It seems that the technology products produced are in it a tool to track users on different levels. Big guys want to exploit that more because they have many partners that pay for it.
I don't want to be a negative person, but if the technology manufacturer installs an eavesdropping tool or tracks a user through device activities, it's hard to prevent this, instead only may be unused.
Or maybe you say we use some ad blocking software (but we are being followed by another party).
Or accept using and getting used to the things that happen to avoid becoming more negative. :angel:
Click to expand...
Click to collapse
Thank you for fast reply.
https://forum.xda-developers.com/showthread.php?t=3824168
should definitely be on the list. damn impressive maintainer also , @M66B.
I am also maintaining some apps list, but those are lightweight https://forum.xda-developers.com/t/lightweight-apps.3803885/
For offline working apps, I use the following equation No Internet Permission = 100% secure and privacy-focused
I will give suggestions here too.
BigBrother84 said:
Rocket.chat - encrypted chat
Click to expand...
Click to collapse
you can add OS there (on page it says Why open source? and code on github
BigBrother84 said:
Privacy protecting apps:
Click to expand...
Click to collapse
Can please also add TrackerControl from https://f-droid.org/en/packages/net.kollnig.missioncontrol.fdroid/
Also Warden at https://www.xda-developers.com/warden-open-source-app-aurora-store-disable-trackers-loggers/
and ClassyShark3xodus at https://f-droid.org/en/packages/com.oF2pks.classyshark3xodus/
Thanks
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
RethinkDNS is an anti-internet censorship tool with DNS-based adblocking and a firewall built-in for Android 6+ devices.
The app itself is free to use and comes with RethinkDNS (previous name BraveDNS) resolver with support custom denylists, allowlists, ability to store DNS logs for later analysis, view those logs consolidated from multiple devices in a single interface and so on: Pretty much a pi-hole in the cloud.
Why'd we build this?
As concerned Android users: It absolutely irks us that people who do care enough about privacy still couldn't use privacy-enhancing apps without requiring a degree in computer science. We saw this pattern unfold multiple times and a lot of tools over the years have done a tremendous job of making niche security tools accessible to naive users. We wanted to further that conversation on Android with a vision for what we think such a tool should look like:
1. Anti-censorship: Enable open internet. DNS over HTTPS (and the imminent ESNI standard) is going to effectively break censorship as implemented in a lot of countries without requiring to route the traffic through VPNs. VPNs (and distributed tech like IPFS and mesh networks like Lantern) are still required in countries that employ Deep Packet Inspection. That's something we'd like to tackle in the near future.
2. Anti-surveillance: Expose apps, their activity logs, network logs, and provide some actionable insights to the users on what they could do next. Exodus Privacy does a good job at statically analyzing an app and laying bare the trackers and permissions in-use, whilst the evergreen NetGuard does ever-so-well in revealing an app's connectivity history. We believe, there's a lot more that can be done than simply firewall an app: For instance, you could disable it, uninstall it, remove its permissions, remove the so-called special permissions (like read notification permission, read SMS permission, read app-usage statistics permission etc). Basically, empower the user with whatever control is available without-root in a neat little interface (think CleanMaster vs using the stock Settings app but being actually effective and not lie).
The current version of RethinkDNS (previous name: BraveDNS) is a start in the direction laid out above partly because we want such an app ourselves and partly because we feel people deserve more such tools, and we hope to build it with this community's input, because god knows we have been wrong plenty when it comes to "what people really want".
As privacy enthusiasts: We were frustrated that if we wanted to use NetGuard we couldn't use another VPN app, or if we wanted to use a DNS changer like Blokada then we couldn't use NetGuard (though, NetGuard + Private DNS feature alleviates the problem on Android 9+). We wanted something that wasn't as restrictive because we knew it could be built and so we did.
Key points:
1. Easy configuration.
2. No root required.
3. Free and open source (forked from Intra).
4. No built-in trackers or analytics.
5. In continuous development.
Current features:
1. DNS over HTTPS (circumvent censorship and prevent surveillance of DNS logs by ISPs and everyone else), DNSCrypt v2 with Anonymized Relays, and DNS over Tor.
2. View DNS logs, including latencies and other metadata.
3. Ad-block through RethinkDNS (previous name: BraveDNS) free resolver and local blocklists.
4. Add your own DNS over HTTPS / DNSCrypt v2 servers.
5. Firewall by app categories.
6. Firewall individual apps.
7. Firewall individual IP addresses.
8. Firewall when apps are in the background (not-in-active-use).
9. Firewall when device is locked.
10. Forward DNS and TCP connections to Orbot (Tor as a proxy).
11. Forward HTTP connections to any HTTP proxy.
12. Forward TCP connections to any SOCKS5 endpoint or to Orbot.
13. Forward DNS connections to any app running locally on-device or any endpoint (either local or on the Internet).
14. [v053g / Sep '21] Firewall when apps bypass DNS (for example, block connections to IPs that apps resolve themselves).
15. [v053g / Sep '21] Pause: Pause the Firewall and DNS for a brief time-period.
16. [v053g / Sep '21] DNS Trap: Proxy all requests made on Port 53 to user-set DNS endpoint (for instance, this traps and redirects all custom DNS requests WhatsApp sends to Google's `8.8.8.8` DNS servers to the DNS endpoint of a user's choice).
17. [v053i / Jul '22] IPv6 support.
18. [v053i / Jul '22] Firewall based on metered (LTE) or unmetered connection (Wifi).
Planned (in order):
0. Custom DNS allowlists/denylists.
1. WireGuard VPN integration.
3. Per-app DNS and VPN (route traffic to multiple VPNs / DNS based on which app is making those connections).
See: github/celzero/rethink-app/feature-backlog.
We can't emphasize this enough: Let us know what you'd like to see us build and more importantly what'd make this tool use-able for other Android users who care enough but aren't as tech-savvy.
If you'd like to contribute, please feel free to send pull requests our way.
Thanks.
---
Source: github/celzero/rethink-app
Website: rethinkfirewall.com
Blog: blog.rethinkdns.com
Twitter: twitter.com/rethinkdns
FAQ: rethinkdns.com/faq
License: Apache 2.0
Download: via RethinkDNS.com | PlayStore | F-Droid.
---
Reserved.
pls add system apps block on firewall, also block domain on dns log and dns server change
Thanks.
System apps: Good catch. We'd look to put that in the coming days.
DNS block button against a domain in the logs: We do plan add that but not sure if it ends up violating PlayStore terms. May be we need two versions, one for f-droid and another for PlayStore like Blokada has.
Can you elaborate what you mean by block domain on DNS server change?
ignoramous said:
Thanks.
System apps: Good catch. We'd look to put that in the coming days.
DNS block button against a domain in the logs: We do plan add that but not sure if it ends up violating PlayStore terms. May be we need two versions, one for f-droid and another for PlayStore like Blokada has.
Can you elaborate what you mean by block domain on DNS server change?
Click to expand...
Click to collapse
block/allow individual domains which are showed by log.
change dns servers just like nebulo app.
also proxy on tor n dnscrypt support like invizible-pro app.
> change dns servers just like nebulo app.
Dnscrypt shouldn't be much trouble to implement but I wonder what extra protection it affords over DNS over HTTPS. That said, I've added it to our backlog.
> block/allow individual domains which are showed by log.
Gotcha but as mentioned before I am not sure if this feature breaks PlayStore terms. Added.
> also proxy on tor n dnscrypt support like invizible-pro app.
Yes! This is something that we want to do next. Once the part with Firewall and DNS is done (our immediate attention is adding missing features and later add support for Android 6+). Thanks for the heads-up: invizible-pro looks great, and exactly the kind of app that we envision to build ourselves.
Is this affiliated in any way with https://brave.com/?
No it isn't affiliated with brave.com.
We won a grant from Mozilla Builders, however; to pursue this, which we are now doing so full-time.
Hello, I am on a stock Pixel 2 XL, Android 10, latest security patches as of August. The app starts and runs, but tapping the start circle does nothing. DNS or Firewall doesn't start.
So this still exposes one's real IP address, yes?
y0himba said:
Hello, I am on a stock Pixel 2 XL, Android 10, latest security patches as of August. The app starts and runs, but tapping the start circle does nothing. DNS or Firewall doesn't start.
Click to expand...
Click to collapse
Strange. This is unlikely related to Pixel or the latest Android Oreo update. Please check if any other VPN app has been set to "Always-on VPN" like-so (also see attached):
1. Settings -> Wifi and internet -> VPN.
2. Click on the sprocket icon against the apps.
3. Check if "Always-on VPN" is check-marked.
Disable that setting (if and only if you do not want that VPN app to be an "Always-on VPN") and BraveDNS should now prompt you for VPN access once you click "Start".
BraveDNS (or any app that requires VPN API access to function) cannot work with other VPN apps in-tandem (especially, not with "Always-on VPNs").
pocholo36 said:
So this still exposes one's real IP address, yes?
Click to expand...
Click to collapse
Yes, BraveDNS isn't a VPN service like ProtonVPN / Mullvad / Lantern etc are. Right now (though we do have plans to add VPN servers like Lantern et al in probably two to three months from today but that'd be only to support anti-censorship and not anonymity). See: https://github.com/celzero/brave-android-app/issues/52 and https://github.com/celzero/brave-android-app/issues/51
We're adding support for SOCKS5 and HTTPS-Proxy in the upcoming release (next week) which would help forward traffic to VPNs (like NordVPN) that support those protocols: https://github.com/celzero/brave-android-app/issues/45
Right now, BraveDNS uses VPN access on-device to change DNS and implement Firewall functionality (similar to what the excellent NetGuard app does).
ignoramous said:
Yes, BraveDNS isn't a VPN service like ProtonVPN / Mullvad / Lantern etc are. Right now (though we do have plans to add VPN servers like Lantern et al in probably two to three months from today but that'd be only to support anti-censorship and not anonymity). See: https://github.com/celzero/brave-android-app/issues/52 and https://github.com/celzero/brave-android-app/issues/51
We're adding support for SOCKS5 and HTTPS-Proxy in the upcoming release (next week) which would help forward traffic to VPNs (like NordVPN) that support those protocols: https://github.com/celzero/brave-android-app/issues/45
Right now, BraveDNS uses VPN access on-device to change DNS and implement Firewall functionality (similar to what the excellent NetGuard app does).
Click to expand...
Click to collapse
I've been looking for an all in one solution. Currently forced to use AdGuard+Nord...
Looking forward to it. Thanks for all you guys do.
Thanks. Nice work.
Unfortunately, it usually comes down to firewall or VPN
Would love to see what you guys do (if at all) to allow third party VPNs
My brief experience with this is not great. Breaks several apps once turned off the app no longer opens so has to be uninstalled to turn it back on. Ad blocking did not seem to function at all.
ignoramous said:
Strange. This is unlikely related to Pixel or the latest Android Oreo update. Please check if any other VPN app has been set to "Always-on VPN" like-....
Click to expand...
Click to collapse
That fixed it. I should have figured as much, but I'm getting too old for this I think. I can't wait until you offer subscriptions! This is brilliant. I hope it's on the up and up though, I'm paranoid so don't mind me.
bladestonez said:
My brief experience with this is not great. Breaks several apps once turned off the app no longer opens so has to be uninstalled to turn it back on. Ad blocking did not seem to function at all.
Click to expand...
Click to collapse
So sorry this app has forced you to uninstall apps in order to use them. That definitely sounds like something went wildly wrong.
Would you please tell us more about the device, the Android version, and probably the list of steps that led to this issue you saw? You could also email us logs or a screen recording at [email protected]
We do know of crashes especially on flaky networks and on network changes, and we would eventually fix those but they have been extremely hard to track-down in production builds to a root cause (due to lack of stack trace / debug symbols for native crashes).
BraveDNS has been in development for a total of 2 months and was released three weeks back. It is a baby app and I fully expect stupid bugs to appear in the wild but cautiously hopeful that we'd fix most if not all.
Re: adblocking:
Adblocking is done exclusively through DNS. If the default endpoint doesn't work, you can point the app to a custom DNS over HTTPS endpoint. https://dns.adguard.com/dns-query is AdGuard's content blocking DNS endpoint. And https://doh.pi-dns.com/dns-query is another volunteer-run content-blocking DNS.
How is this different from adguard?
Using a VPN method to firewall on a rooted device is a no from me (i can totally understand if you use this to increase your userbase to non-root users, but thats not for me), ill stick with Invisible (for DNSCrypt & its ability to load my 19Mb blacklist) and my root firewall for now.
Really need to change the name.
Brave = Brave Browser
A lot of people are going to assume it's a VPN by Brave.
It's like calling it FirefoxVPN.
Hello all,
Recently I got a new phone and installed it using LineageOS + microG. Many Android apps rely on the Google Apps API, but many people no longer trust Google for various reasons. In response to this, microG was created as an open-source re-implementation of the Google Apps API.
The thing is, once you step outside of the Google sandbox, there are a few features you might miss and this thread intends to express my experience moving off the Google network. This is organized with the most important considerations during your transition away from googledom at the top:
Play Store
You're probably used to the Play Store, and you may even use apps that are not owned by Google but where to get them without logging into Google?
Enter F-Droid: a FOSS repository for Android apps. There is an app called "Aurora Store" which connects to the existing Google Play store, but without using the Google app---its just a play-store client!
First, install F-Droid using the APK they provide.
Install Aurora Store using the F-Droid interface from your phone.
Login with an existing Google account or the provided anonymous account.
Then download whatever you want from Aurora and it will come from Google Play.
This is a good time to install your firewall (AFWall+ or orWall) before testing a bunch of apps. Default-deny/explicit allow is the best policy. See the firewall section below.
Contact Sync & Calendar
You can still use Google's storage if you wish, or at least use it temporarily to move to a private DAV server. Install DAVx and follow this guide to (at least initially) sync your contacts and calendar from Google. Then you can use the calendar that comes with LineageOS/AOSP. Non-google Cal/CardDAV servers are available, or your can host your own on something like NextCloud.
Navigation
I'll break this into two parts: Location services and Nav Software:
Location Services
The microG Unified Network Location Provider (UnifiedNlp) is used to find your current latitude/longitude. In addition to your on-phone GPS hardware (which is typically slow to get a location fix), microG uses different backends to discover your lat/long with faster resources such as cell tower signal strength based on known tower locations. See "Apps->microG->Location modules".
nominatim - Converts addresses to lat/long
Uses OpenStreetMap by default
Can optionally use the MapQuest API for address resolution. You will need an API key from MapQuest.
The GSM Location Service (gitlab) can use an OpencellId database to find cell towers. It first downloads a database and can from then on get a lat/long location without Internet connectivity.
Mozilla Location Service: uses Mozilla's online database to find lat/long, requires network connection.
See the Unified Network Location Provider (UnifiedNlp) link for a full listing and detailed description:
AppleWifiNlpBackend - Uses Apple's service to resolve Wi-Fi locations. It has excellent coverage but the database is proprietary.
OpenWlanMapNlpBackend - Uses OpenWlanMap.org to resolve user location but the NLP backend did not reach release-quality, yet. Users interested in a freely licensed and downloadable database for offline use should stick with openBmap for now - Last updated in 2015
OpenBmapNlpBackend - Uses openBmap to resolve user location. Community-created, freely licensed database that can optionally be downloaded for offline operation. The coverage varies from country to country (it's best in central Europe).
MozillaNlpBackend - Uses the Mozilla Location Service to resolve user location. The coverage is OK. Only the cell tower database is free.
LocalWifiNlpBackend - Local location provider for Wi-Fi APs using on-phone generated database.
LocalGSMLocationProvider - Local opencellid based location provider backend. Has been surpassed by LocalGSMBackend which also has an OpenCellID option - Last update in 2014
LocalGSMBackend - Local location provider for GSM cells. It works offline by downloading freely licensed database files from Mozilla, OpenCellID, or lacells.db.
Nav Software
These navigation packages download maps to your device so you can navigate without network connectivity! (Read the text-to-speech section below if audible announcements.)
Organic Maps is the most user friendly, others are more technical:
Navit
OsmAnd
ZANavi
You'll have to try it to see if you like it. If you really prefer the more user friendly features that Google Maps and Waze provide, then I know at least Google Maps will install from the Aurora store will get your location using the UNlp backends from microG (above).
Firewall (requires root):
I've not found anything better than AFWall+. orWall is an option too, but I've not tried it. Drop a comment if you have a firewall you like better. Generally speaking you want to disable all network and then only enable what you need.
By default I disable everything. At a minimum, you probably want to enable these apps:
NTP for time sync
Aurora Store
DAVx
F-Droid
Location:
GSM Location Service (to download cell database)
GSMLocationBackend (to download cell database)
Mozilla Unified Nlp
Nomanatim Geocoder backend
microG Services Core is needed for some location downloads to work (I think...)
Network Manager so it doesn't say "limited connectivity"
Phone and Mesaging Storage for SMS and such.
Text-to-Speech (TTS) Engine
eSpeak will verbialize text which is useful for mapping software annoucements like "Turn right at the next intersection". Without a TTS engine you will not hear any navigation advice. When you run eSpeak the first time go to "eSpeak->menu->General TTS settings" and select "Preferred Engine" and then select "eSpeak" so it will download the voice model.
I find the voice is choppy so in "menu->eSpeak TTS settings" change the speech rate to "80 WPM". This is slow, but then you can go to "menu->General TTS settings" and set the "Speech rate" slider to run at a reasonable speed with less chop. Adjust your language and other parameters to your preference.
Speech-to-Text (STT)
One of the great things Google provides is speach-to-text, but unfortunately there are not many great replacements here, or at least not yet. There are a few projects being worked on:
LocalSTT is a proof of concept to support the microphone button on some keyboards like AnySoftKeyboard.
This page has an en-US build of LocalSTT (.apk) that works on Android 11.
vosk-android-service is a work in progress. Check it often and encourage the developer, it appears to be the first promosing STT option that does not need a network backend to convert speech to text:
Kõnele (github) provides STT service but requires a network server to do the translation. You can setup your own server, and maybe even deploy that server on your phone but I've not tried so post a comment if you get this working.
Keyboards
If you use swipe, then you can try a few alternatives:
OpenBoard
AnySoftKeyboard
Of course you can always install "GBoard" if you need to, just firewall it off
Email
I have found FairEmail to be a great open-source IMAP/POP3 client with a focus on privacy.
SMS
I use Signal from the Aurora store as my default SMS app because the android SMS app wasn't always waking the phone. This is probably a LineageOS bug, though, not a microG bug. The privacy feature is neat if you and your peer are both on Signal, but most of my texts are things like "please bring home milk" so I really don't care about the private text messages. (Of course now that I say that I'll start getting milk advertisements...)
Actually if you have an SMS app that you really like, please post it in the comments. I've never really loved any particular SMS app so something great would be great!
Browser
I'm sure everyone has an opinion on browsers. My favorite is Firefox Mobile and I always install the NoScript plugin so javascript is off by default. It is difficult these days to exploit a vulnerability in a browser, to advertise or to track you without some JS help, so only enable JS for sites you trust. There are many private browsers so I'll let you do your own research.
SafetyNet
See "Apps->microG->Google SafetyNet" because there is an option for it. For now I've been fortunate not to need any apps that need SafetyNet, so untested by me. The microG core does support it, read this article and this ticket for more detail.
Closing Thoughts
So thats about it, the rest is just normal use of your phone the way you normally would. I've been daily driving this config for a while and so far no real issues. GPS works, I can text and make phone calls, and do my occational browsing about the latest Linux Kernel features, maybe lookup a recipe or a HAM radio repeater frequency. It will be interesting to see what the future of microG is, but for now, I like that it gives me greater control of my device.
Cheers,
- Eric, KJ7LNW
Truvark is a modern file encryption app for Android. You might be wondering why building another vault app as there are already a lot of options. The difference is that Truvark is built around security by design and privacy by default. To proof that I take that serious, this is an offline app, it does not have/requests Android's Internet permission. Features like cloud synchronization are not compatible with the mentioned paradigms. However, that does not mean that you cannot sync or backup your data through a third-party app (on your own risk). Read more about (unique) features below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
FeaturesMultiple vaultsYou can create multiple vaults on your device. Any empty folder can become a vault. All your data remains on the shared device storage, means you can access the encrypted files from a file manager e.g. for backups.
This is a major difference to alternatives. Some apps don't even encrypt your files, they just move them to the app's internal storage. These often speak about "hiding data" instead of encrypting. Others using encryption still prohibit access. You fully rely on their export feature.
Deep folder structuresTruvark is not an encrypted gallery that just lets you group your pictures into albums. It is a file encryption app providing full support for creating folders inside folders. You are not limited in organizing your files.
View encrypted filesThe aim is to be able to view common file types in the app. Currently supported are images, videos and audio. The decryption takes place "on the fly" means the required data is decrypted in memory while needed. This is especially important for long videos that would not fit into memory. The image viewer supports high-res pictures and shows more details when zooming in instead of becoming pixelated.
Here are more differences to alternatives to spot. While I analyzed a wide range of vault apps from multimillion downloads to open source ones I found many flaws. Apps decrypting the full file to disk before showing it, scarify performance and possibly put that file on a risk. Others don't encrypt thumbnails, just the original files.
Privacy by defaultTo make it short this app has no Internet permission. There are no analytics, ads, telemetry or requirements for an account. However, there is an option for logging that is turned off by default. Logging is required to be able to help any user that has an issue with my app. The user needs to provide these logs, they are not automatically sent (what is technically impossible because of the missing Internet permission).
Security by designTruvark is using a component (library) for encryption that is built by Google engineers and used in Google Pay. It's called Tink and has the following promise:
A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Click to expand...
Click to collapse
The last part is important. In cryptography it is enough to get a single parameter wrong to make an encryption insecure. Therefor I decided to rely on a popular open source library.
Additionally, Argon2(id) is used for key derivation. It won the Password Hashing Competition back in 2015 and is one of the best (if not the best) algorithm for that task out there.
The cryptographic core of Truvark (the combination of both libraries) is open source and available on GitHub.
The database is a Realm database. Realm can feature encrypted databases and of course that is in use. I have seen a lot of vault apps without encrypted database during my analysis.
Furthermore, Truvark supports biometric (e.g. fingerprint) authentication for unlocking a single vault. That feature is backed by the Android Keystore and might not be available on devices even though they offer biometric authentication because a strong authentication is required that not every device supports.
Partly open source, fully in futureAs mentioned above the cryptographic core is already open source and available on GitHub. You can see that this is not my first open source project. Because I'm committed to open source, I plan to publish the full source code sometime in future. The idea is to do that when the app leaves early access but all in all I will do that when I think it's ready.
About developmentOn the one hand I want to let you know that I'm a professional software developer and not coding as hobby only, on the other hand I have to put a disclaimer here that I'm not a cryptography expert. However this app was carefully build over time and not in a hastle. Although this app is in early access, it is not a prototype or minimal valuable product. Every release is going trough automated and manual tests. For the manual tests I'm using multiple devices. Nevertheless I'm not afraid to say that bugs can happen. I personally lost data using alternatives in the past, so I am very aware of that issue. Therefor this app stores many information redundant. For example in near future a corrupted or deleted database can be almost fully restored (only some information about the folder structure will be lost but you don't need to organize all files again). The app is already designed to support featues like this in future. Furthermore to backup your encrypted files all you need to do is copy the vault folder.
Upcoming features
Move files and folders to different folders
Rename folders
Rename vault
Material3, followed by many UI and UX improvements
Performance improvements
Future plans
Support more file types (like text and PDF)
Fully open source
Provide desktop clients (cross platform)
DownloadDownload from Google Play
Changelog:
0.4.0:
Target Android 13
Handle new notification permission (first and only required permission)
Support themed icons (Android 13)
Update dependencies
0.3.2:
Replace prebuild Argon2 (used for password derivation) with own build from official source
Update various dependencies (including improvements to the in-app file presenter)
0.3.1:
Fix a bug during biometric setup
Thanks for this, I noticed in recents I did not have to relog in to open, pixel as far as I understand doesn't close recents and clearing them also doesn't actually end the process losing a security risk. Great app though!
7h3DuD3 said:
Thanks for this, I noticed in recents I did not have to relog in to open, pixel as far as I understand doesn't close recents and clearing them also doesn't actually end the process losing a security risk. Great app though!
Click to expand...
Click to collapse
Hi,
many thanks for giving Truvark a try and for providing feedback. Indeed there is no mechanism automatically closing a vault or the app itself. Actually I spend a bunch of hours on this feature already and haven't found a solution yet that significantly improves security while keeping encryption/decryption/etc reliable.
You might have noticed that this app makes heavy use of background scheduling. Other apps show a dialog forcing you to wait while they encrypt one file after another, where Truvark runs encryption parallel in background and you still can view your already encrypted files. This is one of the reasons why the feature you mentioned is not available yet, closing a vault would cancel background operations that cannot be automatically started again when the vault is opened next time, because of storage permissions.
Truvark is completely build on Android's "new" storage design (that Google enforced in Android 10/11) by using the storage access framework (SAF).
Therefor I cannot grantee that automatically closing a vault will ever be available, however likely there will be at least a button to close a vault inside the app or maybe a login screen to prevent access to the UI while still having that vault open in background. Actually I’m planning bigger changes on how the vaults are opened with the goal to make it possible having multiple vaults open at the same time. During that process I will reevaluate if it is easier to implement that feature.
@7h3DuD3 did my post answered your questions or are you looking for different information? Happy to answer any question or feedback.
May I ask you in case you regularly use a vault/encryption app what app you're using? What you like about it and what could be improved in your opinion?
Furthermore, I might be able to give insights about the security and privacy of alternative apps if they were part of my analysis. Hoping to analyze more vault apps soon, possibly on request.
Actually don't use one ever for more than a few days, however I've been using this for a bit and find it adequate. Perhaps a triggered deletion of the vault, say recieve an email or text, but I'm fairly certain tasker could do that or multiple other apps not to mention the security risk of having something like that poses a security risk in itself. But overall I'd say it's better then what I've used in the past and files I carry on my personal thumbdrive are vaulted which feels better knowing should I lose it my personal information won't just be in a .hiddenpasswords.txt file lol that's been the main thing is bs where they hide the file like no one's gonna see that or rename the extension with no encryption. I haven't tried a brute force, might be kinda fun to do. Suggestion, Better variety of file types *
7h3DuD3 said:
I haven't tried a brute force, might be kinda fun to do.
Click to expand...
Click to collapse
Starting with your last sentence, I wish you good luck with that. Of course it depends on your password. Assuming you picked a good password (Truvark requires 8 character at the moment) brute force is by far the worst attack you could try. For hashing Argon2id is used with a configuration above the minimal recommendations by OWASP and for encryption Google's Tink library is used that "has been deployed in hundreds of products and systems" (quote from their readme file) including Google Pay.
I think you should try attacking the implementation instead of globaly used algorithms.
7h3DuD3 said:
Actually don't use one ever for more than a few days, however I've been using this for a bit and find it adequate. Perhaps a triggered deletion of the vault, say recieve an email or text, but I'm fairly certain tasker could do that or multiple other apps not to mention the security risk of having something like that poses a security risk in itself. But overall I'd say it's better then what I've used in the past and files I carry on my personal thumbdrive are vaulted which feels better knowing should I lose it my personal information won't just be in a .hiddenpasswords.txt file lol that's been the main thing is bs where they hide the file like no one's gonna see that or rename the extension with no encryption. I haven't tried a brute force, might be kinda fun to do. Suggestion, Better variety of file types *
Click to expand...
Click to collapse
Thanks that you overall seem to like my app. I don't plan to implement a remote deletion because I believe that strong cryptography does not need that. If you really want to build that yourself in a first step you could just delete the file with the name "vault". It contains a so called salt and the encrypted database key, without the file the attack surface is reduced (and you lose access to your files even with correct password btw).
Because you mentioned a thumb drive, that is one of the benefits of the new storage APIs. Truvark fully supports sdcards and external USB devices without workarounds or the need to move data manually from time to time. I have seen lots of vault apps with bad sdcard support.
What file support are you looking for? I plan GIFs, basic text files and PDFs next.
0.3.2:
Replace prebuild Argon2 (used for password derivation) with own build from official source
Update various dependencies (including improvements to the in-app file presenter)
Development is currently a little slow or let's say less visible to users because of many under the hood changes. Furthermore, I'm waiting for improvements/new features in some dependencies. Next will be various improvements to the database. After that I plan to work on Material3 design.
0.4.0:
Target Android 13
Handle new notification permission (first and only required permission)
Support themed icons (Android 13)
Update dependencies
Was quiet in the last months, also because I had little time, the development will progress much faster in the next weeks. I am still working on the replacement of the database implementation. Afterwards it goes on with the Material3 redesign that will come with many new features.
0.5.0:
Fix lags affecting the in-app file viewer
Loop video/audio playback
Update various dependencies
Drop a dependency in favor of official implementation
Obviously, my plans (see above) didn't work out. Unfortunately I'm still waiting for a final feature for database migration, which is finally in development upstream. So here is another small update.
I commit to continue improving this app and bring it out of early access status, as well as go fully open source in future.