What do we know about lineagos doing surveillance? - Security Discussion

One person said he had removed or disabled every google service he knew of on an android phone. He then looked on the phone's data transfer. I think he used wireshark.
He found a couple of mb of data transfer. He did not know why or what data was transfered. I would say, it is data google wants from the phone, no matter if the phone's owner would object to the data transfer, if he knew about it.
What do we know about lineageos surveillance? Do we have assurence, that lineageos does not do surveillance on the phone? Transfering the data to google or lineageos' servers?
Thank you.

Some data are sent to their servers: https://lineageos.org/legal/#information-we-have
AFAIK Lineage OS is a Google-free ROM. There are no dependencies with Google as long as you flash a GApps package or install a Google app.
If you have the skills you may want to check the source code on Github.

Related

GApps free - microG is all you need!

...why do I post this? Actually, I hoped to achieve less battery drainage without Google's well known tendency to permanently collect and transmit data. However, my initial observations don't prove extended battery life but I'm going to continue tracking the battery drainage and will eventually edit the respective post in this thread. At least, I'm already definitely able to state that I've less wakelocks, alarms, and running services than before. Furthermore, some of these crazy, weird indicated *alarms* and *launch* are gone.
Additionally, I'm monitoring the below mentioned microG-treads and recognise that quite a lot of people obviously have problems to get microG to run (honestly, as me too about six months ago, when I first attempted). Thus, I take the oportunity to provide my procedure how I've got microG to perform its desired duties.
If you're really interested into microG I suggest to read @Shadow53's post here.
By going "GApps free" I was able to achieve one of my decisive points to protect my own centre of gravity. However, monitoring the related microG threads I realised quite a few people have other motives for GApps free devices and seem not to have impediments for sharing and exchanging information with Google, obviously neither my personal way nor my consensus. For completeness, I like to share some of the other opinions to enable everyone to make up an own mind. Please find some posts here, here, or here. Additionally, @ale5000 provided a comparision between GApps and microG here.
It doesn't require bravery but only the strong will to get rid of all the useless Google services and activities despite the fact that I already succeeded in not selling my private data to Google at all by the use of some tools, policies, and procedures. Just to make it more clearly, I don't and don't want to use any of the applications provided by Google (except the Google Play Store (PS) for a very specific reason described below). I'm convinced there're alternatives to each of the Google applications around, which are respecting my privacy concerns and aren't necessarily so enormously blown up. Some aren't for free but I'm happy to support a developer and the development in regard to an excellent application; some of the applications you need to pay for on Google PS you get for free in same quality and "update level" e.g. at F-Droid.
Please allow me to mention a few of the applications I use but forgive me for not providing links to them; a simple web search will show you the way.
Email: "K-9 Mail R2Mail2" in conjunction with "OpenKeychain"; Browser: "Slimperiance", "Orfox" together with "Orbot"; Maps & Navigation: "OsmAnd~"; SMS/MMS: "chompSMS" and "Silence" (but no WiFi or mobile data access); Weather: "Avia Weather", "Das Wetter in Deutschland", "WarnWetter", "WetterOnline"; Messenger: "Conversations" in conjunction with a XMPP-Jabber-account; Camera: the ROM inherent one; Contacts: ROM inherent but synchronised via home-WiFi with PC via "MyPhoneExplorer"; Calendar: as for contacts before; Music: "VLC" (but no WiFi or mobile data access); Launcher: "Nova"; PDF-reader: "Xodo Docs PDF Viewer" (Remark: I personally don't require the capability to open any Microsoft Office or Open Office file types on my phone).
If you think I forgot something just ask!
You might now ask yourself why I didn't just live without Google but moved to the microG project instead? I require following capabilities:
Fixing of the current location of my device both using GPS and/or WiFi or Mobile Data.
GCM Push Notifications.
Access to the Google PS, especially to have access to my paid applications, donations, and to beta programs of some applications I like.
Some of my preferred applications must have an indication that (a kind of) Google Play Services is available on the device in order to correctly function or even to be positively installed.
EDIT (2017-05-02): In regard to the use of the Magisk module "NanoMod" please refer to post #14!
First, I'm extremely happy with my "GAppsless" system - running smoothly without any problems and all functionalities I desired! I don't have benchmarks but personally I've the impression my current ROM is performing faster, smoother, simply better than with Gapps.
To achieve a location fix runs perfectly in all three modes (including energy saving mode just by WiFi or mobile network) and definitely much faster than with GApps; GCM push notifications work; BlankStore ran as advertised, all installed apps were indicated and available updates, download of apps or updates without problems, and as advertised paid apps or beta versions were not available. Latter was the one and only reason why I installed the Google PS as the only Google application. For the procedure please see below.
Installation was quite easily accomplished by simply following the OP of [APP] microG GmsCore - lightweight free software clone of Google Play Services by @MaR-V-iN.
First, I ensured I'd both the Titanium Backup (TB) APK file and the TB Pro-Key APK file on my external storage the booted into recovery (in my case TWRP). I create a NANDROID backup by TWRP and then clean flashed my favourite ROM (in my case: Resurrection Remix® by @rodman01) i.e. wiped /dalvik, /cache, /system and /data (including internal storage - my Titanium backup is on external storage), factory reset. Flashed my favourite kernel, followed by flashing of Chainfire's SuperSU v2.76 (this is by my information the latest SuperSU by Chainfire himself. I refuse to go for the CCMT SuperSU v2.78, and I've issues with my kernel control application if I e.g. use phh's systemless SuperUser).
There no need any more to flash the Xposed framework through TWRP since @rovo89's version 3.1.1 of the XposedInstaller (this is true for my GT-I9305 and might be different to other devices/ROMs). In my case, the Xposed framework is absolutely necessary as my ROM does not support signature faking and I had to use the respective FakeGapps APK. Due to @Primokorn I became aware there are other tools like Needle or Tingle (just search for them) to get signature spoofing for Nougat (until we have Xposed).
Reboot into system.
Remark: Quoted from MaR-V-iN's above linked thread: "...You need a 4/5/6 ROM that is GAPPS-free. Either don't install them or remove them, if your ROM ships them. Please note that microG GmsCore might run on a cleaned stock ROM, but it might also brick it or cause random bugs. Be aware that only latest Android versions (4.4+) are regularly tested and thus prioritized over older versions when issues occur..."
Completed my desired initial ROM setup and installed the TB APK and the Pro-Key APK. Made the necessary TB setup especially the location of my backups. Restored XposedInstaller and all initially required applications via TB but definitely include F-Droid and the application with a root explorer of your desire, I'm personally using SD Maid - System cleaning tool by @Dark3n (all others were restored after installation of microG). Please do not restore or install any application, which require GCM push notifications, before having installed microG! Performed the setup for all restored applications. Installed the Xposed framework via XposedInstaller. Reboot. Installed the FakeGapps APK and activated it in Xposed. Reboot.
I followed this procedure (http://forum.xda-developers.com/showpost.php?p=42983611&postcount=306), downloaded the "android-checkin-1.0.jar" and "bla.bat" and generated an Android ID for my Google PS account. Please be advised about this information I received from @pupsidze: "Accounts created online does NOT work with this. I have registered an account via friend's phone and it worked like a charm..." This obviously means you must use an account that was formerly created through the Google PS on an Android device.
I downloaded following APKs on PC and moved them to my external storage:
microG Services Core
microG Services Framework Proxy
UnifiedNlp APK (This tool works for me; however, if you have problems there're two others available at this [URL="http://forum.xda-developers.com/android/apps-games/app-g-unifiednlp-floss-wi-fi-cell-tower-t2991544"]UnifiedNlp - FLOSS Wi-Fi- and cell-tower-based geolocation thread by @MaR-V-iN as well as a link to a respective Xposed module). @Primokorn made me aware that you don't need to install UnifiedNlp.apk since it's already included into microG.
BlankStore Attention, you must manually grant "storage permissions" (thanks to @Primokorn
Install all of the above, then move into F-Droid to download the backends for UnifiedNlp as indicated in the above mentioned UnifiedNlp thread and install them. I'm personally using the two following backends: "LocalGsmNlpBackend" and "NominatimNlpBackend".
Follow step no. 4 of the installation instructions in the OP of [APP] microG GmsCore - lightweight free software clone of Google Play Services by @MaR-V-iN. For the setup of the "LocalGsmNlpBackend", I'm using the database of "Mozilla Location Service" because the download of the OpenCellID database quite often broke down. Please be aware that the download takes quite a few time due to the size of the database (only do via WiFi!!!), and choose before the areas you interested in in order not to "overload" your storage! At this point, I rebooted then went in "BlankStore" or as it appeared as "Android Market" on my app list.
When you open "Android Market" the first time, it requires you to enter the credentials of your Google account. Enter your Google email address, Google password and the Android ID you generated earlier. If everything worked as advertised all your already installed applications should appear in the "Android Market" after you hit "installed apps".
I suggest to now run the self check in the microG settings. Before you do, ensure that location is enabled in the ROM settings otherwise you want get a tick mark in the last row of the check. If any other tick mark is missing just recheck your settings and especially if all permissions are granted.
When I was at the point to restore my remaining applications via TB, I wasn't initially able to restore 6 out of my about 100-ish applications; a new installation of these applications failed, too. Just by accident, I checked the homepage of one of these apps (Öffi) and realised that one of its requirements was to have a pre-installed Maps Library v1; however, they also offered an AOSP version, which was running without GApps but microG. This was for me the first indication not to have Maps Library v1 but only v2 installed.
I discovered (again) @MaR-V-iN's NOGAPPS Project (NetworkLocation, MapsAPI, Blank Store) thread, downloaded and flashed the Maps API Flashable Zip. All resistant applications were installable afterwards and are running properly.
Conclusion: If some apps can't be installed it's most likely due to missing Maps Library v1.
Last but not least, I manually installed Google PS by downloading its latest version from apkmirror.com and renamed it to Phonesky.apk. (EDIT (2017-03-25): Please be aware that @ale5000 recomments here to use version 5.1.11. Personally, I use the method described here for purchases in Google PS.) Then I created a folder called Phonesky via my root explorer in /system/priv-app/ and set its permissions to "755 (rwxr-xr-x)". I move the renamed Phonesky.apk into this folder and change its permissions to "644 (rw-r--r--)". Rebooted and was done.
After the reboot, I noticed the following:
The formerly "Android Market" (BlankStore) was no longer available in the app list but a "Play Store".
A Google account was available under ROM settings => Accounts; however, synchronisation was automatically disabled.
Via Google PS, my Google account was accessible including all purchases I did.
At "My Apps & Games" no apps were indicated under "installed apps", under "all apps" all my installed apps were shown and the ones not installed but downloaded in the past. No "beta" tab was shown.
In my "donation apps" (e.g. Amplify) the donation was again indicated.
I went to my Google account on Google Play Store (on my PC) and walked my way through all of my applications by clicking on "install" despite the indication that it was already installed. Obviously the applications apk's were again "beamed" to my device (and installed (???) again occasionally with a timely delay of about an hour). However, eventually the Play Store on the phone indicated all applications now also under "installed apps", if applicable updates were provided, the tab "beta" was created and I was back into all beta programs I had formerly joined. Play Store runs exactly the same as before when I had Gapps installed.
Meanwhile I experienced that Play Store automatically synchronises all my apps by itself i.e. I learnt to be patient.
Please advise if you believe I missed something or in case of any question! Be aware, I took my time to conduct all of the above; didn't do it in a single step i.e. I was running more or less two operating systems on my device simultaneously and switch back and forth. Now, I'm only (and will only be) staying on my "GAppsless" ROM!
P.S. Before you install one of the "directly linked" apk-files recheck if it's the current version!
CREDITS: To everybody who I mentioned in this OP or the subsequent posts. If I forgot someone I apologise. Please let me know in this case or if you want to be more prominently given credit; I'm happy to immediately follow such a request!
EDIT (2017-04-14): Please find a more brief procedure below at post #8.
Off topic comments are allowed as long they are generally related to the overall topic, are in the general interest of the followers of this thread and add value to the thread. The ultimate decision rests with me as the OP!
Hi @noc.jfcbs, did you get your Google Play Store app auto-updated?
@bam80: Negative, gratefully no Google Play Store auto-update!
I personally assume that functionality comes with Google Play Services that aren't installed obviously. I don't know (and I'm not going to try) if the Play Store auto-updates if I grant permission for auto-updates in the Play Store settings.
Occasionally, I manually check for new Play Store versions, and XDA labs also indicates when updates are available. However, I already realised that not all new versions are compatible with my device running on RR v5.7.4 Sammy. And as long as my current Play Store version works why should I replace it?
Never had problems with newest Play Store versions. I just thought that if Play Services were responsible for the update, now microg should take its place. Sadly, this functionality seems do not implemented. Had never needed to update Play Store by hand. Thanks for answer, though
Play Store has its own update services, hence the reason it still updates itself w/out Play Services. Sadly it doesn't have a setting to not do so. The do not auto update setting applies to apps installed from the store.
On one of my microG ROMs the Play Store kept updating itself which was getting quite annoying. Especially since I was using a TBO Clear version. Blocked the two services responsible and all is good. That's a KitKat ROM with a 7.6.x Play Store. Operating fine despite a new "need to update Google Services" notification.
On a regular GApped ROM that is using an older themed Play Store that I like it also kept getting updated. Blocked the services there and no updates since.
In some cases and for some folks, blocking the services after the fact might mess up the store a bit (nothing shows up in My Apps). Clearing cache and data usually fixes that.
On crDroid Nougat where I had to start over from scratch, due to ROM rebase, I blocked the services early on before activating Google account and running the store. All good there also.
The two services are shown in the screenshot from MyAndroidTools.
LG G3 D851, PAC-MAN LP ROM, MultiROM, Tapatalk 4.9.5
@marcdw: Thanks very much for the thorough explanation. In deed really helpful. However, my Play Store didn't auto-update despite both services been enabled. Anyhow, I disabled them too.
It's funny how that works sometimes. My main ROM, PAC-MAN LP that I've been running forever, also didn't update. No blocked services or anything. Just never did. That was cool. Other ROMs would update at the drop of a hat though.
LG G3 D851, OctOS Nougat ROM, MultiROM, Tapatalk 4.9.5
Just recently, about three weeks ago, we decided to also go for GApps-free on my wife's device (a Samsung GT-i9305, too).
I'd like to more briefly explain the procedure I used.
I clean flashed the ROM of my wife's desire (certainly a GApps-free one) and the desired kernel. Installed XposedInstaller 3.1.1 and through it the Xposed framework, followed by the FakeGapps Xposed module. Activation and reboot.
Please be aware that we're using the same Google account on both devices. At no point during the procedure, I had to generate an Android ID by "android-checkin-1.0.jar" and "bla.bat".
Downloaded following APK's in its latest versions from here and installed them in this order:
microG Services Core
microG Services Framework Proxy
BlankStore
Downloaded and installed F-Droid. In turn, I downloaded and installed following backends from F-Droid:
LocalGsmNlpBackend
NominatimNlpBackend
Configured the backends to my desire. For the setup of the "LocalGsmNlpBackend", I used the database of "Mozilla Location Service", selected the countries of my desire and downloaded the database (takes quite a while; suggest to only proceed via WiFi).
From apkmirror.com, downloaded (but did not install) "Google Play Store 7.5.08.M-all [0] [PR] 146162341" (personally best experiences with this version; some later version even don't install on our devices). Renamed the play store download to Phonesky.apk. Via my root explorer, I created a folder called Phonesky in /system/priv-app/ and set its permissions to "755 (rwxr-xr-x)". I move the renamed Phonesky.apk into this folder and change its permissions to "644 (rw-r--r--)". Rebooted.
Downloaded Maps API Flashable Zip from NOGAPPS Project (NetworkLocation, MapsAPI, Blank Store) and booted into TWRP. Flashed the zip, back into system.
Created a (our) Google account in the ROM settings.
Ensure that all applications mentioned above had their necessary permissions (e.g. location, storage etc.). Opened Google Play Store the first time to check its functionality and to modify its settings. Run the "self check" in the microG settings to confirm all items are tick-marked.
While writing this post, I realised that the Play Store was auto-updated to "Google Play Store 7.6.08.N-all [0] [PR] 149245622"! This is weird as I have the respective services disable via MyAndroidTools (see attached screenshot). I need to dig closer into this.
I tried to do the same with my S4 I9505. I started with flashing Optimized LineageOS 7.1.2 from here. I followed your instructions carefully. After flashing MapsAPI I tried to add the Google account in Settings - Account - Add Account - Google. The only thing that happens is a message 'One short moment...' and it waits forever until I hit the back button. Do you have an idea what's going wrong?
MichaelZR said:
I tried to do the same with my S4 I9505. I started with flashing Optimized LineageOS 7.1.2 from here. I followed your instructions carefully. After flashing MapsAPI I tried to add the Google account in Settings - Account - Add Account - Google. The only thing that happens is a message 'One short moment...' and it waits forever until I hit the back button. Do you have an idea what's going wrong?
Click to expand...
Click to collapse
I had that issue too and still haven't got things working but I was able to create the account during play store installation. It might work, if all else is good.
elv1503 said:
I had that issue too and still haven't got things working but I was able to create the account during play store installation. It might work, if all else is good.
Click to expand...
Click to collapse
MichaelZR said:
I tried to do the same with my S4 I9505. I started with flashing Optimized LineageOS 7.1.2 from here. I followed your instructions carefully. After flashing MapsAPI I tried to add the Google account in Settings - Account - Add Account - Google. The only thing that happens is a message 'One short moment...' and it waits forever until I hit the back button. Do you have an idea what's going wrong?
Click to expand...
Click to collapse
I never tried to go for GApps-free on a "Nougat"-device. My favourite ROM (Ressurection Remix for the i9305) does not support signature spoofing i.e. I still require the Xposed framework (for the FakeGapps module but also for other very important things to me). I personally continue to stick with Marshmellow or to be more precisely with RR v5.7.4 (besides some trials I made with RR v5.8.x without any personal or confidential data on the device).
Does the ROM you mentioned (Optimized LineageOS 7.1.2) supports signature spoofing? Due to the issue you described I personally doubt - and in turn my personal procedure won't worked. If my assumption is correct you might use tools like Needle or Tingle (just search for them) to get signature spoofing for Nougat.
Does the microG self-test provide any information if signature spoofing is available (please see screenshots)?
noc.jfcbs said:
I never tried to go for GApps-free on a "Nougat"-device. My favourite ROM (Ressurection Remix for the i9305) does not support signature spoofing i.e. I still require the Xposed framework (for the FakeGapps module but also for other very important things to me). I personally continue to stick with Marshmellow or to be more precisely with RR v5.7.4 (besides some trials I made with RR v5.8.x without any personal or confidential data on the device).
Does the ROM you mentioned (Optimized LineageOS 7.1.2) supports signature spoofing? Due to the issue you described I personally doubt - and in turn my personal procedure won't worked. If my assumption is correct you might use other tools like Needle or Tingle (just search for them) to get signature spoofing for Nougat.
Does the microG self-test provide any information if signature spoofing is available (please see screenshots)?
Click to expand...
Click to collapse
Yes there is a self test. It does show everything is OK for google play but I haven't been able to get play running. I'm going to try the market route but I need android I'd. I tried a couple of google apo versions.
elv1503 said:
Yes there is a self test. It does show everything is OK for google play but I haven't been able to get play running. I'm going to try the market route but I need android I'd. I tried a couple of google apo versions.
Click to expand...
Click to collapse
Please check the last three pages of post in this microG thread. Might be helpful for problems of "Nougat" guys. As I said I'm still on MM (for very good reasons, but I know everybody converted to Nougat and will to "O" soon for even better reasons).
Resurrection Remix "Nougat" v5.8.3 is now GApps-free
Thanks to the really powerful and easy to use NanoMod Magisk module by @Setialpha powered by Magisk by @topjohnwu I was able to create a GApps-free system on my Samsung GT-i9305 running Resurrection Remix RR-N-v5.8.3 by @rodman01 (RR-i9305 official thread). Excluding download times, the following complete procedure took me less than one hour this morning, and - if interested - I'd like to share the way I used with you.
However, before I continue I need to address my very best compliments to rodman01 for such a superb ROM, to topjohnwu for the systemless root as it was the basis for going GApps free, and to Setialpha for this fantastic module, which made it so easy and fast to achieve a GApps-free device. Three times :good::good::good: and thanks very much to all of you for excellent jobs well done!
As you certainly know RR doesn't come with signature spoofing by itself, which is a prerequisite to go GApps-free with the help of microG by @MaR-V-iN. Thanks very much to MaR-V-iN for allowing me/us to abandon Google from my/our devices. Without Google, not only privacy is much better protected, the device itself runs much smoother and faster. As long as Xposed was available i.e. up to Marshmellow, signature spoofing could be achieve for RR via a Xposed module but for Nougat, no Xposed available (yet???). For this reason I stayed on RR-M till I found Setialpha's thread as he provides an easy-to-use tool to achieve signature spoofing on RR-N as long as use use the Magisk su-binary. However, as mentioned in the OP there've been other tools available to get the spoofing but not as easy to use.
Before you continue to follow me through my procedure, I'd like you to thoroughly read the OPs of all linked threads with their invaluable information.
Download the following files via the links given in above mentioned threads and save them to your device (I used my external SD):
Latest Resurrection Remix RR-N-v5.8.x
Latest Magisk and the MagiskManager.apk (link to XDA-thread see above).
EDIT (2017-04-30): Latest NanoMod-microG NanoMod-6.1.20170421.zip and NanoMod-patcher NanoMod-patcher-6.1.20170421.zip from here. Please be aware that there are two additional, more specific NanoMod-zips available. Use them on your own descretion; I personally like all the functionalities that come with the "overall/general" NanoMod module. EDIT (2017-04-30): My device had really severe battery drainage with the "overall" module. Battery drainage with the microG-module is not a factor at all. And I personally realised that I don't have any need for the additional things comming with the overall module. Reported my battery drainage issue together with a logcat to the dev.
If desired - mapsapi.flashable.zip from here (you only need that if you're using applications that require Maps Library v1. You won't be able to install any of those apps (or restore a TB backup) before Maps Library v1 has been flashed). EDIT (2017-04-30): No requirement to do so. Maps v1 is coming with the NanoMod module. Just ensure that /data/.nanomod-setup shows nanomod.mapsv1=1 as described in the OP of the Nanomod-thread.
If you like (as I did) create an update.zip by Titanium Backup. I saved that on my external SD, too.
Boot into recovery (I'm using TWRP 3.0.2-1) and follow this procedure:
Before you continue to do anything, create a NANDROID backup of your running system!
Wipe dalvik, cache, system, data (I did not wipe internal data or external SD).
Flash RR-N-v5.8.x.
Flash Magiskzip.
Reboot into system (Remark: The initial reboot might take a while i.e. grab a coffee; all follow-on reboots are slightly longer during the initial boot phase probably due to the revised boot.img but after that phase boot is really fast).
Install the MagiskManager.apk and start it. At that point, MagiskManager stated that Magisk v12 is installed but no root available. Here, I simply re-started the phone and afterwards, MagiskManager also indicated root to be available.
Re-start into recovery.
Flash NanoMod (or the module you desire) and NanoMod-patcher. Do not flash mapsapi.flashable.zip, yet - at least didn't later on work for me.
Flashed my TB-update.zip
Reboot into system and commence to setup your device with the initial ROM configuration that enables you to proceed (e.g. WiFi/mobile data setup, location enabled (I used "high"/GPS & data), required permissions granted to the microG applications and the connected backends etc.)
At this point I went into the microG settings and conducted the first self test to see how many marks were checked and what I still missed. If a check mark regarding a lacking permission is missing, just tick on it, and a dialog is going to open to grant this permission (later with the backends, it might also be a statusbar notification). For me I wanted achieve first the "location ability" i.e. I didn't care yet about the Google Play Store.
I maintained in the microG settings and setup my backends. My settings for the backends can be retrieved from the screenshots. Please be aware that the download of a GSM Location Services´database can take a while (my phone still had one from end of March available).
Re-check if in the self-test all marks are ticked, now.
By use of the app "GPS Test", conducted such a test. This was an unbelievable experience as such many satellites were recognised immediately after the start of the app and granting of location permissions, and just after 3 - 5 seconds I had the first fix.
Re-started into TWRP.
Flashed mapsapi.flashable.zip
Rebooted into system.
In the ROM settings, created my Google account without any problems. Immediate connection to the respective Google servers; user account and password were accepted without any problems.
Opened Google Play Store from the app drawer. Play Store immediate connected to my account. Made the necessary modification to the play store settings, and as you can see on the screen shot, all my apps are shown including beta's and the purchased ones.
Continued to further setup my system, but microG was done at that point, and my system was GApps-free except for the play store.
Thanks again to rodman01, topjohnwu, Setialpha, and MaR-V-i!:good:
EDIT (2017-06-10): Recommendation
In order to achieve after the clean flash of a ROM exactly the desired installation of microG (or anything else that is provided by one on the NanoMod modules, I suggest to create a so called ".nanomod-setup"-file with the values in accordance the OP of the NanoMod thread (see Alter Installation part) and your preferences. Although the OP mentions different possibilities, my personal pratice is to create this file once and have it on the extSD. I do the clean flash of the ROM and if required Magisk, and boot into system. I copy .nanomod-setup to /data, boot back into TWRP and flash my NanoMod-modules.
Mine e.g. looks like this:
Code:
nanomod.play=1
nanomod.reinstall=1
nanomod.mapsv1=1
nanomod.overlay=0
EDIT (2017-06-22): A few more details regarding the .nanomod-setup file are available in this post.
EDIT (2017-09-17): In case of "NLP issue", missing the bottom two tickmarks in the microG settings self-test or the unability to get a location from GSM cells/WiFi please check also post #48.
EDIT (2017-10-31): With the current version (v14.x) of Nanomod, installation is now even more easy. A setup-wizard to create the desired .nanomod-setup file is now available; it simply has to be flashed before any other Nanomod-zip is flashed. The new patcher can now be flashed immediately after flashing of the full module, the microG-module and/or the F-Droid-module; the patcher doesn't require a reboot into system anymore after the flash of the other modules. If Nanomod recognises Magisk Nanomod automatically gets installed as Magisk module unless you "tell" the setup-wizard differently.
@noc.jfcbs
Great write-up. One question though: seems you have abandoned XPrivacy as of now. Any privacy protecting measures taken from your side to replace XPrivacy? I am also tempted to switch to Nougat, but lack of XPrivacy is holding me back.
Portgas D. Ace said:
@noc.jfcbs
Great write-up. One question though: seems you have abandoned XPrivacy as of now. Any privacy protecting measures taken from your side to replace XPrivacy? I am also tempted to switch to Nougat, but lack of XPrivacy is holding me back.
Click to expand...
Click to collapse
For quite a while I had the same restraints but I knew at some point I'd balance the advantages of XPrivacy (which isn't obviously any further developed) for privacy considerations with the non-availability of security patches for earlier custom ROMs. Anyhow, I want to use custom ROMs, and I fully do understand that the great teams and single-players who port open sources codes for our devices don't have the capability to focus on later versions; might be different for companies like Microsoft or Google with their genuine products.
So, I tried to analyse the situation and to assess the most likely but also the worst case situation. My personal assessment was that the advantages of having latest security patches available takes precedence over faking privacy related information. Nonetheless, I'm convinced to protect a suitable level of privacy by other means:
Stay GApps-free and don't allow calls to Mountain View by elemination of the phone boothes.
I don't use any of the email-, messenger-, chat-, or browser-application (etc.) coming from Google, Facebook and similar companies but R2Mail2 (K9-Mail is nearly as good but simply doesn't provide for S/MIME only for PGP), Conversations, Silence, Slimperience etc.
Installation only of applications that are open-source or at least have a good reputation using intensive web-search. This includes that the country of origin must be clearly identified and verifiable.
Due to the lack of XPrivacy and AppOpsXposed intensive use of the ROM capabilities to grant permissions and privacy settings.
WiFi and mobile data, both set to use unsuspicious DNS-servers.
Clear and restrictive permissions to access the world wide web by the different means via AFWall+.
Last but not least to check the network activities behind the firewall via NetworkLog.
No upload or synchronisation of personal data or any file to or with "the cloud". Synchronisation and backups locally done with my PC.
Only maintain personal data but no confidential ones on the cellular device. Passwords or user names are not saved on the device at all.
Localisation is only enabled when definitely required.
Use of an extremely privacy related email-provider. I use Posteo.de who are in my personal mind simply the very best for just 1€ per month. Their help section additionally provides great advice on tools for contacts, calendar synchronisation etc.
Actually, I'd love if Xposed occasionally becomes available for Nougat and further on to enable me the further utilisation of XPrivacy and others. But meanwhile, I think all mentioned above is the best I can do as I do want to use a Nougat-based ROM.
I was happy about your question, and I'd be even more glad about any further suggestion or recommendation.
@noc.jfcbs
Clearly some good thoughts you have stated here, which I really appreciate. Xposed in general should only be used with a lot of caution as it enables device manipulation on a far more advanced level than normal root methods. Your idea of investing time to get to know the module before installing it is absolutely reasonable and should be followed by anyone interested in the combination of privacy and Xposed.
The only thing bugging me is synchronization of calendar/contacts, which should be synchronized between all of my devices. As of now, I use Google services, but I am more than willing to put an end to this. I am currently thinking about using my private NAS to set up an OwnCloud server for this specific purpose or even invest some money in a Raspberry Pi who can host it (which would most likely be the better choice as my NAS should only be available in my local network without global network access).
If you are interested, I will write down some results in case this works out. But I am not sure if I will find the time in the next few months, as I am currently planning to start building a house for me and my family, thus not having enough time for this.
Portgas D. Ace said:
...
The only thing bugging me is synchronization of calendar/contacts, which should be synchronized between all of my devices. As of now, I use Google services, but I am more than willing to put an end to this. I am currently thinking about using my private NAS to set up an OwnCloud server for this specific purpose or even invest some money in a Raspberry Pi who can host it (which would most likely be the better choice as my NAS should only be available in my local network without global network access).
If you are interested, I will write down some results in case this works out. But I am not sure if I will find the time in the next few months, as I am currently planning to start building a house for me and my family, thus not having enough time for this.
Click to expand...
Click to collapse
Your plans sound great: Plant a tree, father a child, build a house...:good: I wish you and your family all the best.
If interested please allow me to explain how I synchronise my calendar and contacts:
My cell phone with my two notebooks via the MyPhoneExplorer (MPE) application on the Android device and an MPE client on the Windows notebooks. Using this tool now with full satisfaction for years. At home, I synchronise via WiFi when all devices are booked in; on tour, I only synch those devices I've with me and only via USB cable.
My (main) notebook (only that as I only have a license for one PC; however, that's sufficient for my purposes) synchronises with my posteo.de-email-acount via the tool iCal4OL. It's a pity, the developer cancelled the purchase of licenses to new customers but still supports old ones and updates the product. The tool works great. If you check how posteo.de has implemented privacy and security, I believe it's the actually best company in Germany or probably in the world. You do not need to provide any personal details for registration, even the yearly fee of 12 € can be paid in cash by mail if you want. The account has implemented multiple, first class and up-to-date security features. And their help and FAQ sections are fantastic providing great recommendations about usable tools, encryption for the account but also emails and so on.
My wife's Android device synchronises calendar and contact by the help of CalDAV and CardDAV. Also fantastic and every cent worth. Additionally, she also uses MPE with her notebook.
Raspberry Pi is certainly an excellent choice. Read some quite interesting articles in the Kuketz IT-Security Blog.
noc.jfcbs said:
Buddy, you made me shy... But thanks for the laurel wreath...
I know neither Nexus nor your ROM but I certainly know the ROM must be totally GApps free before even installing microG. If you don't find a GApps-free ROM of your desire there are ways to completely remove GApps from your device; personally I deem them to be a bit complicated, but... Details are in the OP of the microG thread you certainly know. Additionally, signature spoofing is a prerequisite. Unless your ROM already supports that you've to go either with Xposed and its respective "fake GApps" module or to use Magisk as the SU binary and NanoMod as a Magisk module. As Xposed is not available for Nougat, Magisk and NanoMod are my personal choice despite a few other tools available to achieve signature spoofing on Nougat.
In this thread, I tried to explain why and how I went for GApps free. Initially, this occured on Resurrection Remix (RR) v5.7.4 i.e. Marshmellow. Meanwhile, I migrated to RR v.5.8.3 i.e. Nougat, and in this post I described how I used Magisk and NanoMod to go GApps free even without Xposed.
Just to reiterate: My personal major intention for going GApps-free has been to leave everything of Google behind (except the Play Store) for privacy reasons and respect. Certainly, I'd accept any other benefit coming with that. However, after a quite long "GApps-free" period, I cannot confirm that battery endurance has really enhanced but I can confirm that at least my personal device and my wife's one are running much smoother and quite often faster than during their GApps-times.
Please advice in case of further questions; however, I suggest to use my above linked thread for that as I'm not monitoring this thread for obvious reasons.
Click to expand...
Click to collapse
I just pretty much searched through /system for anything with Google in it ?
It worked, and I now have microG. I also then used an Xposed module (InstallerOpt) like you suggested (Magisk won't work with a locked bootloader). Thanks for the help!
PorygonZRocks said:
I just pretty much searched through /system for anything with Google in it ?
It worked, and I now have microG. I also then used an Xposed module (InstallerOpt) like you suggested (Magisk won't work with a locked bootloader). Thanks for the help!
Click to expand...
Click to collapse
Glad that you worked it out. No need to post a thanks! ...just hit the "Thanks"-button...

[ROM][OPEN SOURCE][SECURITY][APPS][microG] Best Security ROM and Apps 2022

The Best Advanced Privacy ROM/w MicroG​I tested e/OS ROM on my OnePlus 5T for over a year, e/OS supports more than 269 devices​
Fully "deGoogled" Open Source Mobile Ecosystem
e/foundation Website
OnePlus 5T Latest Dev Build Downloads
e/OS "dumpling" & 5T Device Details
List of More Than 269 Supported Devices
Advanced Privacy
⦁ "Installation Link" Method #1 Easy Installation (TOOL ALL IN ONE)
⦁ "Installation Link" Method #2 Install via command line (for advanced users)
The operating system​/e/ is a “deGoogled” version of Android OS. It has an open-source Android OS core, with no Google apps or Google services accessing your personal data. It is compatible with all your favorite Android apps.
With /e/ you’ll find a set of carefully selected apps to cover your most common needs, personal and professional: get you email, plan your week ahead, chat with your friends and coworkers, browse the web, check the weather, check your itinerary for your next meeting…
All the apps are based on open source bricks. We improve their design and experience to make them look stellar and easy to use daily.
Advanced Privacy ​⦁ Table of Contents Link​Advanced Privacy lets you manage in app trackers, IP address and location. It’s available as a widget and within the operating system settings.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Advanced Privacy is a specific tool developed to limit your data exposure once you have installed third party apps.
When an application snoops in the background, it will use trackers to log your activity even if you are not using the app. It will also collect the IP address, so it can potentially link internet activity to a specific device and to a persona, and finally it will try to pinpoint your exact location.
ONEPLUS 5T - ROM - ROOT - TWRP - "INSTALLATION GUIDE" LINK BELOW
⦁ "Installation Link" Method #1 Easy Installation (TOOL ALL IN ONE)
⦁ "Installation Link" Method #2 Install via command line (for advanced users)
IS PLAY STORE NEEDED?
As it turns out, giving up Google is possible, and the experience isn't nearly as bad as you might think, plus my battery life is amazing now. If you care about privacy, better battery life, or want a smoother running phone, take the plunge and find a Rom that doesn't have Gapps installed.
Below are a few applications that I have tested without Gapps installed. I have also listed a few alternative store applications with there links. I exclusively use FLOSS, Free/Libre and Open Source Software, and because of this, I chose to install F-Droid.
What is "FLOSS and FOSS"
The two political camps in the free software community are the free software movement and open source. The free software movement is a campaign for computer users' freedom; we say that a nonfree program is an injustice to its users. The open source camp declines to see the issue as a matter of justice to the users, and bases its arguments on practical benefits only.
To emphasize that “free software” refers to freedom and not to price, we sometimes write or say “free (libre) software,” adding the French or Spanish word that means free in the sense of freedom. In some contexts, it works to use just “libre software.”
A researcher studying practices and methods used by developers in the free software community decided that these questions were independent of the developers' political views, so he used the term “FLOSS,” meaning “Free/Libre and Open Source Software,” to explicitly avoid a preference between the two political camps. If you wish to be neutral, this is a good way to do it, since this makes the names of the two camps equally prominent.
Others use the term “FOSS,” which stands for “Free and Open Source Software.” This is meant to mean the same thing as “FLOSS,” but it is less clear, since it fails to explain that “free” refers to freedom. It also makes “free software” less visible than “open source,” since it presents “open source” prominently but splits “free software” apart.
“Free and Open Source Software” is misleading in another way: it suggests that “free and open source” names a single point of view, rather than mentioning two different ones. This conceptualization of the field is an obstacle to understanding the fact that free software and open source are different political positions that disagree fundamentally.
Thus, if you want to be neutral between free software and open source, and clear about them, the way to achieve that is to say “FLOSS,” not “FOSS.”
We in the free software movement don't use either of these terms, because we don't want to be neutral on the political question. We stand for freedom, and we show it every time—by saying “free” and “libre”— or “free (libre)”. by Richard Stallman
If your running a Rom without Gapps, some applications like "Last Pass and Vimeo" will show a pop-up when you first start them that says, won't be able to run without Google Services, they might be able to run and some wont, unless you install microG, then you wont have this issue.
What is MicroG?
Actually, the microG is a free software clone of Google's proprietary center libraries and applications. To be more specific, it's a FLOSS (Free/Libre Open Source Software) frame to permit applications designed for Google Play Services to operate on programs, in which Play Services is not available. It provides all the needed APIs provided from the Google Play services so that the programs dependent on it may operate normally.
Telegram Links for microG Group Help
MicroG Liberation Front
Update: I installed microG on my OnePlus 5T running Phoenix Rom. This Rom has signature spoofing already baked into it, so the installation is simpler, runs very smooth, better battery life and security. For detailed installation instruction, see post #5 below.
What is microG Signature Spoofing
To use all the neat features from the microG project, which allows you to use all features of your Android smartphone without proprietary battery-consuming Google blobs, your system is required to support signature spoofing. Currently only very few custom ROMs have built-in support for this feature, luckily you can use Xposed or a patching tool to add the feature to the systems that don’t have it.
But: What is all this about? Is signature spoofing a problem when not using microG? Will it influence my security?
About signature spoofing
On Android, all applications are signed (usually using SHA1 with RSA). The certificate/key-combinations used to sign apps are self-signed. This means there is no PKI / certificate authority to verify a key to be owned by a person/company/entity. Thus everyone can come up with a key that has a equally valid Google certificate as keys used by Google to publish their apps.
However, on Android signatures are not designed to serve the purpose of verifying ownership/source of a package. Signatures are used to verify integrity and to ensure same package author when updating apps. The second one is important, to verify that only one the author has access to the private storage of an app. A different author is not able to sign an app using the same key, because he does not have access to it, and thus can not provide an update to an application that will be granted access to the app private storage. For example, the Signal app provided by OpenWhisperSystems is signed by a key not available to third-parties and thus Signal can store chat history in the private app storage and don’t need to fear that a rogue update can access this data. This means that signatures are important to ensure the secrecy of the private app storage and thus is an essential part of the Android package managements security system.
Signature spoofing allows applications to behave like being signed by a third party. This means that whenever one application asks the operating system for the certificate used to sign an installed package and that package uses signature spoofing, instead of the certificate attached to the app, a spoofed certificate is returned. This certificate has to be announced in the AndroidManifest.xml and the app is required to request the android.permission.FAKE_SIGNATURE permission. This means that it is not only easy to detect that an application uses signature spoofing, the user also has to give its consent – before Android 6, this was done during installation time, since then the consent is even more explicit in a dedicated pop-up, and the user can decide not to grant the permission.
Of course only very few developers ever ask for the certificate used to sign an application. There are numerous reasons for that:
In most cases you only want to verify, that an app is signed with the same key as yours (e.g. the apps are from the same author). For this case, the package manager has a method checkSignatures which compares the certificates of two packages. Thus the app author is not required to mess with byte arrays returned when requesting the certificate – and verifying the author name of a certificate is completely useless as described above.
If you want to use any kind of security model, you are much more likely to introduce a custom permission. On Android every app can declare a new permission and decide which apps will be granted this permission. One option here is to restrict by signature, or you can also require explicit user consent. This again is a lot easier than working with certificates, even more flexible and can be used to allow third-parties to integrate with your app (on users decision). Nice!
Directly working with certificates is not considered a security feature and is not listed on the security tips article in the documentation, whereas the proper use of permissions is.
When using the package managers GET_SIGNATURES feature to directly access the certificate, the android lint tool (which is usually used during the compilation process) will print a high priority warning, as improper use of this feature can be a security risk and the proper use is rather complicated. So complicated, that Google themselves did it wrong once, resulting in a major Android security vulnerability (sometimes referred to as the Fake ID vulnerability).
So why does microG require signature spoofing?
Now that we know, that only very few use direct access to certificate, you might wonder why microG needs it for certain features. Well the fact is that although most developers don’t even now about it, their apps actually do direct certificate access. This is due to how Google Play Services works:
Applications that use Google Play Services use the Play Services client library. This library is directly embedded into the application, is delivered as part of it and finally runs in the security context of that app. And this library actually uses direct certificate access to ensure that the Play Services app installed on the device is singed by a specific private key. It also verifies that the Play Store is installed (and signed using the same key), although it is not required for Play Services to run. This is the reason for the development of the microG FakeStore app.
There is one other popular use case I’d like to stress: DRM. Some developers use direct certificate access to verify that the application itself is signed by them. The reason for this is simple: If you modify an application you need to sign it (the previous signature is broken, if your system is not vulnerable to the “Android Master Key” vulnerability). As you don’t have the private key of the original developer you will not be able to create a valid signature that has the same certificate. This means you can’t modify the application without the original developer knowing about it. (Well, you could modify the checking code itself, …). With signature spoofing you can easily bypass these restrictions – as long as the app does not contain code to detect signature spoofing. by ~larma/blog
If your Rom does not support Signature Spoofing, take a look at this link.
[INDEX] How to get the signature spoofing patch
NEWLY ADDED & RECOMMENDED ANDROID APPS
> LINK<​
No Gapps Setup Guides
Helpful links to setting up no Gapps
Signature Spoofing
[INDEX] How to get the signature spoofing patch
microG unofficial installer simplify the installation of microG
MicroG, gapps in only 11mb
NanoDroid By Setialpha, XDA Ad-Free Senior Member
microG By MaR-V-iN, XDA Senior Member
[MOD][FLASHABLE] microG unofficial installer
microG/Android Packages apps GmsCore
{FIRE Gapps-Go™+Tweaks™ for OREO}*{*Micro-G™*}*{FIRE Audio™ For LP-Oreo}
If you are using microG as a replacement for the Google Play Services, the ROM that you install needs to have support for signature spoofing. In short, this allows microG to pretend to be the official Google Play Services, otherwise the system and other apps won’t listen to it. If you have the Xposed Framework installed, the following module will enable signature spoofing: FakeGApps by thermatk. You can find more on the microG wiki
Telegram Links for microG Group Help
MicroG Liberation Front
A Few Rom's That Supports Signature Spoofing
I have listed several microG Rom's that are pre-built or compatible with microG. if you have tested either one of these or used any other microG builds, please let us know I'm currently running Phoenix Rom on my OnePlus 5T without Gapps installed. All these Rom's grants signature spoofing permissions, this is needed for any Rom to be able to run microG.
[ROM][Oreo]Codename Phoenix [OnePlus 5T]
[ROM][Oreo][OFFICIAL] Liquid Remix [9.0][8.1]
[ROM][Oreo] [ROM] OmniRom 8.1 [OP5T] [WEEKLY]
[ROM][Nougat] LineageOS for microG By Simon94, XDA Member
[ROM][Nougat & Oreo] LineageOS for easy microG + UnifiedNlp By espionage724, Senior Member
Following ROMs have out-of-box support for signature spoofing
Specific Android custom ROMs that support Signature spoofing
AEX AospExtended
AimRom
AOSGP
AOSiP
CarbonROM
crDroid
Ground Zero Roms aka GZR: Tipsy
HalogenOS
Hexa-Project
MarshRom
nAOSProm
NitrogenOS
Tugapower
ViperOS
Guardian Project
Open-source Android applications
Android Open Source - App
About the Android Open Source Project
List of Open Source apps provided by Christopher Roy Bratusek
INSTALLATION OF microG
This post will show you how to install microG.
First you must have a Rom that doesn't have Gapps installed, next if your Rom supports signature spoofing, go to the first step, If your Rom doesn't support signature spoofing, go to this link to patch your Rom (How to get the signature spoofing patch) then come back for installation of microG.
If your not sure if your Rom supports microG, just go threw the first step below, open microG Settings app, then "Self-Check" it should look like attached picture at bottom of this page, if not, you need to patch your Rom.
FIRST STEP:
1. Must unlock boot-loader and have TWRP installed. Download bellow app to PC and follow instructions, if your phone is unlocked and TWRP installed, skip this step.
TOOL ALL IN ONE
If you already have your device unlocked and TWRP installed, do a recovery backup in TWRP, then copy it to your pc, I normally just copy all my files from my phone to my pc or external device.
You must do a fresh install in order to have microG working properly, I use "ALL IN ONE TOOL", this is my steps from the ALL IN ONE TOOL app, "Reboot Bootloader" and select "Erase All Data / Decrypt Internal Storage", next click on "Recovery Flasher" and choose, "Select recovery", TWRP 3.2.1 Universal (Your Device), then select "Only boot it" and "FLASH"
2. From PC, download firmware (if needed), Rom and microG, this is for the Phoenix Rom. If you are using a different Rom, your installation might be different, just flash microG after flashing your Rom.
(Your ROM) I'm using Codename Phoenix [OnePlus 5T] Rom
3. From recovery, move downloads onto phone. Install Rom then microG, reboot system.
SECOND STEP:
1. Downloads to PC.
Magisk & Magisk Manager If you want Root. For the Phoenix Rom, install Magisk v14.0 first, then upgrade to v15.3 after first reboot, known to boot loop otherwise.
F-Droid
2. Move all download to phone, boot into recovery, install Magisk and No GApps Package, reboot.
3. Open your Files app, navigate to folder you put apk's, Install Magisk Manager.apk and F-Droid.apk/unless you flashed No GApps Packages.
THIRD STEP:
In phone, navigate to System Setting, Location, Mode and change it to High accuracy.
Go to UnifiedNip Settings and enable Network based Geo-location and Address lookup.
Open F-Droid Store and swipe down on screen to update repositories, now install Mozilla Stumbler from F-Droid Store and start.
Open microG Settings app, go to UnifiedNip Settings, make sure every thing is checked for Address lookup and Network based Geolocation.
Now go to main page of microG Settings, then Self-Check, check box, System grants signature spoofing permission, grant access, Allow.
Access your paid applications from play store
1. Install a PlayStore APK
If you have BlankStore installed, continue with the next step.
If you want to be able to access the Play Store, install BlankStore from the XDA thread. It is not a requirement that you set it up correctly and this is not covered by this instructions. If you need help, ask in the BlankStore original thread.
If you don't care about Play Store access, Install FakeStore.zip.
2. Open the microG Settings
which are available in the launcher now. If you want to use any Google services (Log-In, Cloud Messaging), tick both checkboxes for background services. This is the only supported setup, but you are free to disable them if you like playing with fire. You can also open the UnifiedNlp settings to enable the location backends of your choice. If you don't have any yet, check out F-Droid. For further questions and concerns regarding UnifiedNlp, use its corresponding GitHub repo or XDA thread.​3. Reboot your device
If you skip this step, everything unwanted is possible.​4. Disable Battery Optimization
if you use Android 6 (Marshmallow) or above. Ensure that it is disabled for microG Services Core in System Settings > Battery > Menu > Battery optimization. Note that this is the case for the original Play Services, as it is required to keep a stable background connection.​
Note: On Android 7 (or later) an additional patch is needed to make location work, or alternatively, you can install GmsCore.apk in the /system/priv-app folder. This can be done by using adb push.
Testing
You can test Google Cloud Messaging using this test application*. Push notifications do not require account registration.
You can add an account through the system settings. Some applications might ask you to do so, if you don't.
Apps that use Cloud Messaging must be installed after GmsCore, or else they will not work. Some applications that can run with microG GmsCore is installed in the correct order: TextSecure/Signal, Play Music, YouTube
If you are using AdAway, make sure to put mtalk.google.com on your whitelist, or else problems are likely to occur when using Google Cloud Messaging. Thanks @benstyle1 on XDA for the hint.
Telegram Links for microG Group Help
MicroG Liberation Front
Awesome thread, thank you very much for your efforts. I followed the nogapps tutorial to the letter, still having problem with Signal app.
It wouldn't register my phone number. Can you maybe check it also? https://www.signal.org/android/apk/
LE: NVM, solved it by enabling GCM in MicroG settings and register Signal in MicroG GCM settings.
Another question, how much time should I keep Mozilla Stumbler from F-Droid Store scanning, and is it required?
Thanks again.
mi3x said:
Awesome thread, thank you very much for your efforts. I followed the nogapps tutorial to the letter, still having problem with Signal app.
It wouldn't register my phone number. Can you maybe check it also? https://www.signal.org/android/apk/
LE: NVM, solved it by enabling GCM in MicroG settings and register Signal in MicroG GCM settings.
Another question, how much time should I keep Mozilla Stumbler from F-Droid Store scanning, and is it required?
Thanks again.
Click to expand...
Click to collapse
Thanks for the post, this has been a learning experience for me, I just wanted to share my procedure with any one interested in installing microG. I use Signal as well, glad you figured it out, and as for Mozilla Stumbler, there is no need for it to be scanning after you have accessed the Play Store. I'm assuming that your using the OP5T phone with the Liquid Remix Rom, if so, I have updated the installation process, now there is no need to use Xposed framework.
I really appreciate it, you saved me from a lot of work, nicely gathering them all into this special thread. Fortunately enough, I use a different rom, Unofficial LineageOS 14.1 with custom kernel and it works perfectly as well.
I followed your steps in post 5, everything went smoothly.
Many thanks once again, for me this is a gem, just migrated from iOS and slowly moving away from google and trying to replace most of my apps, just setup my davDroid with my nextcloud server, it'll take some time but I'll get there eventually.
Now a question about playstore, did I misunderstand, or why would I access it anyway? The other non FOSS apps which I need at the moment, I install from yalp. Please adivse a bit on this angle.
Have a good one.
Excellent thread. I use microg 2 years, with lg g2 and now with op5t about 1,5 month at stock ROM. I am also try to de-google my self as much as i can.
Fdroid has excellent apps and you can find everything. I prefer lightweight apps with less permissions and ram/mb ie New pipe is an excellent YouTube replacement. I Subscribe to this thread. Keep it GOOGLESS
Sent from my ONEPLUS 5T
vagkoun83 said:
Excellent thread. I use microg 2 years, with lg g2 and now with op5t about 1,5 month at stock ROM. I am also try to de-google my self as much as i can.
Fdroid has excellent apps and you can find everything. I prefer lightweight apps with less permissions and ram/mb ie New pipe is an excellent YouTube replacement. I Subscribe to this thread. Keep it GOOGLESS
Sent from my ONEPLUS 5T
Click to expand...
Click to collapse
Pro can you tell me how you debloat Google apks without problem
Sent from my ONEPLUS A5010 using Tapatalk
Microg unofficial installer delete conflict apps.
The rest apps uninstall with apps like titanium
mi3x said:
I really appreciate it, you saved me from a lot of work, nicely gathering them all into this special thread. Fortunately enough, I use a different rom, Unofficial LineageOS 14.1 with custom kernel and it works perfectly as well.
I followed your steps in post 5, everything went smoothly.
Many thanks once again, for me this is a gem, just migrated from iOS and slowly moving away from google and trying to replace most of my apps, just setup my davDroid with my nextcloud server, it'll take some time but I'll get there eventually.
Now a question about playstore, did I misunderstand, or why would I access it anyway? The other non FOSS apps which I need at the moment, I install from yalp. Please adivse a bit on this angle.
Have a good one.
Click to expand...
Click to collapse
Good Day, Personally I don't need access to the play store, however, I receive a number of request from people that enjoy running microG, but want access to Play Store for there purchased applications, and others like to try out new Rom's, flashing many times a week, unfortunately Gapps has issues with the Play Store breaking when flashing Rom's multiple times, as for microG and the Yalp Store, they don't have this problem.
If you haven't already join Telegram, I recommend trying it out. Below I have listed your Rom link and several microG Groups as well.
Telegram Links
LineageOS
MicroG Liberation Front
MsuatafaKhatab said:
Pro can you tell me how you debloat Google apks without problem
Sent from my ONEPLUS A5010 using Tapatalk
Click to expand...
Click to collapse
I'm not really sure what your asking, but I will try. I see that you have the OnePlus 5T, and the best way I have found to do this is, install a Rom that doesn't have Gapps installed.
I have the same phone, and found that the Liquid Remix Rom is a good choice, it also supports signature spoofing. I will list a few links below that help with the OP5T phone.
Update: Phoenix Rom I'm using now, much smoother and supports signature spoofing.
Setting Up Your OP5T
TOOL ALL IN ONE
microG Installation
Protect Your Data
Google doesn’t have a camera in every home, but it does have phone's in millions of pockets.
Google's tracking explained. On two phones, without SIM, no data during travel, and one even in airplane mode. Watch this short video, you might be amazed.
YouTube Link: How much info is Google getting from your phone?
YouTube Alternative App: NewPipe
Your Data
Google wants you to understand what data they collect and use.
Google Services Contract
When you use Google services, you trust us with your data. It is our responsibility to be clear about what we collect and how we use it to make our services work better for you.
Here are the three main types of data we collect:
Things you do
When you use our services — for example, do a search on Google, get directions on Google Maps, or watch a video on YouTube — we collect data to make these services work for you. This can include:
Things you search for
Websites you visit
Videos you watch
Ads you click on or tap
Your location
Device information
IP address and cookie data
Things you create
If you are signed in with your Google Account, we store and protect what you create using our services. This can include:
Emails you send and receive on Gmail
Contacts you add
Calendar events
Photos and videos you upload
Docs, Sheets, and Slides on Drive
Things that make you “you”
When you sign up for a Google account, we keep the basic information that you give us. This can include your:
Name
Email address and password
Birthday
Gender
Phone number
Country
Protect Your Data with XPrivacyLua
XprivacyLua protects your privacy by feeding applications fake data or no data at all, or by restricting applications from accessing data categories such as contacts and location. It doesn’t revoke or block applications’ permissions (with the exception of internet and storage access), so most apps don’t misbehave or crash when they’re denied access. And it shows handy icons when applications request permissions, connect to the internet, or attempt to access sensitive data. If you value your privacy, please consider to support this project with a donation or by purchasing pro features.
GitHub Link
Xda Developer Link
Post your favorite Rom or application's you are using for privacy.
I'm a huge fan of xprivacylua, keep coming with these useful posts! Thanks!
xXxGeek said:
I'm not really sure what your asking, but I will try. I see that you have the OnePlus 5T, and the best way I have found to do this is, install a Rom that doesn't have Gapps installed.
I have the same phone, and found that the Liquid Remix Rom is a good choice, it also supports signature spoofing. I will list a few links below that help with the OP5T phone.
Update: Phoenix Rom I'm using now, much smoother and supports signature spoofing.
Setting Up Your OP5T
TOOL ALL IN ONE
microG Installation
Click to expand...
Click to collapse
So I take it the Tool-all-in one works for the 5T even though it's not specifically mentioned in the link? (I only saw it said it works for 3T)
Now the best way to not use google is to use a rom that doesn't include it. However, what if the ROM you want to use doesn't have an official version/or if you want to use the stock ROM for one reason or another? Let's say I turn on the phone, never log on to any google services, disable as many google apps as I can -- (though one can only deny google play services permissions, but not disable the app) -- does that provide a good amount of privacy? Or does google still manage to track you somehow?
Listerine said:
So I take it the Tool-all-in one works for the 5T even though it's not specifically mentioned in the link? (I only saw it said it works for 3T)
Now the best way to not use google is to use a rom that doesn't include it. However, what if the ROM you want to use doesn't have an official version/or if you want to use the stock ROM for one reason or another? Let's say I turn on the phone, never log on to any google services, disable as many google apps as I can -- (though one can only deny google play services permissions, but not disable the app) -- does that provide a good amount of privacy? Or does google still manage to track you somehow?
Click to expand...
Click to collapse
Unofficial microg installer can uninstall conflict packages and deletes Google stuff. There is no reason to keep stuff you don't need. Especially Google stuff. I install microg unofficial installer on nougat and now on oreo without problem.
Sent from my ONEPLUS 5T
vagkoun83 said:
Unofficial microg installer can uninstall conflict packages and deletes Google stuff. There is no reason to keep stuff you don't need. Especially Google stuff. I install microg unofficial installer on nougat and now on oreo without problem.
Sent from my ONEPLUS 5T
Click to expand...
Click to collapse
Didn't know the other installers would uninstall conflict packages -- I guess I didn't see any reference to that. In the instructions, it says that it requires spoofing, but do you need spoofing only if you need to use the app store?
There are a lot of unofficial microg installers out there -- did you mean this one?
https://forum.xda-developers.com/android/development/microg-unofficial-installer-t3432360
Anyways, what if you didn't want to deal with the hassle of rooting, installing ROMs and just wanted a simpler way to prevent google from data collection. Does the disabling method work or is it ineffective?
Listerine said:
Didn't know the other installers would uninstall conflict packages. I didn't see any reference to that.
There are a lot of unofficial microg installers out there -- did you mean this one?
https://forum.xda-developers.com/android/development/microg-unofficial-installer-t3432360
-About doing these installers, I would need root, so that would prevent OTAs, wouldn't it?
-I also notice that it says it requires signature spoofing. That's only required if you buy or download stuff from the play store, correct?
Click to expand...
Click to collapse
Exactly this one. So for this you need custom recovery for flashing. When I want to update to a newer oxygen I just flash rom & magisk & microg unofficial installer via recovery.
I personally don't have signature spoofing and playstore works ok but the right way is to use sign. Spoofing. Yes you can download stuff from Google without problem.
Sent from my ONEPLUS 5T
vagkoun83 said:
Exactly this one. So for this you need custom recovery for flashing. When I want to update to a newer oxygen I just flash rom & magisk & microg unofficial installer via recovery.
I personally don't have signature spoofing and playstore works ok but the right way is to use sign. Spoofing. Yes you can download stuff from Google without problem.
Sent from my ONEPLUS 5T
Click to expand...
Click to collapse
It has just occurred to me that the Chinese version of the OnePlus 5T has exactly the same hardware as the International version...but the Chinese version doesn't have any google apps installed.
So...wouldn't the easiest way to de-bloat from google just to install Hydrogen OS? You wouldn't even have to root for that.

Noob Question

Hi All,
I am considering a OnePlus 6T. My issue is that I am not looking for a phone, just a secure device I can do some web activity with, and use as an old style PIM device. I actually expect that I would pull the Sim card.
That said, I suspect that I would want to root this thing and eviscerate this thing of any bloatware as well as ties to Google or anyone for that matter.
I have not done any Android programming, but have been using Linux since the SysV days (mid to late 70's) and in a pretty serious sorta way, and I have even more experience with embedded systems.
Questions are: Can I make the 6T do what I want - private web browser, no calls, data storage, music, photos, etc...
Thanks
Ray
rbahr said:
Hi All,
I am considering a OnePlus 6T. My issue is that I am not looking for a phone, just a secure device I can do some web activity with, and use as an old style PIM device. I actually expect that I would pull the Sim card.
That said, I suspect that I would want to root this thing and eviscerate this thing of any bloatware as well as ties to Google or anyone for that matter.
I have not done any Android programming, but have been using Linux since the SysV days (mid to late 70's) and in a pretty serious sorta way, and I have even more experience with embedded systems.
Questions are: Can I make the 6T do what I want - private web browser, no calls, data storage, music, photos, etc...
Thanks
Ray
Click to expand...
Click to collapse
Hi,
First of all it's an honor to have a Linux veteran here (I mean 70's !)
You can turn your OnePlus 6T in a privacy oriented device installing LineageOS without installing GApps. LineageOS is a ROM based on AOSP and not Google, every app is aosp and if you don't flash GApps (a zip that install Google Services and Apps), your device will be Google-free.
You'll be able to take photos, listen to music, browse internet and even have a "market place" by installing F-Droid or another alternative app store. For that you'll need to install APK files (those are like .exe but for Android) that you can download online. But beware, sometimes the files may contain a virus, so download from trusted website only (E.g: Apkmirror, F-Droid, XDA-Labs,...).
For private web browser I can advise Tor Browser, but browsing will be slow, as this browser includes a very powerful VPN.
I just wanted to precise, being Google-free and being invisible is very different. If you're more into things like Tor Browser (meaning you want full privacy, not being seen from anyone), you may take a look at GrapheneOS. It a ROM you can flash like LineageOS, but it is very privacy-oriented. But it is available only for Pixel Devices, so you may wanna consider buying one (the Pixel 4a which just came out has really good camera, not very powerful for gaming but can surely browse the internet. It doesn't have a build of GrapheneOS yet, since it just came out, but it'll surely come).
Here is a vid explaining: https://m.youtube.com/watch?v=hrDUOtWXGv8
Here is their website: https://grapheneos.org/
If you need any extra info, just mention or quote me so I get notified
Have a good one
This great information and exactly what I want!
I know about Tor, and I want privacy, but, at least for this application, not looking to be invisible since I will be interacting via email and browser.
Thanks
Ray
Raiz said:
Hi,
First of all it's an honor to have a Linux veteran here (I mean 70's !)
You can turn your OnePlus 6T in a privacy oriented device installing LineageOS without installing GApps. LineageOS is a ROM based on AOSP and not Google, every app is aosp and if you don't flash GApps (a zip that install Google Services and Apps), your device will be Google-free.
You'll be able to take photos, listen to music, browse internet and even have a "market place" by installing F-Droid or another alternative app store. For that you'll need to install APK files (those are like .exe but for Android) that you can download online. But beware, sometimes the files may contain a virus, so download from trusted website only (E.g: Apkmirror, F-Droid, XDA-Labs,...).
For private web browser I can advise Tor Browser, but browsing will be slow, as this browser includes a very powerful VPN.
I just wanted to precise, being Google-free and being invisible is very different. If you're more into things like Tor Browser (meaning you want full privacy, not being seen from anyone), you may take a look at GrapheneOS. It a ROM you can flash like LineageOS, but it is very privacy-oriented. But it is available only for Pixel Devices, so you may wanna consider buying one (the Pixel 4a which just came out has really good camera, not very powerful for gaming but can surely browse the internet. It doesn't have a build of GrapheneOS yet, since it just came out, but it'll surely come).
If you need any extra info, just mention or quote me so I get notified
Have a good one
Click to expand...
Click to collapse

What is the best OnePlus 6 ROM to you and why? Which are most privacy/security conscious? Recomemdations please!

I havent installed a custom ROM since cyangenmod/LineageOS on my OnePlus One, which I loved. Now I have LineageOS 10.3.10 on a OnePlus 6.
I am sick of google and stock/OEM androids data gathering and increasing enroachment and would like to prevent it as much as possible without completely gimping my system.
Possibly use something like a protonmail email account instead if thats poasible or just no google account. I would still like to use the apps from the playstore, especially those i bought.
I want to debloat and disconnect as much as possible. No okay google. No telemetry. No uploading my data. Can i do this while still using the playstore or will that interfere and require my account? Is there a workaround, and no im not asking for illegal references. Using my bank app would also be handy but not necessary.
I would love the option to totally disconnect from bluetooth and wifi/other radio deilvices on my home network etc. I do not want to connect to other devices.
Im out the loop here, recommendations are massively appreciated.
FTR Im aware of GrapheneOS and the associated Jaguar on here but im wondering if its too much and how that might play out.
Any help or links to guides or articles is much appreciated.
Hopefully im not breaking any rules, although I checked and couldnt see that was the case.
Cheers people.
Candiety said:
I havent installed a custom ROM since cyangenmod/LineageOS on my OnePlus One, which I loved. Now I have LineageOS 10.3.10 on a OnePlus 6.
I am sick of google and stock/OEM androids data gathering and increasing enroachment and would like to prevent it as much as possible without completely gimping my system.
Possibly use something like a protonmail email account instead if thats poasible or just no google account. I would still like to use the apps from the playstore, especially those i bought.
I want to debloat and disconnect as much as possible. No okay google. No telemetry. No uploading my data. Can i do this while still using the playstore or will that interfere and require my account? Is there a workaround, and no im not asking for illegal references. Using my bank app would also be handy but not necessary.
I would love the option to totally disconnect from bluetooth and wifi/other radio deilvices on my home network etc. I do not want to connect to other devices.
Im out the loop here, recommendations are massively appreciated.
FTR Im aware of GrapheneOS and the associated Jaguar on here but im wondering if its too much and how that might play out.
Any help or links to guides or articles is much appreciated.
Hopefully im not breaking any rules, although I checked and couldnt see that was the case.
Cheers people.
Click to expand...
Click to collapse
Then microG is for you. You can try OmniROM microG build. MicroG is a substitute to google play services. You will use open source apps instead of google apps. But OmniROM's xda thread is outdated but the download link is still active and the microG version is still updated. You can also search for custom ROM which which is microG compatible primarily with signature spoofing feature and vanilla build (no GApps)
tiga016 said:
Then microG is for you. You can try OmniROM microG build. MicroG is a substitute to google play services. You will use open source apps instead of google apps. But OmniROM's xda thread is outdated but the download link is still active and the microG version is still updated. You can also search for custom ROM which which is microG compatible primarily with signature spoofing feature and vanilla build (no GApps)
Click to expand...
Click to collapse
Hey mate, I really appreciate this reply. Could you explIain signature spoofing a bit? Also, Does GApps present problems these days (or always)?
Thanks again.
Candiety said:
Hey mate, I really appreciate this reply. Could you explIain signature spoofing a bit? Also, Does GApps present problems these days (or always)?
Thanks again.
Click to expand...
Click to collapse
Signature spoofing allows fake signatures for packages meaning it will pretend to has google services but not real google. Better to flash custom ROM microG than custom ROM vanilla and manually setup microG to prevent error. GApps have privacy issues, battery drain, etc. But I don't mind that because I need to use GApps in my work. If time comes that microG has full alternative to GApps maybe I can adapt to that.

Question Question on privacy

My knowledge is limited.And I wonder,
A non-rooted A53 with default stock rom, removed bloatware, with usage only of open source apps, NetGuard VPN with allowence only to few used apps and all system stuff blocked. How private is this?
I know that networks have layers, and VPN works on an upper layer, where it cannot block traffic happening on lower levels.
But I'm just curious?
What is the most private configuration set you can have with non-rooted stock rom?
And there is that meta app (com.facebook.appmanager), it can be disabled with ADB...
The most private should be disabling the internet use and never enabling or using it. Other words, factory reset and don't sign into wifi and have no sim card then sideload any apps and that will be private.
Privacy of what you state will involve various data and info being spread around. Even open source can include malware, etc. Its been done before. VPN should be able to glean certain info. Etc. There's no easy way to say exactly how private it is or not. It all depends on various factors.
If you're that concerned about privacy, try a privacy centric OS like CalyxOS or GrapheneOS

Categories

Resources