In any ROM (even without gapps) there will always be automatic connections with Google(captive portal mode, ntp) and Qualcomm (ntp, gps) The theory says that we have to deactivate automatic date and time and use only the integrated GPS (or otherwise contact Google / Qualcomm) but in practice these hosts will connect to the internet when they can ... The file in a LineageOs ROM is usually in /vendor/etc/gps.conf. On the other hand, there are geolocation alternatives, such as theUnifiedNIp project. Later, we can use other servers such as Mozilla. For this purpose we need to have MicroG installed, although I leave the information in case you are interested in.
The exception would supposedly be Replicant, but it supports few devices.
To avoid the espionage of Google we need the following:
-Before installing / formatting / flashing, we export our contacts in .vcf format and then recover them by importing the file from the Contacts application. If you want synchronization you can use, for instance,DAVdroid in Nextcloud / Ownclowd. This file and our photos / videos are taken to the PC and viceversa using a wire. We also download F-Droid, Afwall firewall and Adaway apks. We do not connect to the internet till I say even we have to avoid mobile data or wifi in the setupwizard.
-We flash a LineageOs ROM, without gapps and without MicroG(because it generates too many connections with Google). In your options we will uncheck Automatic Date / Time. We become root with Magisk or su.
-The next step is to deactivate the captive portal mode. All Android phones send a ping to Google to verify that the internet works. In Development Options we will enable the Local Terminal / Shell. Afterwards, we look for the new app and we open it.
In order to have root access we write:su
Then we will put:settings put global captive_portal_mode 0
And finally:reboot (also in the terminal, because if we restart manually it will be activated again)
-We disable "Intent Filter Verification" system app. It connects to Google and Amazon to verify the net. It is not necessary to be root. We force stopping and afterwards we disable it.
-If we use Android Pie we change Private DNS from automatic (default) to No.
-Install the firewall Afwall + We will give access only to the apps that interest us. However, there is a "bug" in Android that produces another inevitable data leak for any Firewall. This occurs at the boot of the system in which the program is incapable because it is loaded later, and the OS takes advantage to skip the locks. In its experimental options, there is one that controls this behavior. "Fix the data leak at boot" To let us mark the option, which by default will be gray, we must indicate in the immediately superior option "Path of the home directory for script", the first one that appears/sbin/.core /img/.core/service.d. Besides, we mark IPv6 compatibility. Thus, Afwall could "see" some IP's and block them. Nowadays I do not know what they are but there are several (an failed) unknown connections.
-AdAway. Now It is the moment to connect to the internet. We add the lists I put below, update the app and reboot. We are going to block Google servers (time.google.com) and Qualcomm servers (Izat, izatcloud.net) because despite blocking them in the firewall, disabling automatic date / time and using only the integrated GPS for time, they will try to connect to the time servers as soon as the phone connects.
To simplify, we added the host that I created for that purpose:
https://gitlab.com/Jorgu81/hosts/raw/master/HostsGoogle
Most recommended is Steven Black, although it is not essential:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- After that, we install the F-Droid store. We are going to avoid Yalp Store/Aurora because they generate too many connections with Google, but you can install / uninstall if you need any app.
-IceCat web browser. Startpage, Qwant or SearX search engines. The reason, here:
https://spyware.neocities.org/articles/browsers.html
First of all we disable its addons because they break the webs. Afterwards, we put the ublock addon Origin.. If you want to avoid Google webcrawling we must block its domains with the aforementioned add-on. These are some of its trackers:
adservice.google.com
admob.com
adwords.com
adservice.google.es
adservice.google.com
doubleclick.net
googleapis.com beware! Some forums will not load correctly if we block ajax.googleapis.com
google-analytics.com
googletagservices.com
googleusercontent.com
googletraveladservices.com
googlesyndication.com
googleadservices.com
gstatic.com (it tends to break many websites, so use it manually where possible)
-SD Maid. This program is very complete and with it we can disable system applications or avoid autobooting them. But what interests us is to remove tracking permissions of the apps, specifically those referred to Google. These are boot (auto-start),analytics, tracking, firebase and in general those that refer to google. If the apps contain any of them, we will remove them. We look for "Application Control" (previously we can mark it to indicate also those of the System in Settings) and after selecting them, we select the app and choose "Permission Manager". Do not forget to give the 3 points above (Other) to see all of them. Example with Whatsapp. Uncheck "com.whatsapp.Bootreceiver","google.android.gms.measurement.AppMeasurement Receiver","com.google.firebase.iid.FirebaseInstanceIdReceive r","com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver"
https://sdmaid.darken.eu/download/production/
If we want to avoid its automatic connections we could disable the options in Settings, General Settings, Bug reporting.
Do not forget Trust in LineageOs in order to change, deny or allow permissions of our installed apps.
With this we have finished the initial configuration to avoid, as far as possible, the espionage of our system.
----------------------------------------------------------------------------------------
Applications / recommended settings (from F-Droid, as usual):
-Beta Updater for WhatsApp. To update the well-known application.
-XprivacyLua. We need Xposed:
Xposed (not Android 9)
https://forum.xda-developers.com/xposed/xposed-installer-versions-changelog-t2714053
EdXposed (Android 9, alpha)
https://forum.xda-developers.com/xposed/android-9-0-xposed-solutions-t3889513
It will block all the information from our terminal that apps can takefor their indeterminate purposes. Few of them will make an incorrect use of it because they come from F-Droid. If we use WhatsApp we have to leave at least permission to clipboard and Contacts. In IceCat only for clipboard.
Removed old info.
Updated info:
-Disabling Intent Filter Verification due to its connections with Google, Amazon, and so on...
Another update and I hope the last...
We mark IPv6 compatibility in the firewall. Thus, Afwall could "see" some IP's and block them. Nowadays I do not know what they are but there are several (an failed) unknown connections.
Nevertheless, if we do not apply this, we could see data leak (AdAway, wireshark, tcpdump)
Now, there is no automatic connections at all.
On the other hand, I will install Pie soon so I will hope not to find too many problems...
Last update with Pie.
Only strange connections between mobile and router with Private DNS that is in automatic mode by default. We change it and select No.
-Added more hosts
-Changed hosts from GitHub to GitLab.
Now, we have 0 automatic data again when we turn on/off wifi or mobile data.
Related
If this thread helped you, Don't forget to hit THANKS.
WifiKill - disable internet for network hoggers
With this app you can disable internet connection for a device on the same network. So if someone (anyone) is abusing the internet wasting precious bandwidth for a Justin Bieber videoclips you could just kill their connection and stay happy with a full bandwidth just for yourself.
You can download WiFiKill using WiFiKill Downloader
!!! PRO version !!! requires you to make a donation through PayPal (using WiFiKill Downloader)
dSploit - An Android network penetration suite
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device.
Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc .
The precompiled apk can be downloaded from https://github.com/evilsocket/dsploit/downloads ( download the latest release you find ), make sure you have the option to install apps from third party sources enabled.
It's still in beta stage so unexpected behaviour could happen.
If this thread helped you, Don't forget to hit THANKS.
Greenify
Greenify help you identify and put the bad behaving apps into hibernation when you are not using them, stop them from battery leeching, memory hogging and stealthy running, in an elegant and unique way! They could do nothing without your explicit launch, while still have full functionality when running in foreground. Like what iOS apps act!
The built-in App Analyzer will analyze and show apps in your device that keep running persistent services and those launch itself automatically on a regular basis (when network connectivity changes, or every time you unlock your device, install / uninstall / update your apps, etc).
ROOT is required. If you are experiencing hibernation issue, this may be caused by your root management app (e.g. "SuperUser"), please try installing "SuperSU" instead.
Get it for free HERE
BBM Controller
This application was created to make it easier for us to manage BlackBerry Messenger ( BBM ) .
Requirements to be able to use BBM Controller application is :
+ Android Smartphone already in ROOT .
+ Android Smartphone already installed BBM application.
+ Minimal Android is version 4.0 ( ICS ) .
+ Minimum ROM storage is 3 Megabytes. This app only use 3 MB of ROM storage when active.
Download BBM Controller
USB OTG Helper (Stock/Custom kernel)
It stands for USB On-the-Go!
"It is a specification that allows USB devices such as digital audio players or mobile phones to act as a host allowing a USB flash drive, mouse, or keyboard to be attached." - Wikipedia
The stock kernel allows Mouse & Keyboard, but USB storage is missing..
Features:
Stock and custom kernels supported
Mount and Unmount drive with a single click
No Ads!
Full NTFS support built-in!! (from v3.0.3)
Automatically start on device connect (intent broadcast) (from v3.0.3)
Notification when drives mounted! (from v3.0.3)
One click access to unmount (from v3.0.3)
Option to enable UTF-8 if kernel support (from v4)
Automatically open explorer after drive mounted (from v3.0.7)
One click debugging and feedback (in app) [Donate version only]
Download APK From Play Store
WhatsMore - Allow 2 phone numbers to be linked to WhatsApp
WhatsMore is an add-on account management to make WhatsApp holding more than 1 phone number even on a single-SIM mobile phone. Now, we can give different phone numbers to the family, co-workers, customers, net-friends, and etc…
Features:
- Allow Up to 2 phone numbers to be used with WhatsApp on the same device.
- Auto swapping WhatsApp accounts in a user preset interval.
- Show notifications when swapping WhatsApp accounts.
- Show notifications if there are unread messages of swapped out WhatsApp accounts.
- Launch any inactive WhatsApp account from within WhatsMore.
- Perform auto recovery upon the App starts (or the phone starts up) if the previous swapping process is interrupted. (ie. Power off, reboot of the mobile phone, upgrade from the play store)
Download From Play Store
If this thread helped you, Don't forget to hit THANKS.
ANote Overlay - Draw on your screen and screenshot from everywhere
ANote Overlay is an application with which you can take note on your screen wherever you are !
ANO launch itself as an overlay above any applications, images, web pages etc so you can fastly draw anywhere.
Then simply save and share your screenshot.
Your device must be rooted to enable ANO to save the background of your screen shot
With ANO you can :
Navigate through your phone, ANO stills opened
Display / hide ANO
Set up the white background opacity so you can see more or less your background application
Change the pen color and size
Undo or undo all (long press)
Redo or redo all (long press)
Save your screenshot and share it (only the overlay with white background for not rooted device)
Display / hide a resizable rectangle to highlight a portion of your screen.
Play Store link : Free , Donate
RepetiTouch for Android - Record touch events and replay them
RepetiTouch, an app which enables touchscreen input recording and replaying directly on the device. It's available on Google Play, also as a limited free version. This app is tested it on a Nexus 7 and Samsung Galaxy Y but it should work on every rooted device with Android 2.3 or later.
Limitations (of free version, the pro version doesn't have this limitations and, e.g., includes Locale/Tasker support):
- no multitouch recording
- recording time limited to 10 minutes
- no loop mode
- saving record only to a single default file in app directory
- panel not movable/flippable
- no automation tool support (e.g., Tasker or Locale)
If this thread helped you, Don't forget to hit THANKS.
many apps require too much permissions that they do not need to function
most apps needs internet connection to talk to some API (let's say updates checking or notifications ..etc) and need to access SD Card (for buffering/caching)
it would be great if the OS is structured in a way so that we can grant apps access only to specific directories that only belong to it (think of browser cache, youtube buffer ...) and when the user promptly and consciously want to pass files (eg. upload file throw a web browser) they get stagged/promoted/linked to that area accessible by the app.
till that happens, we have SELinux in many android phones can we use it to sandbox apps (the idea is there since 2009 see http://danwalsh.livejournal.com/28545.html)
can we define a policy that
1. those apps are not allowed to access my gallery directory (DCIM)
2. those apps are allowed to access my gallery but are not allowed to use network connection
in desktop linux it was successfully applied (here it was applied on firefox http://danwalsh.livejournal.com/31146.html)
DISCLAIMER:
It is extremely illegal to use this app against networks you don't own or don't have a permission to attack. I am not responsible for how you use it and any damage you may cause. Consider yourself warned.
Hijacker is a Graphical User Interface for the wireless auditing tools airodump-ng, aireplay-ng and mdk3. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.
This application requires an android device with a wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Nexus 5 and any other device that uses the BCM4339 (and BCM4358 (although injection is not yet supported so no aireplay or mdk)) chipset will work with Nexmon. Also, devices that use BCM4330 can use bcmon.
The required tools are included in the app. To install them go to Settings and click "Install Tools". This will install everything in the directory you select. If you have already installed them, you don't have to do anything. You can also have them at any directory you want and set the directories in Settings, though this might cause the wireless tools not being found. The Nexmon driver and management utility is also included.
Root is also necessary, as these tools need root to work. If you don't grant root permissions to it, it hangs... for some reason... don't know why...
Features:
View a list of access points and stations (clients) around you (even hidden ones)
View the activity of a network (by measuring beacons and data packets) and its clients
Deauthenticate all the clients of a network
Deauthenticate a specific client from the network it's connected
MDK3 Beacon Flooding
MDK3 Authentication DoS for a specific network or to everyone
Try to get a WPA handshake or gather IVs to crack a WEP network
Statistics about access points (only encryption for now)
See the manufacturer of a device (AP or station) from a OUI database (pulled from IEEE)
See the signal power of devices and filter the ones that are closer to you
Leave the app running in the background, optionally with a notification
Copy commands or MAC addresses to clipboard, so you can run them in a terminal if something goes wrong
Include the tools
Reaver WPS cracking (pixie-dust attack using NetHunter chroot)
.cap files cracking with custom wordlist
Let the user create custom commands to be ran on an access point or a client with one click.
Installation:
Make sure:
you are on Android 5+
you are rooted. SuperSU is required. If you are on CM, install SuperSU
have installed busybox (opened and installed the tools)
have a firmware to support Monitor Mode on your wireless interface
Download the latest version here.
When you run Hijacker for the first time, you will be asked whether you want to set up the tools or go to home screen. If you have installed your firmware and all the tools, you can just go to the home screen. Otherwise, click set up to install the tools. You can change the directories in which they will be installed, but I recommend that you leave them unchanged. The app will check what directories are available and select the best for you. Keep in mind that on some devices, installing files in /system might trigger an Android security feature and your system partition will be restored when you reboot. After installing the tools and the firmware (only Nexmon) you will land on the home screen and airodump will start. If you don't see any networks, make sure you have enabled your WiFi and it's in monitor mode. If you have a problem, go to settings and click "Test Tools". If they all pass, you probably don't have monitor mode enabled. If something fails, click "Copy test command" and select the tool that fails. A sample command will be copied to your clipboard so you can open a terminal, run it, and see what's wrong.
Keep in mind that Hijacker is just a GUI for these tools. The way it runs the tools is fairly simple, and if all the tests pass and you are in monitor mode, then you should be getting the results you want. But also keep in mind that these are AUDITING tools. This means that they are used to TEST the integrity of your network, so there is a chance (and you should hope for it) that the attacks don't work on a network. It's not the app's fault, it's actually something to be happy about (given that this means that your network is safe). However, if an attack works when you type a command in a terminal, but not with the app, feel free to post here to resolve the issue. This app is still under development so bugs are to be expected.
Troubleshooting:
First of all, if the app happens to crash at a random time, run it again and close it properly. This is to make sure that there are not any tools still running in the background, as this can cause battery drain. If it crashes during startup or exiting, open a terminal, run `ps | busybox grep -e air -e mdk` and kill the processes you see.
Most of the problems arise from the binaries not being installed (correctly or at all). If that's the case, go to settings, click "install tools", choose directories for binaries and the lib (libfakeioctl.so) and click install. If the directory for your binaries is included in PATH, then you don't have to do anything else. If it's not, the you need to adjust the absolute paths of the binaries, right below the "install tools" option. This might also cause problems (especially with mdk) since these programs require the wireless tools to be installed, and they won't find them if you install them anywhere other than the paths included in your PATH variable. If you don't know what the PATH variable is, then you probably shouldn't be using any of these programs.
If you are certain that there is problem with the app itself and not the tools installation, open an issue here so I can fix it. Make sure to include precise steps to reproduce the problem and a logcat (having the logcat messages options enabled in settings). If the app happens to crash, a new activity should start which will generate a report in /sdcard and give you the option to email it to me directly. I suggest you do that, and if you are worried about what will be sent you can check it out yourself, it's just a txt file and it will be sent as an email attachment to me.
XDA:DevDB Information
Hijacker, App for all devices (see above for details)
Contributors
chrisk44
Source Code: https://github.com/chrisk44/Hijacker
Version Information
Status: Testing
Current Stable Version: v1-RC.4
Stable Release Date: 2016-12-23
Created 2016-11-14
Last Updated 2016-12-26
Reserved
thank you
works great on my nexus 5 and note 3
not working on s6 edge problem i dont know i already installed in my device correctly and also hijacker airdump shows networks for attacking but not do real attack
System Input Method's playstore link
[Playstore link: https://play.google.com/store/apps/d...ster&hl=en_GB]
Application Process: System Input Method (Process Name: com.ss.android.secure.cleanmaster)
listed as a system file.
Installed APK: /data/user/0/com.ss.android.secure.cleanmaster-1/base.apk
/data path: /data/user/0/com.ss.android.secure.cleanmaster
Version: 1.05
Target SDK: 22
Permissions:
Have full network access.
View WiFi connections.
View network connections.
Download files without notification.
Read phone status and identity
Modify or delete the contents of your usb storage.
Read contents of your Usb storage
Prevent phone from sleeping
Retrieve running apps
Draw over other apps
MainService: ime.mobile.ime.main
NOTE: This app written for older Android OS. So if installed in newer android versions, all permissions will be allowed even if you blocked it.
Last edited by SniperAlert2046; Today at 09:27 PM.
Malwarebytes classified it as riskware.
But after uninstalling it, the app came back again at random hours. seemingly downloading and installing other apps (like Haike News - communist news; and Ireader)
Drains battery and used data (to download files and maybe mine for crypto)
tried using ADB to remove it but as the base.apk is stored in root folder, the app can reinstalls itself when triggered (by the programmer / hacker or randomly)
Rooted phone and then installed Afwall+ firewall. But the firewall steathily disables internet filtering at odd hours. (or maybe the firewall is bugged).
So decided to deactivate Updater app (linked to redstone) and the OTAupdater... system app since phoine already rooted and that the Leagoo company does not provide regular OS updates. (except pushing Haike News, System Input Method and H5plugins riskwares to phone).
Well, although AFwall+ firewall did not work, thereby exposing my phone to the internet without filtering IP traffic, the riskwares did not return. So uninstalling Updater (the one with the com.redstone.ota.ui pathname) and the System Update (com.sprd.systemupdate) works for me.
Netguard firewall managed to blocks internet access by system apps. The Leagoo's Built-in Weather app created Baidu folder in root folder (collecting many encrypted log files probably for sending back to Baidu servers in China.). Would be better to uninstall Leagoo Weather app and install a 3rd party one.
Hello guys,
I have been searching for answers to some of the tech stuff, but couldn't find them.
Here are some of those questions. Hope some of you would have answers to these. Thanks in advance!
ANDROID
1. How to share files between multi-users on Android 11?
Before Android 11, it was possible to save files inside the Android/ obb folder, and these files were visible for all users on the device. In Android 11, this is no longer working as the 'obb' folder appears to be exclusive to each user.
I know this is possible via USB OTG or a cloud service, but is there a solution without these?
2. How to copy/ backup game data for non-rooted devices?
Helium Backup doesn't seem to work. I have played a game for long on my Mediapad, and I would like to copy that game to my phone. Unfortunately, my Mediapad is not rooted and losing all that game progress has become a nightmare. I have written to the app developer to provide some sort of backup using either Google Play Games or social media integration like Facebook/ Twitter, but haven't received any response.
3. How to force apps (esp. file managers & gallery apps) to use in-app media viewer without changing system default.
For example, I may use the stock gallery app as default for viewing media. But if I am using another gallery app or a file manager that is capable of viewing media files using its own media viewer, I would rather want it use it than open the default app. Is there a way to do it?
4. Replace stock file manager (a system app) with another app from Google Play Store or other sources. Is this possible?
I am not asking how to convert a user app into system app. I know that part. I tried replacing the apk file of the stock file manager with a 3rd party apk, even renamed it, but it didn't work.
5. Extract a system app from one device and install it on another device without root. Is this possible?
I have tried it, but apk installation fails. For example, Samsung Gallery app on OnePlus phones.
iOS
1. How to install .ipa (iPhone app) on an iPhone (not jail-broken) without a laptop (iTunes)?
2. Is it possible to have SFTP server for iPhone?
All Operating Systems
1. How to provide LAN only access for non-rooted devices as well as in Windows & iOS?
For rooted devices, we have apps like AFWall+ that can do it. But is there a way to do it for devices without root, as well as for Windows and iOS?
For non-rooted devices, we have apps like Netguard that support 'Allow LAN access' whilst blocking internet access.
Are there any alternatives and solutions for other platforms?
2. How safe is it to enter login credentials in an app to allow it access to network drives?
I use several apps (on various platforms) to connect to my laptop over SMB. This requires me to provide the app with my Windows Login Credentials, which is a Microsoft account. Am I risking my account by providing this info to the app? Is it safe to enter login credentials of cloud services in file manager apps?
Just bumping this thread as it seems to have been lost/ unnoticed.
@Ultramanoid can you answer some of these?
Sridhar Ananthanarayanan said:
@Ultramanoid can you answer some of these?
Click to expand...
Click to collapse
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Ultramanoid said:
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Click to expand...
Click to collapse
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Sridhar Ananthanarayanan said:
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Click to expand...
Click to collapse
Didn't answer because it won't be helpful.
As to the 1st, I don't use LAN, and I don't keep data in any device or computer unless in use. External independent encrypted storage to be used wherever, whenever, independent of device, cables if needed.
As to the second, it's a matter of common sense, being informed of vulnerabilities and aware of reputation, and trust. Would you trust Chrome or Mozilla with data if you're online banking ? Seems reasonable -- but be aware of major vulnerabilities that may be going on. Would you trust an application released yesterday by a single developer for the same ? Probably not a good idea.
Finally, I doubt what I use and how I use it would be acceptable for you, or most people. In essence you could : Install latest firmware, wipe device, install latest security patched Lineage build for it, remove vendor / Lineage applications, get full root, remove anything you don't need or use which could have vulnerabilities; frameworks, libraries, binaries, etc ( Bluetooth, SMS, Android system-wide downloader, system-wide WebView, NFC, and on and on .. ), install your own binaries, fonts, hosts file, and applications where appropriate ( /bin /etc et al ), install Termux and all Linux packages required for your use, everything open source whenever possible, and stay away from any Google services / Play / applications with ANY trackers, analytics, data mining or even crash report capabilities; zero tolerance. Internet permission only for a secure web browser -- and terminal if / when needed. Half of what I do or use goes through terminal to be honest. In short, for me an Android device is a full Linux laptop replacement with added perks : Always on and on me, camera, GPS, pedometer, unlimited LTE data, and emergency calls for medics / police. ( Edit : And Japanese EEW alarm of course ! Only notification I use. We learned our lesson well in 2011. )
You can use ApkExport to extract any apk including system apks. I've transferred apks between other devices devices with it.
Never had need of doing that though with a system apk.