Related
As title suggests, coming from a so called "clean" iOS environment to Android, my main concern how susceptible is my data to being stolen. I have no (current) plans to root my next phone and will be used mainly from business, but from what I have read in the past even google play store apps have been to known to have malicious content. Am I worrying too much ? I do carry sensitive work data on my iPhone.
applefag said:
As title suggests, coming from a so called "clean" iOS environment to Android, my main concern how susceptible is my data to being stolen. I have no (current) plans to root my next phone and will be used mainly from business, but from what I have read in the past even google play store apps have been to known to have malicious content. Am I worrying too much ? I do carry sensitive work data on my iPhone.
Click to expand...
Click to collapse
As long as the apps you install are from known sources (i.e. Play Store) you don't need to worry. Also every time you download an app check the permissions. If you think that the app shouldn't have those permissions then don't download it. Finally for safety reasons never install any apps from unknown sources (i.e. outside of Play Store) unless you trust the developer.
If you still find yourself worrying read this.
applefag said:
Am I worrying too much ?
Click to expand...
Click to collapse
Yep
I think you won't install any app outside Google Play so install apps that you know and you won't need to worry. FYI http://en.wikipedia.org/wiki/Security-Enhanced_Linux
kalpetros said:
Also every time you download an app check the permissions. If you think that the app shouldn't have those permissions then don't download it.
Click to expand...
Click to collapse
Well only if you are sure. Sometimes apps need permissions that aren't justified for some people.
for the open nature of the android ecosystem, it is somewhat normal that you will have to be careful though there are several different techniques, i use this the most.
Root your phone, install xposed framework and install xprivacy. here is a review of what it does http://www.xda-developers.com/android/manage-individual-app-permissions-with-xprivacy/ . I know the installation pprocess may seem daunting, but it is easier than you think this module wil allow you to block apps of certain permission. IE. you can block location service for all the apps on your phone so that no app can get your location. There are bunch of other permissions that you can block like access to contact, gallery etc
My question to others is : Is antivirus application on android worth it? I mean can it protect me from real time attaks and malwares??
SaffatBokul said:
My question to others is : Is antivirus application on android worth it? I mean can it protect me from real time attaks and malwares??
Click to expand...
Click to collapse
Not useful IMO. FYI I remember this article.
User sensibility is your best defense. Don't install apps not from the market. Only install apps with a lot of positive comments.
I would advise again rooting your phone. It's true that there are ways to block apps from accessing your private data on a rooted phone, but the additional vulnerability from unlocking your bootloader and rooting is not worth it. Just stick to apps from major developers.
snapper.fishes said:
User sensibility is your best defense. Don't install apps not from the market. Only install apps with a lot of positive comments.
I would advise again rooting your phone. It's true that there are ways to block apps from accessing your private data on a rooted phone, but the additional vulnerability from unlocking your bootloader and rooting is not worth it. Just stick to apps from major developers.
Click to expand...
Click to collapse
I agree, rooting your phone comprimises your security even if you do it to install security apps.
Primokorn said:
Yep
I think you won't install any app outside Google Play so install apps that you know and you won't need to worry.
Click to expand...
Click to collapse
Unfortunately, new apps in Google Play are rarely verified by Google staff, so there is still always a possibility of trojan or other malware.
What is different in security for cyanogenmod and normal android?
Is cyanogenmod has google spyware?
Thank you
arexium said:
What is different in security for cyanogenmod and normal android?
Is cyanogenmod has google spyware?
Thank you
Click to expand...
Click to collapse
No, cyanogenmod does not have google apps. For more info: http://wiki.cyanogenmod.org/w/Google_Apps
Even if they don't use google apps, they have their own spyware. For more how to secure your device see this: http://forum.xda-developers.com/general/security/tuto-how-to-secure-phone-t2960077
setmov said:
No, cyanogenmod does not have google apps. For more info: http://wiki.cyanogenmod.org/w/Google_Apps
Even if they don't use google apps, they have their own spyware. For more how to secure your device see this: http://forum.xda-developers.com/general/security/tuto-how-to-secure-phone-t2960077
Click to expand...
Click to collapse
This hard for apply and may be not work for my phone
You know easy way?
You thinks not use smart phone and also not use android better?
Only normal phone and for internet only use computer?
Different idea, if you have only text secure app on phone and cyanogenmod how they spy and see message?
Thank you
arexium said:
This hard for apply and may be not work for my phone
You know easy way?
You thinks not use smart phone and also not use android better?
Only normal phone and for internet only use computer?
Different idea, if you have only text secure app on phone and cyanogenmod how they spy and see message?
Thank you
Click to expand...
Click to collapse
I suggest you take a look here: http://forum.xda-developers.com/showthread.php?t=2550769
setmov said:
I suggest you take a look here: http://forum.xda-developers.com/showthread.php?t=2550769
Click to expand...
Click to collapse
This good, I check it
What you think this one please, Replicant OS?
arexium said:
This good, I check it
What you think this one please, Replicant OS?
Click to expand...
Click to collapse
What phone do you have?
setmov said:
What phone do you have?
Click to expand...
Click to collapse
This lenovo a5000
What you think Replicant OS, good one? I changes phone if this good one
arexium said:
This lenovo a5000
What you think Replicant OS, good one? I changes phone if this good one
Click to expand...
Click to collapse
Honestly I haven't tried it, so I don't know. But, what are you looking for? A secure rom, or just a rom without google apps?
setmov said:
Honestly I haven't tried it, so I don't know. But, what are you looking for? A secure rom, or just a rom without google apps?
Click to expand...
Click to collapse
Yes I want secure ROM even if not work on my phone, I can change phone
arexium said:
Yes I want secure ROM even if not work on my phone, I can change phone
Click to expand...
Click to collapse
Then, I suggest you to be patient. There will be some news soon.
try AFWall Donate version, XPrivacy, AppOps, MyAndroidTools Pro, ChatSecure, Orbot, Network Connections or Network Log App in playstore, override DNS app, SD Maid, Firefox browser...these are all good apps known for supporting end-user privacy or for strong root level management of your system. It really depends on what type of "secure" youre interested in. Android is relatively secure security-wise, but privacy-wise, not so much... actually in its default state, not at all, especially with google inside. Knowing your settings, and config, almost any ROM can be secure.
arexium said:
Yes I want secure ROM even if not work on my phone, I can change phone
Click to expand...
Click to collapse
If you are willing to switch to a Nexus 5 we (Graphite Software) have posted a ROM (Secure Spaces) that allows you to create a separate space (virtual phone) where you can easily configure the settings (enable and disable a number of attributes - bluetooth , networking, adb, etc). Also you can remove the Google Play apps in this personal or hidden space, but allow the owner space to still have Google Apps if you want. This new space is encrypted using ecryptfs and also has pid namespaces enabled in the kernel, plus some additional security features. You can push apps into this space to limit their access to the owner space , or you can think of this space as a private space where maybe you launch only a banking app for example.
ElwOOd_CbGp said:
try AFWall Donate version, XPrivacy, AppOps, MyAndroidTools Pro, ChatSecure, Orbot, Network Connections or Network Log App in playstore, override DNS app, SD Maid, Firefox browser...these are all good apps known for supporting end-user privacy or for strong root level management of your system. It really depends on what type of "secure" youre interested in. Android is relatively secure security-wise, but privacy-wise, not so much... actually in its default state, not at all, especially with google inside. Knowing your settings, and config, almost any ROM can be secure.
Click to expand...
Click to collapse
Sounds like a good start to helping secure my android, but how do you use the apps effectively?
Thanks
talkcc144 said:
Sounds like a good start to helping secure my android, but how do you use the apps effectively?
Thanks
Click to expand...
Click to collapse
All I can say is do what I did. Check them out. Read, follow instructions, experiment. Android may come shipped with some functionalities disabled but the capability is there...in a major way. You just have to take the time to learn. Familiarize yourself with settings, apps, services, device signals.
Hi All,
I am considering a OnePlus 6T. My issue is that I am not looking for a phone, just a secure device I can do some web activity with, and use as an old style PIM device. I actually expect that I would pull the Sim card.
That said, I suspect that I would want to root this thing and eviscerate this thing of any bloatware as well as ties to Google or anyone for that matter.
I have not done any Android programming, but have been using Linux since the SysV days (mid to late 70's) and in a pretty serious sorta way, and I have even more experience with embedded systems.
Questions are: Can I make the 6T do what I want - private web browser, no calls, data storage, music, photos, etc...
Thanks
Ray
rbahr said:
Hi All,
I am considering a OnePlus 6T. My issue is that I am not looking for a phone, just a secure device I can do some web activity with, and use as an old style PIM device. I actually expect that I would pull the Sim card.
That said, I suspect that I would want to root this thing and eviscerate this thing of any bloatware as well as ties to Google or anyone for that matter.
I have not done any Android programming, but have been using Linux since the SysV days (mid to late 70's) and in a pretty serious sorta way, and I have even more experience with embedded systems.
Questions are: Can I make the 6T do what I want - private web browser, no calls, data storage, music, photos, etc...
Thanks
Ray
Click to expand...
Click to collapse
Hi,
First of all it's an honor to have a Linux veteran here (I mean 70's !)
You can turn your OnePlus 6T in a privacy oriented device installing LineageOS without installing GApps. LineageOS is a ROM based on AOSP and not Google, every app is aosp and if you don't flash GApps (a zip that install Google Services and Apps), your device will be Google-free.
You'll be able to take photos, listen to music, browse internet and even have a "market place" by installing F-Droid or another alternative app store. For that you'll need to install APK files (those are like .exe but for Android) that you can download online. But beware, sometimes the files may contain a virus, so download from trusted website only (E.g: Apkmirror, F-Droid, XDA-Labs,...).
For private web browser I can advise Tor Browser, but browsing will be slow, as this browser includes a very powerful VPN.
I just wanted to precise, being Google-free and being invisible is very different. If you're more into things like Tor Browser (meaning you want full privacy, not being seen from anyone), you may take a look at GrapheneOS. It a ROM you can flash like LineageOS, but it is very privacy-oriented. But it is available only for Pixel Devices, so you may wanna consider buying one (the Pixel 4a which just came out has really good camera, not very powerful for gaming but can surely browse the internet. It doesn't have a build of GrapheneOS yet, since it just came out, but it'll surely come).
Here is a vid explaining: https://m.youtube.com/watch?v=hrDUOtWXGv8
Here is their website: https://grapheneos.org/
If you need any extra info, just mention or quote me so I get notified
Have a good one
This great information and exactly what I want!
I know about Tor, and I want privacy, but, at least for this application, not looking to be invisible since I will be interacting via email and browser.
Thanks
Ray
Raiz said:
Hi,
First of all it's an honor to have a Linux veteran here (I mean 70's !)
You can turn your OnePlus 6T in a privacy oriented device installing LineageOS without installing GApps. LineageOS is a ROM based on AOSP and not Google, every app is aosp and if you don't flash GApps (a zip that install Google Services and Apps), your device will be Google-free.
You'll be able to take photos, listen to music, browse internet and even have a "market place" by installing F-Droid or another alternative app store. For that you'll need to install APK files (those are like .exe but for Android) that you can download online. But beware, sometimes the files may contain a virus, so download from trusted website only (E.g: Apkmirror, F-Droid, XDA-Labs,...).
For private web browser I can advise Tor Browser, but browsing will be slow, as this browser includes a very powerful VPN.
I just wanted to precise, being Google-free and being invisible is very different. If you're more into things like Tor Browser (meaning you want full privacy, not being seen from anyone), you may take a look at GrapheneOS. It a ROM you can flash like LineageOS, but it is very privacy-oriented. But it is available only for Pixel Devices, so you may wanna consider buying one (the Pixel 4a which just came out has really good camera, not very powerful for gaming but can surely browse the internet. It doesn't have a build of GrapheneOS yet, since it just came out, but it'll surely come).
If you need any extra info, just mention or quote me so I get notified
Have a good one
Click to expand...
Click to collapse
I havent installed a custom ROM since cyangenmod/LineageOS on my OnePlus One, which I loved. Now I have LineageOS 10.3.10 on a OnePlus 6.
I am sick of google and stock/OEM androids data gathering and increasing enroachment and would like to prevent it as much as possible without completely gimping my system.
Possibly use something like a protonmail email account instead if thats poasible or just no google account. I would still like to use the apps from the playstore, especially those i bought.
I want to debloat and disconnect as much as possible. No okay google. No telemetry. No uploading my data. Can i do this while still using the playstore or will that interfere and require my account? Is there a workaround, and no im not asking for illegal references. Using my bank app would also be handy but not necessary.
I would love the option to totally disconnect from bluetooth and wifi/other radio deilvices on my home network etc. I do not want to connect to other devices.
Im out the loop here, recommendations are massively appreciated.
FTR Im aware of GrapheneOS and the associated Jaguar on here but im wondering if its too much and how that might play out.
Any help or links to guides or articles is much appreciated.
Hopefully im not breaking any rules, although I checked and couldnt see that was the case.
Cheers people.
Candiety said:
I havent installed a custom ROM since cyangenmod/LineageOS on my OnePlus One, which I loved. Now I have LineageOS 10.3.10 on a OnePlus 6.
I am sick of google and stock/OEM androids data gathering and increasing enroachment and would like to prevent it as much as possible without completely gimping my system.
Possibly use something like a protonmail email account instead if thats poasible or just no google account. I would still like to use the apps from the playstore, especially those i bought.
I want to debloat and disconnect as much as possible. No okay google. No telemetry. No uploading my data. Can i do this while still using the playstore or will that interfere and require my account? Is there a workaround, and no im not asking for illegal references. Using my bank app would also be handy but not necessary.
I would love the option to totally disconnect from bluetooth and wifi/other radio deilvices on my home network etc. I do not want to connect to other devices.
Im out the loop here, recommendations are massively appreciated.
FTR Im aware of GrapheneOS and the associated Jaguar on here but im wondering if its too much and how that might play out.
Any help or links to guides or articles is much appreciated.
Hopefully im not breaking any rules, although I checked and couldnt see that was the case.
Cheers people.
Click to expand...
Click to collapse
Then microG is for you. You can try OmniROM microG build. MicroG is a substitute to google play services. You will use open source apps instead of google apps. But OmniROM's xda thread is outdated but the download link is still active and the microG version is still updated. You can also search for custom ROM which which is microG compatible primarily with signature spoofing feature and vanilla build (no GApps)
tiga016 said:
Then microG is for you. You can try OmniROM microG build. MicroG is a substitute to google play services. You will use open source apps instead of google apps. But OmniROM's xda thread is outdated but the download link is still active and the microG version is still updated. You can also search for custom ROM which which is microG compatible primarily with signature spoofing feature and vanilla build (no GApps)
Click to expand...
Click to collapse
Hey mate, I really appreciate this reply. Could you explIain signature spoofing a bit? Also, Does GApps present problems these days (or always)?
Thanks again.
Candiety said:
Hey mate, I really appreciate this reply. Could you explIain signature spoofing a bit? Also, Does GApps present problems these days (or always)?
Thanks again.
Click to expand...
Click to collapse
Signature spoofing allows fake signatures for packages meaning it will pretend to has google services but not real google. Better to flash custom ROM microG than custom ROM vanilla and manually setup microG to prevent error. GApps have privacy issues, battery drain, etc. But I don't mind that because I need to use GApps in my work. If time comes that microG has full alternative to GApps maybe I can adapt to that.
Hello.
I plan to turn my phone as "dumb" as possible, leaving only apps that are absolutely necessary and practical, essentially making my phone as minimalistic, simple and distraction free while at the same time maximizing the hurdle to install new apps due to the lack of willpower aswell as the general battery life.
I have the POCO F1 with LineageOS 19.1, root is currently enabled via Magisk.
I considered just buying a regular dumb phone, but unfortunately I do not feel they are worth it; plus I'd want to still use Spotify.
I'd greatly appreciate ideas/solutions for this particular project. Thank you in advance!
EnigmaticLife said:
Hello.
I plan to turn my phone as "dumb" as possible, leaving only apps that are absolutely necessary and practical, essentially making my phone as minimalistic, simple and distraction free while at the same time maximizing the hurdle to install new apps due to the lack of willpower aswell as the general battery life.
I have the POCO F1 with LineageOS 19.1, root is currently enabled via Magisk.
I considered just buying a regular dumb phone, but unfortunately I do not feel they are worth it; plus I'd want to still use Spotify.
I'd greatly appreciate ideas/solutions for this particular project. Thank you in advance!
Click to expand...
Click to collapse
What you'd like to do isn't really "dumbing down" XD - it is simply making a "barebones Android" phone with only the apps/functions you need without usual bloat that comes preinstalled on the new devices. This is in fact something a lot of people on XDA are passionate about, as it helps optimize for space, speed, battery life and privacy.
For the Android phone to be considered usable in modern day and age, it needs a handful of apps:
Dialer
SMS messenger
Contacts
File manager
Gallery
Clock
Calendar
Calculator
Web browser
Camera
Installing vanilla LineageOS rom (or any other rom with no GoogleApps) will give you this default Android experience. For 99% of tasks that do not involve Google this is enough.
However, most people want something more than just a dialer, and so phone manufacturers pre-install some other stuff for them: Google (play store, chrome, maps, drive, mail), Payment (Samsung Pay), Gallery/Music apps, social media apps, fancy wallpapers etc. This is what makes the phone "smart" for you, I guess?
In case you want to cut it down further, you can use adb to remove certain apps from this list. This includes certain system apps too, like unnecessary fonts or accessibility services (web search is your friend here). Theoretically the phone can serve as a GSM calling brick only with the following:
Dialer
SMS messenger
Contacts
But then you'd be doing the hardware a misservice - why lug around Octa-core 8GB RAM 4000mAh HD TFT6.1" 999GB device if you could achieve the same with a Nokia 1100 or 3310? These are still being sold
UPDATE: Just saw your additions about Spotify. If you only want to use the phone for Calling/Web browsing/YouTube/Spotify, go with the "Install No GApps LineageOS -> Sideload apps you need and nothing else".
Word of WARNING though: a lot of popular messaging/steraming/quality of life (maps) apps APSOLUTELY DEPEND on google ecosystem (i.e. GApps like google play, google play services and google services framework).
WITHOUT GOOGLE THESE APPS WILL LIKELY CRASH or won't work as intended. I.e. Whatsapp will not give you "New message" notifications and will not ring UNLESS you have it open in your face right when the call comes in. Delivery/Ride sharing apps that need google maps will not show you the map. Facebook messenger will has the same problem as Whatsapp. List of risks is far too long, and you will need to have an idea of whether the app requires google and whatsnot.
Therefore Make absolutely sure that barebones phone is what you want. If it is, a lot of apps that reliably work with the barebones setups can be found on Fdroid.
Despite having "dumb" in the name, this procedure requires one to be amazingly smart about it
To conclude, you have the following ways of achieving this:
1. Install no-Gapps (i.e. "vanilla") lineageOs, delete what you wont need, sideload .apk of apps you are after
2. Install stock android rom, then Degoogle and Debloat it. Guides for your particular model can be found here on XDA
3. Install SlimROM, a custom Android distro whose developers had the same idea as you did, i.e. optimized for simplicity.
Totesnochill said:
What you'd like to do isn't really "dumbing down" XD - it is simply making a "barebones Android" phone with only the apps/functions you need without usual bloat that comes preinstalled on the new devices. This is in fact something a lot of people on XDA are passionate about, as it helps optimize for space, speed, battery life and privacy.
For the Android phone to be considered usable in modern day and age, it needs a handful of apps:
Dialer
SMS messenger
Contacts
File manager
Gallery
Clock
Calendar
Calculator
Web browser
Camera
Installing vanilla LineageOS rom (or any other rom with no GoogleApps) will give you this default Android experience. For 99% of tasks that do not involve Google this is enough.
However, most people want something more than just a dialer, and so phone manufacturers pre-install some other stuff for them: Google (play store, chrome, maps, drive, mail), Payment (Samsung Pay), Gallery/Music apps, social media apps, fancy wallpapers etc. This is what makes the phone "smart" for you, I guess?
In case you want to cut it down further, you can use adb to remove certain apps from this list. This includes certain system apps too, like unnecessary fonts or accessibility services (web search is your friend here). Theoretically the phone can serve as a GSM calling brick only with the following:
Dialer
SMS messenger
Contacts
But then you'd be doing the hardware a misservice - why lug around Octa-core 8GB RAM 4000mAh HD TFT6.1" 999GB device if you could achieve the same with a Nokia 1100 or 3310? These are still being sold
UPDATE: Just saw your additions about Spotify. If you only want to use the phone for Calling/Web browsing/YouTube/Spotify, go with the "Install No GApps LineageOS -> Sideload apps you need and nothing else".
Word of WARNING though: a lot of popular messaging/steraming/quality of life (maps) apps APSOLUTELY DEPEND on google ecosystem (i.e. GApps like google play, google play services and google services framework).
WITHOUT GOOGLE THESE APPS WILL LIKELY CRASH or won't work as intended. I.e. Whatsapp will not give you "New message" notifications and will not ring UNLESS you have it open in your face right when the call comes in. Delivery/Ride sharing apps that need google maps will not show you the map. Facebook messenger will has the same problem as Whatsapp. List of risks is far too long, and you will need to have an idea of whether the app requires google and whatsnot.
Therefore Make absolutely sure that barebones phone is what you want. If it is, a lot of apps that reliably work with the barebones setups can be found on Fdroid.
Despite having "dumb" in the name, this procedure requires one to be amazingly smart about it
To conclude, you have the following ways of achieving this:
1. Install no-Gapps (i.e. "vanilla") lineageOs, delete what you wont need, sideload .apk of apps you are after
2. Install stock android rom, then Degoogle and Debloat it. Guides for your particular model can be found here on XDA
3. Install SlimROM, a custom Android distro whose developers had the same idea as you did, i.e. optimized for simplicity.
Click to expand...
Click to collapse
This is really interesting. I am thinking of trying to do this with a Google pixel 4a. Would I be able to do the lineage OS with that? I haven't found other threads that speak on this topic, am I right? Thinking that I would like to customize exactly what apps I have on the phone etc.
LineageOS for Google Pixel 4a exists:
LineageOS Downloads
download.lineageos.org