Related
...why do I post this? Actually, I hoped to achieve less battery drainage without Google's well known tendency to permanently collect and transmit data. However, my initial observations don't prove extended battery life but I'm going to continue tracking the battery drainage and will eventually edit the respective post in this thread. At least, I'm already definitely able to state that I've less wakelocks, alarms, and running services than before. Furthermore, some of these crazy, weird indicated *alarms* and *launch* are gone.
Additionally, I'm monitoring the below mentioned microG-treads and recognise that quite a lot of people obviously have problems to get microG to run (honestly, as me too about six months ago, when I first attempted). Thus, I take the oportunity to provide my procedure how I've got microG to perform its desired duties.
If you're really interested into microG I suggest to read @Shadow53's post here.
By going "GApps free" I was able to achieve one of my decisive points to protect my own centre of gravity. However, monitoring the related microG threads I realised quite a few people have other motives for GApps free devices and seem not to have impediments for sharing and exchanging information with Google, obviously neither my personal way nor my consensus. For completeness, I like to share some of the other opinions to enable everyone to make up an own mind. Please find some posts here, here, or here. Additionally, @ale5000 provided a comparision between GApps and microG here.
It doesn't require bravery but only the strong will to get rid of all the useless Google services and activities despite the fact that I already succeeded in not selling my private data to Google at all by the use of some tools, policies, and procedures. Just to make it more clearly, I don't and don't want to use any of the applications provided by Google (except the Google Play Store (PS) for a very specific reason described below). I'm convinced there're alternatives to each of the Google applications around, which are respecting my privacy concerns and aren't necessarily so enormously blown up. Some aren't for free but I'm happy to support a developer and the development in regard to an excellent application; some of the applications you need to pay for on Google PS you get for free in same quality and "update level" e.g. at F-Droid.
Please allow me to mention a few of the applications I use but forgive me for not providing links to them; a simple web search will show you the way.
Email: "K-9 Mail R2Mail2" in conjunction with "OpenKeychain"; Browser: "Slimperiance", "Orfox" together with "Orbot"; Maps & Navigation: "OsmAnd~"; SMS/MMS: "chompSMS" and "Silence" (but no WiFi or mobile data access); Weather: "Avia Weather", "Das Wetter in Deutschland", "WarnWetter", "WetterOnline"; Messenger: "Conversations" in conjunction with a XMPP-Jabber-account; Camera: the ROM inherent one; Contacts: ROM inherent but synchronised via home-WiFi with PC via "MyPhoneExplorer"; Calendar: as for contacts before; Music: "VLC" (but no WiFi or mobile data access); Launcher: "Nova"; PDF-reader: "Xodo Docs PDF Viewer" (Remark: I personally don't require the capability to open any Microsoft Office or Open Office file types on my phone).
If you think I forgot something just ask!
You might now ask yourself why I didn't just live without Google but moved to the microG project instead? I require following capabilities:
Fixing of the current location of my device both using GPS and/or WiFi or Mobile Data.
GCM Push Notifications.
Access to the Google PS, especially to have access to my paid applications, donations, and to beta programs of some applications I like.
Some of my preferred applications must have an indication that (a kind of) Google Play Services is available on the device in order to correctly function or even to be positively installed.
EDIT (2017-05-02): In regard to the use of the Magisk module "NanoMod" please refer to post #14!
First, I'm extremely happy with my "GAppsless" system - running smoothly without any problems and all functionalities I desired! I don't have benchmarks but personally I've the impression my current ROM is performing faster, smoother, simply better than with Gapps.
To achieve a location fix runs perfectly in all three modes (including energy saving mode just by WiFi or mobile network) and definitely much faster than with GApps; GCM push notifications work; BlankStore ran as advertised, all installed apps were indicated and available updates, download of apps or updates without problems, and as advertised paid apps or beta versions were not available. Latter was the one and only reason why I installed the Google PS as the only Google application. For the procedure please see below.
Installation was quite easily accomplished by simply following the OP of [APP] microG GmsCore - lightweight free software clone of Google Play Services by @MaR-V-iN.
First, I ensured I'd both the Titanium Backup (TB) APK file and the TB Pro-Key APK file on my external storage the booted into recovery (in my case TWRP). I create a NANDROID backup by TWRP and then clean flashed my favourite ROM (in my case: Resurrection Remix® by @rodman01) i.e. wiped /dalvik, /cache, /system and /data (including internal storage - my Titanium backup is on external storage), factory reset. Flashed my favourite kernel, followed by flashing of Chainfire's SuperSU v2.76 (this is by my information the latest SuperSU by Chainfire himself. I refuse to go for the CCMT SuperSU v2.78, and I've issues with my kernel control application if I e.g. use phh's systemless SuperUser).
There no need any more to flash the Xposed framework through TWRP since @rovo89's version 3.1.1 of the XposedInstaller (this is true for my GT-I9305 and might be different to other devices/ROMs). In my case, the Xposed framework is absolutely necessary as my ROM does not support signature faking and I had to use the respective FakeGapps APK. Due to @Primokorn I became aware there are other tools like Needle or Tingle (just search for them) to get signature spoofing for Nougat (until we have Xposed).
Reboot into system.
Remark: Quoted from MaR-V-iN's above linked thread: "...You need a 4/5/6 ROM that is GAPPS-free. Either don't install them or remove them, if your ROM ships them. Please note that microG GmsCore might run on a cleaned stock ROM, but it might also brick it or cause random bugs. Be aware that only latest Android versions (4.4+) are regularly tested and thus prioritized over older versions when issues occur..."
Completed my desired initial ROM setup and installed the TB APK and the Pro-Key APK. Made the necessary TB setup especially the location of my backups. Restored XposedInstaller and all initially required applications via TB but definitely include F-Droid and the application with a root explorer of your desire, I'm personally using SD Maid - System cleaning tool by @Dark3n (all others were restored after installation of microG). Please do not restore or install any application, which require GCM push notifications, before having installed microG! Performed the setup for all restored applications. Installed the Xposed framework via XposedInstaller. Reboot. Installed the FakeGapps APK and activated it in Xposed. Reboot.
I followed this procedure (http://forum.xda-developers.com/showpost.php?p=42983611&postcount=306), downloaded the "android-checkin-1.0.jar" and "bla.bat" and generated an Android ID for my Google PS account. Please be advised about this information I received from @pupsidze: "Accounts created online does NOT work with this. I have registered an account via friend's phone and it worked like a charm..." This obviously means you must use an account that was formerly created through the Google PS on an Android device.
I downloaded following APKs on PC and moved them to my external storage:
microG Services Core
microG Services Framework Proxy
UnifiedNlp APK (This tool works for me; however, if you have problems there're two others available at this [URL="http://forum.xda-developers.com/android/apps-games/app-g-unifiednlp-floss-wi-fi-cell-tower-t2991544"]UnifiedNlp - FLOSS Wi-Fi- and cell-tower-based geolocation thread by @MaR-V-iN as well as a link to a respective Xposed module). @Primokorn made me aware that you don't need to install UnifiedNlp.apk since it's already included into microG.
BlankStore Attention, you must manually grant "storage permissions" (thanks to @Primokorn
Install all of the above, then move into F-Droid to download the backends for UnifiedNlp as indicated in the above mentioned UnifiedNlp thread and install them. I'm personally using the two following backends: "LocalGsmNlpBackend" and "NominatimNlpBackend".
Follow step no. 4 of the installation instructions in the OP of [APP] microG GmsCore - lightweight free software clone of Google Play Services by @MaR-V-iN. For the setup of the "LocalGsmNlpBackend", I'm using the database of "Mozilla Location Service" because the download of the OpenCellID database quite often broke down. Please be aware that the download takes quite a few time due to the size of the database (only do via WiFi!!!), and choose before the areas you interested in in order not to "overload" your storage! At this point, I rebooted then went in "BlankStore" or as it appeared as "Android Market" on my app list.
When you open "Android Market" the first time, it requires you to enter the credentials of your Google account. Enter your Google email address, Google password and the Android ID you generated earlier. If everything worked as advertised all your already installed applications should appear in the "Android Market" after you hit "installed apps".
I suggest to now run the self check in the microG settings. Before you do, ensure that location is enabled in the ROM settings otherwise you want get a tick mark in the last row of the check. If any other tick mark is missing just recheck your settings and especially if all permissions are granted.
When I was at the point to restore my remaining applications via TB, I wasn't initially able to restore 6 out of my about 100-ish applications; a new installation of these applications failed, too. Just by accident, I checked the homepage of one of these apps (Öffi) and realised that one of its requirements was to have a pre-installed Maps Library v1; however, they also offered an AOSP version, which was running without GApps but microG. This was for me the first indication not to have Maps Library v1 but only v2 installed.
I discovered (again) @MaR-V-iN's NOGAPPS Project (NetworkLocation, MapsAPI, Blank Store) thread, downloaded and flashed the Maps API Flashable Zip. All resistant applications were installable afterwards and are running properly.
Conclusion: If some apps can't be installed it's most likely due to missing Maps Library v1.
Last but not least, I manually installed Google PS by downloading its latest version from apkmirror.com and renamed it to Phonesky.apk. (EDIT (2017-03-25): Please be aware that @ale5000 recomments here to use version 5.1.11. Personally, I use the method described here for purchases in Google PS.) Then I created a folder called Phonesky via my root explorer in /system/priv-app/ and set its permissions to "755 (rwxr-xr-x)". I move the renamed Phonesky.apk into this folder and change its permissions to "644 (rw-r--r--)". Rebooted and was done.
After the reboot, I noticed the following:
The formerly "Android Market" (BlankStore) was no longer available in the app list but a "Play Store".
A Google account was available under ROM settings => Accounts; however, synchronisation was automatically disabled.
Via Google PS, my Google account was accessible including all purchases I did.
At "My Apps & Games" no apps were indicated under "installed apps", under "all apps" all my installed apps were shown and the ones not installed but downloaded in the past. No "beta" tab was shown.
In my "donation apps" (e.g. Amplify) the donation was again indicated.
I went to my Google account on Google Play Store (on my PC) and walked my way through all of my applications by clicking on "install" despite the indication that it was already installed. Obviously the applications apk's were again "beamed" to my device (and installed (???) again occasionally with a timely delay of about an hour). However, eventually the Play Store on the phone indicated all applications now also under "installed apps", if applicable updates were provided, the tab "beta" was created and I was back into all beta programs I had formerly joined. Play Store runs exactly the same as before when I had Gapps installed.
Meanwhile I experienced that Play Store automatically synchronises all my apps by itself i.e. I learnt to be patient.
Please advise if you believe I missed something or in case of any question! Be aware, I took my time to conduct all of the above; didn't do it in a single step i.e. I was running more or less two operating systems on my device simultaneously and switch back and forth. Now, I'm only (and will only be) staying on my "GAppsless" ROM!
P.S. Before you install one of the "directly linked" apk-files recheck if it's the current version!
CREDITS: To everybody who I mentioned in this OP or the subsequent posts. If I forgot someone I apologise. Please let me know in this case or if you want to be more prominently given credit; I'm happy to immediately follow such a request!
EDIT (2017-04-14): Please find a more brief procedure below at post #8.
Off topic comments are allowed as long they are generally related to the overall topic, are in the general interest of the followers of this thread and add value to the thread. The ultimate decision rests with me as the OP!
Hi @noc.jfcbs, did you get your Google Play Store app auto-updated?
@bam80: Negative, gratefully no Google Play Store auto-update!
I personally assume that functionality comes with Google Play Services that aren't installed obviously. I don't know (and I'm not going to try) if the Play Store auto-updates if I grant permission for auto-updates in the Play Store settings.
Occasionally, I manually check for new Play Store versions, and XDA labs also indicates when updates are available. However, I already realised that not all new versions are compatible with my device running on RR v5.7.4 Sammy. And as long as my current Play Store version works why should I replace it?
Never had problems with newest Play Store versions. I just thought that if Play Services were responsible for the update, now microg should take its place. Sadly, this functionality seems do not implemented. Had never needed to update Play Store by hand. Thanks for answer, though
Play Store has its own update services, hence the reason it still updates itself w/out Play Services. Sadly it doesn't have a setting to not do so. The do not auto update setting applies to apps installed from the store.
On one of my microG ROMs the Play Store kept updating itself which was getting quite annoying. Especially since I was using a TBO Clear version. Blocked the two services responsible and all is good. That's a KitKat ROM with a 7.6.x Play Store. Operating fine despite a new "need to update Google Services" notification.
On a regular GApped ROM that is using an older themed Play Store that I like it also kept getting updated. Blocked the services there and no updates since.
In some cases and for some folks, blocking the services after the fact might mess up the store a bit (nothing shows up in My Apps). Clearing cache and data usually fixes that.
On crDroid Nougat where I had to start over from scratch, due to ROM rebase, I blocked the services early on before activating Google account and running the store. All good there also.
The two services are shown in the screenshot from MyAndroidTools.
LG G3 D851, PAC-MAN LP ROM, MultiROM, Tapatalk 4.9.5
@marcdw: Thanks very much for the thorough explanation. In deed really helpful. However, my Play Store didn't auto-update despite both services been enabled. Anyhow, I disabled them too.
It's funny how that works sometimes. My main ROM, PAC-MAN LP that I've been running forever, also didn't update. No blocked services or anything. Just never did. That was cool. Other ROMs would update at the drop of a hat though.
LG G3 D851, OctOS Nougat ROM, MultiROM, Tapatalk 4.9.5
Just recently, about three weeks ago, we decided to also go for GApps-free on my wife's device (a Samsung GT-i9305, too).
I'd like to more briefly explain the procedure I used.
I clean flashed the ROM of my wife's desire (certainly a GApps-free one) and the desired kernel. Installed XposedInstaller 3.1.1 and through it the Xposed framework, followed by the FakeGapps Xposed module. Activation and reboot.
Please be aware that we're using the same Google account on both devices. At no point during the procedure, I had to generate an Android ID by "android-checkin-1.0.jar" and "bla.bat".
Downloaded following APK's in its latest versions from here and installed them in this order:
microG Services Core
microG Services Framework Proxy
BlankStore
Downloaded and installed F-Droid. In turn, I downloaded and installed following backends from F-Droid:
LocalGsmNlpBackend
NominatimNlpBackend
Configured the backends to my desire. For the setup of the "LocalGsmNlpBackend", I used the database of "Mozilla Location Service", selected the countries of my desire and downloaded the database (takes quite a while; suggest to only proceed via WiFi).
From apkmirror.com, downloaded (but did not install) "Google Play Store 7.5.08.M-all [0] [PR] 146162341" (personally best experiences with this version; some later version even don't install on our devices). Renamed the play store download to Phonesky.apk. Via my root explorer, I created a folder called Phonesky in /system/priv-app/ and set its permissions to "755 (rwxr-xr-x)". I move the renamed Phonesky.apk into this folder and change its permissions to "644 (rw-r--r--)". Rebooted.
Downloaded Maps API Flashable Zip from NOGAPPS Project (NetworkLocation, MapsAPI, Blank Store) and booted into TWRP. Flashed the zip, back into system.
Created a (our) Google account in the ROM settings.
Ensure that all applications mentioned above had their necessary permissions (e.g. location, storage etc.). Opened Google Play Store the first time to check its functionality and to modify its settings. Run the "self check" in the microG settings to confirm all items are tick-marked.
While writing this post, I realised that the Play Store was auto-updated to "Google Play Store 7.6.08.N-all [0] [PR] 149245622"! This is weird as I have the respective services disable via MyAndroidTools (see attached screenshot). I need to dig closer into this.
I tried to do the same with my S4 I9505. I started with flashing Optimized LineageOS 7.1.2 from here. I followed your instructions carefully. After flashing MapsAPI I tried to add the Google account in Settings - Account - Add Account - Google. The only thing that happens is a message 'One short moment...' and it waits forever until I hit the back button. Do you have an idea what's going wrong?
MichaelZR said:
I tried to do the same with my S4 I9505. I started with flashing Optimized LineageOS 7.1.2 from here. I followed your instructions carefully. After flashing MapsAPI I tried to add the Google account in Settings - Account - Add Account - Google. The only thing that happens is a message 'One short moment...' and it waits forever until I hit the back button. Do you have an idea what's going wrong?
Click to expand...
Click to collapse
I had that issue too and still haven't got things working but I was able to create the account during play store installation. It might work, if all else is good.
elv1503 said:
I had that issue too and still haven't got things working but I was able to create the account during play store installation. It might work, if all else is good.
Click to expand...
Click to collapse
MichaelZR said:
I tried to do the same with my S4 I9505. I started with flashing Optimized LineageOS 7.1.2 from here. I followed your instructions carefully. After flashing MapsAPI I tried to add the Google account in Settings - Account - Add Account - Google. The only thing that happens is a message 'One short moment...' and it waits forever until I hit the back button. Do you have an idea what's going wrong?
Click to expand...
Click to collapse
I never tried to go for GApps-free on a "Nougat"-device. My favourite ROM (Ressurection Remix for the i9305) does not support signature spoofing i.e. I still require the Xposed framework (for the FakeGapps module but also for other very important things to me). I personally continue to stick with Marshmellow or to be more precisely with RR v5.7.4 (besides some trials I made with RR v5.8.x without any personal or confidential data on the device).
Does the ROM you mentioned (Optimized LineageOS 7.1.2) supports signature spoofing? Due to the issue you described I personally doubt - and in turn my personal procedure won't worked. If my assumption is correct you might use tools like Needle or Tingle (just search for them) to get signature spoofing for Nougat.
Does the microG self-test provide any information if signature spoofing is available (please see screenshots)?
noc.jfcbs said:
I never tried to go for GApps-free on a "Nougat"-device. My favourite ROM (Ressurection Remix for the i9305) does not support signature spoofing i.e. I still require the Xposed framework (for the FakeGapps module but also for other very important things to me). I personally continue to stick with Marshmellow or to be more precisely with RR v5.7.4 (besides some trials I made with RR v5.8.x without any personal or confidential data on the device).
Does the ROM you mentioned (Optimized LineageOS 7.1.2) supports signature spoofing? Due to the issue you described I personally doubt - and in turn my personal procedure won't worked. If my assumption is correct you might use other tools like Needle or Tingle (just search for them) to get signature spoofing for Nougat.
Does the microG self-test provide any information if signature spoofing is available (please see screenshots)?
Click to expand...
Click to collapse
Yes there is a self test. It does show everything is OK for google play but I haven't been able to get play running. I'm going to try the market route but I need android I'd. I tried a couple of google apo versions.
elv1503 said:
Yes there is a self test. It does show everything is OK for google play but I haven't been able to get play running. I'm going to try the market route but I need android I'd. I tried a couple of google apo versions.
Click to expand...
Click to collapse
Please check the last three pages of post in this microG thread. Might be helpful for problems of "Nougat" guys. As I said I'm still on MM (for very good reasons, but I know everybody converted to Nougat and will to "O" soon for even better reasons).
Resurrection Remix "Nougat" v5.8.3 is now GApps-free
Thanks to the really powerful and easy to use NanoMod Magisk module by @Setialpha powered by Magisk by @topjohnwu I was able to create a GApps-free system on my Samsung GT-i9305 running Resurrection Remix RR-N-v5.8.3 by @rodman01 (RR-i9305 official thread). Excluding download times, the following complete procedure took me less than one hour this morning, and - if interested - I'd like to share the way I used with you.
However, before I continue I need to address my very best compliments to rodman01 for such a superb ROM, to topjohnwu for the systemless root as it was the basis for going GApps free, and to Setialpha for this fantastic module, which made it so easy and fast to achieve a GApps-free device. Three times :good::good::good: and thanks very much to all of you for excellent jobs well done!
As you certainly know RR doesn't come with signature spoofing by itself, which is a prerequisite to go GApps-free with the help of microG by @MaR-V-iN. Thanks very much to MaR-V-iN for allowing me/us to abandon Google from my/our devices. Without Google, not only privacy is much better protected, the device itself runs much smoother and faster. As long as Xposed was available i.e. up to Marshmellow, signature spoofing could be achieve for RR via a Xposed module but for Nougat, no Xposed available (yet???). For this reason I stayed on RR-M till I found Setialpha's thread as he provides an easy-to-use tool to achieve signature spoofing on RR-N as long as use use the Magisk su-binary. However, as mentioned in the OP there've been other tools available to get the spoofing but not as easy to use.
Before you continue to follow me through my procedure, I'd like you to thoroughly read the OPs of all linked threads with their invaluable information.
Download the following files via the links given in above mentioned threads and save them to your device (I used my external SD):
Latest Resurrection Remix RR-N-v5.8.x
Latest Magisk and the MagiskManager.apk (link to XDA-thread see above).
EDIT (2017-04-30): Latest NanoMod-microG NanoMod-6.1.20170421.zip and NanoMod-patcher NanoMod-patcher-6.1.20170421.zip from here. Please be aware that there are two additional, more specific NanoMod-zips available. Use them on your own descretion; I personally like all the functionalities that come with the "overall/general" NanoMod module. EDIT (2017-04-30): My device had really severe battery drainage with the "overall" module. Battery drainage with the microG-module is not a factor at all. And I personally realised that I don't have any need for the additional things comming with the overall module. Reported my battery drainage issue together with a logcat to the dev.
If desired - mapsapi.flashable.zip from here (you only need that if you're using applications that require Maps Library v1. You won't be able to install any of those apps (or restore a TB backup) before Maps Library v1 has been flashed). EDIT (2017-04-30): No requirement to do so. Maps v1 is coming with the NanoMod module. Just ensure that /data/.nanomod-setup shows nanomod.mapsv1=1 as described in the OP of the Nanomod-thread.
If you like (as I did) create an update.zip by Titanium Backup. I saved that on my external SD, too.
Boot into recovery (I'm using TWRP 3.0.2-1) and follow this procedure:
Before you continue to do anything, create a NANDROID backup of your running system!
Wipe dalvik, cache, system, data (I did not wipe internal data or external SD).
Flash RR-N-v5.8.x.
Flash Magiskzip.
Reboot into system (Remark: The initial reboot might take a while i.e. grab a coffee; all follow-on reboots are slightly longer during the initial boot phase probably due to the revised boot.img but after that phase boot is really fast).
Install the MagiskManager.apk and start it. At that point, MagiskManager stated that Magisk v12 is installed but no root available. Here, I simply re-started the phone and afterwards, MagiskManager also indicated root to be available.
Re-start into recovery.
Flash NanoMod (or the module you desire) and NanoMod-patcher. Do not flash mapsapi.flashable.zip, yet - at least didn't later on work for me.
Flashed my TB-update.zip
Reboot into system and commence to setup your device with the initial ROM configuration that enables you to proceed (e.g. WiFi/mobile data setup, location enabled (I used "high"/GPS & data), required permissions granted to the microG applications and the connected backends etc.)
At this point I went into the microG settings and conducted the first self test to see how many marks were checked and what I still missed. If a check mark regarding a lacking permission is missing, just tick on it, and a dialog is going to open to grant this permission (later with the backends, it might also be a statusbar notification). For me I wanted achieve first the "location ability" i.e. I didn't care yet about the Google Play Store.
I maintained in the microG settings and setup my backends. My settings for the backends can be retrieved from the screenshots. Please be aware that the download of a GSM Location Services´database can take a while (my phone still had one from end of March available).
Re-check if in the self-test all marks are ticked, now.
By use of the app "GPS Test", conducted such a test. This was an unbelievable experience as such many satellites were recognised immediately after the start of the app and granting of location permissions, and just after 3 - 5 seconds I had the first fix.
Re-started into TWRP.
Flashed mapsapi.flashable.zip
Rebooted into system.
In the ROM settings, created my Google account without any problems. Immediate connection to the respective Google servers; user account and password were accepted without any problems.
Opened Google Play Store from the app drawer. Play Store immediate connected to my account. Made the necessary modification to the play store settings, and as you can see on the screen shot, all my apps are shown including beta's and the purchased ones.
Continued to further setup my system, but microG was done at that point, and my system was GApps-free except for the play store.
Thanks again to rodman01, topjohnwu, Setialpha, and MaR-V-i!:good:
EDIT (2017-06-10): Recommendation
In order to achieve after the clean flash of a ROM exactly the desired installation of microG (or anything else that is provided by one on the NanoMod modules, I suggest to create a so called ".nanomod-setup"-file with the values in accordance the OP of the NanoMod thread (see Alter Installation part) and your preferences. Although the OP mentions different possibilities, my personal pratice is to create this file once and have it on the extSD. I do the clean flash of the ROM and if required Magisk, and boot into system. I copy .nanomod-setup to /data, boot back into TWRP and flash my NanoMod-modules.
Mine e.g. looks like this:
Code:
nanomod.play=1
nanomod.reinstall=1
nanomod.mapsv1=1
nanomod.overlay=0
EDIT (2017-06-22): A few more details regarding the .nanomod-setup file are available in this post.
EDIT (2017-09-17): In case of "NLP issue", missing the bottom two tickmarks in the microG settings self-test or the unability to get a location from GSM cells/WiFi please check also post #48.
EDIT (2017-10-31): With the current version (v14.x) of Nanomod, installation is now even more easy. A setup-wizard to create the desired .nanomod-setup file is now available; it simply has to be flashed before any other Nanomod-zip is flashed. The new patcher can now be flashed immediately after flashing of the full module, the microG-module and/or the F-Droid-module; the patcher doesn't require a reboot into system anymore after the flash of the other modules. If Nanomod recognises Magisk Nanomod automatically gets installed as Magisk module unless you "tell" the setup-wizard differently.
@noc.jfcbs
Great write-up. One question though: seems you have abandoned XPrivacy as of now. Any privacy protecting measures taken from your side to replace XPrivacy? I am also tempted to switch to Nougat, but lack of XPrivacy is holding me back.
Portgas D. Ace said:
@noc.jfcbs
Great write-up. One question though: seems you have abandoned XPrivacy as of now. Any privacy protecting measures taken from your side to replace XPrivacy? I am also tempted to switch to Nougat, but lack of XPrivacy is holding me back.
Click to expand...
Click to collapse
For quite a while I had the same restraints but I knew at some point I'd balance the advantages of XPrivacy (which isn't obviously any further developed) for privacy considerations with the non-availability of security patches for earlier custom ROMs. Anyhow, I want to use custom ROMs, and I fully do understand that the great teams and single-players who port open sources codes for our devices don't have the capability to focus on later versions; might be different for companies like Microsoft or Google with their genuine products.
So, I tried to analyse the situation and to assess the most likely but also the worst case situation. My personal assessment was that the advantages of having latest security patches available takes precedence over faking privacy related information. Nonetheless, I'm convinced to protect a suitable level of privacy by other means:
Stay GApps-free and don't allow calls to Mountain View by elemination of the phone boothes.
I don't use any of the email-, messenger-, chat-, or browser-application (etc.) coming from Google, Facebook and similar companies but R2Mail2 (K9-Mail is nearly as good but simply doesn't provide for S/MIME only for PGP), Conversations, Silence, Slimperience etc.
Installation only of applications that are open-source or at least have a good reputation using intensive web-search. This includes that the country of origin must be clearly identified and verifiable.
Due to the lack of XPrivacy and AppOpsXposed intensive use of the ROM capabilities to grant permissions and privacy settings.
WiFi and mobile data, both set to use unsuspicious DNS-servers.
Clear and restrictive permissions to access the world wide web by the different means via AFWall+.
Last but not least to check the network activities behind the firewall via NetworkLog.
No upload or synchronisation of personal data or any file to or with "the cloud". Synchronisation and backups locally done with my PC.
Only maintain personal data but no confidential ones on the cellular device. Passwords or user names are not saved on the device at all.
Localisation is only enabled when definitely required.
Use of an extremely privacy related email-provider. I use Posteo.de who are in my personal mind simply the very best for just 1€ per month. Their help section additionally provides great advice on tools for contacts, calendar synchronisation etc.
Actually, I'd love if Xposed occasionally becomes available for Nougat and further on to enable me the further utilisation of XPrivacy and others. But meanwhile, I think all mentioned above is the best I can do as I do want to use a Nougat-based ROM.
I was happy about your question, and I'd be even more glad about any further suggestion or recommendation.
@noc.jfcbs
Clearly some good thoughts you have stated here, which I really appreciate. Xposed in general should only be used with a lot of caution as it enables device manipulation on a far more advanced level than normal root methods. Your idea of investing time to get to know the module before installing it is absolutely reasonable and should be followed by anyone interested in the combination of privacy and Xposed.
The only thing bugging me is synchronization of calendar/contacts, which should be synchronized between all of my devices. As of now, I use Google services, but I am more than willing to put an end to this. I am currently thinking about using my private NAS to set up an OwnCloud server for this specific purpose or even invest some money in a Raspberry Pi who can host it (which would most likely be the better choice as my NAS should only be available in my local network without global network access).
If you are interested, I will write down some results in case this works out. But I am not sure if I will find the time in the next few months, as I am currently planning to start building a house for me and my family, thus not having enough time for this.
Portgas D. Ace said:
...
The only thing bugging me is synchronization of calendar/contacts, which should be synchronized between all of my devices. As of now, I use Google services, but I am more than willing to put an end to this. I am currently thinking about using my private NAS to set up an OwnCloud server for this specific purpose or even invest some money in a Raspberry Pi who can host it (which would most likely be the better choice as my NAS should only be available in my local network without global network access).
If you are interested, I will write down some results in case this works out. But I am not sure if I will find the time in the next few months, as I am currently planning to start building a house for me and my family, thus not having enough time for this.
Click to expand...
Click to collapse
Your plans sound great: Plant a tree, father a child, build a house...:good: I wish you and your family all the best.
If interested please allow me to explain how I synchronise my calendar and contacts:
My cell phone with my two notebooks via the MyPhoneExplorer (MPE) application on the Android device and an MPE client on the Windows notebooks. Using this tool now with full satisfaction for years. At home, I synchronise via WiFi when all devices are booked in; on tour, I only synch those devices I've with me and only via USB cable.
My (main) notebook (only that as I only have a license for one PC; however, that's sufficient for my purposes) synchronises with my posteo.de-email-acount via the tool iCal4OL. It's a pity, the developer cancelled the purchase of licenses to new customers but still supports old ones and updates the product. The tool works great. If you check how posteo.de has implemented privacy and security, I believe it's the actually best company in Germany or probably in the world. You do not need to provide any personal details for registration, even the yearly fee of 12 € can be paid in cash by mail if you want. The account has implemented multiple, first class and up-to-date security features. And their help and FAQ sections are fantastic providing great recommendations about usable tools, encryption for the account but also emails and so on.
My wife's Android device synchronises calendar and contact by the help of CalDAV and CardDAV. Also fantastic and every cent worth. Additionally, she also uses MPE with her notebook.
Raspberry Pi is certainly an excellent choice. Read some quite interesting articles in the Kuketz IT-Security Blog.
noc.jfcbs said:
Buddy, you made me shy... But thanks for the laurel wreath...
I know neither Nexus nor your ROM but I certainly know the ROM must be totally GApps free before even installing microG. If you don't find a GApps-free ROM of your desire there are ways to completely remove GApps from your device; personally I deem them to be a bit complicated, but... Details are in the OP of the microG thread you certainly know. Additionally, signature spoofing is a prerequisite. Unless your ROM already supports that you've to go either with Xposed and its respective "fake GApps" module or to use Magisk as the SU binary and NanoMod as a Magisk module. As Xposed is not available for Nougat, Magisk and NanoMod are my personal choice despite a few other tools available to achieve signature spoofing on Nougat.
In this thread, I tried to explain why and how I went for GApps free. Initially, this occured on Resurrection Remix (RR) v5.7.4 i.e. Marshmellow. Meanwhile, I migrated to RR v.5.8.3 i.e. Nougat, and in this post I described how I used Magisk and NanoMod to go GApps free even without Xposed.
Just to reiterate: My personal major intention for going GApps-free has been to leave everything of Google behind (except the Play Store) for privacy reasons and respect. Certainly, I'd accept any other benefit coming with that. However, after a quite long "GApps-free" period, I cannot confirm that battery endurance has really enhanced but I can confirm that at least my personal device and my wife's one are running much smoother and quite often faster than during their GApps-times.
Please advice in case of further questions; however, I suggest to use my above linked thread for that as I'm not monitoring this thread for obvious reasons.
Click to expand...
Click to collapse
I just pretty much searched through /system for anything with Google in it ?
It worked, and I now have microG. I also then used an Xposed module (InstallerOpt) like you suggested (Magisk won't work with a locked bootloader). Thanks for the help!
PorygonZRocks said:
I just pretty much searched through /system for anything with Google in it ?
It worked, and I now have microG. I also then used an Xposed module (InstallerOpt) like you suggested (Magisk won't work with a locked bootloader). Thanks for the help!
Click to expand...
Click to collapse
Glad that you worked it out. No need to post a thanks! ...just hit the "Thanks"-button...
The Best Advanced Privacy ROM/w MicroGI tested e/OS ROM on my OnePlus 5T for over a year, e/OS supports more than 269 devices
Fully "deGoogled" Open Source Mobile Ecosystem
e/foundation Website
OnePlus 5T Latest Dev Build Downloads
e/OS "dumpling" & 5T Device Details
List of More Than 269 Supported Devices
Advanced Privacy
⦁ "Installation Link" Method #1 Easy Installation (TOOL ALL IN ONE)
⦁ "Installation Link" Method #2 Install via command line (for advanced users)
The operating system/e/ is a “deGoogled” version of Android OS. It has an open-source Android OS core, with no Google apps or Google services accessing your personal data. It is compatible with all your favorite Android apps.
With /e/ you’ll find a set of carefully selected apps to cover your most common needs, personal and professional: get you email, plan your week ahead, chat with your friends and coworkers, browse the web, check the weather, check your itinerary for your next meeting…
All the apps are based on open source bricks. We improve their design and experience to make them look stellar and easy to use daily.
Advanced Privacy ⦁ Table of Contents LinkAdvanced Privacy lets you manage in app trackers, IP address and location. It’s available as a widget and within the operating system settings.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Advanced Privacy is a specific tool developed to limit your data exposure once you have installed third party apps.
When an application snoops in the background, it will use trackers to log your activity even if you are not using the app. It will also collect the IP address, so it can potentially link internet activity to a specific device and to a persona, and finally it will try to pinpoint your exact location.
ONEPLUS 5T - ROM - ROOT - TWRP - "INSTALLATION GUIDE" LINK BELOW
⦁ "Installation Link" Method #1 Easy Installation (TOOL ALL IN ONE)
⦁ "Installation Link" Method #2 Install via command line (for advanced users)
IS PLAY STORE NEEDED?
As it turns out, giving up Google is possible, and the experience isn't nearly as bad as you might think, plus my battery life is amazing now. If you care about privacy, better battery life, or want a smoother running phone, take the plunge and find a Rom that doesn't have Gapps installed.
Below are a few applications that I have tested without Gapps installed. I have also listed a few alternative store applications with there links. I exclusively use FLOSS, Free/Libre and Open Source Software, and because of this, I chose to install F-Droid.
What is "FLOSS and FOSS"
The two political camps in the free software community are the free software movement and open source. The free software movement is a campaign for computer users' freedom; we say that a nonfree program is an injustice to its users. The open source camp declines to see the issue as a matter of justice to the users, and bases its arguments on practical benefits only.
To emphasize that “free software” refers to freedom and not to price, we sometimes write or say “free (libre) software,” adding the French or Spanish word that means free in the sense of freedom. In some contexts, it works to use just “libre software.”
A researcher studying practices and methods used by developers in the free software community decided that these questions were independent of the developers' political views, so he used the term “FLOSS,” meaning “Free/Libre and Open Source Software,” to explicitly avoid a preference between the two political camps. If you wish to be neutral, this is a good way to do it, since this makes the names of the two camps equally prominent.
Others use the term “FOSS,” which stands for “Free and Open Source Software.” This is meant to mean the same thing as “FLOSS,” but it is less clear, since it fails to explain that “free” refers to freedom. It also makes “free software” less visible than “open source,” since it presents “open source” prominently but splits “free software” apart.
“Free and Open Source Software” is misleading in another way: it suggests that “free and open source” names a single point of view, rather than mentioning two different ones. This conceptualization of the field is an obstacle to understanding the fact that free software and open source are different political positions that disagree fundamentally.
Thus, if you want to be neutral between free software and open source, and clear about them, the way to achieve that is to say “FLOSS,” not “FOSS.”
We in the free software movement don't use either of these terms, because we don't want to be neutral on the political question. We stand for freedom, and we show it every time—by saying “free” and “libre”— or “free (libre)”. by Richard Stallman
If your running a Rom without Gapps, some applications like "Last Pass and Vimeo" will show a pop-up when you first start them that says, won't be able to run without Google Services, they might be able to run and some wont, unless you install microG, then you wont have this issue.
What is MicroG?
Actually, the microG is a free software clone of Google's proprietary center libraries and applications. To be more specific, it's a FLOSS (Free/Libre Open Source Software) frame to permit applications designed for Google Play Services to operate on programs, in which Play Services is not available. It provides all the needed APIs provided from the Google Play services so that the programs dependent on it may operate normally.
Telegram Links for microG Group Help
MicroG Liberation Front
Update: I installed microG on my OnePlus 5T running Phoenix Rom. This Rom has signature spoofing already baked into it, so the installation is simpler, runs very smooth, better battery life and security. For detailed installation instruction, see post #5 below.
What is microG Signature Spoofing
To use all the neat features from the microG project, which allows you to use all features of your Android smartphone without proprietary battery-consuming Google blobs, your system is required to support signature spoofing. Currently only very few custom ROMs have built-in support for this feature, luckily you can use Xposed or a patching tool to add the feature to the systems that don’t have it.
But: What is all this about? Is signature spoofing a problem when not using microG? Will it influence my security?
About signature spoofing
On Android, all applications are signed (usually using SHA1 with RSA). The certificate/key-combinations used to sign apps are self-signed. This means there is no PKI / certificate authority to verify a key to be owned by a person/company/entity. Thus everyone can come up with a key that has a equally valid Google certificate as keys used by Google to publish their apps.
However, on Android signatures are not designed to serve the purpose of verifying ownership/source of a package. Signatures are used to verify integrity and to ensure same package author when updating apps. The second one is important, to verify that only one the author has access to the private storage of an app. A different author is not able to sign an app using the same key, because he does not have access to it, and thus can not provide an update to an application that will be granted access to the app private storage. For example, the Signal app provided by OpenWhisperSystems is signed by a key not available to third-parties and thus Signal can store chat history in the private app storage and don’t need to fear that a rogue update can access this data. This means that signatures are important to ensure the secrecy of the private app storage and thus is an essential part of the Android package managements security system.
Signature spoofing allows applications to behave like being signed by a third party. This means that whenever one application asks the operating system for the certificate used to sign an installed package and that package uses signature spoofing, instead of the certificate attached to the app, a spoofed certificate is returned. This certificate has to be announced in the AndroidManifest.xml and the app is required to request the android.permission.FAKE_SIGNATURE permission. This means that it is not only easy to detect that an application uses signature spoofing, the user also has to give its consent – before Android 6, this was done during installation time, since then the consent is even more explicit in a dedicated pop-up, and the user can decide not to grant the permission.
Of course only very few developers ever ask for the certificate used to sign an application. There are numerous reasons for that:
In most cases you only want to verify, that an app is signed with the same key as yours (e.g. the apps are from the same author). For this case, the package manager has a method checkSignatures which compares the certificates of two packages. Thus the app author is not required to mess with byte arrays returned when requesting the certificate – and verifying the author name of a certificate is completely useless as described above.
If you want to use any kind of security model, you are much more likely to introduce a custom permission. On Android every app can declare a new permission and decide which apps will be granted this permission. One option here is to restrict by signature, or you can also require explicit user consent. This again is a lot easier than working with certificates, even more flexible and can be used to allow third-parties to integrate with your app (on users decision). Nice!
Directly working with certificates is not considered a security feature and is not listed on the security tips article in the documentation, whereas the proper use of permissions is.
When using the package managers GET_SIGNATURES feature to directly access the certificate, the android lint tool (which is usually used during the compilation process) will print a high priority warning, as improper use of this feature can be a security risk and the proper use is rather complicated. So complicated, that Google themselves did it wrong once, resulting in a major Android security vulnerability (sometimes referred to as the Fake ID vulnerability).
So why does microG require signature spoofing?
Now that we know, that only very few use direct access to certificate, you might wonder why microG needs it for certain features. Well the fact is that although most developers don’t even now about it, their apps actually do direct certificate access. This is due to how Google Play Services works:
Applications that use Google Play Services use the Play Services client library. This library is directly embedded into the application, is delivered as part of it and finally runs in the security context of that app. And this library actually uses direct certificate access to ensure that the Play Services app installed on the device is singed by a specific private key. It also verifies that the Play Store is installed (and signed using the same key), although it is not required for Play Services to run. This is the reason for the development of the microG FakeStore app.
There is one other popular use case I’d like to stress: DRM. Some developers use direct certificate access to verify that the application itself is signed by them. The reason for this is simple: If you modify an application you need to sign it (the previous signature is broken, if your system is not vulnerable to the “Android Master Key” vulnerability). As you don’t have the private key of the original developer you will not be able to create a valid signature that has the same certificate. This means you can’t modify the application without the original developer knowing about it. (Well, you could modify the checking code itself, …). With signature spoofing you can easily bypass these restrictions – as long as the app does not contain code to detect signature spoofing. by ~larma/blog
If your Rom does not support Signature Spoofing, take a look at this link.
[INDEX] How to get the signature spoofing patch
NEWLY ADDED & RECOMMENDED ANDROID APPS
> LINK<
No Gapps Setup Guides
Helpful links to setting up no Gapps
Signature Spoofing
[INDEX] How to get the signature spoofing patch
microG unofficial installer simplify the installation of microG
MicroG, gapps in only 11mb
NanoDroid By Setialpha, XDA Ad-Free Senior Member
microG By MaR-V-iN, XDA Senior Member
[MOD][FLASHABLE] microG unofficial installer
microG/Android Packages apps GmsCore
{FIRE Gapps-Go™+Tweaks™ for OREO}*{*Micro-G™*}*{FIRE Audio™ For LP-Oreo}
If you are using microG as a replacement for the Google Play Services, the ROM that you install needs to have support for signature spoofing. In short, this allows microG to pretend to be the official Google Play Services, otherwise the system and other apps won’t listen to it. If you have the Xposed Framework installed, the following module will enable signature spoofing: FakeGApps by thermatk. You can find more on the microG wiki
Telegram Links for microG Group Help
MicroG Liberation Front
A Few Rom's That Supports Signature Spoofing
I have listed several microG Rom's that are pre-built or compatible with microG. if you have tested either one of these or used any other microG builds, please let us know I'm currently running Phoenix Rom on my OnePlus 5T without Gapps installed. All these Rom's grants signature spoofing permissions, this is needed for any Rom to be able to run microG.
[ROM][Oreo]Codename Phoenix [OnePlus 5T]
[ROM][Oreo][OFFICIAL] Liquid Remix [9.0][8.1]
[ROM][Oreo] [ROM] OmniRom 8.1 [OP5T] [WEEKLY]
[ROM][Nougat] LineageOS for microG By Simon94, XDA Member
[ROM][Nougat & Oreo] LineageOS for easy microG + UnifiedNlp By espionage724, Senior Member
Following ROMs have out-of-box support for signature spoofing
Specific Android custom ROMs that support Signature spoofing
AEX AospExtended
AimRom
AOSGP
AOSiP
CarbonROM
crDroid
Ground Zero Roms aka GZR: Tipsy
HalogenOS
Hexa-Project
MarshRom
nAOSProm
NitrogenOS
Tugapower
ViperOS
Guardian Project
Open-source Android applications
Android Open Source - App
About the Android Open Source Project
List of Open Source apps provided by Christopher Roy Bratusek
INSTALLATION OF microG
This post will show you how to install microG.
First you must have a Rom that doesn't have Gapps installed, next if your Rom supports signature spoofing, go to the first step, If your Rom doesn't support signature spoofing, go to this link to patch your Rom (How to get the signature spoofing patch) then come back for installation of microG.
If your not sure if your Rom supports microG, just go threw the first step below, open microG Settings app, then "Self-Check" it should look like attached picture at bottom of this page, if not, you need to patch your Rom.
FIRST STEP:
1. Must unlock boot-loader and have TWRP installed. Download bellow app to PC and follow instructions, if your phone is unlocked and TWRP installed, skip this step.
TOOL ALL IN ONE
If you already have your device unlocked and TWRP installed, do a recovery backup in TWRP, then copy it to your pc, I normally just copy all my files from my phone to my pc or external device.
You must do a fresh install in order to have microG working properly, I use "ALL IN ONE TOOL", this is my steps from the ALL IN ONE TOOL app, "Reboot Bootloader" and select "Erase All Data / Decrypt Internal Storage", next click on "Recovery Flasher" and choose, "Select recovery", TWRP 3.2.1 Universal (Your Device), then select "Only boot it" and "FLASH"
2. From PC, download firmware (if needed), Rom and microG, this is for the Phoenix Rom. If you are using a different Rom, your installation might be different, just flash microG after flashing your Rom.
(Your ROM) I'm using Codename Phoenix [OnePlus 5T] Rom
3. From recovery, move downloads onto phone. Install Rom then microG, reboot system.
SECOND STEP:
1. Downloads to PC.
Magisk & Magisk Manager If you want Root. For the Phoenix Rom, install Magisk v14.0 first, then upgrade to v15.3 after first reboot, known to boot loop otherwise.
F-Droid
2. Move all download to phone, boot into recovery, install Magisk and No GApps Package, reboot.
3. Open your Files app, navigate to folder you put apk's, Install Magisk Manager.apk and F-Droid.apk/unless you flashed No GApps Packages.
THIRD STEP:
In phone, navigate to System Setting, Location, Mode and change it to High accuracy.
Go to UnifiedNip Settings and enable Network based Geo-location and Address lookup.
Open F-Droid Store and swipe down on screen to update repositories, now install Mozilla Stumbler from F-Droid Store and start.
Open microG Settings app, go to UnifiedNip Settings, make sure every thing is checked for Address lookup and Network based Geolocation.
Now go to main page of microG Settings, then Self-Check, check box, System grants signature spoofing permission, grant access, Allow.
Access your paid applications from play store
1. Install a PlayStore APK
If you have BlankStore installed, continue with the next step.
If you want to be able to access the Play Store, install BlankStore from the XDA thread. It is not a requirement that you set it up correctly and this is not covered by this instructions. If you need help, ask in the BlankStore original thread.
If you don't care about Play Store access, Install FakeStore.zip.
2. Open the microG Settings
which are available in the launcher now. If you want to use any Google services (Log-In, Cloud Messaging), tick both checkboxes for background services. This is the only supported setup, but you are free to disable them if you like playing with fire. You can also open the UnifiedNlp settings to enable the location backends of your choice. If you don't have any yet, check out F-Droid. For further questions and concerns regarding UnifiedNlp, use its corresponding GitHub repo or XDA thread.3. Reboot your device
If you skip this step, everything unwanted is possible.4. Disable Battery Optimization
if you use Android 6 (Marshmallow) or above. Ensure that it is disabled for microG Services Core in System Settings > Battery > Menu > Battery optimization. Note that this is the case for the original Play Services, as it is required to keep a stable background connection.
Note: On Android 7 (or later) an additional patch is needed to make location work, or alternatively, you can install GmsCore.apk in the /system/priv-app folder. This can be done by using adb push.
Testing
You can test Google Cloud Messaging using this test application*. Push notifications do not require account registration.
You can add an account through the system settings. Some applications might ask you to do so, if you don't.
Apps that use Cloud Messaging must be installed after GmsCore, or else they will not work. Some applications that can run with microG GmsCore is installed in the correct order: TextSecure/Signal, Play Music, YouTube
If you are using AdAway, make sure to put mtalk.google.com on your whitelist, or else problems are likely to occur when using Google Cloud Messaging. Thanks @benstyle1 on XDA for the hint.
Telegram Links for microG Group Help
MicroG Liberation Front
Awesome thread, thank you very much for your efforts. I followed the nogapps tutorial to the letter, still having problem with Signal app.
It wouldn't register my phone number. Can you maybe check it also? https://www.signal.org/android/apk/
LE: NVM, solved it by enabling GCM in MicroG settings and register Signal in MicroG GCM settings.
Another question, how much time should I keep Mozilla Stumbler from F-Droid Store scanning, and is it required?
Thanks again.
mi3x said:
Awesome thread, thank you very much for your efforts. I followed the nogapps tutorial to the letter, still having problem with Signal app.
It wouldn't register my phone number. Can you maybe check it also? https://www.signal.org/android/apk/
LE: NVM, solved it by enabling GCM in MicroG settings and register Signal in MicroG GCM settings.
Another question, how much time should I keep Mozilla Stumbler from F-Droid Store scanning, and is it required?
Thanks again.
Click to expand...
Click to collapse
Thanks for the post, this has been a learning experience for me, I just wanted to share my procedure with any one interested in installing microG. I use Signal as well, glad you figured it out, and as for Mozilla Stumbler, there is no need for it to be scanning after you have accessed the Play Store. I'm assuming that your using the OP5T phone with the Liquid Remix Rom, if so, I have updated the installation process, now there is no need to use Xposed framework.
I really appreciate it, you saved me from a lot of work, nicely gathering them all into this special thread. Fortunately enough, I use a different rom, Unofficial LineageOS 14.1 with custom kernel and it works perfectly as well.
I followed your steps in post 5, everything went smoothly.
Many thanks once again, for me this is a gem, just migrated from iOS and slowly moving away from google and trying to replace most of my apps, just setup my davDroid with my nextcloud server, it'll take some time but I'll get there eventually.
Now a question about playstore, did I misunderstand, or why would I access it anyway? The other non FOSS apps which I need at the moment, I install from yalp. Please adivse a bit on this angle.
Have a good one.
Excellent thread. I use microg 2 years, with lg g2 and now with op5t about 1,5 month at stock ROM. I am also try to de-google my self as much as i can.
Fdroid has excellent apps and you can find everything. I prefer lightweight apps with less permissions and ram/mb ie New pipe is an excellent YouTube replacement. I Subscribe to this thread. Keep it GOOGLESS
Sent from my ONEPLUS 5T
vagkoun83 said:
Excellent thread. I use microg 2 years, with lg g2 and now with op5t about 1,5 month at stock ROM. I am also try to de-google my self as much as i can.
Fdroid has excellent apps and you can find everything. I prefer lightweight apps with less permissions and ram/mb ie New pipe is an excellent YouTube replacement. I Subscribe to this thread. Keep it GOOGLESS
Sent from my ONEPLUS 5T
Click to expand...
Click to collapse
Pro can you tell me how you debloat Google apks without problem
Sent from my ONEPLUS A5010 using Tapatalk
Microg unofficial installer delete conflict apps.
The rest apps uninstall with apps like titanium
mi3x said:
I really appreciate it, you saved me from a lot of work, nicely gathering them all into this special thread. Fortunately enough, I use a different rom, Unofficial LineageOS 14.1 with custom kernel and it works perfectly as well.
I followed your steps in post 5, everything went smoothly.
Many thanks once again, for me this is a gem, just migrated from iOS and slowly moving away from google and trying to replace most of my apps, just setup my davDroid with my nextcloud server, it'll take some time but I'll get there eventually.
Now a question about playstore, did I misunderstand, or why would I access it anyway? The other non FOSS apps which I need at the moment, I install from yalp. Please adivse a bit on this angle.
Have a good one.
Click to expand...
Click to collapse
Good Day, Personally I don't need access to the play store, however, I receive a number of request from people that enjoy running microG, but want access to Play Store for there purchased applications, and others like to try out new Rom's, flashing many times a week, unfortunately Gapps has issues with the Play Store breaking when flashing Rom's multiple times, as for microG and the Yalp Store, they don't have this problem.
If you haven't already join Telegram, I recommend trying it out. Below I have listed your Rom link and several microG Groups as well.
Telegram Links
LineageOS
MicroG Liberation Front
MsuatafaKhatab said:
Pro can you tell me how you debloat Google apks without problem
Sent from my ONEPLUS A5010 using Tapatalk
Click to expand...
Click to collapse
I'm not really sure what your asking, but I will try. I see that you have the OnePlus 5T, and the best way I have found to do this is, install a Rom that doesn't have Gapps installed.
I have the same phone, and found that the Liquid Remix Rom is a good choice, it also supports signature spoofing. I will list a few links below that help with the OP5T phone.
Update: Phoenix Rom I'm using now, much smoother and supports signature spoofing.
Setting Up Your OP5T
TOOL ALL IN ONE
microG Installation
Protect Your Data
Google doesn’t have a camera in every home, but it does have phone's in millions of pockets.
Google's tracking explained. On two phones, without SIM, no data during travel, and one even in airplane mode. Watch this short video, you might be amazed.
YouTube Link: How much info is Google getting from your phone?
YouTube Alternative App: NewPipe
Your Data
Google wants you to understand what data they collect and use.
Google Services Contract
When you use Google services, you trust us with your data. It is our responsibility to be clear about what we collect and how we use it to make our services work better for you.
Here are the three main types of data we collect:
Things you do
When you use our services — for example, do a search on Google, get directions on Google Maps, or watch a video on YouTube — we collect data to make these services work for you. This can include:
Things you search for
Websites you visit
Videos you watch
Ads you click on or tap
Your location
Device information
IP address and cookie data
Things you create
If you are signed in with your Google Account, we store and protect what you create using our services. This can include:
Emails you send and receive on Gmail
Contacts you add
Calendar events
Photos and videos you upload
Docs, Sheets, and Slides on Drive
Things that make you “you”
When you sign up for a Google account, we keep the basic information that you give us. This can include your:
Name
Email address and password
Birthday
Gender
Phone number
Country
Protect Your Data with XPrivacyLua
XprivacyLua protects your privacy by feeding applications fake data or no data at all, or by restricting applications from accessing data categories such as contacts and location. It doesn’t revoke or block applications’ permissions (with the exception of internet and storage access), so most apps don’t misbehave or crash when they’re denied access. And it shows handy icons when applications request permissions, connect to the internet, or attempt to access sensitive data. If you value your privacy, please consider to support this project with a donation or by purchasing pro features.
GitHub Link
Xda Developer Link
Post your favorite Rom or application's you are using for privacy.
I'm a huge fan of xprivacylua, keep coming with these useful posts! Thanks!
xXxGeek said:
I'm not really sure what your asking, but I will try. I see that you have the OnePlus 5T, and the best way I have found to do this is, install a Rom that doesn't have Gapps installed.
I have the same phone, and found that the Liquid Remix Rom is a good choice, it also supports signature spoofing. I will list a few links below that help with the OP5T phone.
Update: Phoenix Rom I'm using now, much smoother and supports signature spoofing.
Setting Up Your OP5T
TOOL ALL IN ONE
microG Installation
Click to expand...
Click to collapse
So I take it the Tool-all-in one works for the 5T even though it's not specifically mentioned in the link? (I only saw it said it works for 3T)
Now the best way to not use google is to use a rom that doesn't include it. However, what if the ROM you want to use doesn't have an official version/or if you want to use the stock ROM for one reason or another? Let's say I turn on the phone, never log on to any google services, disable as many google apps as I can -- (though one can only deny google play services permissions, but not disable the app) -- does that provide a good amount of privacy? Or does google still manage to track you somehow?
Listerine said:
So I take it the Tool-all-in one works for the 5T even though it's not specifically mentioned in the link? (I only saw it said it works for 3T)
Now the best way to not use google is to use a rom that doesn't include it. However, what if the ROM you want to use doesn't have an official version/or if you want to use the stock ROM for one reason or another? Let's say I turn on the phone, never log on to any google services, disable as many google apps as I can -- (though one can only deny google play services permissions, but not disable the app) -- does that provide a good amount of privacy? Or does google still manage to track you somehow?
Click to expand...
Click to collapse
Unofficial microg installer can uninstall conflict packages and deletes Google stuff. There is no reason to keep stuff you don't need. Especially Google stuff. I install microg unofficial installer on nougat and now on oreo without problem.
Sent from my ONEPLUS 5T
vagkoun83 said:
Unofficial microg installer can uninstall conflict packages and deletes Google stuff. There is no reason to keep stuff you don't need. Especially Google stuff. I install microg unofficial installer on nougat and now on oreo without problem.
Sent from my ONEPLUS 5T
Click to expand...
Click to collapse
Didn't know the other installers would uninstall conflict packages -- I guess I didn't see any reference to that. In the instructions, it says that it requires spoofing, but do you need spoofing only if you need to use the app store?
There are a lot of unofficial microg installers out there -- did you mean this one?
https://forum.xda-developers.com/android/development/microg-unofficial-installer-t3432360
Anyways, what if you didn't want to deal with the hassle of rooting, installing ROMs and just wanted a simpler way to prevent google from data collection. Does the disabling method work or is it ineffective?
Listerine said:
Didn't know the other installers would uninstall conflict packages. I didn't see any reference to that.
There are a lot of unofficial microg installers out there -- did you mean this one?
https://forum.xda-developers.com/android/development/microg-unofficial-installer-t3432360
-About doing these installers, I would need root, so that would prevent OTAs, wouldn't it?
-I also notice that it says it requires signature spoofing. That's only required if you buy or download stuff from the play store, correct?
Click to expand...
Click to collapse
Exactly this one. So for this you need custom recovery for flashing. When I want to update to a newer oxygen I just flash rom & magisk & microg unofficial installer via recovery.
I personally don't have signature spoofing and playstore works ok but the right way is to use sign. Spoofing. Yes you can download stuff from Google without problem.
Sent from my ONEPLUS 5T
vagkoun83 said:
Exactly this one. So for this you need custom recovery for flashing. When I want to update to a newer oxygen I just flash rom & magisk & microg unofficial installer via recovery.
I personally don't have signature spoofing and playstore works ok but the right way is to use sign. Spoofing. Yes you can download stuff from Google without problem.
Sent from my ONEPLUS 5T
Click to expand...
Click to collapse
It has just occurred to me that the Chinese version of the OnePlus 5T has exactly the same hardware as the International version...but the Chinese version doesn't have any google apps installed.
So...wouldn't the easiest way to de-bloat from google just to install Hydrogen OS? You wouldn't even have to root for that.
I am a brand new owner of a OP 8. First thing I did was flash it to OOS 11, then installed Magisk. The phone is now up and running and rooted.
I am coming from a galaxy S5 that I have owned and used for more than 7 years, and for most of that time it has been running Lineage OS. I am used to the control that Lineage gives me, and I would expect that I could exercise the same degree of control with a rooted OOS.
But, this appears to not be true.
On the S5, I had 3C System Tuner Pro which is now an obsolete app, so I have replaced it with the current variant; 3C All-In-One toolbox. This package should allow me to control which apps start at boot, but it seems I cannot turn any of the apps off; when I uncheck them, the app fails to actually remove them from the startup list.
Also, I expect the 3C tool to allow me to uninstall pretty much any app, but there are a lot of google apps that I just can't remove.
I also use greenify (the paid version) and mostly it seems to be working OK, except that I cannot seem to access system apps from it, which makes it very hard for me to shut down things that I don't want running.
I also use afwall (the paid version) and it seems to work as expected. Which is good.
My focus is security and privacy, and my mantra is: "on android, the app that is not running is the app that is not spying". Thus, I want everything that is not needed to satisfy my purposes to not be running, and I only want apps running when *I* say that they can run.
Now, my S5 was running Lineage 17.1 which is android 9. I did not update it past that. And now I am running android 11, and I note that there is a lot of new hardware-based validation in android 11. So possibly I can't remove some things without disabling this validation (which I would prefer not to do). But even if I can't remove, I can disable (which, fortunately, I AM able to do). But I should be able to remove things from the startup list so they don't get started automatically at boot time. Right now, the way it works is they all start, then greenify shuts them down (and that isn't always completely reliable). I need more to make this phone genuinely secure and private.
So.
Does anyone here know how I could gain the capability to remove apps (including system apps) from the startup list and have it stick? Does anyone know what I need to do to get greenify to recognize system apps so I can shut them down when they are not needed, or failing that, can anyone steer me to a different app than greenify that will do that?
Perhaps I would gain by adding the xposed framework? I have not used it in a very long time (since I move to lineage) and I recall it being a bit of a pain.
I suppose I could move to Lineage from OOS, but I would prefer to not do that because of the camera software. This device seems to have a fine camera and not a lot of bloatware, so I would much prefer to stay with OOS for as long as the device is supported by the manufacturer.
But I do insist on being able to completely control it, and disabling apps that I can't stop from running is a much bigger hammer than I would like to use; some of those apps I might actually want to use from time to time.
OK, after some work I have successfully taken full control of the OnePlus 8 and have been able to configure startups as I want them. I installed xposed through Magisk.
I also installed the latest greenify (3.7.8) and afwall, and have those set up too. Since I did purchase greenify, I am able to greenify system apps as well. So, generally, I have full control over the device.
But there remains a problem.
I have disabled wifi and data connections in settings for all apps that I don't want to have accessing a network. I have also blocked those apps in afwall. And yet, my pihole DNS server that services my LAN shows me some of my apps are trying to call home, even when their capability to talk on the internet is denied.
Specifically, greenify is denied network access and is firewalled off, yet there is an attempt to connect to oasisfeng.com.
Also, I use an old version of ES File Explorer (from before it was sold and turned into something very like malware) and it is allowed LAN access but denied any access beyond the LAN...and I see it trying to call its old home domain (estrongs.com).
Similarly, I use an old version of UB Reader (later versions again approach malware status), and it is completely denied network access. But, I see a connection to mobisystems.com.
This clearly indicates that there is a proxy in use somewhere in the system, that is allowing these guys past my blocks. I am using adaway to block these specific domains, but it would be far better to just block that proxy.
However, I don't know where the proxy is and what it is called. Can someone here tell me?
If not, it will be trial and error, which is painful because functionality will break when I turn something off to see if this is it.
jiml8 said:
OK, after some work I have successfully taken full control of the OnePlus 8 and have been able to configure startups as I want them. I installed xposed through Magisk.
I also installed the latest greenify (3.7.8) and afwall, and have those set up too. Since I did purchase greenify, I am able to greenify system apps as well. So, generally, I have full control over the device.
But there remains a problem.
I have disabled wifi and data connections in settings for all apps that I don't want to have accessing a network. I have also blocked those apps in afwall. And yet, my pihole DNS server that services my LAN shows me some of my apps are trying to call home, even when their capability to talk on the internet is denied.
Specifically, greenify is denied network access and is firewalled off, yet there is an attempt to connect to oasisfeng.com.
Also, I use an old version of ES File Explorer (from before it was sold and turned into something very like malware) and it is allowed LAN access but denied any access beyond the LAN...and I see it trying to call its old home domain (estrongs.com).
Similarly, I use an old version of UB Reader (later versions again approach malware status), and it is completely denied network access. But, I see a connection to mobisystems.com.
This clearly indicates that there is a proxy in use somewhere in the system, that is allowing these guys past my blocks. I am using adaway to block these specific domains, but it would be far better to just block that proxy.
However, I don't know where the proxy is and what it is called. Can someone here tell me?
If not, it will be trial and error, which is painful because functionality will break when I turn something off to see if this is it.
Click to expand...
Click to collapse
If you are concerned about security, you should stay away from Xposed.
First of all, Xposed requires disabling Selinux, otherwise, it won't work. So during the installation, your Selinux status is turned to 'permissive'. That, coupled with the fact that almost every custom rom sets 'ro.secure to Zero', exposes your System partition to third party apps. So, basically, anything can exploit your phone.
Second, Greenify, with all due respect to its great developer, is not needed anymore, since Android 10, because now we have builtin sleep mode that does the same thing as Greenify.
Third, even if Xposed didn't require disabling Selinux, it is still an exploit that creates a back door to your system.
optimumpro said:
If you are concerned about security, you should stay away from Xposed.
First of all, Xposed requires disabling Selinux, otherwise, it won't work. So during the installation, your Selinux status is turned to 'permissive'. That, coupled with the fact that almost every custom rom sets 'ro.secure to Zero', exposes your System partition to third party apps. So, basically, anything can exploit your phone.
Second, Greenify, with all due respect to its great developer, is not needed anymore, since Android 10, because now we have builtin sleep mode that does the same thing as Greenify.
Third, even if Xposed didn't require disabling Selinux, it is still an exploit that creates a back door to your system.
Click to expand...
Click to collapse
Device security is only one aspect of security, and I handle that mostly through device configuration and usage policy anyway.
Overall security involves many other factors, which include maintaining full privacy and control over all data that gets out of the device and goes...elsewhere. To maintain this level of privacy requires reconfiguring any android device to prevent the release of that information. If this requires setting Selinux to permissive, then that tradeoff is quite acceptable. I might prefer it not be the case, but so long as all android devices sold into the marketplace represent the interests of google, the manufacturer, and any third-party that pays the manufacturer ahead of my interests then I will make that tradeoff.
As for Greenify, I have not found the sleep mode that is available in Android 11 to be adequate because it does not allow me to control system apps. You can take it as a maxim that the only android app that does not spy is the android app that is not running - and this includes lots of system apps that I might not want to delete or disable but also don't want running unless I say so, and then only while I am satisfying MY purpose for them.
As for the problem I was asking about, I added the specific URIs to the adaware blocklist and that suppressed them. Prior to that, I was seeing the DNS requests on my LAN DNS. I suspect the network utility I am using to monitor the phone's traffic is reporting requests ahead of the iptables FILTER table, and the packets were being suppressed prior to leaving the device, but I am not certain of that. The only way I could tell would be to monitor the device traffic as it went through the upstream VPN gateway on my LAN, and I did not do that.
Adaware works adequately for this, and I am not seeing any other unexpected/unacceptable traffic from my phone. The one remaining thing I need to check for will involve monitoring from the VPN gateway, as I look for any DoH or DoTLS traffic. I hope I don't find any; that will be a ***** to block. I do block it on the IOT VLAN on my network, but it requires a separate device running a script I wrote. To block DoH/DoTLS on my phone, while allowing appropriate DNS will be...fun.
Edit: And, actually, I just took a quick look. The sestatus command returns that my selinux status is "enforcing". The xposed framework I installed, actually, is lsposed, which is a systemless install using magisk. It implements the xposed framework but in a systemless way; I was just lazy when I wrote about it in my previous post.
jiml8 said:
Device security is only one aspect of security, and I handle that mostly through device configuration and usage policy anyway.
Overall security involves many other factors, which include maintaining full privacy and control over all data that gets out of the device and goes...elsewhere. To maintain this level of privacy requires reconfiguring any android device to prevent the release of that information. If this requires setting Selinux to permissive, then that tradeoff is quite acceptable. I might prefer it not be the case, but so long as all android devices sold into the marketplace represent the interests of google, the manufacturer, and any third-party that pays the manufacturer ahead of my interests then I will make that tradeoff.
As for Greenify, I have not found the sleep mode that is available in Android 11 to be adequate because it does not allow me to control system apps. You can take it as a maxim that the only android app that does not spy is the android app that is not running - and this includes lots of system apps that I might not want to delete or disable but also don't want running unless I say so, and then only while I am satisfying MY purpose for them.
As for the problem I was asking about, I added the specific URIs to the adaware blocklist and that suppressed them. Prior to that, I was seeing the DNS requests on my LAN DNS. I suspect the network utility I am using to monitor the phone's traffic is reporting requests ahead of the iptables FILTER table, and the packets were being suppressed prior to leaving the device, but I am not certain of that. The only way I could tell would be to monitor the device traffic as it went through the upstream VPN gateway on my LAN, and I did not do that.
Adaware works adequately for this, and I am not seeing any other unexpected/unacceptable traffic from my phone. The one remaining thing I need to check for will involve monitoring from the VPN gateway, as I look for any DoH or DoTLS traffic. I hope I don't find any; that will be a ***** to block. I do block it on the IOT VLAN on my network, but it requires a separate device running a script I wrote. To block DoH/DoTLS on my phone, while allowing appropriate DNS will be...fun.
Edit: And, actually, I just took a quick look. The sestatus command returns that my selinux status is "enforcing". The xposed framework I installed, actually, is lsposed, which is a systemless install using magisk. It implements the xposed framework but in a systemless way; I was just lazy when I wrote about it in my previous post.
Click to expand...
Click to collapse
I have been building Android roms for multiple devices for 9 years. When I started, I also gave a significant positive weight to Xposed, etc... . But the more I learned Android code, the more I became convinced that all those 'privacy' layers are mostly useless and even harmful, because they create a false sense of security.
Vanilla Android roms, actually, contain very little advertising/spying, and it makes a perfect sense: why would Google open-source their spying/advertising machine?
The only thing that might be considered spying (in vanilla Android) is captive portal detection that checks the internet connection and a few other network tools/tests that periodically connect to the internet, but not necessarily with nefarious purposes. But even these could be disabled or changed to other servers.
Android becomes an advertising tool only when you install Google Apps/Google Services Framework, register a Google account, etc. Once you have that, and 100% of stock roms do, no amount of tweaking can prevent spying, because these Google 'structures' sit lower than any systemless layer. In other words, they can go around Magisk/Xposed tricks. Moreover, on devices with stock roms, one doesn't even need encryption and the use of apps like Signal/Telegram/Silence etc.. Google Services Framework can see your outgoing messages before they are encrypted, and incoming messages after decryption. In other words, they can see what your eyes see on the screen.
So, the only way to prevent Google interests from taking over your phone is never install Google 'things', which is the case with my rom and my phone.
optimumpro said:
I have been building Android roms for multiple devices for 9 years. When I started, I also gave a significant positive weight to Xposed, etc... . But the more I learned Android code, the more I became convinced that all those 'privacy' layers are mostly useless and even harmful, because they create a false sense of security.
Vanilla Android roms, actually, contain very little advertising/spying, and it makes a perfect sense: why would Google open-source their spying/advertising machine?
The only thing that might be considered spying (in vanilla Android) is captive portal detection that checks the internet connection and a few other network tools/tests that periodically connect to the internet, but not necessarily with nefarious purposes. But even these could be disabled or changed to other servers.
Android becomes an advertising tool only when you install Google Apps/Google Services Framework, register a Google account, etc. Once you have that, and 100% of stock roms do, no amount of tweaking can prevent spying, because these Google 'structures' sit lower than any systemless layer. In other words, they can go around Magisk/Xposed tricks. Moreover, on devices with stock roms, one doesn't even need encryption and the use of apps like Signal/Telegram/Silence etc.. Google Services Framework can see your outgoing messages before they are encrypted, and incoming messages after decryption. In other words, they can see what your eyes see on the screen.
So, the only way to prevent Google interests from taking over your phone is never install Google 'things', which is the case with my rom and my phone.
Click to expand...
Click to collapse
I don't really program Android, though I am a kernel developer in both Linux and Freebsd. I also am one of the principal architects of a network infrastructure appliance that is getting a lot of attention in the industry.
So, while I do not know android in detail at a low level, I know linux thoroughly and I am fully equipped to completely monitor and control what access that android (or any other computer) has to any network. And that has been my dilemma; I can see what my device is doing and I am determined to stop it.
I agree with you about vanilla Android, absent all the google stuff. It is just linux with a different desktop on it, and the connections it makes to google are just for network management functions; the network device I have built also contacts google (and a few others) for network maintenance only and not any information transfer.
Unfortunately, the google apps infrastructure is required for some things that I use the phone for. Google maps is required by both Uber and Lyft; without Maps, I can't use those apps - and there are times when I am traveling where I really need to be able to use those apps.
Also, unfortunately, the company I am contracted to (where I am part-owner) for which I have built this network appliance makes heavy use of google tools. I have not been able to convince my partners to move away from google, and they can outvote me.
I have to allow Meet, and Chat to run on my device; I don't have a practical alternative. So I have spent a lot of time determining exactly which google components are the minimum required to allow those apps to run, and I have disabled or blocked or restricted permissions for all other google components - and both greenify and afwall play key roles in this activity.
With my old Galaxy S5, I just would install the smallest google package that supported Maps onto my Lineage OS on that device, but on this OnePlus 8, I have elected to stick with OOS for as long as it receives updates. So, tying google's hands is a lot more work.
My monitoring tells me I have it now as good as it will be. There are a few connections to google, as expected, but the frequency of those connections is not high and very little data is being transferred in either direction. I believe most of the traffic is administrative. The only thing I have not yet checked is whether there is any DoH or DoTLS traffic. My IOT VLAN watches for and blocks such traffic (my IOT VLAN exists to isolate and completely control my Android TV), and I have connected the phone to the IOT VLAN for a short while to see if any DoH/DoTLS was detected and none was - but I really need to connect it to that VLAN for an extended period.
I do root around in the phone's databases (which reveals what Google is doing, and Google can't stop that...) and the result is that I know Google is not doing much.
So, it isn't perfect. I would be much happier if the company would move away from google. But it is as good as its going to get, and I don't believe google is sneaking anything by me; I would have detected it. I do block a LOT of google URIs.
Also, as far as google open-sourcing their spying machine...that, quite explicitly, is the purpose of Android. It is open-sourced spyware for google.
They open-sourced it partly because they had to (the gnu licensing ties their hands) and partly to gain acceptance; its open source nature is why it is now the dominant architecture. It greatly reduces development costs for device manufacturers while providing a standardized framework upon which they can build.
Those of us who put in the effort to exploit that open-source nature to stop the spying are a small fraction of the total marketplace, and google can easily tolerate us.
Android has increased google's reach and ability to collect data about individuals to an enormous extent. From the standpoint of knowing everything about everybody (which is google's explicit goal) it is an enormous win for them.
Situation:
I have somewhat of a "love-REALLY HATE" relationship with Google apps and ecosystem.
On one hand, they are great at what they do.
On the other, it's like having a spy satellite overhead, given how much telemetry it does.
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
What I've done so far:
My current way-to-go method involves installing RethinkDNS+firewall, then blocking every single one of google apps including Gboard. It sort-of works, but very inconvenient, as I have to manually enable internet access for a particular app and/or service when needed. I also tried edXposed's XluaPrivacy module to cut off access to certain permissions. Again, cumbersome.
After going through F-Droid, I found an app called "Insular", that claims being able to put all of the "big brother" apps (such as Gapps) behind an isolated sandbox, a digital gulag of sorts.
Thanks for the pointer to Insular whose advertising on F-Droid says:
Insular is a FLOSS fork of Island.
With Insular, you can:
Isolate your Big Brother apps
Clone and run multiple accounts simutaniuosly
Freeze or archive apps and prevent any background behaviors
Unfreeze apps on-demand with home screen shortcuts
Re-freeze marked apps with one tap
Hide apps
Selectively enable (or disable) VPN for different group of apps
Prohibit USB access to mitigate attacks with physical access
Click to expand...
Click to collapse
Based on that, I suspect this XDA thread about "Island" may be useful.
[APP][5.0+][BETA] Island - app freezing, privacy protection, parallel accounts
"Island" is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data is still accessible (SMS, IMEI and etc).
Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked.
Click to expand...
Click to collapse
Totesnochill said:
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
Click to expand...
Click to collapse
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
I don't have a contacts.db sqlite database for that reason too, so my favorite communication apps are all designed to store their own contacts db internally to the app itself.
I replace Google apps with FOSS equivalents such as NewPipe (or, more recently, Vanced YouTube) for example.
And I spoof my GPS location by default (using Lexa Fake GPS, for example).
Of course, given I don't have a Google Account on my phone, I use the Aurora Store instead of the Google Play Store. Of course, I strive for apps that don't require Google Framework Services (GSF) which Aurora neatly filters out for us.
Since I'm not rooted, I can't delete Google Play Store, but I can disable it, which is almost as good.
And, I use privacy-aware apps for my messenger, calendar, contacts, and dialer apps (many of which come from Simple Mobile Tools' suite which are available on F-Droid).
To keep my WiFi SSID/BSSID/GPS/Strength/etc. out of the hands of Google (& Mozilla and Kismet and Wigle, etc.), I add "_nomap" to the SSID and I turn off the SOHO router SSID broadcast (which "hinders" most cellphones from uploading my BSSID information to Google public servers); but then I have to also turn off "AutoReconnect" on Android 12 and also I have the Developer Options set in Android 12 to randomize the MAC address on EACH connection; however that means I need to set any "static" connections on my LAN from the phone and not with address reservation on the router (which typically utilizes the MAC address).
And it's not just Google we need to keep our data out of their hands, as I even use WhatsApp privacy aware tools such as the WhatsApp dialer and WhatsApp Click to Chat mechanisms (to keep my contacts out of Facebook's hands too).
For offline maps, I use a quick web browser lookup on a privacy browser (such as Tor or Epic or Opera), since the Google address lookup is still the best in the world... (which is the love/hate relationship, right?)... and then I paste the GPS coordinates that the privacy browser found on the maps.google.com web site into a local routing application (such as a shortcut to a browser to google maps on the phone or better yet, to a dedicated offline map program such as OSM And~), and even traffic can be gotten without Google (e.g., Sigalert & 511 apps).
I used to reset the Advertising ID with a homescreen shortcut that could be activated from Windows via a batch file over Wi-Fi, but now with Android 12 we can wipe out the Advertising ID altogether (i.e., reset it to all zeroes). However, I still periodically change my GSF ID and other supposedly unique identifiers.
I'm still trying to figure out the implication of "trackers", so if anyone has more information about them, please advise.
Off hand there must be scores more things I do for privacy, where we probably should have a main thread on this site of all the myriad things people can do to increase their privacy on Android (some of which I've screenshotted for you below).
GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Thanks heaps for the very in-depth response. Really opens up on a lot of things I wasnt aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Are there any guides where I can do some reading on the concepts and techniques you've described? Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Also, what are your thoughts on MIcroG?
Totesnochill said:
Thanks heaps for the very in-depth response.
Click to expand...
Click to collapse
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
For example, when I mentioned I spoof my GPS, I looked up the app I used and linked to it so that you wouldn't have to test a score of apps like I did to find the best one.
Totesnochill said:
Really opens up on a lot of things I wasn't aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Click to expand...
Click to collapse
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
A lot of the protection is to protect ourselves from others who don't know how to configure their phone, so they are uploading our private information (like our contacts and home locations) to Google databases.
For example, the typical Android phone when it drives by your front door uploads to google your exact location, your signal strength, your unique BSSID and your SSID... where you'll note in my response above I had to do a half dozen things on my phone and router to prevent that from happening (i.e., just adding "_nomap" doesn't work but most people don't realize that because they don't think about it).
Totesnochill said:
Are there any guides where I can do some reading on the concepts and techniques you've described?
Click to expand...
Click to collapse
I'm sure there are plenty.
But I have been in MANY situations where there are none.
Take, for example, changing the GSFID... almost nowhere on the net is that described how to do it. Almost nobody does it, but it can be done if you know how.
I really should write a set of privacy tutorials so that everyone can do it but I have to find the time, and this web site doesn't like text tutorials I found out recently. So they make it a PITA in the end to help people. Sigh.
Totesnochill said:
Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Click to expand...
Click to collapse
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Now that you don't have a contacts.db sqlite database, you need to find the contacts and dialer and mms/sms apps that can suck in their own contacts.vcf file, which I pointed you to in the Simple Mobile Tools suite.
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that. Once you turn that on, you can just select the mock location app of your choice (where I suggested one above which isn't perfect but none of them are).
That particular app moves your location every few feet and it gets the altitude and it can easily be stopped and started, etc., but I'd like it if it didn't move just "west by 10 feet every minute" but instead if it would follow a pre-determined route that I could give it. So they need a lot more work to be as good as we'd like them to be.
For What'sApp privacy, look at the two apps I linked to in the prior post as they don't need the contacts.sqlite database to work.
Your WhatsApp should only have an icon in your folders for the people you contact and nothing else, IMHO. That's the best privacy you can get, although WhatsApp does decent hashing on the contacts file when it uploads it to their servers - but still - why give them your entire contacts when you only contact 10 people (or whatever) on WhatsApp. Right?
Totesnochill said:
Also, what are your thoughts on MIcroG?
Click to expand...
Click to collapse
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Especially if almost nobody reads these threads.
GalaxyA325G said:
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
Thank you for doing God's work out there. Ethics like these are what creates the content that keeps the internet from becoming a dumpster fire otherwise. Tutorials and explanations that come from the fellow users are THE best and usually directly on-point.
When I was just starting setting up Linux environment, I wrote "how-to notes" on every successful step. At first it was more like the "sticky notes" to help me remember, but eventually (as the list grew) I started writing these tips in a way as if they were to be read by someone with little background in the subject. What used to be the "Linux notes" file became 10563 lines monstrosity now... So every time I need to answer someone's question I just copypaste from this file.
GalaxyA325G said:
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
Click to expand...
Click to collapse
Absolutely. I've spent about 2 weeks tweaking my new phone (Nokia X6), trying out different roms/recoveries and app setups. Pissed off a bunch of people in the process - most wouldn't understand that I'm setting up a system to last another 7 years, just like my previous phone (Galaxy Gprime). Not to mention that with the amount of sensitive info on the phone, security and privacy are a legit concern, and worth learning about just how one learns to install and use the lock on the front doors.
Phones became disposable both in software and hardware, and so have the general attitude towards the devices.
My final setup became AOSP PixelPlusUI Rom (comes with about openGapps nano worth of Google stuff) with most other stock apps (contacts , dialer, keyboards, msg etc) removed via ADB and replaced with F-Droid alternatives.
I've also used Rethink DNS with whitelist set up/AppInspector to put Google in the Goolag - no internet access for anything google-related at all times. So far my phone has 253 apps blocked (including almost all of the system apps). Surprisingly, all of the necessary apps off google play store (Whatsapp, FB messenger) still function well. Whenever I need a particular Gservice (like a translator), I just enable access for that (and only that) until I dont need it anymore.
GalaxyA325G said:
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Click to expand...
Click to collapse
Thanks! I'm not sure why the links didnt show up at first. I'll give this a look. I've been using "simple mobile tools" for quite a while, and I must say I like how they are completely autonomous and transparent about what prems they need and why.
GalaxyA325G said:
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that.
Click to expand...
Click to collapse
I definitely saw the option in the dev settings, but didnt experiment with it. Well, now I know, thanks!
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
I will give microG a try (in a form of LineageOS for MicroG). In fact I did install this rom before but I was a bit confused about what it did and assumed that it is a regular LinOS repack with Gplay store and apps built-in. Time to test again.
Especially if almost nobody reads these threads.
Click to expand...
Click to collapse
Threads like these is how I passed my uni exams. Not even exaggerating XD. Thanks again for a very detailed insightful read!
Hello my friends, very happy to meet good hearted people who think alike about Gugle.
as my name suggests I'm noob still and didn't understand much of discussion but very happy to meet you friends. My love & warm regards to all here. Here is what I did uptill now before I saw this thread :
1> Load GSI/ROM.
2> Load TWRP
3> Load Magisk
4> Load microG
5> Install Service Disabler
5.1> Disable bunch of internal services like telemetry, analytics, location (FusedLocation not possible to disable) for every app (3-rd party & system app), contacts sync etc.
6> Install SD-Maid Pro
6.1> Freeze apps like Gugle Calendar Sync Adapter & Gugle Contacts Sync Adapter
7> Install CIAFirewall Fake VPN & configure it.
8> I use Opera browser for Banking, Youtube, Cab booking, Surfing, Gmail, Food Order etc.
9> Install Aurora Store for general app management & installation
10> For contacts I save all contacts in notepad app, and let all calls purposely bounce then I call back aftter checking whose call it was & state false apologies.
#FYI :- Gugle, Mycrowsowft , eFbee are not really to be blamed, rhey are having to comply with FBI, Phentagon, Central Intelligence Agencies, Interpol, etc. or they have to shut bizness.
GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Hi, I’m glad to have found this thread as I’m not happy with how my normal Android phone is spied upon by google. But I’m not technically knowledgeable and I don’t want to risk bricking my phone by trying amateur attempts at rooting, or installing Insular, etc…
So far I have not signed in, I allow only minimum permissions, use Netguard, Aurora and FDroid, and have disabled bloatware. I also force-stop apps as much as possible when not in use, and enable Location and Bluetooth only when needed.
I know this is just an amateur, token attempt to reduce spying - so I may have to eventually buy a degoogled phone.
I’ve also done some of the privacy suggestions in the attachments you posted.
Could you help me with a couple of newbie questions…
1): I might have minimised some personal data harvested by most of the apps I use, but I guess my privacy precautions will have no significant effect on the amount of telemetry collected by google?
2): If my precautions really have no significant effect, I’m wondering if would it make any real difference if I was signed in as I don’t use any of the google backup services anyway?
Thanks.
I've been using a banking app for the last year downloaded from Aurora. After a routine update it will not open because of an "invalid installation source".
This happened once before but cleared up after a few uninstalls and reinstalls.
I checked my phones Safetynet status using YASNAC and it passed both the Basic Integrity and CTS Profile Match tests.
I've done the uninstalling, installing, restarting, etc, without any sucess.
Any ideas how I can get the app working again?
Isn't this banking app available on Google Play Store?
Tom100% said:
I've been using a banking app for the last year downloaded from Aurora. After a routine update it will not open because of an "invalid installation source".
This happened once before but cleared up after a few uninstalls and reinstalls.
I checked my phones Safetynet status using YASNAC and it passed both the Basic Integrity and CTS Profile Match tests.
I've done the uninstalling, installing, restarting, etc, without any sucess.
Any ideas how I can get the app working again?
Click to expand...
Click to collapse
Uninstall old Aurora Store & then try installing Aurora Store from Aurora Droid or F-Droid. Aurora Store is working for me after I reflashed Android 10 Custom ROM RR yesterday evening.
FYI :
When my device was new like 5 years ago, just for once I installed banking apps directly from playstore and let it finish all the safety checks & droid guard checks it had to , after that its been 5 years now that I've ditched banking apps for net-banking & each time I login to banking apps if the need be, I can use them without a glitch (thanks to magisk hide which is now zygisk) even though I've been using 3 or 4 different Custom ROMS on the same device all these years & even now. I think what the banks check primarily is that the phone number & device ID should be the same as before when it had passed safety check, if its other than that then they get suspicious.
James_Watson said:
Isn't this banking app available on Google Play Store?
Click to expand...
Click to collapse
As per Mr.Snowden Gugle does a fabulous job of protecting its users from hackers but who saves its users from Gugle espionage & ad-mob? Thats the reason why many want de-gugled devices and open-source alternatives like Midro-G etc.
OldNoobOne said:
Uninstall old Aurora Store & then try installing Aurora Store from Aurora Droid or F-Droid. Aurora Store is working for me after I reflashed Android 10 Custom ROM RR yesterday evening.
FYI :
When my device was new like 5 years ago, just for once I installed banking apps directly from playstore and let it finish all the safety checks & droid guard checks it had to , after that its been 5 years now that I've ditched banking apps for net-banking & each time I login to banking apps if the need be, I can use them without a glitch (thanks to magisk hide which is now zygisk) even though I've been using 3 or 4 different Custom ROMS on the same device all these years & even now. I think what the banks check primarily is that the phone number & device ID should be the same as before when it had passed safety check, if its other than that then they get suspicious.
Click to expand...
Click to collapse
Thanks for your advice. I"ve installed the latest Aurora, 4.1.1 but the problem persists - I can install the banking app but when I open it just get a screen saying "invalid installation source".
It's an banking app for the country I live in. In the past I used Aurora Anon log in without problems to use the app. I've now also tried Insecure log in, but still get the "invalid installation source".
I have not logged in to ***gle on my phone but so far have had no problems. This is the only app that won't open, all other Aurora/Fdroid apps are OK.
The Safetynet status check using YASNAC passed both the Basic Integrity and CTS Profile Match tests.
I've uninstalled/ installed/ restarted phone, etc, witthout success.
Is there anything else I could try?
James_Watson said:
Isn't this banking app available on Google Play Store?
Click to expand...
Click to collapse
Yes, but I prefer to not sign into %¢€gle.
Tom100% said:
Thanks for your advice. I"ve installed the latest Aurora, 4.1.1 but the problem persists - I can install the banking app but when I open it just get a screen saying "invalid installation source".
It's an banking app for the country I live in. In the past I used Aurora Anon log in without problems to use the app. I've now also tried Insecure log in, but still get the "invalid installation source".
I have not logged in to ***gle on my phone but so far have had no problems. This is the only app that won't open, all other Aurora/Fdroid apps are OK.
The Safetynet status check using YASNAC passed both the Basic Integrity and CTS Profile Match tests.
I've uninstalled/ installed/ restarted phone, etc, witthout success.
Is there anything else I could try?
Click to expand...
Click to collapse
> Can you elaborate on what kind of Play Services are you using? Try microG Services Core, microG Services Framework Proxy / microG standard zip (github)
> If the banking app detects whether the install was from Package Installer instead of Pleysthore then use the Pleysthore provided by microG but before connecting to net be sure to disable 2 services within Pleysthore using Service Disabler app (PleySetapServyceV2 & ResthoreServyceV2) then after bank apps download finishes Disable all servycces of pleystore app & 3-rd Party Freeze it.
The attachment is the original downloaded version of microG from microg website. If you dont trust the attachment then you can download directly from microg website.
OldNoobOne said:
> Can you elaborate on what kind of Play Services are you using? Try microG Services Core, microG Services Framework Proxy / microG standard zip (github)
> If the banking app detects whether the install was from Package Installer instead of Pleysthore then use the Pleysthore provided by microG but before connecting to net be sure to disable 2 services within Pleysthore using Service Disabler app (PleySetapServyceV2 & ResthoreServyceV2) then after bank apps download finishes Disable all servycces of pleystore app & 3-rd Party Freeze it.
The attachment is the original downloaded version of microG from microg website. If you dont trust the attachment then you can download directly from microg website.
Click to expand...
Click to collapse
Thanks again. Apologies, I should have said in my first post that my phone is not rooted, and that I have not signed in to gugle, and use only Aurora and Fdroid apps. (Probably a futile gesture!) Nevertheless the banking app from Aurora has worked up to now...
If I can't get it to work I will probably have to give in and log into gugle. Damn!
Tom100% said:
Thanks again. Apologies, I should have said in my first post that my phone is not rooted, and that I have not signed in to gugle, and use only Aurora and Fdroid apps. (Probably a futile gesture!) Nevertheless the banking app from Aurora has worked up to now...
If I can't get it to work I will probably have to give in and log into gugle. Damn!
Click to expand...
Click to collapse
Alternatively, maybe you can try by using Opera Browser either from your device or from a PC/Laptop if banking apps is what you want. I ditched bank apps for the same very reason- dont want Pleysthore on device. I find Opera browser to be fast & secure, only caution is to turn off Opera VPN before logging into bank website because the password will be exposed to opera servers. all banks will have HTTPS Secure Login so no worries there. I find net-banking more complete than bank apps btw.
OldNoobOne said:
Alternatively, maybe you can try by using Opera Browser either from your device or from a PC/Laptop if banking apps is what you want. I ditched bank apps for the same very reason- dont want Pleysthore on device. I find Opera browser to be fast & secure, only caution is to turn off Opera VPN before logging into bank website because the password will be exposed to opera servers. all banks will have HTTPS Secure Login so no worries there. I find net-banking more complete than bank apps btw.
Click to expand...
Click to collapse
Thanks again for your advice!
MOD ACTION:
Thread closed at the request of the OP.