Situation:
I have somewhat of a "love-REALLY HATE" relationship with Google apps and ecosystem.
On one hand, they are great at what they do.
On the other, it's like having a spy satellite overhead, given how much telemetry it does.
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
What I've done so far:
My current way-to-go method involves installing RethinkDNS+firewall, then blocking every single one of google apps including Gboard. It sort-of works, but very inconvenient, as I have to manually enable internet access for a particular app and/or service when needed. I also tried edXposed's XluaPrivacy module to cut off access to certain permissions. Again, cumbersome.
After going through F-Droid, I found an app called "Insular", that claims being able to put all of the "big brother" apps (such as Gapps) behind an isolated sandbox, a digital gulag of sorts.
Thanks for the pointer to Insular whose advertising on F-Droid says:
Insular is a FLOSS fork of Island.
With Insular, you can:
Isolate your Big Brother apps
Clone and run multiple accounts simutaniuosly
Freeze or archive apps and prevent any background behaviors
Unfreeze apps on-demand with home screen shortcuts
Re-freeze marked apps with one tap
Hide apps
Selectively enable (or disable) VPN for different group of apps
Prohibit USB access to mitigate attacks with physical access
Click to expand...
Click to collapse
Based on that, I suspect this XDA thread about "Island" may be useful.
[APP][5.0+][BETA] Island - app freezing, privacy protection, parallel accounts
"Island" is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data is still accessible (SMS, IMEI and etc).
Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked.
Click to expand...
Click to collapse
Totesnochill said:
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
Click to expand...
Click to collapse
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
I don't have a contacts.db sqlite database for that reason too, so my favorite communication apps are all designed to store their own contacts db internally to the app itself.
I replace Google apps with FOSS equivalents such as NewPipe (or, more recently, Vanced YouTube) for example.
And I spoof my GPS location by default (using Lexa Fake GPS, for example).
Of course, given I don't have a Google Account on my phone, I use the Aurora Store instead of the Google Play Store. Of course, I strive for apps that don't require Google Framework Services (GSF) which Aurora neatly filters out for us.
Since I'm not rooted, I can't delete Google Play Store, but I can disable it, which is almost as good.
And, I use privacy-aware apps for my messenger, calendar, contacts, and dialer apps (many of which come from Simple Mobile Tools' suite which are available on F-Droid).
To keep my WiFi SSID/BSSID/GPS/Strength/etc. out of the hands of Google (& Mozilla and Kismet and Wigle, etc.), I add "_nomap" to the SSID and I turn off the SOHO router SSID broadcast (which "hinders" most cellphones from uploading my BSSID information to Google public servers); but then I have to also turn off "AutoReconnect" on Android 12 and also I have the Developer Options set in Android 12 to randomize the MAC address on EACH connection; however that means I need to set any "static" connections on my LAN from the phone and not with address reservation on the router (which typically utilizes the MAC address).
And it's not just Google we need to keep our data out of their hands, as I even use WhatsApp privacy aware tools such as the WhatsApp dialer and WhatsApp Click to Chat mechanisms (to keep my contacts out of Facebook's hands too).
For offline maps, I use a quick web browser lookup on a privacy browser (such as Tor or Epic or Opera), since the Google address lookup is still the best in the world... (which is the love/hate relationship, right?)... and then I paste the GPS coordinates that the privacy browser found on the maps.google.com web site into a local routing application (such as a shortcut to a browser to google maps on the phone or better yet, to a dedicated offline map program such as OSM And~), and even traffic can be gotten without Google (e.g., Sigalert & 511 apps).
I used to reset the Advertising ID with a homescreen shortcut that could be activated from Windows via a batch file over Wi-Fi, but now with Android 12 we can wipe out the Advertising ID altogether (i.e., reset it to all zeroes). However, I still periodically change my GSF ID and other supposedly unique identifiers.
I'm still trying to figure out the implication of "trackers", so if anyone has more information about them, please advise.
Off hand there must be scores more things I do for privacy, where we probably should have a main thread on this site of all the myriad things people can do to increase their privacy on Android (some of which I've screenshotted for you below).
GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Thanks heaps for the very in-depth response. Really opens up on a lot of things I wasnt aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Are there any guides where I can do some reading on the concepts and techniques you've described? Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Also, what are your thoughts on MIcroG?
Totesnochill said:
Thanks heaps for the very in-depth response.
Click to expand...
Click to collapse
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
For example, when I mentioned I spoof my GPS, I looked up the app I used and linked to it so that you wouldn't have to test a score of apps like I did to find the best one.
Totesnochill said:
Really opens up on a lot of things I wasn't aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Click to expand...
Click to collapse
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
A lot of the protection is to protect ourselves from others who don't know how to configure their phone, so they are uploading our private information (like our contacts and home locations) to Google databases.
For example, the typical Android phone when it drives by your front door uploads to google your exact location, your signal strength, your unique BSSID and your SSID... where you'll note in my response above I had to do a half dozen things on my phone and router to prevent that from happening (i.e., just adding "_nomap" doesn't work but most people don't realize that because they don't think about it).
Totesnochill said:
Are there any guides where I can do some reading on the concepts and techniques you've described?
Click to expand...
Click to collapse
I'm sure there are plenty.
But I have been in MANY situations where there are none.
Take, for example, changing the GSFID... almost nowhere on the net is that described how to do it. Almost nobody does it, but it can be done if you know how.
I really should write a set of privacy tutorials so that everyone can do it but I have to find the time, and this web site doesn't like text tutorials I found out recently. So they make it a PITA in the end to help people. Sigh.
Totesnochill said:
Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Click to expand...
Click to collapse
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Now that you don't have a contacts.db sqlite database, you need to find the contacts and dialer and mms/sms apps that can suck in their own contacts.vcf file, which I pointed you to in the Simple Mobile Tools suite.
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that. Once you turn that on, you can just select the mock location app of your choice (where I suggested one above which isn't perfect but none of them are).
That particular app moves your location every few feet and it gets the altitude and it can easily be stopped and started, etc., but I'd like it if it didn't move just "west by 10 feet every minute" but instead if it would follow a pre-determined route that I could give it. So they need a lot more work to be as good as we'd like them to be.
For What'sApp privacy, look at the two apps I linked to in the prior post as they don't need the contacts.sqlite database to work.
Your WhatsApp should only have an icon in your folders for the people you contact and nothing else, IMHO. That's the best privacy you can get, although WhatsApp does decent hashing on the contacts file when it uploads it to their servers - but still - why give them your entire contacts when you only contact 10 people (or whatever) on WhatsApp. Right?
Totesnochill said:
Also, what are your thoughts on MIcroG?
Click to expand...
Click to collapse
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Especially if almost nobody reads these threads.
GalaxyA325G said:
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
Thank you for doing God's work out there. Ethics like these are what creates the content that keeps the internet from becoming a dumpster fire otherwise. Tutorials and explanations that come from the fellow users are THE best and usually directly on-point.
When I was just starting setting up Linux environment, I wrote "how-to notes" on every successful step. At first it was more like the "sticky notes" to help me remember, but eventually (as the list grew) I started writing these tips in a way as if they were to be read by someone with little background in the subject. What used to be the "Linux notes" file became 10563 lines monstrosity now... So every time I need to answer someone's question I just copypaste from this file.
GalaxyA325G said:
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
Click to expand...
Click to collapse
Absolutely. I've spent about 2 weeks tweaking my new phone (Nokia X6), trying out different roms/recoveries and app setups. Pissed off a bunch of people in the process - most wouldn't understand that I'm setting up a system to last another 7 years, just like my previous phone (Galaxy Gprime). Not to mention that with the amount of sensitive info on the phone, security and privacy are a legit concern, and worth learning about just how one learns to install and use the lock on the front doors.
Phones became disposable both in software and hardware, and so have the general attitude towards the devices.
My final setup became AOSP PixelPlusUI Rom (comes with about openGapps nano worth of Google stuff) with most other stock apps (contacts , dialer, keyboards, msg etc) removed via ADB and replaced with F-Droid alternatives.
I've also used Rethink DNS with whitelist set up/AppInspector to put Google in the Goolag - no internet access for anything google-related at all times. So far my phone has 253 apps blocked (including almost all of the system apps). Surprisingly, all of the necessary apps off google play store (Whatsapp, FB messenger) still function well. Whenever I need a particular Gservice (like a translator), I just enable access for that (and only that) until I dont need it anymore.
GalaxyA325G said:
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Click to expand...
Click to collapse
Thanks! I'm not sure why the links didnt show up at first. I'll give this a look. I've been using "simple mobile tools" for quite a while, and I must say I like how they are completely autonomous and transparent about what prems they need and why.
GalaxyA325G said:
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that.
Click to expand...
Click to collapse
I definitely saw the option in the dev settings, but didnt experiment with it. Well, now I know, thanks!
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
I will give microG a try (in a form of LineageOS for MicroG). In fact I did install this rom before but I was a bit confused about what it did and assumed that it is a regular LinOS repack with Gplay store and apps built-in. Time to test again.
Especially if almost nobody reads these threads.
Click to expand...
Click to collapse
Threads like these is how I passed my uni exams. Not even exaggerating XD. Thanks again for a very detailed insightful read!
Hello my friends, very happy to meet good hearted people who think alike about Gugle.
as my name suggests I'm noob still and didn't understand much of discussion but very happy to meet you friends. My love & warm regards to all here. Here is what I did uptill now before I saw this thread :
1> Load GSI/ROM.
2> Load TWRP
3> Load Magisk
4> Load microG
5> Install Service Disabler
5.1> Disable bunch of internal services like telemetry, analytics, location (FusedLocation not possible to disable) for every app (3-rd party & system app), contacts sync etc.
6> Install SD-Maid Pro
6.1> Freeze apps like Gugle Calendar Sync Adapter & Gugle Contacts Sync Adapter
7> Install CIAFirewall Fake VPN & configure it.
8> I use Opera browser for Banking, Youtube, Cab booking, Surfing, Gmail, Food Order etc.
9> Install Aurora Store for general app management & installation
10> For contacts I save all contacts in notepad app, and let all calls purposely bounce then I call back aftter checking whose call it was & state false apologies.
#FYI :- Gugle, Mycrowsowft , eFbee are not really to be blamed, rhey are having to comply with FBI, Phentagon, Central Intelligence Agencies, Interpol, etc. or they have to shut bizness.
GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Hi, I’m glad to have found this thread as I’m not happy with how my normal Android phone is spied upon by google. But I’m not technically knowledgeable and I don’t want to risk bricking my phone by trying amateur attempts at rooting, or installing Insular, etc…
So far I have not signed in, I allow only minimum permissions, use Netguard, Aurora and FDroid, and have disabled bloatware. I also force-stop apps as much as possible when not in use, and enable Location and Bluetooth only when needed.
I know this is just an amateur, token attempt to reduce spying - so I may have to eventually buy a degoogled phone.
I’ve also done some of the privacy suggestions in the attachments you posted.
Could you help me with a couple of newbie questions…
1): I might have minimised some personal data harvested by most of the apps I use, but I guess my privacy precautions will have no significant effect on the amount of telemetry collected by google?
2): If my precautions really have no significant effect, I’m wondering if would it make any real difference if I was signed in as I don’t use any of the google backup services anyway?
Thanks.
Related
found an app called Location Cache Map in market and it seems from what it says that it prevents maps and other apps from setting location data on phone and clears map cache while still allowing full use of GPS functions. i tried it and it worked, though it takes an extra couple seconds to lock on.
seems to work. you can see your stored location data with it even if you dont want to block location cache. interested in hearing from others on if this seems to really be working.
Any aftermarket Rom do this.
Sent from my LG-P999 using XDA Premium App
sure if ya delete maps or something. mine always still saved location data on my phone. this lets you use the functions without phone saving cache data. ive never seen this function on any rom ive used. but if so id like to know how and save some time.
Has anyone else tried this?
Google has always kept this type of information---even before android. It's in their terms and conditions. Honestly, anyone who doesn't want to give Google access to this information, shouldn't use their phone.
aczarney said:
Google has always kept this type of information---even before android. It's in their terms and conditions. Honestly, anyone who doesn't want to give Google access to this information, shouldn't use their phone.
Click to expand...
Click to collapse
You should, at minimum, have the choice to turn it off and delete the data that is stored on your phone readily.
Let's get real, corporations have too much freedom when it comes to using us as pawns. It should be an option to opt out period. I use google stuff cause I like the way it works, they don't need my location for that.
Sent from my HTC Vision using XDA App
Google's been collecting information rather openly for years. I just don't get why people are surprised they are collecting it with their phones too. It was never really a secret. There's no option to turn it off simply because that's the terms and conditions for use of the phone--that Google is entitled to access to your location as well as other information regarding how you use your phone. It honestly is like they're watching your every move. If you don't want access given to Google for this information, don't use the phone. That's literally your only option, and legally, Google is completely backed up on that. Now apple, that's a different story. But Google has been doing these things ever since Google as a company was created, its actually part of what has allowed them to grow. To know how their services are used and how their users function more or less.
I could really care less. Ask yourself. What is Google going to do with your information besides direct ads based on you interest. As long as Google execs aren't going to come track me down, I could really care less what data they collect. If your worried about people collecting your data then don't ever buy anything off the internet or for that matter, don't ever use a credit card to make purchases.
read this. its a rant but its how it REALLY is.
Grammer and spelling errors warning!!!
its doesnt matter what they are going to do with it. i have a right to privacy. the more you look into your specfic settings for your google and gmail account, the more you'll see that a lot of what they ask for they don't tell you. they allow you to turn it off.... if you even know how to where to find it, or if you even know they are collecting it.
they keep much more than just location and basic data for ads. im not going to get into all of it because theres too much. go look for yourself.
basically these days to have a phone thats fun (smartphone) you are forced to choose iOS or Android. Both are bull**** when it comes to privacy. THATS WHY THEY ARE DEFENDING THERE ASSES IN COURT!!! Just the fact that it has gotten to the point of major national news shows that it isn't just nothing. $500 million lawsuits aren't to be taken lightly.
And it's not just my privacy. Many MANY apps and services including googles require access to many things that the app has absolutely no reason to have. theres a dev in the market called FREE WING go download his persmissions apps named after specific permissions example: READ_PHONE_STATE, it shows you some of what that permission pulls from your phone such as your name, device ID, phone number, contacts, and more. SMS permission had not just the ability to "tell if i get a text" but has, and records, everything that was said, who sent it, and their numbers. or go get an app called "Denied permissions" it will show you how many each app has and break them down and explain a little of how they work. then use it to look at Google Docs app permissions. it shouldn't have the ability to change,delete, modify my account passwords, and that's just one of its BS permissions.
any facebook app that uses facebook to as an alternative log in gives that app by DEFAULT the ability to read my contacts, status, my FRIENDS status and apps they are using, where they also go, their photos, mine, and more (go to the apps privacy settings on facebook to find this stuff). my friends apps one THEIR phone have access to MY personal information, just because we are associated in facebook. NOT COOL! Facebook just told its game devs a couple days ago that they had like a week or something to change their games to prevent 3rd party apps that are associated with their games from accessing or keeping their patrons information while they play their games.
basically it comes down to my information can be accessed by places i didn't give the OK to or even have heard of. google shares information with apps. try reading the privacy polices for apps sometime (go read AppPack's - Highlight app and T-mobile Mall's app privacy policies). its like the fine print that no one ever reads in contracts or car advertisements. its there but no one takes the time.
google used to be a damn search engine. now they own android, google, Google Chrome OS (just came out), admob, and more. im ok with ads. and them having info i know i asked them to hold on to. I can't imagine what dirt someone could find on someone running for president in 10 years. dirty pics from when someone texted them when they were 25, 18, 16. or their online diary they kept for some reason. things they said on a forum, damn i couldn't imagine my old myspace stuff. some of that could get me in to trouble. i was a party animal at the time. ya see where i'm going? wouldn't have posted that stuff 10 years ago if i had known what i know now.
theres enough info of ours unintentionally online and accessible. go google yourself. they don't need my location to boot
don't believe any of this then take some time to read what you are saying ok to. some privacy policies are like when in those cartoons (devil and daniel mouse) the devil asks you to sign a contract in your own blood, but you forgot their was stuff written on the back page.
But you don't have a right to privacy.....you agreed to the terms and conditions of Google's use when you began using your phone. You signed those rights to privacy away when you signed that Google account into your phone (which, in fact is where the agreement to the terms and conditions lie). You installed Google docs and said "yeah, its okay if this app has access to these things." You update your Google apps every release of a new version. Apple is having issues with this yes, but that's because it was never previously a part of their terms, and they were doing it without customers knowledge. Google is not having issues, will not have issues, and presented all that information to you upfront when you signed up for your Google account, well within your buyer's remorse. Likewise, they do have an option to opt out of "Location services" during most device's initial setup procedures. I bet if anyone sued Google, they wouldn't even prepare a case. They'd refer the judge to the terms of your Google account or those permissions you were okay with.
Bottom line, Yes you have your right to privacy. But you can't give away those rights away to Google or Facebook or whoever then complain about it. Those terms and conditions aren't just there for show, they create them for these specific reasons. It'd be like If I gave you my social security number, checking account number, and address and then was shocked when my identity was stolen and went to file a police report. Working for T-Mobile, I hear these types of arguments on a daily basis, but let me just say it hasn't once changed a thing. Once you agree to them, you can't change your mind until the terms are changed and presented to you again.
I've said it before and I'll say it again. If you like privacy, DO NOT USE A SMARTPHONE. You see, I use a smartphone because I could give two ****s less what Google has access to in my phone. There are only 9 numbers I don't want anyone having access to and lets be honest. I highly doubt Google is stealing our SS #'s.
A link to google and it's work it does for the NSA and CIA. They are more than a company pushing Internet mobile ads. Do not do anything with your phone that you do not want recorded and handed over to the government.
http://www.pcworld.com/article/188581/the_googlensa_alliance_questions_and_answers.html
Remember what google and others did to to people yearning for freedom in China.
http://www.nytimes.com/2006/02/15/technology/15cnd-internet.html
Is it possible to use Internet while keep annonymous ??
Well as soon as you go on the internet you are going to leave a fingerprint behind. You can minimize this a bit but you can't visit websites and not visit them at the same time. You can only make it less obvious that you visited them.
Some things that can make it harder for you to be tracked:
- Use a costum rom (AOSP probably best) without Google Apps.
- Use a VPN (Virtual Private Network) while browsing the web. This way websites only know that a certain "server" visited them, but they do not know who is behind this server. This way it becomes a lot harder to trace the visit back to you.
- Use Firefox Browser, it helps especially compared to Chrome.
- Send DoNotTrack requests (With tools such as Ghostery). Most web browsers now have an option build-in.
- Use an Adblocker on untrusted websites (Pref not on XDA ). Adaway is one of the apps you can use on Android to achieve this.
If you this kind of things on your Android device you will become a lot more anonymous. Ofcourse this is all pretty basic, if you start throwing out your passwords and name in the stuff you post online, ofcourse you no longer be anonymous . The largest danger is in giving your information to random websites/people on the internet. Tools such as e-mail maskers are always useful. Also try to refrain from installing apps without checking their permissions and stuff. If you install "Cute Free Wallpaper App" you might be infesting your device with malware, no matter how much protection you use it still all boils down to common sense.
H-Cim said:
Well as soon as you go on the internet you are going to leave a fingerprint behind. You can minimize this a bit but you can't visit websites and not visit them at the same time. You can only make it less obvious that you visited them.
Some things that can make it harder for you to be tracked:
- Use a costum rom (AOSP probably best) without Google Apps.
- Use a VPN (Virtual Private Network) while browsing the web. This way websites only know that a certain "server" visited them, but they do not know who is behind this server. This way it becomes a lot harder to trace the visit back to you.
- Use Firefox Browser, it helps especially compared to Chrome.
- Send DoNotTrack requests (With tools such as Ghostery).
- Use an Adblocker on untrusted websites (Pref not on XDA )
If you this kind of things on your Android device you will become a lot more anonymous. Ofcourse this is all pretty basic, if you start throwing out your passwords and name in the stuff you post online, ofcourse you no longer be anonymous . The largest danger is in giving your information to random websites/people on the internet. Tools such as e-mail maskers are always useful. Also try to refrain from installing apps without checking their permissions and stuff. If you install "Cute Free Wallpaper App" you might be infesting your device with malware, no matter how much protection you use it still all boils down to common sense.
Click to expand...
Click to collapse
Thanks a lot bro.. for your gud suggestions
You can install Orbot and Orweb to browse through the Tor network. This is much slower than using a VPN, but you don't have to trust a VPN provider to keep you anonymous.
Thanks you too !:good:
Tor isn't for beginners or total secure but people seems not able to understand it.
It your traffic isn't encrypted this means you sent plain text, passwords etc it goes unencrypted to the nodes and if these notes are compromised it's 'easy' to identify what you sent via deep package inspection. Silkroad was busted by this, an compromised www site with an sql hack and ... Tor is useless, so easy is that. Again it's not designed and never will be for beginners if we talking about 'total security'.
Heavyly hetting detected in the Web!
I was EDV-Technikan, and would really know more about be Nearly-Anonymouse. have a few tips without VPN, WARP,Tor Browser... If your Phone is rooted you can do more so how whats best Magisk,Root, Apps or other things i can USE ??
Thanks for Helping
How far are you ready to go in order to achieve anonymity?
It's kind of possible, but it's a bit cumbersome.
First, you need different browsers for different activities so that you have different fingerprints.
For example, one browser only for personal stuff where you real name appears like emails, tickets, banks etc., one browser only for emails and accounts where your real name doesn't appear, and one browser only for web surfing on websites where you aren't registered and don't need to be.
On all browsers try to avoid as much as you can to have Java script enabled, for banks and tickets you mostly can't but you can for emails (at least some of them so depending on which email you use you may want to change for one that doesn't require Java script to be enabled) and you can for many websites as long as you don't watch videos.
Atlas is a good browser, it isn't open source but it's clean and it enables you to switch between Java script and non Java script easily.
Naked browser is a good clean choice too.
Avoid like plague Chrome, and even Mozilla that isn't anymore what it used to be (unless you build your own version and you remove the nasty stuff).
Then you need different identities depending on which browser you use.
That is, everytime you switch browser you turn the WiFi off, you fire a script that changes your Mac address, your android ID and all the other IDs your phone may have, including phone model, phone manufacturer etc., and then you turn the WiFi back on and switch IP on your VPN if you use one (I personally don't, I don't see the point since I'm not a bad guy and since anyway a government agency could most likely oblige your VPN provider to give you away).
Now as said above you'll need a clean AOSPish ROM, without any Google apps (which is where most people's desire on privacy hiccups, because they can't live without the Google apps' suite).
You'll have to be rooted.
You'll need a firewall like AF+.
You'll need a network log app to check which app connects where, specially for newly installed apps that require internet access.
You'll have to be careful with the apps you install and go as much as possible with open source apps.
If you are into social networking, don't install their apps (unless you know how to patch closed source apps, see below), it's far safer, and battery friendly, to access their sites from a browser.
You'll have to learn how to compile your ROM, your kernel and your apps from source, and clean whatever needs to be cleaned before compilation because even pure AOSP has some unpleasant code like analytics and connections to Google everytime you turn the internet on (even if you don't have any Google apps installed, and even if you haven't opened any browser or internet allowed app yet) and because even open source apps use sometimes stuff you don't want.
If needed, you'll have to learn how to patch closed source apps to remove the analytics, the gms and the Facebook spywares if present, and whatever else you may find (Firebase, crashlytics etc.), and to remove the unwanted permissions, services, receivers and providers.
You'll have to learn how to use and read logs because patched apps often crash.
Last but not least, you'll need some common sense and change the way you interact with the internet...
If you do all of the above, you'll have a good level of anonymity.
So it's definitely possible, but one has to work a bit...
Are you willy to work?
I habe just tryed permissions ruler,3 WebBrowser,Network Connector to See what Apps and scrips works in Background of Android. Most is Google Framework nearly Evers secound Sending or looking up for anything...! AS i like some Google Services i will SetUp now next Rom without Google Services .... Would you have some Ideas,Apps,Roms,Markets like 1Market,Blackmart, Network Connector,Anty Spyware ?
Thanks a lot
Fdroid is good for open source apps. a good firewall. find a privacy oriented browser , i.e. yandex , startpage , duckduck go , tor. FairEmail for your email client. very privacy oriented.
https://forum.xda-developers.com/showthread.php?t=3824168
Hi there,
I hope this is the right place to post such question, otherwise, please feel free to move to the right place.
I am quite into mobiles, since day 1 (1999 for me). This is also why I bought an HTC G1 ...
Anyway, when installing "Network Connections", I was quite surprised, how many connections, how many apps had, to several servers, even of services I dont use. My weather app calling Facebook, even though I dont have facebook on my mobile et all. "Brave" Browser, no tabs open, however, six connections...
Then the news with the Apps using trackers (PayPal, Outlook etc.). I really like my privacy, but I dont see, that this is respected. I do know, that nothing comes for free in life, and I do know, that it is a trade-off, data against services. And for Google it is okay (Google Maps e.g. couldnt live without it), but I think a few too many, want to have a peace of the cake, in particular, after I have paid for the apps (because, I also know, they need to make a living).
Anway, long story short, what is there I can do to protect myself, learn how it works etc. Pleasese refrain from tellin gme to sell my mobiel, turn off the internet etc
I used xprivacy on my Nexus4 - still a good idea?
I am using Android and iOS.
Thanks a lot in advance
Try MyAndroidTools to disable Google spyware embedded in apps. Components like these:
GcmInstanceIDListenerService GcmMessageListenerService
AppMeasurementService FirebaseInstanceIdService FirebaseMessagingService
AppMeasurementInstallReferrerReceiver AppMeasurementReceiver FirebaseInstanceIdInternalReceiver FirebaseInstanceIdReceiver
FirebaseInitProvider
These are all Google-related tracking/ analytics. Along with any Crashlytics components you see.
Stop using ALL Google apps. Including Chrome. Including bundled spyware. Including Play store. Including Calendar. Including SMS. Remove all of them from your rooted device and install non-Google equivalents. Try Osmand and others for maps and other apps from f-droid to get the functionality you want. Yes, it takes time.
Find app to change hostnames and Mac addresses and clean persistent cookies if you want. Find websites such as https://apps.evozi.com/apk-downloader/ to download some apps you can't get from f-droid.org. Some apps rely on Google Play being installed. In my experience, none of them are worth it. If your app requires them and you can't live without it, probably forget any decent privacy.
If using a Mozilla-based browser, add these to your block list in Adaway:
accounts.firefox.com
blocklist.addons.mozilla.org
blocklist.settings.services.mozilla.com
detectportal.firefox.co
dynamicua.cdn.mozilla.net
fhr.cdn.mozilla.net
firefox.settings.services.mozilla.com
incoming.telemetry.mozilla.org
input.mozilla.org
install.mozilla.org
location.services.mozilla.com
mozorg.cdn.mozilla.net
mz.la
search.services.mozilla.com
shavar.services.mozilla.com
snippets.cdn.mozilla.net
tracking-protection.cdn.mozilla.net
updates.push.services.mozilla.com
versioncheck-bg.addons.mozilla.org
webextensions.settings.services.mozilla.com
...to help stop browser spyware.
Download apps from f-droid. Use a good firewall. Use AdAway. Customise your blocklist in AdAway. Disable all auto update components unless you trust the CIA and NSA to 'take care' of your device.
Etc.
https://www.zerohedge.com/news/2017-08-28/how-cia-made-google
You may wish to consider blocking these Google domains if you are adamant you want no business with Google:
adservice.google.com
adservice.google.com.au
ajax.googleapis.com
apis.google.com
books.google.com
books.google.com.au
clients1.google.com
clients2.google.com
clients3.google.com
chart.googleapis.com
crashlytics.com
cse.google.com
console.firebase.google.com
encrypted-tbn0.gstatic.com
firebase.google.com
fonts.googleapis.com
fonts.gstatic.com
ggpht.com
googleanalytics.com
id.google.com.au
imasdk.googleapis.com
lh3.ggpht.com
lh4.ggpht.com
lh5.ggpht.com
lh6.ggpht.com
mail.google.com
maps.googleapis.com
ota.googlezip.net
payments.google.com
safebrowsing-cache.google.com
safebrowsing.google.comsb-ssl.google.com
ssl.gstatic.com
support.google.com
www.googleapis.com
www.googlecommerce.com
You can add more if you are really enthusiastic.
Many are safe to add to your AdAway block list, but some of these will annoy you on some websites or apps that use Google infrastructure, so be warned. You can always temporarily disable AdAway ad-blocking or identify the domain you want to remove from the blocklist by using the Log DNS Requests feature.
Thank you
Thank you @comfortable - I really appreciate you took the time, to give me such a long and detailed reply.
Persepctively a complete avoidance of Google is the long-term goal. At this stage, I am more interested in avoiding smaller fish (like my alarm clock, which unfortunately offers a unique feature: slowly increasing alaram sound, gibes you a relaxed wake-up).
I am using Adhell already, and already diabled background call via AMB shell, however this made apps stop working compeltely (Runtastic e.g.).
Thanks for pointing out the relevant components! Thats quite helpful... I already condiered installing pihole and surfing via OpenVPN so this would filter out quite a bit of such stuff?
So yes- thanks again, I have a new project and will work off the measures you listed!!! Thank you. :good:
Hi all,
I had the suspicion for some time now that my Android phone is somehow collecting private information without my knowledge and using it to bombard me with ads but I wasn't sure how. I know that google is reading my emails, my calendars and has access to my data stored on Google Drive but today something totally weird happened. I was watching a video clip on YouTube when suddenly the clip paused and an ad show up about a salve I was discussing about the night before with my girlfriend. This cannot be a coincidence! The phone was during the conversation on Standby mode.
I've found some articles and even some videos on YouTube regarding this topic so I'm not paranoid.
Has anyone else experienced this?
Meanwhile I have deactivated microphone permission for all google apps but I doubt this is enough. What else can I do to stop it if it is really true?
I have stock ROM from Honor installed, would it be helpful to install a custom ROM?
droidis said:
Hi all,
I had the suspicion for some time now that my Android phone is somehow collecting private information without my knowledge and using it to bombard me with ads but I wasn't sure how. I know that google is reading my emails, my calendars and has access to my data stored on Google Drive but today something totally weird happened. I was watching a video clip on YouTube when suddenly the clip paused and an ad show up about a salve I was discussing about the night before with my girlfriend. This cannot be a coincidence! The phone was during the conversation on Standby mode.
I've found some articles and even some videos on YouTube regarding this topic so I'm not paranoid.
Has anyone else experienced this?
Meanwhile I have deactivated microphone permission for all google apps but I doubt this is enough. What else can I do to stop it if it is really true?
I have stock ROM from Honor installed, would it be helpful to install a custom ROM?
Click to expand...
Click to collapse
Google, Amazon, etc do pay a lot of attention to what you do online, which can seem a little intrusive. But we're not quite at the stage yet of people being listened to for the purposes of advertising.
It would be very labour-intensive, kill your battery and wreck your data. Not to mention the massive backlash from the public if and when it was discovered.
It's not impossible that some malware could be made which does listen to you, but it's not going to be an official Google app.
But, if you're still worried, deactivating microphone permission will stop the apps from being able to hear anything. There's no way to sidestep this to my knowledge. If an app doesn't have permission to use the mic, it can't use it.
Ticklefish said:
Google, Amazon, etc do pay a lot of attention to what you do online, which can seem a little intrusive. But we're not quite at the stage yet of people being listened to for the purposes of advertising.
Click to expand...
Click to collapse
I disagree. If you know someone who has a Google Home or Amazon Alexa product, ask them if they've had a similar experience. I know people who have those products, and they had a similar experience as OP.
Eavesdropping via Google Home/Amazon Alexa is a little different than eavesdropping on private phone conversations, because you must give Google Home/Amazon Alexa explicit permission to listen in order for it to work. However, I would not be surprised if Google monitors phone calls/texts in some manner to tailor advertisements.
answers
Google, Amazon, etc do pay a lot of attention to what you do online, which can seem a little intrusive. But we're not quite at the stage yet of people being listened to for the purposes of advertising.
http://qz.com/1145669/googles-true-...nd-nsa-research-grants-for-mass-surveillance/
http://www.theverge.com/2018/8/13/17684660/google-turn-off-location-history-data
https://video.foxnews.com/v/5731183327001/
Ads are being fed to users based on their voice content, online searches, etc. It is easy for machines to convert voice to text nowadays. That text is analysed for any text or phrase. Been going on for years with our spied-on phone calls and emails. Just see some YouTube videos for realtime subtitles in various languages for proof that this is done routinely.
Cameras, wifi, cellular and GPS are activated without our knowledge or permission routinely by OS, games and apps. Info is sent to Google and third parties when online. If your device is filled with Google's own battery-sucking apps, forget any semblance of privacy, I reckon. If your front camera is not covered...you are probably a sitting duck. You can buy camera covers on ebay if you want to be selective about when it's OK, these have a slider, otherwise consider taping it over. Same with your laptop.
If you are using Google Services or using Google Apps then I think you are a sitting duck ready to take some bullets. Much like Apple and Microsoft users are. To be fair, that is probably 99.99% of device owners.
Third-party apps and games do it too. So there's that. Your data is siphoned-off and sent over the interwebs by them.
Is your device rooted? If not, I'd recommend using a device that has TWRP for it, so you can more cleanly root it without resorting to more questionable root software with its own spyware. I'd recommend making a TWRP back-up before heavily uninstalling apps.
I'd recommend downloading open-source apps on f-droid.org. With a root uninstaller you can uninstall many things they normally don't let you: like all the Google spyware apps and components. Also things that you don't see listed under your Apps. Disabling Google apps doesn't stop them running. Uninstalling them then removing leftover files is a far better approach. For that you'll want a root uninstaller and a root file manager. Some uninstallers are better than others.
Trusting Google's own Permissions thing was always a bit like entrusting your kid to the local paedophile, to me. Google have CIA origins (and backing) and NSA funds keeping them primed. Do you know what just these 2 do worldwide? Unspeakable horrors. Consult William Blum or Susan Lindauer for starters.
I'd consider an open-source keyboard from f-droid.org. Like AnySoftKeyboard. I'd.consider replacing all default stock apps, including the Launcher.
The following has been safely removed by me after rooting my devices (various Mediatek-based Lenovo tablets):
Android Live Wallpapers, Android Work Assistant, Basic Daydreams, Black Hole, BSPTelephonyDevTool, Bubbles, Calculator, Calendar, Calendar Storage, Certificate Installer, Chrome, Clock, com.android.backupconfirm, com.android.browser.provider, com.android.providers.partnerbookmarks, com.android.sharedstoragebackup, com.android.wallpaper.holospiral, com.huaquin.factoryservice, com.mediatek, com.mediatek.voiceexztension,ConfigUpdater, Contacts, Contacts Storage, Device Service, dongle,Drive, DRM Protected Content Storage, Email, Exchange Services, FactoryKit Test, FM Radio, FTPrecheck, Fused Location, FwkPlugin, FWUpgrade, Gallery, Gamestore, Gmail, Google Account Manager, Google Backup Transport, Google App, Google Calendar Sync, Google Keyboard, Google One Time Init, Google Partner Setup, Google Play Movies, Google Play Music, Google Play services, Google Play Store, Google Services Framework, Guvera Music, Hangouts, Launcher3, Lenovo ID, Maps, Market Feedback Agent, McAfee Security, MmsService
Mobile Data, Mobile Network Configuration, MTKFloatMenu, MTK Logger, MTK NLPService, Music Visualisation Wallpapers, MusicFX, PacProcessor, Permission Control, Phone, Photos, RawDataTEst, RunInRebootSystem, Schedule power on & off, Search Applications Provider, Setup Wizard, SHAREit, Skype, SmartcardService, Sound Recorder, SYNCit HD, System Update, Tap the Frog HD, Tedongle Settings, Twitter, UC Browser HD, UpgradeSys, Vcalendar, VoiceCommand, Volidation Tools, YGPS, YouTube
Some of thistuff might be needed for phones but I use a tablet. All the telephony stuff is uninstalled.
If i need an app from Google's Spyware Play Store I use sites like https://apps.evozi.com/apk-downloader/ to download the APK directly without signing in to Google's Spyware Store infrastructure (since no Google apps are installed on my device). Otherwise f-droid.org caters to 95+% of my needs.
AdAway is one of the first things I install, along with a decent firewall like AfWall+
Xprivacy deserves some of your attention as do these apps from Tibor Kaputa https://simplemobiletools.github.io/
Today I was on my Sony Xperia XZ2 Compact, reading Facebook (using the Android Facebook app).
I was reading a bicycle forum, and replied to a thread regarding a local landmark.
I decided to double-check I was getting the name right, so I went to the Google search widget, and started typing the name of the landmark. The landmark is called "Hawk Hill" - I typed "ha" and "Hawk Hill" popped up as the first suggestion.
Now, that seems way too damned coincidental for it not to have been Google services scanning what I type in other apps.
I've searched here for discussions on what kinds of spying Google does; I mean, I know they scan data in their own apps, examine my search history, look at what web sites I've visited, etc. I don't love that, but I can live with it.
However, Google spying on my Facebook app? Really? I thought that the terms of service don't allow Google services to spy on non-Google apps. I could believe that they might see what websites I visit, but on an SSL-encrypted connection, how could they be reading the data exchanged?
Has anyone been following what the current state of Google spying on user activity is, especially vis a vis "always on listening" on the mic, or spying on other apps data?
- Tim
G-Works
tbessie said:
Today I was on my Sony Xperia XZ2 Compact, reading Facebook (using the Android Facebook app).
I was reading a bicycle forum, and replied to a thread regarding a local landmark.
I decided to double-check I was getting the name right, so I went to the Google search widget, and started typing the name of the landmark. The landmark is called "Hawk Hill" - I typed "ha" and "Hawk Hill" popped up as the first suggestion.
Now, that seems way too damned coincidental for it not to have been Google services scanning what I type in other apps.
I've searched here for discussions on what kinds of spying Google does; I mean, I know they scan data in their own apps, examine my search history, look at what web sites I've visited, etc. I don't love that, but I can live with it.
However, Google spying on my Facebook app? Really? I thought that the terms of service don't allow Google services to spy on non-Google apps. I could believe that they might see what websites I visit, but on an SSL-encrypted connection, how could they be reading the data exchanged?
Has anyone been following what the current state of Google spying on user activity is, especially vis a vis "always on listening" on the mic, or spying on other apps data?
- Tim
Click to expand...
Click to collapse
Lool that's the point of google company lol... get custom ROM and don't install gapps, lol even facebook is spying on your activities, even your personal data aka phonebooks, messagess, etc... where did you live all these years lool...
Don't get me wrong but all that gapps and others social apps were make that way. that's the price of your digital life.. you become a product.
I'll never gonna use that [email protected], spyware, datamining, etc in my life.. get custom ROM and don't install [email protected] and you'll be safe.
Respect your privacy and your device.
Good luck and stay safe.
tbessie said:
Today I was on my Sony Xperia XZ2 Compact, reading Facebook (using the Android Facebook app).
I was reading a bicycle forum, and replied to a thread regarding a local landmark.
I decided to double-check I was getting the name right, so I went to the Google search widget, and started typing the name of the landmark. The landmark is called "Hawk Hill" - I typed "ha" and "Hawk Hill" popped up as the first suggestion.
Now, that seems way too damned coincidental for it not to have been Google services scanning what I type in other apps.
I've searched here for discussions on what kinds of spying Google does; I mean, I know they scan data in their own apps, examine my search history, look at what web sites I've visited, etc. I don't love that, but I can live with it.
However, Google spying on my Facebook app? Really? I thought that the terms of service don't allow Google services to spy on non-Google apps. I could believe that they might see what websites I visit, but on an SSL-encrypted connection, how could they be reading the data exchanged?
Has anyone been following what the current state of Google spying on user activity is, especially vis a vis "always on listening" on the mic, or spying on other apps data?
- Tim
Click to expand...
Click to collapse
Hi Tim,
Let me start by saying that I am not in favor of all these practices and I do not like that these companies use our information however they please.
That said I will try to be as impartial as possible
"I've searched here for discussions on what kinds of spying Google does; I mean, I know they scan data in their own apps, examine my search history, look at what web sites I've visited, etc. I don't love that, but I can live with it."
You can look at myActivity (google it) and see all the data they have collected from you, you can delete it, pause the data collection (partially) or even have it deleted only after a few months.
They do everything you just said, and much more.
"However, Google spying on my Facebook app? Really? I thought that the terms of service don't allow Google services to spy on non-Google apps. I could believe that they might see what websites I visit, but on an SSL-encrypted connection, how could they be reading the data exchanged? "
Well technically all they did was read your clipboard, which if you're using gboard , they can.
Also note that Facebook will not work without Google's cloud services installed on the phone, so there is already a comunication overlay between the two services .
You can try to take some control back by using a different keyboard , using the web browser version of facebook and/or installing blokada wich will block not only ands but some of the more intrusive trackers they use .
if you have any questions or observations , please tell me!
FB is spyware... and malware.
I ditch it after a month over 12 years ago.
Wouldn't call any of this spying, just an auto/smart suggestion based on your browsing/typing history. Also doubt Google is reading everytging from your Facebook app to make these suggestions.
If you are using gboard, that most likely is how this suggestion was made. If you aren't using gboard then it would be a bigger mystery. Either change keyboard or look into keyboard settings and turn off suggestion/autocomplete/learning and similar "smart" settings.
Also, got rid of intrusive Facebook years ago...
drnightshadow said:
Lool that's the point of google company lol... get custom ROM and don't install gapps, lol even facebook is spying on your activities, even your personal data aka phonebooks, messagess, etc... where did you live all these years lool...
Don't get me wrong but all that gapps and others social apps were make that way. that's the price of your digital life.. you become a product.
I'll never gonna use that [email protected], spyware, datamining, etc in my life.. get custom ROM and don't install [email protected] and you'll be safe.
Respect your privacy and your device.
Good luck and stay safe.
Click to expand...
Click to collapse
That's a lot of lols and lools.
You're not telling me anything I don't already know. If you'll reread my post, I was asking for info on the specifics of what types of spying are KNOWN and verified to be occurring - what is google spying on? What is the mechanism of action? Are they recording every keystroke, reading every encrypted stream, reading all app data, etc? What info is exchanged between Android/google and other apps? Etc.
I'm a software guy, and I was asking for TECHNICALLY SPECIFIC answers, as this is a technical forum. General warnings and hyperbole aren't helping. :-/
Disable Google Firebase... it inventories all kinds of personal files.
With regards to the question asked with this thread's title:
Google Play Services is a library ( read a collection of software routines accessed by Android programs - mainly GMS apps ) not an Android program , hence you must not fear you - or any app - will be spied on by Google Play Services.
FYI:
Google Play Services basically acts as a shim between the normal Android apps and the installed Android OS. Right now Google Play Services handles the Google Maps API, Google Account syncing, remote wipe, push messages, the Google Play Games back end, and many other duties.
If you ever question the power of Google Play Services, try disabling it. Nearly every Google App ( keyword: GMS ) on your device will break.
Don't confuse things!
jwoegerbauer said:
With regards to the question asked with this thread's title:
Google Play Services is a library ( read a collection of software routines accessed by Android programs - mainly GMS apps ) not an Android program , hence you must not fear you - or any app - will be spied on by Google Play Services.
FYI:
Google Play Services basically acts as a shim between the normal Android apps and the installed Android OS. Right now Google Play Services handles the Google Maps API, Google Account syncing, remote wipe, push messages, the Google Play Games back end, and many other duties.
If you ever question the power of Google Play Services, try disabling it. Nearly every Google App ( keyword: GMS ) on your device will break.
Don't confuse things!
Click to expand...
Click to collapse
I normally run with it disabled; it saves time, trouble and battery (a fair amount too). Disabling it saves me from firewall blocking a bunch of apps; it's easier to toggle gps on/off when needed.
Keeps Find my Device from setting it's self as a System Administrator, which I really don't want running, ever. Kills gmaps too, yah.
Maps, location don't need to constantly be running in the background unless you need them to be running.
The only time disabling it is a pain is to access Playstore which requires a reboot with it enabled. I have only one app that requires constant Playstore connection to work, SD Maid Pro; it gets disabled anyway as I get tired of it constantly running in the background.
I flat out don't trust any Google product... as a result of Google's actions and history.