Any usable custom Rom for redmi9a? - Redmi 9A Questions & Answers

I would need WiFi without Hotspot and very simple Like lineage os.
Inside the Phone ive unlocked bootloader using Developer Options.
What can i do? The Stock Rom of the redmi 9a is extremly bloated. Just want to use web Browser and camera.
Ob my Samsung S3 ive loaded cyanogenmod and lineageos.it works mostly very Well...

Hi, the 9a is my daily and i can't have a semi functional phone, so i kept the original miui rom, which i debloated via the tool Universal Android Debloater.
GitHub - 0x192/universal-android-debloater: Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device.
Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device. - GitHub - 0x192/universal-android-debloater:...
github.com
No root requiered.
Fast and reliable.
Anyway, i'm interested as well in positive responses of your post, but i read all the posts for custom roms in dandelion and i've understood that at this moment no custom rom is fully functional...

Thx. I did look at the debloat Script which helps a Lot already and replaced the launcher with launcher> . Any way to edit or dump the Stock Rom?
Or a Script to Block certain Hosts without root or von?
Thx again and Kind
regards bluedxca93

To block hosts without root, the only way is using a proxy, or custom dns, even a vpn.
How to block ads on Android, with root and without root
Ads can be annoying in a lot of cases. If you're grown frustrated by ads on the Internet, here's how you can block ads on Android.
www.xda-developers.com

Redmi 9a is my dayly also, I opted for using ArrowOS it has 4 issues:
No wifi hotspot (nor VOLTE whatever that means it was in the known issues of the build)
Even with Gapps, using google drive back ups for whatsapp is not posible, IDK maybe im dumb, i had to use a local backup transfer.
Google maps location is buggy, it works kinda, but sometimes even on good wifi it tells you it doesnt know your location (I use google maps a lot, this is actually my biggest issue so far).
The touchscreen issue that came with stock rom when I bought it is still there, not really arrowOS fault but it wouldve been nice if it was fixed.
but the pros are endless, the phone is literally at least 10 times faster, and this is comparing a couple weeks into use arrowOS to a just hard reseted OFW.

bluedxca93 said:
Thx. I did look at the debloat Script which helps a Lot already and replaced the launcher with launcher> . Any way to edit or dump the Stock Rom?
Or a Script to Block certain Hosts without root or von?
Thx again and Kind
regards bluedxca93
Click to expand...
Click to collapse
I update my answer because i found a great way to get rid of ads without root :
I use since a couple of days an application that create a local proxy, an applicative firewall, a local dns.
It can force all applications to use it via a local vpn setup.
Rethink: DNS + Firewall | F-Droid - Free and Open Source Android App Repository
Firewall apps, monitor network activity, block malware, change DNS.
f-droid.org
Rethink | Fast, secure, configurable, private DNS + Firewall for Android.
3B+ Android users deserve access to a safer and open Internet. RethinkDNS is a private, secure, and fast DNS resolver with custom rules, blocklists, and analytics that lets you block websites temporarily with time-based rules, or permanently through 190+ pre-defined blocklists...
rethinkdns.com
You can find it on f-droid repos to keep it updated.
You can configure a large set of ad blocker lists, privacy lists, children protection, etc
Adblock Plus seems to be a good alternative, but i didnt tried it, it use the same "vpn trick" : https://f-droid.org/en/packages/org.adblockplus.android/

The best custom rom i found for this device is Nusantara Project and the best custom recovery is Orange Fox Recovery (OFRP)

Related

[Q]How to be full anonymous on Android

Is it possible to use Internet while keep annonymous ??
Well as soon as you go on the internet you are going to leave a fingerprint behind. You can minimize this a bit but you can't visit websites and not visit them at the same time. You can only make it less obvious that you visited them.
Some things that can make it harder for you to be tracked:
- Use a costum rom (AOSP probably best) without Google Apps.
- Use a VPN (Virtual Private Network) while browsing the web. This way websites only know that a certain "server" visited them, but they do not know who is behind this server. This way it becomes a lot harder to trace the visit back to you.
- Use Firefox Browser, it helps especially compared to Chrome.
- Send DoNotTrack requests (With tools such as Ghostery). Most web browsers now have an option build-in.
- Use an Adblocker on untrusted websites (Pref not on XDA ). Adaway is one of the apps you can use on Android to achieve this.
If you this kind of things on your Android device you will become a lot more anonymous. Ofcourse this is all pretty basic, if you start throwing out your passwords and name in the stuff you post online, ofcourse you no longer be anonymous . The largest danger is in giving your information to random websites/people on the internet. Tools such as e-mail maskers are always useful. Also try to refrain from installing apps without checking their permissions and stuff. If you install "Cute Free Wallpaper App" you might be infesting your device with malware, no matter how much protection you use it still all boils down to common sense.
H-Cim said:
Well as soon as you go on the internet you are going to leave a fingerprint behind. You can minimize this a bit but you can't visit websites and not visit them at the same time. You can only make it less obvious that you visited them.
Some things that can make it harder for you to be tracked:
- Use a costum rom (AOSP probably best) without Google Apps.
- Use a VPN (Virtual Private Network) while browsing the web. This way websites only know that a certain "server" visited them, but they do not know who is behind this server. This way it becomes a lot harder to trace the visit back to you.
- Use Firefox Browser, it helps especially compared to Chrome.
- Send DoNotTrack requests (With tools such as Ghostery).
- Use an Adblocker on untrusted websites (Pref not on XDA )
If you this kind of things on your Android device you will become a lot more anonymous. Ofcourse this is all pretty basic, if you start throwing out your passwords and name in the stuff you post online, ofcourse you no longer be anonymous . The largest danger is in giving your information to random websites/people on the internet. Tools such as e-mail maskers are always useful. Also try to refrain from installing apps without checking their permissions and stuff. If you install "Cute Free Wallpaper App" you might be infesting your device with malware, no matter how much protection you use it still all boils down to common sense.
Click to expand...
Click to collapse
Thanks a lot bro.. for your gud suggestions
You can install Orbot and Orweb to browse through the Tor network. This is much slower than using a VPN, but you don't have to trust a VPN provider to keep you anonymous.
Thanks you too !:good:
Tor isn't for beginners or total secure but people seems not able to understand it.
It your traffic isn't encrypted this means you sent plain text, passwords etc it goes unencrypted to the nodes and if these notes are compromised it's 'easy' to identify what you sent via deep package inspection. Silkroad was busted by this, an compromised www site with an sql hack and ... Tor is useless, so easy is that. Again it's not designed and never will be for beginners if we talking about 'total security'.
Heavyly hetting detected in the Web!
I was EDV-Technikan, and would really know more about be Nearly-Anonymouse. have a few tips without VPN, WARP,Tor Browser... If your Phone is rooted you can do more so how whats best Magisk,Root, Apps or other things i can USE ??
Thanks for Helping
How far are you ready to go in order to achieve anonymity?
It's kind of possible, but it's a bit cumbersome.
First, you need different browsers for different activities so that you have different fingerprints.
For example, one browser only for personal stuff where you real name appears like emails, tickets, banks etc., one browser only for emails and accounts where your real name doesn't appear, and one browser only for web surfing on websites where you aren't registered and don't need to be.
On all browsers try to avoid as much as you can to have Java script enabled, for banks and tickets you mostly can't but you can for emails (at least some of them so depending on which email you use you may want to change for one that doesn't require Java script to be enabled) and you can for many websites as long as you don't watch videos.
Atlas is a good browser, it isn't open source but it's clean and it enables you to switch between Java script and non Java script easily.
Naked browser is a good clean choice too.
Avoid like plague Chrome, and even Mozilla that isn't anymore what it used to be (unless you build your own version and you remove the nasty stuff).
Then you need different identities depending on which browser you use.
That is, everytime you switch browser you turn the WiFi off, you fire a script that changes your Mac address, your android ID and all the other IDs your phone may have, including phone model, phone manufacturer etc., and then you turn the WiFi back on and switch IP on your VPN if you use one (I personally don't, I don't see the point since I'm not a bad guy and since anyway a government agency could most likely oblige your VPN provider to give you away).
Now as said above you'll need a clean AOSPish ROM, without any Google apps (which is where most people's desire on privacy hiccups, because they can't live without the Google apps' suite).
You'll have to be rooted.
You'll need a firewall like AF+.
You'll need a network log app to check which app connects where, specially for newly installed apps that require internet access.
You'll have to be careful with the apps you install and go as much as possible with open source apps.
If you are into social networking, don't install their apps (unless you know how to patch closed source apps, see below), it's far safer, and battery friendly, to access their sites from a browser.
You'll have to learn how to compile your ROM, your kernel and your apps from source, and clean whatever needs to be cleaned before compilation because even pure AOSP has some unpleasant code like analytics and connections to Google everytime you turn the internet on (even if you don't have any Google apps installed, and even if you haven't opened any browser or internet allowed app yet) and because even open source apps use sometimes stuff you don't want.
If needed, you'll have to learn how to patch closed source apps to remove the analytics, the gms and the Facebook spywares​ if present, and whatever else you may find (Firebase, crashlytics etc.), and to remove the unwanted permissions, services, receivers and providers.
You'll have to learn how to use and read logs because patched apps often crash.
Last but not least, you'll need some common sense and change the way you interact with the internet...
If you do all of the above, you'll have a good level of anonymity.
So it's definitely possible, but one has to work a bit...
Are you willy to work?
I habe just tryed permissions ruler,3 WebBrowser,Network Connector to See what Apps and scrips works in Background of Android. Most is Google Framework nearly Evers secound Sending or looking up for anything...! AS i like some Google Services i will SetUp now next Rom without Google Services .... Would you have some Ideas,Apps,Roms,Markets like 1Market,Blackmart, Network Connector,Anty Spyware ?
Thanks a lot
Fdroid is good for open source apps. a good firewall. find a privacy oriented browser , i.e. yandex , startpage , duckduck go , tor. FairEmail for your email client. very privacy oriented.
https://forum.xda-developers.com/showthread.php?t=3824168

Is there any Android 9 custom ROM that can block network access for applications?

Let me clear that I am NOT talking about the default process by which applications ask for extra permissions or about whether an application's manifest lists the permissions it uses.
I am running the official Android Pie firmware on my Pixel. The bootloader is unlocked. I am looking for one of these two things:
An alternative firmware image ("ROM") that features the ability to block network access for individual applications. I believe that there is an Xposed module that can do this,but Xposed is not yet ready for Android Pie.
Software that, after rooting my phone, can be installed and be used to block network access for specific applications.
Why not use a firewall app, such as AFWall+ or NetGuard?
Rooted, use Android Firewall Plus to block apps
I use Android Firewall Plus on my Pixel with LOS 15.1 and Magisk. Works very well. I block every app and process that doesn't have a legitimate use for internet. I use Lineage so I can use Privacy Guard to block detailed permission for the few apps I DO let talk to the internet. Seems to work great.

How can I get rid from Xiaomi and Google trackers?

Hello everybody,
I was curious about which server my apps on mi Xiaomi Red Mi 6A get connected since a recent report said Xiaomi was tracking users. I've installed: NetGuard and TrackerControl and there are a few apps which I should not remove but are still connecting to the following directions:
Google:
firebaseremoteconfig.googlrapis.com
infinitedata-pa.googleapis.com
play.googleapis.com
Xiaomi:
api.ad.intl.xiaomi.com
data.mistat.intl.xiaomi.com
globalapi.ad.xiaomi.com
sdkconfig.ad.intl.xiaomi.com
My question: Is there a way to block all that addresses instead blocking the entire app?
I know I can remove bloatware rooting the phone or with the adb console, but these are system apps the phone needs to work properly. I also understand some apps may need to get connected to the Google api servers in order to work, but (I think) Xiaomi doesn't have anything to do here.
Regards!
MiguelRbls said:
Hello everybody,
I was curious about which server my apps on mi Xiaomi Red Mi 6A get connected since a recent report said Xiaomi was tracking users. I've installed: NetGuard and TrackerControl and there are a few apps which I should not remove but are still connecting to the following directions:
Google:
firebaseremoteconfig.googlrapis.com
infinitedata-pa.googleapis.com
play.googleapis.com
Xiaomi:
api.ad.intl.xiaomi.com
data.mistat.intl.xiaomi.com
globalapi.ad.xiaomi.com
sdkconfig.ad.intl.xiaomi.com
My question: Is there a way to block all that addresses instead blocking the entire app?
I know I can remove bloatware rooting the phone or with the adb console, but these are system apps the phone needs to work properly. I also understand some apps may need to get connected to the Google api servers in order to work, but (I think) Xiaomi doesn't have anything to do here.
Regards!
Click to expand...
Click to collapse
I'm willing to bet that if you did remove them, it will break things on your device and certain features/functions will no longer work, or worse yet, it may cause your device to not work properly.
Sent from my SM-S767VL using Tapatalk
I see these tracking sites getting blocked on my Adguard home filter and the phone still works fine.
api.ad.intl.xiaomi.com
tracking.intl.miui.com
app-measurement.com
ssl.google-analytics.com
googleads.g.doubleclick.net
I've also tried Netguard and TrackerControl but I still see these tracking and ad sites leaking through. I've tried different hosts files on Netguard too.
Is there a better solution without rooting/custom rom? It would be exposed once I leave the home network. I've already debloated the MIUI 13.0.13.

Securing/controlling OnePlus 8 with OOS 11.0.88.IN21BA

I am a brand new owner of a OP 8. First thing I did was flash it to OOS 11, then installed Magisk. The phone is now up and running and rooted.
I am coming from a galaxy S5 that I have owned and used for more than 7 years, and for most of that time it has been running Lineage OS. I am used to the control that Lineage gives me, and I would expect that I could exercise the same degree of control with a rooted OOS.
But, this appears to not be true.
On the S5, I had 3C System Tuner Pro which is now an obsolete app, so I have replaced it with the current variant; 3C All-In-One toolbox. This package should allow me to control which apps start at boot, but it seems I cannot turn any of the apps off; when I uncheck them, the app fails to actually remove them from the startup list.
Also, I expect the 3C tool to allow me to uninstall pretty much any app, but there are a lot of google apps that I just can't remove.
I also use greenify (the paid version) and mostly it seems to be working OK, except that I cannot seem to access system apps from it, which makes it very hard for me to shut down things that I don't want running.
I also use afwall (the paid version) and it seems to work as expected. Which is good.
My focus is security and privacy, and my mantra is: "on android, the app that is not running is the app that is not spying". Thus, I want everything that is not needed to satisfy my purposes to not be running, and I only want apps running when *I* say that they can run.
Now, my S5 was running Lineage 17.1 which is android 9. I did not update it past that. And now I am running android 11, and I note that there is a lot of new hardware-based validation in android 11. So possibly I can't remove some things without disabling this validation (which I would prefer not to do). But even if I can't remove, I can disable (which, fortunately, I AM able to do). But I should be able to remove things from the startup list so they don't get started automatically at boot time. Right now, the way it works is they all start, then greenify shuts them down (and that isn't always completely reliable). I need more to make this phone genuinely secure and private.
So.
Does anyone here know how I could gain the capability to remove apps (including system apps) from the startup list and have it stick? Does anyone know what I need to do to get greenify to recognize system apps so I can shut them down when they are not needed, or failing that, can anyone steer me to a different app than greenify that will do that?
Perhaps I would gain by adding the xposed framework? I have not used it in a very long time (since I move to lineage) and I recall it being a bit of a pain.
I suppose I could move to Lineage from OOS, but I would prefer to not do that because of the camera software. This device seems to have a fine camera and not a lot of bloatware, so I would much prefer to stay with OOS for as long as the device is supported by the manufacturer.
But I do insist on being able to completely control it, and disabling apps that I can't stop from running is a much bigger hammer than I would like to use; some of those apps I might actually want to use from time to time.
OK, after some work I have successfully taken full control of the OnePlus 8 and have been able to configure startups as I want them. I installed xposed through Magisk.
I also installed the latest greenify (3.7.8) and afwall, and have those set up too. Since I did purchase greenify, I am able to greenify system apps as well. So, generally, I have full control over the device.
But there remains a problem.
I have disabled wifi and data connections in settings for all apps that I don't want to have accessing a network. I have also blocked those apps in afwall. And yet, my pihole DNS server that services my LAN shows me some of my apps are trying to call home, even when their capability to talk on the internet is denied.
Specifically, greenify is denied network access and is firewalled off, yet there is an attempt to connect to oasisfeng.com.
Also, I use an old version of ES File Explorer (from before it was sold and turned into something very like malware) and it is allowed LAN access but denied any access beyond the LAN...and I see it trying to call its old home domain (estrongs.com).
Similarly, I use an old version of UB Reader (later versions again approach malware status), and it is completely denied network access. But, I see a connection to mobisystems.com.
This clearly indicates that there is a proxy in use somewhere in the system, that is allowing these guys past my blocks. I am using adaway to block these specific domains, but it would be far better to just block that proxy.
However, I don't know where the proxy is and what it is called. Can someone here tell me?
If not, it will be trial and error, which is painful because functionality will break when I turn something off to see if this is it.
jiml8 said:
OK, after some work I have successfully taken full control of the OnePlus 8 and have been able to configure startups as I want them. I installed xposed through Magisk.
I also installed the latest greenify (3.7.8) and afwall, and have those set up too. Since I did purchase greenify, I am able to greenify system apps as well. So, generally, I have full control over the device.
But there remains a problem.
I have disabled wifi and data connections in settings for all apps that I don't want to have accessing a network. I have also blocked those apps in afwall. And yet, my pihole DNS server that services my LAN shows me some of my apps are trying to call home, even when their capability to talk on the internet is denied.
Specifically, greenify is denied network access and is firewalled off, yet there is an attempt to connect to oasisfeng.com.
Also, I use an old version of ES File Explorer (from before it was sold and turned into something very like malware) and it is allowed LAN access but denied any access beyond the LAN...and I see it trying to call its old home domain (estrongs.com).
Similarly, I use an old version of UB Reader (later versions again approach malware status), and it is completely denied network access. But, I see a connection to mobisystems.com.
This clearly indicates that there is a proxy in use somewhere in the system, that is allowing these guys past my blocks. I am using adaway to block these specific domains, but it would be far better to just block that proxy.
However, I don't know where the proxy is and what it is called. Can someone here tell me?
If not, it will be trial and error, which is painful because functionality will break when I turn something off to see if this is it.
Click to expand...
Click to collapse
If you are concerned about security, you should stay away from Xposed.
First of all, Xposed requires disabling Selinux, otherwise, it won't work. So during the installation, your Selinux status is turned to 'permissive'. That, coupled with the fact that almost every custom rom sets 'ro.secure to Zero', exposes your System partition to third party apps. So, basically, anything can exploit your phone.
Second, Greenify, with all due respect to its great developer, is not needed anymore, since Android 10, because now we have builtin sleep mode that does the same thing as Greenify.
Third, even if Xposed didn't require disabling Selinux, it is still an exploit that creates a back door to your system.
optimumpro said:
If you are concerned about security, you should stay away from Xposed.
First of all, Xposed requires disabling Selinux, otherwise, it won't work. So during the installation, your Selinux status is turned to 'permissive'. That, coupled with the fact that almost every custom rom sets 'ro.secure to Zero', exposes your System partition to third party apps. So, basically, anything can exploit your phone.
Second, Greenify, with all due respect to its great developer, is not needed anymore, since Android 10, because now we have builtin sleep mode that does the same thing as Greenify.
Third, even if Xposed didn't require disabling Selinux, it is still an exploit that creates a back door to your system.
Click to expand...
Click to collapse
Device security is only one aspect of security, and I handle that mostly through device configuration and usage policy anyway.
Overall security involves many other factors, which include maintaining full privacy and control over all data that gets out of the device and goes...elsewhere. To maintain this level of privacy requires reconfiguring any android device to prevent the release of that information. If this requires setting Selinux to permissive, then that tradeoff is quite acceptable. I might prefer it not be the case, but so long as all android devices sold into the marketplace represent the interests of google, the manufacturer, and any third-party that pays the manufacturer ahead of my interests then I will make that tradeoff.
As for Greenify, I have not found the sleep mode that is available in Android 11 to be adequate because it does not allow me to control system apps. You can take it as a maxim that the only android app that does not spy is the android app that is not running - and this includes lots of system apps that I might not want to delete or disable but also don't want running unless I say so, and then only while I am satisfying MY purpose for them.
As for the problem I was asking about, I added the specific URIs to the adaware blocklist and that suppressed them. Prior to that, I was seeing the DNS requests on my LAN DNS. I suspect the network utility I am using to monitor the phone's traffic is reporting requests ahead of the iptables FILTER table, and the packets were being suppressed prior to leaving the device, but I am not certain of that. The only way I could tell would be to monitor the device traffic as it went through the upstream VPN gateway on my LAN, and I did not do that.
Adaware works adequately for this, and I am not seeing any other unexpected/unacceptable traffic from my phone. The one remaining thing I need to check for will involve monitoring from the VPN gateway, as I look for any DoH or DoTLS traffic. I hope I don't find any; that will be a ***** to block. I do block it on the IOT VLAN on my network, but it requires a separate device running a script I wrote. To block DoH/DoTLS on my phone, while allowing appropriate DNS will be...fun.
Edit: And, actually, I just took a quick look. The sestatus command returns that my selinux status is "enforcing". The xposed framework I installed, actually, is lsposed, which is a systemless install using magisk. It implements the xposed framework but in a systemless way; I was just lazy when I wrote about it in my previous post.
jiml8 said:
Device security is only one aspect of security, and I handle that mostly through device configuration and usage policy anyway.
Overall security involves many other factors, which include maintaining full privacy and control over all data that gets out of the device and goes...elsewhere. To maintain this level of privacy requires reconfiguring any android device to prevent the release of that information. If this requires setting Selinux to permissive, then that tradeoff is quite acceptable. I might prefer it not be the case, but so long as all android devices sold into the marketplace represent the interests of google, the manufacturer, and any third-party that pays the manufacturer ahead of my interests then I will make that tradeoff.
As for Greenify, I have not found the sleep mode that is available in Android 11 to be adequate because it does not allow me to control system apps. You can take it as a maxim that the only android app that does not spy is the android app that is not running - and this includes lots of system apps that I might not want to delete or disable but also don't want running unless I say so, and then only while I am satisfying MY purpose for them.
As for the problem I was asking about, I added the specific URIs to the adaware blocklist and that suppressed them. Prior to that, I was seeing the DNS requests on my LAN DNS. I suspect the network utility I am using to monitor the phone's traffic is reporting requests ahead of the iptables FILTER table, and the packets were being suppressed prior to leaving the device, but I am not certain of that. The only way I could tell would be to monitor the device traffic as it went through the upstream VPN gateway on my LAN, and I did not do that.
Adaware works adequately for this, and I am not seeing any other unexpected/unacceptable traffic from my phone. The one remaining thing I need to check for will involve monitoring from the VPN gateway, as I look for any DoH or DoTLS traffic. I hope I don't find any; that will be a ***** to block. I do block it on the IOT VLAN on my network, but it requires a separate device running a script I wrote. To block DoH/DoTLS on my phone, while allowing appropriate DNS will be...fun.
Edit: And, actually, I just took a quick look. The sestatus command returns that my selinux status is "enforcing". The xposed framework I installed, actually, is lsposed, which is a systemless install using magisk. It implements the xposed framework but in a systemless way; I was just lazy when I wrote about it in my previous post.
Click to expand...
Click to collapse
I have been building Android roms for multiple devices for 9 years. When I started, I also gave a significant positive weight to Xposed, etc... . But the more I learned Android code, the more I became convinced that all those 'privacy' layers are mostly useless and even harmful, because they create a false sense of security.
Vanilla Android roms, actually, contain very little advertising/spying, and it makes a perfect sense: why would Google open-source their spying/advertising machine?
The only thing that might be considered spying (in vanilla Android) is captive portal detection that checks the internet connection and a few other network tools/tests that periodically connect to the internet, but not necessarily with nefarious purposes. But even these could be disabled or changed to other servers.
Android becomes an advertising tool only when you install Google Apps/Google Services Framework, register a Google account, etc. Once you have that, and 100% of stock roms do, no amount of tweaking can prevent spying, because these Google 'structures' sit lower than any systemless layer. In other words, they can go around Magisk/Xposed tricks. Moreover, on devices with stock roms, one doesn't even need encryption and the use of apps like Signal/Telegram/Silence etc.. Google Services Framework can see your outgoing messages before they are encrypted, and incoming messages after decryption. In other words, they can see what your eyes see on the screen.
So, the only way to prevent Google interests from taking over your phone is never install Google 'things', which is the case with my rom and my phone.
optimumpro said:
I have been building Android roms for multiple devices for 9 years. When I started, I also gave a significant positive weight to Xposed, etc... . But the more I learned Android code, the more I became convinced that all those 'privacy' layers are mostly useless and even harmful, because they create a false sense of security.
Vanilla Android roms, actually, contain very little advertising/spying, and it makes a perfect sense: why would Google open-source their spying/advertising machine?
The only thing that might be considered spying (in vanilla Android) is captive portal detection that checks the internet connection and a few other network tools/tests that periodically connect to the internet, but not necessarily with nefarious purposes. But even these could be disabled or changed to other servers.
Android becomes an advertising tool only when you install Google Apps/Google Services Framework, register a Google account, etc. Once you have that, and 100% of stock roms do, no amount of tweaking can prevent spying, because these Google 'structures' sit lower than any systemless layer. In other words, they can go around Magisk/Xposed tricks. Moreover, on devices with stock roms, one doesn't even need encryption and the use of apps like Signal/Telegram/Silence etc.. Google Services Framework can see your outgoing messages before they are encrypted, and incoming messages after decryption. In other words, they can see what your eyes see on the screen.
So, the only way to prevent Google interests from taking over your phone is never install Google 'things', which is the case with my rom and my phone.
Click to expand...
Click to collapse
I don't really program Android, though I am a kernel developer in both Linux and Freebsd. I also am one of the principal architects of a network infrastructure appliance that is getting a lot of attention in the industry.
So, while I do not know android in detail at a low level, I know linux thoroughly and I am fully equipped to completely monitor and control what access that android (or any other computer) has to any network. And that has been my dilemma; I can see what my device is doing and I am determined to stop it.
I agree with you about vanilla Android, absent all the google stuff. It is just linux with a different desktop on it, and the connections it makes to google are just for network management functions; the network device I have built also contacts google (and a few others) for network maintenance only and not any information transfer.
Unfortunately, the google apps infrastructure is required for some things that I use the phone for. Google maps is required by both Uber and Lyft; without Maps, I can't use those apps - and there are times when I am traveling where I really need to be able to use those apps.
Also, unfortunately, the company I am contracted to (where I am part-owner) for which I have built this network appliance makes heavy use of google tools. I have not been able to convince my partners to move away from google, and they can outvote me.
I have to allow Meet, and Chat to run on my device; I don't have a practical alternative. So I have spent a lot of time determining exactly which google components are the minimum required to allow those apps to run, and I have disabled or blocked or restricted permissions for all other google components - and both greenify and afwall play key roles in this activity.
With my old Galaxy S5, I just would install the smallest google package that supported Maps onto my Lineage OS on that device, but on this OnePlus 8, I have elected to stick with OOS for as long as it receives updates. So, tying google's hands is a lot more work.
My monitoring tells me I have it now as good as it will be. There are a few connections to google, as expected, but the frequency of those connections is not high and very little data is being transferred in either direction. I believe most of the traffic is administrative. The only thing I have not yet checked is whether there is any DoH or DoTLS traffic. My IOT VLAN watches for and blocks such traffic (my IOT VLAN exists to isolate and completely control my Android TV), and I have connected the phone to the IOT VLAN for a short while to see if any DoH/DoTLS was detected and none was - but I really need to connect it to that VLAN for an extended period.
I do root around in the phone's databases (which reveals what Google is doing, and Google can't stop that...) and the result is that I know Google is not doing much.
So, it isn't perfect. I would be much happier if the company would move away from google. But it is as good as its going to get, and I don't believe google is sneaking anything by me; I would have detected it. I do block a LOT of google URIs.
Also, as far as google open-sourcing their spying machine...that, quite explicitly, is the purpose of Android. It is open-sourced spyware for google.
They open-sourced it partly because they had to (the gnu licensing ties their hands) and partly to gain acceptance; its open source nature is why it is now the dominant architecture. It greatly reduces development costs for device manufacturers while providing a standardized framework upon which they can build.
Those of us who put in the effort to exploit that open-source nature to stop the spying are a small fraction of the total marketplace, and google can easily tolerate us.
Android has increased google's reach and ability to collect data about individuals to an enormous extent. From the standpoint of knowing everything about everybody (which is google's explicit goal) it is an enormous win for them.

Question Ads/Sponsored Content in Google Feed on Pixel Phone ? Any way to block it ?

Hi there, it's been a long time since i used my last Pixel (it was 2XL),
what i notice right away after using my P7Pro for few days is that Google Feed on this phone is showing a lot of ads/sponsored content,
i used host based adblock along with adguard private DNS on this phone, same setup like my other phone (Aquos R6)
but to my surprise, while it managed to block the ads/sponsored contents on my Aquos, it failed to do so on my Pixel.
Do google actually do same thing with apple on macOS ? setting up certain IP/URL/Connection in OS level, bypassing our DNS/VPN/Host ?
Because i dont remember ever seeing thia much of an ads in my Google Feed. And, as comparison, i dont see the same ads from my Aquos which signed into same google account.
Do you have any idea how to reduce it ? or block it ?
And, no, choosing "Show less" or "Block this ads" by pressing ... button on the Feed doesn't work.
otonieru said:
Hi there, it's been a long time since i used my last Pixel (it was 2XL),
what i notice right away after using my P7Pro for few days is that Google Feed on this phone is showing a lot of ads/sponsored content,
i used host based adblock along with adguard private DNS on this phone, same setup like my other phone (Aquos R6)
but to my surprise, while it managed to block the ads/sponsored contents on my Aquos, it failed to do so on my Pixel.
Do google actually do same thing with apple on macOS ? setting up certain IP/URL/Connection in OS level, bypassing our DNS/VPN/Host ?
Because i dont remember ever seeing thia much of an ads in my Google Feed. And, as comparison, i dont see the same ads from my Aquos which signed into same google account.
Do you have any idea how to reduce it ? or block it ?
And, no, choosing "Show less" or "Block this ads" by pressing ... button on the Feed doesn't work.
Click to expand...
Click to collapse
I don't use Google Feeds it's an open door for some pubs
I prefer to use Flym which manages my RSS feeds and I don't have ads.
I also use AdAway and the Magisk Systemless Hosts-Unified module.
Adguard app, no adds unless you missed some filters/updates. Works great on Facebook too.
As others mentioned, you need a way to block/filter traffic on your entire device. There are apps that use a VPN to filter traffic without root, though there is always the root method of editing your hosts file which has been around for a good while which will always also work.
There is also one other option which is to use a DNS server which some companies provide as a paid service, the benefit there is you can choose to put the filter in your modem to have it filter down to all of the devices on your network, though personally I would never go for this option as iot is far too easy to block something you didn't want to, and a hassle to unblock it.
I installed a Play Store App, DNS66, and this seems to block ADs system wide including YouTube Music Ads - now it plays like a regular music player without the garbage ads every other song.
Thank you for all replies,
as mentioned i already using two adblock methods, root based and DNS based, and for other apps, the ads all gone, system widely,
only Google Discover still showing it,
but it SOLVED now, after turning off Ads Personalisation in My Ads setting in Google app, somehow all the ads now gone. Probably there's cache somewhere in my system which prevent the adblock to work 100% on Discover.
otonieru said:
Thank you for all replies,
as mentioned i already using two adblock methods, root based and DNS based, and for other apps, the ads all gone, system widely,
only Google Discover still showing it,
but it SOLVED now, after turning off Ads Personalisation in My Ads setting in Google app, somehow all the ads now gone. Probably there's cache somewhere in my system which prevent the adblock to work 100% on Discover.
Click to expand...
Click to collapse
This worked perfectly for me on both my Pixel phones. Thank you so much!

Categories

Resources