Database Info

[APP][4.4+] Privacy Browser

Privacy Browser is an open source Android web browser focused on user privacy. It is released under the GPLv3+ license. The source code is available from git.stoutner.com.
The only way to prevent data from being abused is to prevent it from being collected in the first place. Privacy Browser has two primary goals.
Minimize the amount of information that is sent to the internet.
Minimize the amount of information that is stored on the device.
Most browsers silently give websites massive amounts of information that allows them to track you and compromise your privacy. Websites and ad networks use technologies like JavaScript, cookies, DOM storage, user agents, and many other things to uniquely identify each user and track them between visits and across the web.
In contrast, privacy sensitive features are disabled by default in Privacy Browser. If one of these technologies is required for a website to function correctly, the user may choose to turn it on for just that visit. Or, they can use domain settings to automatically turn on certain features when entering a specific website and turn them off again when leaving.
Privacy Browser currently uses Android’s built-in WebView to render web pages. As such, it works best when the latest version of WebView is installed. In the 4.x series, Privacy Browser will switch to a forked version of Android’s WebView called Privacy WebView that will allow for advanced privacy features.
Warning: Android KitKat (version 4.4.x, API 19) ships an older version of OpenSSL, which is susceptible to MITM (Man In The Middle) attacks when browsing websites that use outdated protocols and cipher suites.
Features:
Integrated EasyList ad blocking.
Tor Orbot proxy support.
SSL certificate pinning.
Import/Export of settings and bookmarks.
Further information:
News
Changelog and Downloads
Roadmap
Permissions
Privacy Policy
Bug Tracker
Security and Privacy Canary
Mastodon
The standard version is available on F-Droid, Google Play, the Amazon Appstore, and the Galaxy App Store. The free version has all the features of the standard version with the addition of a banner ad across the bottom of the screen. It is available on Google Play, the Amazon Appstore, and the Galaxy App Store.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

One thing I thought I'd mention, using the default html ddg page I get a forbidden message any time I do a search. Using the toolbar works fine though.
Thanks for the app!

blk_jack said:
One thing I thought I'd mention, using the default html ddg page I get a forbidden message any time I do a search. Using the toolbar works fine though.
Thanks for the app!
Click to expand...
Click to collapse
I'm assuming that you are having this problem with the DuckDuckGo's .onion website. If so, this is a bug in their website that I have already tried to submit to them, but so far have not got any response.
https://forum.duckduckhack.com/t/searches-fail-on-the-onion-site-if-javascript-is-disabled/1927
https://www.reddit.com/r/duckduckgo...earches_fail_on_the_onion_site_if_javascript/
There are a couple of workarounds you can use until DuckDuckGo fixes their problem.
1. Set the Tor homepage setting to be https://start.duckduckgo.com instead of https://3g2upl4pq6kufc4m.onion/. The normal website works fine with JavaScript disabled.
2. Use domain settings to automatically turn on JavaScript for https://3g2upl4pq6kufc4m.onion/. You should also set the Tor search to be JavaScript enabled to match.
You might also add your voice to either of the websites above where I submitted the bug report. If enough people mention the problem it will probably get to the person who can fix it.

Problems with the default homepage.
blk_jack said:
One thing I thought I'd mention, using the default html ddg page I get a forbidden message any time I do a search. Using the toolbar works fine though.
Thanks for the app!
Click to expand...
Click to collapse
This problem will be fixed in the next release of Privacy Browser by changing the default homepage to https://duckduckgo.com/?kao=-1&kak=-1, which works with both JavaScript enabled and disabled. See https://www.reddit.com/r/duckduckgo...hes_on_startduckduckgocom_fail_if_javascript/ for more information.

So, this browser starts in an incognito or..?

Privacy Browser Defaults
Freddy1X said:
So, this browser starts in an incognito or..?
Click to expand...
Click to collapse
Privacy Browser starts with the following defaults, which can be configured on-the-fly, by domain, or globally:
JavaScript disabled.
First-party cookies disabled.
Third-party cookies disabled.
DOM storage disabled.
Form data disabled.
Incognito mode is off by default, but can be turned on in the preferences. Incognito mode clears the history and cache after each webpage finishes loading.
There is also a Clear and Exit button, which clears all cookies, DOM storage, form data, cache, and removes Privacy Browser from memory.

How to switch tabs ?

jerryn70 said:
How to switch tabs ?
Click to expand...
Click to collapse
Tabbed browsing is not yet implemented. See the roadmap for more information.

Privacy Browser 2.5 has been released.
Changelog:
• Add SSL certificate pinning to domain settings.
• Add searx.me to the list of search engines.
• Update the default homepage to work with both JavaScript enabled or disabled.
• Fix a bug that caused the website title to be lost on rotate.
• Ghost the “Clear DOM Storage” options menu item if there is nothing to delete.
• Use non-bolded red text to indicate unencrypted websites.
• Fix a bug that sometimes caused custom domain user agents to fail.
• Fix a bug that caused website modifications (like the sorting of a list) to be lost if Privacy Browser was moved to the background.
• Many small improvements were made to the Domains activity.
• Updated Italian translation provided by Francesco Buratti.
• Updated Spanish translation provided by Jose A. León.
There is a blog post with more information about the new features.

Privacy Browser 2.6 has been released.
Changelog:
• Add night mode rendering.
• Update the dark theme rendering of the About and Guide sections.
• Add support for HTTP authentication.
• Color code the Common Name in the view SSL certificate dialog.
• Updated Italian translation provided by Francesco Buratti.
• Updated Spanish translation provided by Jose A. León.
There is a news post with more information about each of these items.

Awesome privacy browser..I have already purchased it from google play store. Please add tabbed browser option.
Please update it soon.

Tabbed Browsing
nausha7 said:
Awesome privacy browser..I have already purchased it from google play store. Please add tabbed browser option.
Please update it soon.
Click to expand...
Click to collapse
nausha7, I'm glad you like it.
Tabbed browsing will be part of the 3.x series. You can read the roadmap for more information.

Privacy Browser 2.7 has been released.
Changelog:
• Add a bookmarks drawer that is accessed by sliding from the right.
• Prevent Night Mode from flashing a white background when loading new pages.
• Update the user agents.
• Bump target API to 26 (Android Oreo, 8.0.0).
• Updated Italian translation provided by Francesco Buratti.
• Updated Spanish translation provided by Jose A. León.
There is a blog post with more detailed information about the changes.

How is webRTC IP leaks handled?

WebRTC
m0d said:
How is webRTC IP leaks handled?
Click to expand...
Click to collapse
Privacy Browser currently uses Android's WebView to render web pages. WebView does not provide any controls over WebRTC, which is a privacy problem.
WebRTC requires JavaScript. By default, JavaScript is disabled in Privacy Browser. So when browsing the web with the default settings, WebRTC will not function and will not leak a user's IP address.
In Privacy Browser, JavaScript may be enabled on the fly or automatically by domain. Because of risks like WebRTC, users should only enable JavaScript for domains they trust.
In the 4.x series, I plan on forking Android's WebView to make Privacy WebView. I will then add WebRTC privacy controls, which will allow a user to disable WebRTC even when JavaScript is enabled.
https://redmine.stoutner.com/issues/62
https://www.stoutner.com/category/roadmap/

Hello! I first download Privacy Browser from F-Droid, then bought in Play store. Updates first appears in Play store, but I haven't update option, only uninstall.
Is it possible to update app installed from F-droid by Play store, or I have to uninstall F-droid version and than install Play store version? Is it possible to keep setting or export and import them?

APK Signatures
CubaoX said:
Hello! I first download Privacy Browser from F-Droid, then bought in Play store. Updates first appears in Play store, but I haven't update option, only uninstall.
Is it possible to update app installed from F-droid by Play store, or I have to uninstall F-droid version and than install Play store version? Is it possible to keep setting or export and import them?
Click to expand...
Click to collapse
Android will only let an app update if the signature on the new APK matches the signature on the currently installed APK. The APKs on Google Play, XDA Labs, and stoutner.com are all signed with my personal key. The APKs on F-Droid are built from source by F-Droid and signed by their key. I believe that the Amazon Appstore strips my signature from the APK I upload to them and applies their own signature, but I have not taken the time to verify that is the case.
As such, when Privacy Browser is installed from Google Play, XDA Labs, or stoutner.com it can afterwords be updated using APKs from any of these three locations. Note, however, that Google Play will only offer to update Privacy Browser if the signature matches and the Play Store database indicates the user has purchased the app through them. I would imagine that XDA Labs performs a similar check, but I have not verified that such is the case.
Because F-Droid builds the app from source there is a delay between when a new version is released and when it becomes available on F-Droid. Some information about the current status of the build can be found at:
https://f-droid.org/wiki/page/com.stoutner.privacybrowser.standard
See also this forum thread:
https://forum.f-droid.org/t/is-the-f-droid-build-process-currently-broken/195
It is not currently possible to export and import settings, but that is a planned feature that will likely be implemented in the next few months:
https://redmine.stoutner.com/issues/23
https://www.stoutner.com/category/roadmap/
Of course, if you have root access, you can use a program like Titanium Backup to backup and restore the bookmarks and settings.
It is also now possible to get F-Droid to include the original APK with my signature on their platform using reproducible builds. As far as I know this was not an option when I first uploaded Privacy Browser to F-Droid. Switching to it now would cause difficulty for those who already have Privacy Browser from F-Droid installed because they would no longer be able to update. So at a minimum I would want to have the ability to backup and restore bookmarks before implementing reproducible builds. Also, there is some infrastructure that would be required. I have not made a complete decision about reproducible builds for F-Droid, but it is likely that at some point in the future I will implement them.
https://f-droid.org/docs/Reproducible_Builds/
https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds

Thank You for answer. So now I'm really waiting for import/export option!

CubaoX said:
Thank You for answer. So now I'm really waiting for import/export option!
Click to expand...
Click to collapse
The next release, version 2.8, will likely be the last release in the first half of the 2.x series. Version 2.9 will move to the second half of the 2.x series and introduce the dangerous file permissions. Once those permissions are added, the features will be implemented to make the default download location public, allow uploading of files to webpages, and export and import of bookmarks and settings, likely in that order.

Privacy Browser 2.7.1 has been released.
Changelog:
• Fix a crash when editing a bookmark in the new bookmarks drawer.
There is a blog post with further information.

Privacy-Focused, Open-Source apps alternatives & unwanted content blocking

Privacy-Focused, Open-Source apps alternatives & unwanted content blocking
Useful apps, alternatives, solutions, unwanted content blocking - discussion and ideas​
Additional Information:
If you use xda app It's recommend to launch this thread in browser - BBCode doesn't work properly. I used it a lot...
I created thread for everyone that want to use some apps alternatives which may be better for your privacy.
I'm not paid, I don't promote any apps or products I don't suggest anything (e.g. these apps are bad), I just share information from what I or others found.
You choose what apps you use, I'm not responsible for any of them or for influence on your choice.
You choose what you block and what is "unwanted content" for you.
I do it in my spare time, so do not expect everyday updates and fast news.
Apps Alternatives for the most common solutions
of course, there are more, here I picked only some of them, for people who don't want to search whole internet and read separated articles.
You may also make a glance into post #6 for lightweight apps collection prepared by HemanthJabalpuri
If app pledges to respect privacy I write green RP
If app needs root (super user) permission to work I write red SU (It doesn't include additional features after granting) because you have a choice
If app uses root for additional features, that are not required I write orange SUF
If app is open source I write blue OS (check I want something more if you want know what role it plays)
If app is "pay to use" I write yellow PTU It doesn't include in app additional purchases, because you have a choice to use basic form or more advanced.
If app has additional features paid I write orange PF ​
Keyboards:
AOSP keyboard - often included in aosp-based os. [ OS ]
show image
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
AnySoftKeyboard - really good customizable keyboard with language packs and gesture typing support [ OS ]
show image
SMS & MMS:
Silence - messaging app with encryption [ OS ]
show image
Video Conferences:
Jitsi Meet - encrypted meeting app [ OS ]
show image
Browsers:
Firefox - browser with add-ons that may help you. If you think, that Firefox is slow especially on android, check
this version Helpful add-ons: NoScript, Ublock Origin, privacy badger, privacy possum, decentraleyes [ OS ]
show image
Onion Browser
Mail:
Tutanota - free e-mail app with encryption [ OS , PF ]
show image
ProtonMail - free encrypted email service, free plan is worse than tutanota's one but someone may find it better [ OS , PF ]
K-9 Mail - POP IMAP Mail Client [ OS ]
FairEmail Client [Downloads from F-droid or playstore]
Chat:
Matrix is an open source project that publishes the
Matrix open standard for secure, decentralized, real-time communication, and its Apache licensed
reference implementations.
Click to expand...
Click to collapse
I got quote from their site additional info: you can either host your own or use public ones.
Element - most advanced client of matrix server [ OS ]
show image
If you don't like elements look, you can use other client like Fluffychat but there are not all features available. Add this repository to F-droid or Aurora Droid to download, or download it from play store[ OS ]
show image
Pattle - other matrix client [ OS ]
show image
MiniVector - other matrix client [ OS ]
show image
Tensor - other matrix client [ OS ]
Rocket.chat - encrypted chat [ OS ]
aTox - TOX client - encrypted p2p chat [ OS ]
Briar - encryped p2p chat [ OS ]
Jami - encryped p2p chat [ OS ]
App store:
F-droid - AppStore.
"F-Droid is a robot with a passion for Free and Open Source (FOSS) software on the Android platform. On this site you’ll find a repository of FOSS apps, along with an Android client to perform installations and updates, and news, reviews and other features covering all things Android and software-freedom related."
Click to expand...
Click to collapse
- got this quote from their site so if you want to search for open-source apps for android, check their repository, and everything from there should be open-source! [ OS ]
show image
Aurora Droid - F-droid but with additional features, with other UI. If you want to download, scroll down and choose direct apk download [ OS ]
show image
Maps and Navigation:
OSMAnd Maps and navigation (can be offline) [ OS ]
show image
Calendar:
DAVx⁵ synchronized calendar [ OS ]
Social:
New Pipe - YouTube, SoundCloud replacement with additional features. [ OS ]
show image
SlimSocial - other Facebook client
Notepad & To-Do list:
Notepad [ OS ]
OpenTasks - Advanced To-Do list [ OS ]
Launcher:
Lawnchair - simple similar to pixel launcher [ OS ]
show image:
Privacy protecting apps:
Xprivacy - choose to successfully block permission and spoof data [ SU , ]
show image
XprivacyLua - continuation of Xprivacy for newer android. [ SU , PF , ]
show image
Exodus - Show trackers and permissions from other installed apps (inbuilt in Aurora store) [ OS ]
TrackerControl - allows users to monitor and control the widespread, ongoing, hidden data collection in mobile apps about user behaviour ('tracking'). [ OS ]
Warden - app from the developer of Aurora Store that lets you disable trackers/loggers [ SU, OS ]
ClassyShark3xodus - Checks apps for code signatures of known trackers (provided by Exodus).Also can list all classes for launchable (via the app drawer) packages. [OS]
Multimedia:
VLC - media player [ OS ]
show image
e-book Reader:
KOReader [ OS ]
Alreader - I have to check if it's open source, but it "respects privacy" RP
[/list]
Unwanted content blocking
include: Ads, adware, malware, pornsites blocking
For rooted devices
Adaway app where you can add external hostlists and whitelist/blacklist your choices. It supports Wildcard characters * and ?.
For not rooted devices
Blokada App
AdGuard
Self hosted vpn with set pihole as a DNS check Want know something more? if you want know how it works
Host Lists
Steven Black Steven Black Host (in different variants)
Energized protection (in different variants)
Cryptocurrency digger blocker
"Peters love"
Dans Pollocks host file
AdAway host file
MVPS
HP Host
Goodbye Ads by Jerryn70
YT ads
Other - list of recommended pi-hole hosts (scroll down), some of them are unfortunately discontinued.
Other package same as above
Source: blokada.org app and projects on github
I want more!
Here will be explanations, sources, experiments and other useful information.
Why using open-source apps are good?
Open-source software (OSS) is a type of computer software in which source code is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software to anyone and for any purpose. Open-source software may be developed in a collaborative public manner.
Click to expand...
Click to collapse
(copied from Wikipedia) So what does it mean for every of us? We are able to check code if there may be something unwanted e.g. trackers. The question is: does anyone really do that? Yeah... However It's better when you can do that and it's not forbidden by license or any law. Now compare it with closed-source, really long, unclear licenses. (Don't understand me wrong - I do not point any of company).
how DNS ads blocking works? - It's really smart. You have to know what is DNS So basically pihole is DNS server which doesn't allow ads servers to be loaded. The problem is that it works in your local network. that's why you have to have VPN. With VPN your internet traffic will be going through your local network, so pihole DNS will be found and ads will be blocked (not loaded). If you want some guide how to set up it, write down here, or just type it helpful things you should know something about: DNS, pihole, pivpn, openvpn, wireguard, raspberrypi, ubuntu server, ssh, port forwarding, unattended upgrades.
Is it possible to flash Linux instead Android? Do Linux preinstalled smartphones exist?
Yes! You should be able to replace android on certain smartphones. Check PostmarketOS and Ubuntu Touch and SalfishOS Write down here if you want some PostmarketOS installation tips for newbies (everything you need you should find in their Wiki page)
There are only three Linux designed phones check Librem 5, VollaPhone and PinePhone. PinePhone sholud have maintain Linux kernel!
OK, I want linux on my phone now! - Check if you have compatible device with Ubuntu Touch or PostmarketOS and proceed with steps in installation guide. You need unlocked bootloader and ADB on your computer
There might be a problem... - Many apps are just WebApps, not fully working, without some features like push notification. Look into OpenStore - official Ubuntu touch appstore and search for what you need.
Tutanota is PF!? What are limitations? - Yes, on their site you have choice to have free account which has some limitations... for now [2020/07.05] 1GB space, one account, one calendar, possibility to log in app to one account. Second thing is you are "forced" to use their app their UI because If I'm not wrong they don't provide POP or IMAP. However it's usable
Other Tips to save privacy
Stay offline when you can. (whenever you don't trust the provider)
Become self-hoster. You can easily and ethically replace some services like online drives, music streaming clients, DNS.
Mix your data, don't allow to be identified by one email, one name, one account everywhere. (Of course if Terms allows)
Use proxies, Onion Routing, VPNs,
Dont' be lazy and read the terms of use, privacy policies when you feel something is wrong. be aware of different types of licenses.
Search for alternatives. There are always some. You can use: https://alternativeto.net to find app with open-source license.
Feel free to suggest what apps may be good for privacy, post your observation, app pros and cons
I collect information in 1st post, and make up "Changelog" in second post.
Sometimes I make mistakes, please forgive me and correct by sending pm. ​

Important Notice - Since I moved to Linux Smartphone I won't be searching for new android apps, maybe occasionally (and for cross-platform). Then, you can help! I'll update
Changelog
2021.02.22
#8 apps update, #7 mistake corrected, thanks, added tox, briar, jami
2020.12.22
Cosmetic changes, #6 request applied. Added Tips under I want more section. BBCode correction.
2020.11.15
Added FairEmail to the list, Thanks to @mrrocketdog
2020.07.26
Updated Host list - deleted HP host added YT ads
2020.07.25
Updated Riot.im and riotX - they changed to Element. See: https://element.io
2020.07.08
Added OpenTasks, Exodus, K-9 Mail.
2020.07.05
Organized by section like jitsi meet ==> meeting apps, added some pictures, added launcher app, added marks orange r and orange p, assigned marks to known apps, added two quotes about f-droid and matrix.org server, probably something more that I forgot to write here ...
2020.06.27
Updated Energized link, added anysoftkeyboard
2020.06.18
Topic change
2020.05.06
Topic Creation and UI improvements, BBcode "hide" doesn't work in XDA Labs app

stop tracking
Hello
It seems that the technology products produced are in it a tool to track users on different levels. Big guys want to exploit that more because they have many partners that pay for it.
I don't want to be a negative person, but if the technology manufacturer installs an eavesdropping tool or tracks a user through device activities, it's hard to prevent this, instead only may be unused.
Or maybe you say we use some ad blocking software (but we are being followed by another party).
Or accept using and getting used to the things that happen to avoid becoming more negative. :angel:

innguyengia said:
Hello
It seems that the technology products produced are in it a tool to track users on different levels. Big guys want to exploit that more because they have many partners that pay for it.
I don't want to be a negative person, but if the technology manufacturer installs an eavesdropping tool or tracks a user through device activities, it's hard to prevent this, instead only may be unused.
Or maybe you say we use some ad blocking software (but we are being followed by another party).
Or accept using and getting used to the things that happen to avoid becoming more negative. :angel:
Click to expand...
Click to collapse
Thank you for fast reply.

https://forum.xda-developers.com/showthread.php?t=3824168
should definitely be on the list. damn impressive maintainer also , @M66B.

I am also maintaining some apps list, but those are lightweight https://forum.xda-developers.com/t/lightweight-apps.3803885/
For offline working apps, I use the following equation No Internet Permission = 100% secure and privacy-focused
I will give suggestions here too.

BigBrother84 said:
Rocket.chat - encrypted chat
Click to expand...
Click to collapse
you can add OS there (on page it says Why open source? and code on github

BigBrother84 said:
Privacy protecting apps:
Click to expand...
Click to collapse
Can please also add TrackerControl from https://f-droid.org/en/packages/net.kollnig.missioncontrol.fdroid/
Also Warden at https://www.xda-developers.com/warden-open-source-app-aurora-store-disable-trackers-loggers/
and ClassyShark3xodus at https://f-droid.org/en/packages/com.oF2pks.classyshark3xodus/
Thanks

[GUIDE] GrapheneOS's Sandboxed Play services in your ROM

I loved to hear about GrapheneOS's Sandboxed Play services that allow running Google Play services as regular sandboxed apps. I don't own a google phone and am using LOS18.1. Unfortunately it seems LineageOS won't integrate the feature (see reddit).
That's why I looked for the corresponding commits in GrapheneOS, adopted them for LineageOS 18.1 (almost everything could be auto-merged) and used LOS4mG's docker CI/CD to build LOS18.1 with GrapheneOS's compatibility layer.
I don't want to release ROMs myself, but am just leaving the project here: https://github.com/sn-00-x/lineage-gmscompat
The docker image is on docker hub so you could build LOS18.1 by simply running the image sn00x/docker-lineage-cicd (set env vars and volumes as explained here). Or grab the patches here and apply yourself.

I'm very very sorry.. I have troubles building.. in fact I never got a build to succeed and didn't need much custom work anyway. But this one from your docker, I tried for two days, and there are always errors as I'm not experienced... You'd be VERY generous to build a 18.1 from your docker with the sandboxed gms patches for Pixel 4 (flame). That would be very kind of yours !! Thanks in advance

aibos said:
I'm very very sorry.. I have troubles building.. in fact I never got a build to succeed and didn't need much custom work anyway. But this one from your docker, I tried for two days, and there are always errors as I'm not experienced... You'd be VERY generous to build a 18.1 from your docker with the sandboxed gms patches for Pixel 4 (flame). That would be very kind of yours !! Thanks in advance
Click to expand...
Click to collapse
You can install GrapheneOS on Pixel 4, why would you want to use LOS 18.1?

To use VPN Tethering.

I'm pretty sure there are issues with some indexes with some of the following patch files, related to "strings.xml".
0005-gmscompat-Keep-GMS-services-alive-by-converting-to-f.patch
0015-gmscompat-Make-notification-channel-more-user-friend.patch
0016-gmscompat-Improve-foreground-service-notification-UX.patch
I get this error:
Code:
"error: invalid file path 'frameworks/base/core/res/res/values/strings.xml.orig'."
I dont know how to troubleshoot this. Any suggestion/fix?

Hello. Trying to do this same thing to lineage 19 for pixel 5....I can just merge this code into my repo and build?

Must you have signature spoofing for SPS?

It's sad when a talented dev disappears.. :'(

I am trying to take up where he left off. I will be attempting to patch this into Lineage 19 when I get off of work tonight.

That's why it's sad when a talented dev disappear...

Because then, nothing happens

Linking previous about GMS_Comapt by @sn00x here: https://forum.xda-developers.com/t/sandboxed-play-services.4341085/
I'd talks with GrapheneOS dev on twitter and reproducing them here for more insights:
> Can gms_compat be made available to use by everyone? I really want that to be implemented on LineageOS but that's not possible as they straight away rejected the request.
Is gms_compat device specific? If not, can it developed as a Magisk moduleso that installing that allows users to install GApps without actually flashing them in the first place?
Thank you.
> it's not device specific at all
> it could be easily ported elsewhere at least once the changes are squashed
> Can you elaborate a bit about these in case of the time permits? Squashing changes? You mean merging of commits?
> https://github.com/GrapheneOS/platform_libcore/commit/8d4383d15f9baed7665dbb459b29567e729b166d
> here's the simplified libcore changes, for example
> will be doing frameworks/base next
> Sandboxed Google Play compatibility layer (gmscompat):
Add support for loading DEX files from "/proc/self/fd" APK paths · GrapheneOS/[email protected]
Needed to load code from the Google Play services' Dynamite APK modules, which are available only by the file descriptor reference.
github.com
gmscompat: linker: Add support for opening zip files by fd paths · GrapheneOS/[email protected]
In some cases, it can be useful to load libraries from zip files that are only available by fd reference. For example, file descriptors of APKs containing native libraries may be sent via Binder IP...
github.com
add GmsCompat app · GrapheneOS/[email protected]
Make Build System (being phased out upstream). Contribute to GrapheneOS/platform_build development by creating an account on GitHub.
github.com
gmscompat: add compatibility layer for unprivileged GMS · GrapheneOS/[email protected]
Originally authored by Danny Lin <[email protected]> for inclusion in GrapheneOS. It has since been substantially extended and rewritten by Dmitry Muhomor <[email protected]> (pr...
github.com
gmscompat: support for Dynamite modules · GrapheneOS/[email protected]
Authored by Danny Lin <[email protected]> and Dmitry Muhomor <[email protected]> for inclusion in GrapheneOS. Commit history: Before June 2022: https://github.com/GrapheneOS/pl...
github.com
https://github.com/GrapheneOS/platform_packages_apps_GmsCompat
https://github.com/GrapheneOS/platf...mmit/550842c62ac693234b38fcaa0ed30692fae1873b
do not allow disabling GmsCompat app · GrapheneOS/[email protected]
Apps will break if it's disabled, handling this case in code increases complexity unnecessarily.
github.com
gmscompat: Add ConnectivityManager hook for baseline compatibility · GrapheneOS/[email protected]
This is part of GmsCompat's baseline compatibility for unprivileged Google Play Services. Change-Id: I3e87706f1f3b87c0af9d00f6ce92144469596f8c
github.com
gmscompat: restart GMS processes when permission gets granted · GrapheneOS/[email protected]
Contribute to GrapheneOS/platform_packages_modules_Permission development by creating an account on GitHub.
github.com
gmscompat: Add WifiManager hooks for baseline compatibility · GrapheneOS/[email protected]
This is part of GmsCompat's baseline compatibility for unprivileged Google Play Services. Change-Id: I2f56a47a6a732d6a73531c7f80aca69065a88c38
github.com
gmscompat: allow harmless COLUMN_NOTIFICATION_CLASS · GrapheneOS/[email protected]
Contribute to GrapheneOS/platform_packages_providers_DownloadProvider development by creating an account on GitHub.
github.com
Pixel eSIM management app integration:
https://github.com/GrapheneOS/platf...mmit/be60cb05013a1fb61675f21c705ddbef296f221a
https://github.com/GrapheneOS/platf...mmit/4c4a2f0df9c53eaf22b7add0305f0bfaac46695c
> this is the list of commits now
> after it has been squashed / cleaned up
> Thank you very much for more detailed info. I'll try my level best analyse and learn from these.
Based on this, I believe that, instead of making GMS_Compat just available for LineageOS, we can make it a module that can be flashed wither with Magisk or Recovery making it available for everyone as it is **NOT** device specific..

@sn00x This is awesome!
Has anyone tried this with lineage 19 ?
Also do OTA updates work?

Hi, I am trying to build a rom and wanted to include the graphene os sandboxed google play. I have never built a rom before, do I need to sync your repo into one of the folders where I have my rom files?
Not sure if this is relevant, but I am trying to build for AOSP for Sony Xperia

GMScompat is a big joke and just a fig leaf: Making Googleapps third party apps does not do much, except for giving user a false sense of security. As long as you install GMS framework and apps, they use intents to interact with AOSP, as well as system processes to do what they were designed to do - to spy on users.. The only way to remove such intents is to modify those application's sources, which is NOT possible, because they are closed source.

optimumpro said:
GMScompat is a big joke and just a fig leaf: Making Googleapps third party apps does not do much, except for giving user a false sense of security. As long as you install GMS framework and apps, they use intents to interact with AOSP, as well as system processes to do what they were designed to do - to spy on users.. The only way to remove such intents is to modify those application's sources, which is NOT possible, because they are closed source.
Click to expand...
Click to collapse
Why is this a joke? You are completely missing the point of what gmscompat is trying to achieve: to make using gms more private and secure. The best example is that with gmscompat google cannot access device identifiers auch as imei for example. Plus, as the name suggests, google cannot escape the app sandbox anymore. it doesn't have any special permissions anymore. speaking of permissions, you can revoke any permission of the google apps thanks to gmscompat.

as i am totally intersted into this subject using and following every rom that implement this feature ( sparkos voltageos yaap os etc)
recently the gmscompat fail to start and from my search thegraphene os team make it more difficult to launch needs frequent update of gmscompat.apk and config which is nesserory to make it work
from the bigining the grahene os team doesnt want to make it to other than thier os and pixel devices

drsanusi said:
as i am totally intersted into this subject using and following every rom that implement this feature ( sparkos voltageos yaap os etc)
recently the gmscompat fail to start and from my search thegraphene os team make it more difficult to launch needs frequent update of gmscompat.apk and config which is nesserory to make it work
from the bigining the grahene os team doesnt want to make it to other than thier os and pixel devices
Click to expand...
Click to collapse
When I was using Poco F3 I had SparkOS installed as a "warmup" for Pixel and GrapheneOS. The ROM is a good replacement for anyone who wants this experience of sandboxed play services, but it lacks a lot of stuff from the GrapheneOS. And also it lacks polished default apps. Thankfully you can disable them and install your own though...

hellcat50 said:
Why is this a joke? You are completely missing the point of what gmscompat is trying to achieve: to make using gms more private and secure. The best example is that with gmscompat google cannot access device identifiers auch as imei for example. Plus, as the name suggests, google cannot escape the app sandbox anymore. it doesn't have any special permissions anymore. speaking of permissions, you can revoke any permission of the google apps thanks to gmscompat.
Click to expand...
Click to collapse
Permissions and intents are contained in app's Manifest, as well as in app's code. Google certificates, which recognize Gapps as native are in AOSP code. So, regardless of where the app is installed, it can go around 'compatibility' layers and do their thing, i.e. collect user data.
The only proper way to get rid of higher level permissions is to modify Gapps' code, which is impossible.

optimumpro said:
Permissions and intents are contained in app's Manifest, as well as in app's code. Google certificates, which recognize Gapps as native are in AOSP code. So, regardless of where the app is installed, it can go around 'compatibility' layers and do their thing, i.e. collect user data.
The only proper way to get rid of higher level permissions is to modify Gapps' code, which is impossible.
Click to expand...
Click to collapse
Sorry but i call bs on that. Do you have any sources to claim that?

[Rom][GrapheneOS]Android 12][AOSP][UNOFFICIAL]

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Features overview​GrapheneOS is a private and secure mobile operating system with great functionality and usability. It starts from the strong baseline of the Android Open Source Project (AOSP) and takes great care to avoid increasing attack surface or hurting the strong security model. GrapheneOS makes substantial improvements to both privacy and security through many carefully designed features built to function against real adversaries. The project cares a lot about usability and app compatibility so those are taken into account for all of our features.
GrapheneOS is focused on substance rather than branding and marketing. It doesn't take the typical approach of piling on a bunch of insecure features depending on the adversaries not knowing about them and regressing actual privacy/security. It's a very technical project building privacy and security into the OS rather than including assorted unhelpful frills or bundling subjective third party apps choices.
GrapheneOS is also hard at work on filling in gaps from not bundling Google apps and services into the OS. We aren't against users using Google services but it doesn't belong integrated into the OS in an invasive way. GrapheneOS won't take the shortcut of simply bundling a very incomplete and poorly secured third party reimplementation of Google services into the OS. That wouldn't ever be something users could rely upon. It will also always be chasing a moving target while offering poorer security than the real thing if the focus is on simply getting things working without great care for doing it robustly and securely.
This page provides an overview of currently implemented features differentiating GrapheneOS from AOSP. It doesn't document our many historical features that are no longer included for one reason or another. Many of our features were implemented in AOSP, Linux, LLVM and other projects GrapheneOS is based on and those aren't listed here. In many cases, we've been involved in getting those features implemented in core infrastructure projects.
GrapheneOS​
Partial list of GrapheneOS features beyond what AOSP 12 provides:
Hardened app runtime
Stronger app sandbox
Hardened libc providing defenses against the most common classes of vulnerabilities (memory corruption)
Our own hardened malloc (memory allocator) leveraging modern hardware capabilities to provide substantial defenses against the most common classes of vulnerabilities (heap memory corruption) along with reducing the lifetime of sensitive data in memory. The hardened_malloc README has extensive documentation on it. The hardened_malloc project is portable to other Linux-based operating systems and is being adopted by other security-focused operating systems like Whonix. Our allocator also heavily influenced the design of the next-generation musl malloc implementationwhich offers substantially better security than musl's previous malloc while still having minimal memory usage and code size.
Fully out-of-line metadata with protection from corruption, ruling out traditional allocator exploitation
Separate memory regions for metadata, large allocations and each slab allocation size class with high entropy random bases and no address space reuse between the different regions
Deterministic detection of any invalid free
Zero-on-free with detection of write-after-free via checking that memory is still zeroed before handing it out again
Delayed reuse of address space and memory allocations through the combination of deterministic and randomized quarantines to mitigate use-after-free vulnerabilities
Fine-grained randomization
Aggressive consistency checks
Memory protected guard regions around allocations larger than 16k with randomization of guard region sizes for 128k and above
Allocations smaller than 16k have guard regions around each of the slabs containing allocations (for example, 16 byte allocations are in 4096 byte slabs with 4096 byte guard regions before and after)
Random canaries with a leading zero are added to these smaller allocations to block C string overflows, absorb small overflows and detect linear overflows or other heap corruption when the canary value is checked (primarily on free)
Hardened compiler toolchain
Hardened kernel
Support for dynamically loaded kernel modules is disabled and the minimal set of modules for the device model are built into the kernel to substantially improve the granularity of Control Flow Integrity (CFI) and reduce attack surface.
4-level page tables are enabled on arm64 to provide a much larger address space (48-bit instead of 39-bit) with significantly higher entropy Address Space Layout Randomization (33-bit instead of 24-bit).
Random canaries with a leading zero are added to the kernel heap (slub) to block C string overflows, absorb small overflows and detect linear overflows or other heap corruption when the canary value is checked (on free, copies to/from userspace, etc.).
Memory is wiped (zeroed) as soon as it's released in both the low-level kernel page allocator and higher level kernel heap allocator (slub). This substantially reduces the lifetime of sensitive data in memory, mitigates use-after-free vulnerabilities and makes most uninitialized data usage vulnerabilities harmless. Without our changes, memory that's released retains data indefinitely until the memory is handed out for other uses and gets partially or fully overwritten by new data.
Kernel stack allocations are zeroed to make most uninitialized data usage vulnerabilities harmless.
Assorted attack surface reduction through disabling features or setting up infrastructure to dynamically enable/disable them only as needed (perf, ptrace).
Assorted upstream hardening features are enabled, including many which we played a part in developing and landing upstream as part of our linux-hardened project (which we intend to revive as a more active project again).
Prevention of dynamic native code execution in-memory or via the filesystem for the base OS without going via the package manager, etc.
Filesystem access hardening
Enhanced verified boot with better security properties and reduced attack surface
Enhanced hardware-based attestation with more precise version information
Eliminates remaining holes for apps to access hardware-based identifiers
Greatly reduced remote, local and proximity-based attack surface by stripping out unnecessary code, making more features optional and disabling optional features by default (NFC, Bluetooth, etc.), when the screen is locked (connecting new USB peripherals, camera access) and optionally after a timeout (Bluetooth, Wi-Fi)
Option to disable native debugging (ptrace) to reduce local attack surface (still enabled by default for compatibility)
Low-level improvements to the filesystem-based full disk encryption used on modern Android
Support for logging out of user profiles without needing a device manager: makes them inactive so that they can't continue running code while using another profile and purges the disk encryption keys (which are per-profile) from memory and hardware registers
Option to enable automatically rebooting the device when no profile has been unlocked for the configured time period to put the device fully at rest again.
Improved user visibility into persistent firmware security through version and configuration verification with reporting of inconsistencies and debug features being enabled.
Support longer passwords by default (64 characters) without a device manager
Stricter implementation of the optional fingerprint unlock feature permitting only 5 attempts rather than 20 before permanent lockout (our recommendation is still keeping sensitive data in user profiles without fingerprint unlock)
Support for using the fingerprint scanner only for authentication in apps and unlocking hardware keystore keys by toggling off support for unlocking.
PIN scrambling option
LTE-only mode to reduce cellular radio attack surface by disabling enormous amounts of legacy code
Per-connection MAC randomization option (enabled by default) as a more private option than the standard persistent per-network random MAC.
When the per-connection MAC randomization added by GrapheneOS is being used, DHCP client state is flushed before reconnecting to a network to avoid revealing that it's likely the same device as before.
Improved IPv6 privacy addresses to prevent tracking across networks
Vanadium: hardened WebView and default browser — the WebView is what most other apps use to handle web content, so you benefit from Vanadium in many apps even if you choose another browser
Hardware-based security verification and monitoring: the Auditor app app and attestation service provide strong hardware-based verification of the authenticity and integrity of the firmware/software on the device. A strong pairing-based approach is used which also provides verification of the device's identity based on the hardware backed key generated for each pairing. Software-based checks are layered on top with trust securely chained from the hardware. For more details, see the about page and tutorial.
PDF Viewer: sandboxed, hardened PDF viewer using HiDPI rendering with pinch to zoom, text selection, etc.
Encrypted backups via integration of the Seedvault app with support for local backups and any cloud storage provider with a storage provider app
Secure application spawning system avoiding sharing address space layout and other secrets across applications
Network permission toggle for disallowing both direct and indirect access to any of the available networks. The device-local network (localhost) is also guarded by this permission, which is important for preventing apps from using it to communicate between profiles. Unlike a firewall-based implementation, the Network permission toggle prevents apps from using the network via APIs provided by the OS or other apps in the same profile as long as they're marked appropriately.
The standard INTERNET permission used as the basis for the Network permission toggle is enhanced with a second layer of enforcement and proper support for granting/revoking it on a per-profile basis.
Sensors permission toggle: disallow access to all other sensors not covered by existing Android permissions (Camera, Microphone, Body Sensors, Activity Recognition) including an accelerometer, gyroscope, compass, barometer, thermometer and any other sensors present on a given device. To avoid breaking compatibility with Android apps, the added permission is enabled by default.
Authenticated encryption for network time updates via a first party server to prevent attackers from changing the time and enabling attacks based on bypassing certificate / key expiry, etc.
Proper support for disabling network time updates rather than just not using the results
Connectivity checks via a first party server with the option to revert to the standard checks (to blend in) or to fully disable them
Hardened local build / signing infrastructure
Seamless automatic OS update system that just works and stays out of the way in the background without disrupting device usage, with full support for the standard automatic rollback if the first boot of the updated OS fails
Require unlocking to access sensitive functionality via quick tiles
Minor changes to default settings to prefer privacy over small conveniences: personalized keyboard suggestions based on gathering input history are disabled by default, sensitive notifications are hidden on the lockscreen by default and passwords are hidden during entry by default
Minimal bundled apps and services. Only essential apps are integrated into the OS. We don't make partnerships with apps and services to bundle them into the OS. An app may be the best choice today and poor choice in the future. Our approach will be recommending certain apps during the initial setup, not hard-wiring them into the OS.
No Google apps and services. These can be used on GrapheneOS but only if they avoid requiring invasive OS integration. Building privileged support for Google services into the OS isn't something we're going to be doing, even if that's partially open source like microG.
Compatibility layer for coercing user installed Google Play services into running as sandboxed apps without any special privileges.
Fixes for multiple serious vulnerabilities not yet fixed upstream due to a flexible release cycle / process prioritizing security.
Services​Service infrastructure features:
Strict privacy and security practices for our infrastructure
Unnecessary logging is avoided and logs are automatically purged after 10 days
Services are hosted entirely via our own dedicated servers and virtual machines from OVH without involving any additional parties for CDNs, SaaS platforms, mirrors or other services
Our services are built with open technology stacks to avoid being locked in to any particular hosting provider or vendor
Open documentation on our infrastructure including listing out all of our services, guides on making similar setups, published configurations for each of our web services, etc.
No proprietary services
Authenticated encryption for all of our services
Strong cipher configurations for all of our services (SSH, TLS, etc.) with only modern AEAD ciphers providing forward secrecy
Our web sites do not include any third party content and entirely forbid it via strict Content Security Policy rules
Our web sites disable referrer headers to maximize privacy
Our web sites fully enable cross origin isolation and disable embedding in other content
DNSSEC implemented for all of our domains to provide a root of trust for encryption and authentication for domain/server configuration
DNS Certification Authority Authorization (CAA) records for all of our domains permitting only Let's Encrypt to issue certificates with fully integrated support for the experimental accounturi and validationmethods pinning our Let's Encrypt accounts as the only ones allowed to issue certificates
DANE TLSA records for pinning keys for all our TLS services
Our mail server enforces DNSSEC/DANE to provide authenticated encryption when sending mail including alert messages from the attestation service
SSHFP across all domains for pinning SSH keys
Static key pinning for our services in apps like Auditor
Our web services use robust OCSP stapling with Must-Staple
No persistent cookies or similar client-side state for anything other than login sessions, which are set up via SameSite=strict cookies and have server-side session tracking with the ability to log out of other sessions
scrypt-based password hashing (likely Argon2 when the available implementations are more mature)
Project​Beyond the technical features of the OS:
Collaborative, open source project with a very active community and contributors
Can make your own builds and make desired changes, so you aren't stuck with the decisions made by the upstream project
Non-profit project avoiding conflicts of interest by keeping commercialization at a distance. Companies support the project rather than the project serving the needs of any particular company
Strong privacy policies across all our software and services
Proven track record of the team standing up against attempts to compromise the integrity of the project and placing it above personal gain
Click to expand...
Click to collapse
Installation Instruction and downloads
​Dwonload for pixel 5 and other Releases
https://grapheneos.org/releases
GrapheneOS has two officially supported installation methods. You can either use the WebUSB-based installer recommended for most users or the command-line installation guide aimed at more technical users.
We strongly recommend using one of the official installation methods. Third party installation guides tend to be out-of-date and often contain misguided advice and errors.
If you have trouble with the installation process, ask for help on the official GrapheneOS chat channel. There are almost always people around willing to help with it. Before asking for help, make an attempt to follow the guide on your own and then ask for help with anything you get stuck on.
The command-line approach offers a way to install GrapheneOS without trusting our server infrastructure. This requires being on an OS with proper fastboot and signify packages along with understanding the process enough to avoid blindly trusting the instructions from our site. For most users, the web-based installation approach is no less secure and avoids needing any software beyond a browser with WebUSB support.
For those who wants google play store apps please watch this video, Its not recommended but i use it myself on this rom.
GrapheneOS - Full Post Install Setup Guide - Maximize Security and Privacy On Your Android Phone
Source code
https://github.com/GrapheneOS
https://github.com/GrapheneOS/kernel_google_redbull
https://github.com/GrapheneOS/device_google_redfin-kernel
https://github.com/GrapheneOS/device_google_redfin
Credits and Thanks
We would like to give thanks to everyone in the Android community, big or small.
That said, we would like to Thank all These Teams for their contribution to the Open Source Community. Special Thanks to Daniel Micay
MOD EDIT: This is an UnOfficial thread and isn't run by the GrapheneOS team​

times out and doesn't flash "system"

jorgeccastro said:
times out and doesn't flash "system"
Click to expand...
Click to collapse
Follow the instructions properly it will flash I am using it right now.
What method did you use to flash the rom?
Use web installer it's easy.

I want to say thank you so much for all of the work on this ROM, it is awesome!
Has anybody gotten root to work on this? I tried patching the boot.img with Magisk, but after I flash the patched boot.img, the bootloader says it can't find a valid operating system?

jailbird2 said:
I want to say thank you so much for all of the work on this ROM, it is awesome!
Has anybody gotten root to work on this? I tried patching the boot.img with Magisk, but after I flash the patched boot.img, the bootloader says it can't find a valid operating system?
Click to expand...
Click to collapse
The whole point of this rom is security haha so no root only pure security and bootloader will be locked if you followed the instructions.

SyntaxError said:
The whole point of this rom is security haha so no root only pure security and bootloader will be locked if you followed the instructions.
Click to expand...
Click to collapse
Yep, I know. As the phone mainly stays connected in my vehicle, I was using a framework that allowed me to trigger actions when the charging power comes on (eg, vehicle is started) and goes away (vehicle is turned off). I was hoping to be able to keep that AND keep the extra security .
I completely understand though, thanks!

jailbird2 said:
Yep, I know. As the phone mainly stays connected in my vehicle, I was using a framework that allowed me to trigger actions when the charging power comes on (eg, vehicle is started) and goes away (vehicle is turned off). I was hoping to be able to keep that AND keep the extra security .
I completely understand though, thanks!
Click to expand...
Click to collapse
Aha well there are certain things we have to sacrifice lol for security sake.

SyntaxError said:
Follow the instructions properly it will flash I am using it right now.
What method did you use to flash the rom?
Use web installer it's easy.
Click to expand...
Click to collapse
oh ok, thanks for that info. i was using a screwdriver and hammer...

how to install google playstore

look im going to be honest with you guys i use my phone as a daily driver and with out gapps its pointless to use this rom i need gapps to download my apps and to restore my info. and i all ready try to install gapps on this rom it doesnt work

williejack619 said:
look im going to be honest with you guys i use my phone as a daily driver and with out gapps its pointless to use this rom i need gapps to download my apps and to restore my info. and i all ready try to install gapps on this rom it doesnt work
Click to expand...
Click to collapse
Sorry mate, GrapheneOS is not meant to have any Google framework stuff in it. If you need such and at the same time want more privacy you might want to have a look at CalyxOS, at least there is an option to include microG. Have fun.

williejack619 said:
look im going to be honest with you guys i use my phone as a daily driver and with out gapps its pointless to use this rom i need gapps to download my apps and to restore my info. and i all ready try to install gapps on this rom it doesnt work
Click to expand...
Click to collapse
you can install fdroid and from fdroid install https://f-droid.org/en/packages/com.aurora.store/ and you can have all play store apps without any account or you can sign in and still retain your privacy.

beggar23 said:
Sorry mate, GrapheneOS is not meant to have any Google framework stuff in it. If you need such and at the same time want more privacy you might want to have a look at CalyxOS, at least there is an option to include microG. Have fun.
Click to expand...
Click to collapse
They've documented how to install Google services:
GrapheneOS usage guide
Usage instructions for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.
grapheneos.org

williejack619 said:
how to install google playstore
Click to expand...
Click to collapse
was this a troll?

xstrifey said:
was this a troll?
Click to expand...
Click to collapse
maybe lol

SyntaxError said:
The whole point of this rom is security haha so no root only pure security and bootloader will be locked if you followed the instructions.
Click to expand...
Click to collapse
The problem I have with not having root is that google backups suck. An example is google authenticator. It loses all settings and will force the user to redo every site where it was used for 2fa. I absolutely need the ability to restore my apps properly, and I currently use TitaniumBackup for that. I'm also playing around with 'Migrate', but both need root.

adamf663b said:
The problem I have with not having root is that google backups suck. An example is google authenticator. It loses all settings and will force the user to redo every site where it was used for 2fa. I absolutely need the ability to restore my apps properly, and I currently use TitaniumBackup for that. I'm also playing around with 'Migrate', but both need root.
Click to expand...
Click to collapse
I just don't understand why no one understands the meaning of privacy?
This rom is made for privacy and security without Google as in degoogled phone so no root access because the bootloader will be locked after flashing this rom.
And yes you can install play store apps my way or the official way and there is a link to that provided by @k0rner . And yes I understand backup and restoring from Google is a pain so just do a manual restore like I did if you want privacy and if you want root and Google services then this rom is not meant for you and to be used with Google services.

Can I change the aspect ratio to 16:9 in this custom rom?

works long press power turns flashlight on this rom ?

switcher said:
works long press power turns flashlight on this rom ?
Click to expand...
Click to collapse
No. It brings up the shutdown/reboot screen as seen in the stock image.

[APP][4.4+][v.9.33.31] Telegraher, a Telegram fork with blackjack and hookers

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hi folks it has been 9+ months that i consistently developing my telegram fork, "Telegraher with blackjack and hookers!"
The main idea is that vanilla TG client pretty annoying:
remote deletions
impossible to screenshot in greenchats
content restrictions
have too much privileges & tracking
So slowly i started to mod that client to make my own. I use Telegram official source as a base. I don't use Tg-FOSS cause author is pretty slow in updates. Also i don't use popular "cat-forks" cause i have "real life" and i hate x2 screen size tap menus.
I started from version 8.3.0 and 1st release was made for 8.3.1. While i'm writing this post we're on 8.8.5, so our internal version is look actual stuff section.
We're not in Izzy's repo (cause fork >30Mb), we're not on fdroid either because I don't want to depend on their CI/CD and their repo. We're on github and apps made by CI/CD and posted by github too. Then releases are picked up by the bot and send to our TG chat, from where i move them into the channel. Also i send a copy to Matrix (which i made as a backup since Telegram send us a strike in march'22, to loveletter to "Telegraher team"). And i move them also on my CDN with TOR access enabled, so folks can download files w/o JS and hide their IP as they want.
Why i did it for telegram and not for Matrix or XMPP, it's because i have lot of contacts on telegram. When my friends will leave TG i will leave it too. Also i love to piss-off telegram fanboys.
Main features are:
we're in bundle, 4 architectures and we work from android 4.4+ (early versions 4.1+)
no remote deletions at all (green chats & timed medias also)
no gapps, the app is FOSS (notifications are same like in Tg-FOSS, via notification badge cause since A8 OS can kill the app)
we have shadowban to shadowban people or channels you don't want to see
no content restrictions, also in greenchats (save all you want, but don't forward, 'cause forward if fully API function)
emulator detection is disabled
we have device spoofing (actually TG doesn't change devices pretty fast for active sessions, but you can change it globally and add an account)
the phone you type is "always active" and you have that simcard
we have session manager & unlimited multiacc (while you have memory, we're tested 80 accs easily).
wal is disabled for db, so no journal grow
we're on vanilla API keys & keep vanilla behaviour to avoid any client bans (we keep low profile, sending vanilla keys, package, vendor, codeversion & fingerprint also)
..and many other features what i added or picked somewhere (or community is asked me).
Application links:
Github repo, CI/CD releases (all is made here, the origin)
Gitlab repo, just synced from Github.
CDN releases and cloned repo also (manual copy here, front is Cloudflare, backed by AWS, if you care about your IP, use VPN or TOR)
Telegram resources: channel, chat, FAQ EN/RU & FAQ Persian.
Matrix resource: the space, chat & apks (after last incident with free oracle cloud we're lost local files, but i launched anotherone with same keys, server is in swiss)
"Press":
Techtracker.in (08/2022)
FAQ:
Can i be banned?
Officially - no. Telegram have 2 TOS: one for the users, another is for the devs. User TOS is the TOS you need to follow when you use the app. User TOS forbid `spam, scam, violence & porn`. This is an open-source fork which don't have hidden features to `spam, scam, violence & porn`. Dev TOS is the TOS which devs must follow when they develop the apps and use generated API keys. Telegraher as an app break the DEV TOS only & Telegraher use vanilla API keys. User TOS it's up to you!
Actual stuff:
Actual release is 9.33.31
.
.
if you face the issue "update your app it's too old" go here
About me:
I'm not an Android dev, but i code on Java, thats why i do what i do. I'm a russian and i live already 10y in France. My life & work c'est ici.
P.S. Telegraher there are no "p", it's not a "Telegrapher" and have nothing to do with.

Thank you for the fork !

Rush-er said:
Thank you for the fork !
Click to expand...
Click to collapse
my pleasure!

nikitasius said:
Hi folks it has been 9+ months that i consistently developing my telegram fork, "Telegraher with blackjack and hookers!"
The main idea is that vanilla TG client pretty annoying:
remote deletions
impossible to screenshot in greenchats
content restrictions
have too much privileges & tracking
So slowly i started to mod that client to make my own. I use Telegram official source as a base. I don't use Tg-FOSS cause author is pretty slow in updates. Also i don't use popular "cat-forks" cause i have "real life" and i hate x2 screen size tap menus.
I started from version 8.3.0 and 1st release was made for 8.3.1. While i'm writing this post we're on 8.8.5, so our internal version is 8.85.47 .
We're not in Izzy's repo (cause fork >30Mb), we're not on fdroid either because I don't want to depend on their CI/CD and their repo. We're on github and apps made by CI/CD and posted by github too. Then releases are picked up by the bot and send to our TG chat, from where i move them into the channel. Also i send a copy to Matrix (which i made as a backup since Telegram send us a strike in march'22, to loveletter to "Telegraher team"). And i move them also on my CDN with TOR access enabled, so folks can download files w/o JS and hide their IP as they want.
Why i did it for telegram and not for Matrix or XMPP, it's because i have lot of contacts on telegram. When my friends will leave TG i will leave it too. Also i love to piss-off telegram fanboys.
Main features are:
we're in bundle, 4 architectures and we work from android 4.1+
no remote deletions at all (green chats & timed medias also)
no gapps, the app is FOSS (notifications are same like in Tg-FOSS, via notification badge cause since A8 OS can kill the app)
we have shadowban to shadowban people or channels you don't want to see
no content restrictions, also in greenchats (save all you want, but don't forward, 'cause forward if fully API function)
emulator detection is disabled
we have device spoofing (actually TG doesn't change devices pretty fast for active sessions, but you can change it globally and add an account)
the phone you type is "always active" and you have that simcard
we have session manager & unlimited multiacc (while you have memory, we're tested 80 accs easily).
wal is disabled for db, so no journal grow
we're on vanilla API keys & keep vanilla behaviour to avoid any client bans (we keep low profile)
..and many other features what i added or picked somewhere (or community is asked me).
Application links:
Github repo, CI/CD releases (all is made here, the origin)
Gitlab repo, just synced from Github.
CDN releases and cloned repo also (manual copy here, front is Cloudflare, backed by AWS, if you care about your IP, use VPN or TOR)
Telegram resources: channel, chat, FAQ EN/RU & FAQ Persian.
Matrix resource: the space, chat & apks (after last incident with free oracle cloud we're lost local files, but i launched anotherone with same keys, server is in swiss)
"Press":
Techtracker.in (08/2022)
About me:
I'm not an Android dev, but i code on Java, thats why i do what i do. I'm a russian and i live already 10y in France. My life & work c'est ici.
P.S. Telegraher there are no "p", it's not a "Telegrapher" and have nothing to do with.
Click to expand...
Click to collapse
Thanks sir keep up the good work

AmirulAndalib said:
Thanks sir keep up the good work
Click to expand...
Click to collapse
thaaaanks

nikitasius said:
Hi folks it has been 9+ months that i consistently developing my telegram fork, "Telegraher with blackjack and hookers!"
The main idea is that vanilla TG client pretty annoying:
remote deletions
impossible to screenshot in greenchats
content restrictions
have too much privileges & tracking
So slowly i started to mod that client to make my own. I use Telegram official source as a base. I don't use Tg-FOSS cause author is pretty slow in updates. Also i don't use popular "cat-forks" cause i have "real life" and i hate x2 screen size tap menus.
I started from version 8.3.0 and 1st release was made for 8.3.1. While i'm writing this post we're on 8.8.5, so our internal version is 8.85.47 .
We're not in Izzy's repo (cause fork >30Mb), we're not on fdroid either because I don't want to depend on their CI/CD and their repo. We're on github and apps made by CI/CD and posted by github too. Then releases are picked up by the bot and send to our TG chat, from where i move them into the channel. Also i send a copy to Matrix (which i made as a backup since Telegram send us a strike in march'22, to loveletter to "Telegraher team"). And i move them also on my CDN with TOR access enabled, so folks can download files w/o JS and hide their IP as they want.
Why i did it for telegram and not for Matrix or XMPP, it's because i have lot of contacts on telegram. When my friends will leave TG i will leave it too. Also i love to piss-off telegram fanboys.
Main features are:
we're in bundle, 4 architectures and we work from android 4.1+
no remote deletions at all (green chats & timed medias also)
no gapps, the app is FOSS (notifications are same like in Tg-FOSS, via notification badge cause since A8 OS can kill the app)
we have shadowban to shadowban people or channels you don't want to see
no content restrictions, also in greenchats (save all you want, but don't forward, 'cause forward if fully API function)
emulator detection is disabled
we have device spoofing (actually TG doesn't change devices pretty fast for active sessions, but you can change it globally and add an account)
the phone you type is "always active" and you have that simcard
we have session manager & unlimited multiacc (while you have memory, we're tested 80 accs easily).
wal is disabled for db, so no journal grow
we're on vanilla API keys & keep vanilla behaviour to avoid any client bans (we keep low profile, sending vanilla keys, package, vendor, codeversion & fingerprint also)
..and many other features what i added or picked somewhere (or community is asked me).
Application links:
Github repo, CI/CD releases (all is made here, the origin)
Gitlab repo, just synced from Github.
CDN releases and cloned repo also (manual copy here, front is Cloudflare, backed by AWS, if you care about your IP, use VPN or TOR)
Telegram resources: channel, chat, FAQ EN/RU & FAQ Persian.
Matrix resource: the space, chat & apks (after last incident with free oracle cloud we're lost local files, but i launched anotherone with same keys, server is in swiss)
"Press":
Techtracker.in (08/2022)
FAQ:
Can i be banned?
Officially - no. Telegram have 2 TOS: one for the users, another is for the devs. User TOS is the TOS you need to follow when you use the app. User TOS forbid `spam, scam, violence & porn`. This is an open-source fork which don't have hidden features to `spam, scam, violence & porn`. Dev TOS is the TOS which devs must follow when they develop the apps and use generated API keys. Telegraher as an app break the DEV TOS only & Telegraher use vanilla API keys. User TOS it's up to you!
About me:
I'm not an Android dev, but i code on Java, thats why i do what i do. I'm a russian and i live already 10y in France. My life & work c'est ici.
P.S. Telegraher there are no "p", it's not a "Telegrapher" and have nothing to do with.
Click to expand...
Click to collapse
Niki u are everywhere.

Niki u are everywhere.

tyler19820201 said:
Niki you are everywhere.
Click to expand...
Click to collapse
Salut Tyler
yep, i was surprised that i did not had account here. I was visiting XDA for my nexus4 in 2013, but probably w/o making an account.
Also in more places i am - harder for TG to ban the project

nikitasius said:
Salut Tyler
yep, i was surprised that i did not had account here. I was visiting XDA for my nexus4 in 2013, but probably w/o making an account.
Also in more places i am - harder for TG to ban the project
Click to expand...
Click to collapse
Welcome on the board.

Brilliant , congrats for posting on xda.

Walden0 said:
Brilliant , congrats for posting on xda.
Click to expand...
Click to collapse
thanks !

nikitasius said:
Hi folks it has been 9+ months that i consistently developing my telegram fork, "Telegraher with blackjack and hookers!"
The main idea is that vanilla TG client pretty annoying:
remote deletions
impossible to screenshot in greenchats
content restrictions
have too much privileges & tracking
So slowly i started to mod that client to make my own. I use Telegram official source as a base. I don't use Tg-FOSS cause author is pretty slow in updates. Also i don't use popular "cat-forks" cause i have "real life" and i hate x2 screen size tap menus.
I started from version 8.3.0 and 1st release was made for 8.3.1. While i'm writing this post we're on 8.8.5, so our internal version is 8.85.47 .
We're not in Izzy's repo (cause fork >30Mb), we're not on fdroid either because I don't want to depend on their CI/CD and their repo. We're on github and apps made by CI/CD and posted by github too. Then releases are picked up by the bot and send to our TG chat, from where i move them into the channel. Also i send a copy to Matrix (which i made as a backup since Telegram send us a strike in march'22, to loveletter to "Telegraher team"). And i move them also on my CDN with TOR access enabled, so folks can download files w/o JS and hide their IP as they want.
Why i did it for telegram and not for Matrix or XMPP, it's because i have lot of contacts on telegram. When my friends will leave TG i will leave it too. Also i love to piss-off telegram fanboys.
Main features are:
we're in bundle, 4 architectures and we work from android 4.1+
no remote deletions at all (green chats & timed medias also)
no gapps, the app is FOSS (notifications are same like in Tg-FOSS, via notification badge cause since A8 OS can kill the app)
we have shadowban to shadowban people or channels you don't want to see
no content restrictions, also in greenchats (save all you want, but don't forward, 'cause forward if fully API function)
emulator detection is disabled
we have device spoofing (actually TG doesn't change devices pretty fast for active sessions, but you can change it globally and add an account)
the phone you type is "always active" and you have that simcard
we have session manager & unlimited multiacc (while you have memory, we're tested 80 accs easily).
wal is disabled for db, so no journal grow
we're on vanilla API keys & keep vanilla behaviour to avoid any client bans (we keep low profile, sending vanilla keys, package, vendor, codeversion & fingerprint also)
..and many other features what i added or picked somewhere (or community is asked me).
Application links:
Github repo, CI/CD releases (all is made here, the origin)
Gitlab repo, just synced from Github.
CDN releases and cloned repo also (manual copy here, front is Cloudflare, backed by AWS, if you care about your IP, use VPN or TOR)
Telegram resources: channel, chat, FAQ EN/RU & FAQ Persian.
Matrix resource: the space, chat & apks (after last incident with free oracle cloud we're lost local files, but i launched anotherone with same keys, server is in swiss)
"Press":
Techtracker.in (08/2022)
FAQ:
Can i be banned?
Officially - no. Telegram have 2 TOS: one for the users, another is for the devs. User TOS is the TOS you need to follow when you use the app. User TOS forbid `spam, scam, violence & porn`. This is an open-source fork which don't have hidden features to `spam, scam, violence & porn`. Dev TOS is the TOS which devs must follow when they develop the apps and use generated API keys. Telegraher as an app break the DEV TOS only & Telegraher use vanilla API keys. User TOS it's up to you!
About me:
I'm not an Android dev, but i code on Java, thats why i do what i do. I'm a russian and i live already 10y in France. My life & work c'est ici.
P.S. Telegraher there are no "p", it's not a "Telegrapher" and have nothing to do with.
Click to expand...
Click to collapse
Welcome to XDA and thanks for sharing!

orb3000 said:
Welcome to XDA and thanks for sharing!
Click to expand...
Click to collapse
Thaaanks!

Some folks facing the issue "update your app" on actual release.
If you read it and face it also, please share information about via reply to this message:
- phone model
- ROM
- how many telegram clients are running on that device already on same time while you're adding the acc to the graher.

nikitasius said:
Some folks facing the issue "update your app" on actual release.
If you read it and face it also, please share information about via reply to this message:
- phone model
- ROM
- how many telegram clients are running on that device already on same time while you're adding the acc to the graher.
Click to expand...
Click to collapse
Here is a video i did on old Nexus 4 running LOS with Android8 and no gapps.
I also have no issues on fresh install on Mi Mix 2 running LOS with Android11 also w/o gapps.
P.S. video made on linux using Kazaam, play it via VLC.

Interessing moments folks
This is github update 9.0.0 -> 9.0.1 https://github.com/DrKLO/Telegram/commit/11edd5ee0d924b8db0bd9b2460c7abdf664ad716
There are the part: code version changed from 2799 to 2800 and version also 9.0.0 to 9.0.1 (screenshot from github).
While on market 9.0.0 version had code 2800 and not a 2799 (screenshot from jadx).
Why could build 9.0.1 with vanilla keys on github with codeversion 2800 and 9.0.0 with same vanilla keys and codeversion on gplay?
I see only 2 reasons:
dev is ****edup the build on google
easypeasy way to detect ALL FORKS on vanilla keys, cause they will have codeversion 2800 for appversion 9.0.1
Just filter requests and ban all "bad forks":
vanilla keys
code 2800
app 9.0.1 and NOT 9.0.0

Release 8.85.48
ㅤbit changed login part
ㅤ.gitignore fix
ㅤyou can enable WAL mode for DB (using debug menu in the client)
this is the last update fro 8.8.x. All next will for beta 9.0.x now.
Github, the origin, CI/CD
CDN, copied from github manually
P.S. IDK if i should to share an APK here, it's about 64Mb.

1-st of all i wanna thank the great community, cause together we're debugged the issue #update_app_to_login .
The facts:
- users on chinese ROMs like MIUI (xiaomi) or EMUI (huawei, most of cases)
- users on chinese phones but w/o chinese ROM does not face the issue (like me on Xiaomi Mi Mix 2 under LOS w/ android 11).
- users face this issue NOT only with graher, but also with with official bundles https://www.apkmirror.com/apk/telegram-fz-llc/telegram/telegram-8-8-5-release/ & https://www.apkmirror.com/apk/telegram-fz-llc/telegram/telegram-8-8-6-release/ (we're on "8.8.6" codeversion).
From my side i re-debugged login flow and made it maximum correct and legit as it looks.
But folks on huawei still faced the issue.
So, we're simply did this: we're changed the device.
Users on the Huawei swapped their devices via device spoofing to `Xiaomi`/`MI MIX 2`/`30` (30 for the OS).
And magically it worked fine.
So, if you just installed graher 8.85.x and you have this issue:
- find a NON-Huawei device, like this http://deviceinfohw.ru/devices/item.php?item=565947 (search on this website)
- clean the app using Kaboom or any APP MANAGER or simply reinstall it (cause it's reshly installed you risk nothing)
- go to app properties (android system menu)
- go to storage manage and you will see "cache cleaning UI" from the app
- go to graher menu at the bottom
- change BRAND, MODEL & OS
- kill the app (red button)
- REPEAT it till "go to graher menu" to check that the device is spoofed well
- START the APP and ADD your account!
If you did it all and you still face the error, please write on forum or in chat we'll debug it. Or just wait new release on 9.0.x telegram.
I pretty sure, as it work with a spoofing that it's server side issues.

Release 8.85.49 bundle
ㅤapp use data from BuildVars everywhere
ㅤlogin flow looks now pretty legit for me
this is the really last update fro 8.8.x. All next will for beta 9.0.x from now.
Github, the origin, CI/CD
CDN, copied from github manually
attached to this post also

Today i got multiple messages that ****ty avast mark us as `Evo-Gen`. Well, as you see 23/09 was nothing, today - we're the "virus".
For Avast team i have 2 recomendations:
check our source code and CI/CD on github
mark as `Evo-Gen` official Telegram client also if you ignore 1.
Spoiler: Screenshots