Database Info

SwiftKey X privacy concerns?

I installed SwiftKey X and it is a amazing, it's ability to predict text is mind blowing. but around 30mins later. I removed it due to privacy concerns. Should I of been concerned about privacy?
Edit: Can a developer have a look at the codes and see what it's been sent back from the advice to the server

Probably not... I also have Swiftkey X. The Swiftkey company is trustworthy but hey, better safe than sorry.

AndriodLover said:
I installed SwiftKey X and it is a amazing, it's ability to predict text is mind blowing. but around 30mins later. I removed it due to privacy concerns. Should I of been concerned about privacy?
Click to expand...
Click to collapse
could you tell us some more about it? what kind of privacy you're talking about? is swift key sending out your details? texts? accounts?

cez10 said:
could you tell us some more about it? what kind of privacy you're talking about? is swift key sending out your details? texts? accounts?
Click to expand...
Click to collapse
First for best performances it needs access to your facebook, Twitter, gmail accounts. Second, why does a keyboard needs a services running in background at all times ? that can be sending data back to the server.
Third, Have a look at the privacy details http://www.swiftkey.net/privacy.

AndriodLover said:
First for best performances it needs access to your facebook, Twitter, gmail accounts. Second, why does a keyboard needs a server running in background at all times ? that can be sending data back to the server.
Third, Have a look at the privacy details http://www.swiftkey.net/privacy.
Click to expand...
Click to collapse
Oef... where's the limit. It's like typing in Bentham's Panopticon.

appelflap said:
Oef... where's the limit. It's like typing in Bentham's Panopticon.
Click to expand...
Click to collapse
??

AndriodLover said:
First for best performances it needs access to your facebook, Twitter, gmail accounts. Second, why does a keyboard needs a services running in background at all times ? that can be sending data back to the server.
Third, Have a look at the privacy details http://www.swiftkey.net/privacy.
Click to expand...
Click to collapse
"In relation to our Apps such as SwiftKey, learned language data generated and stored on your computing devices, such as mobile phones and tablets, is never accessed by, or transmitted to us unless you wish to use additional features or services which would require the use of such data. Where we offer any additional services or facilities that do require use of data which might include personal information, such as server-based personalized services, then we will always seek your consent to the use of such data before providing such services or facilities."

Hey - just to weigh in quickly here. I'm the CMO of TouchType, the company that makes SwiftKey. We take user privacy very serious and don't ever process any of the data stored on your phone, as explained in our privacy policy.
When you choose to use our personalization services, this data is handled securely and without access to any of your password data. We only use your data to provide you with better predictions, though a language module that is generated and pushed to your phone.
There is really nothing to worry about here.
Thanks guys,
Joe

Thanks for posting, that's good to know. Might I say that I've been using the keyboard for a few days and it's definitely getting better.
Sent from my Nexus One using XDA Premium App

haha privacy concerns? whaaaat

Privacy ?? Mistrust...

hmm it does ask for a lot info

JoeBeats said:
Hey - just to weigh in quickly here. I'm the CMO of TouchType, the company that makes SwiftKey. We take user privacy very serious and don't ever process any of the data stored on your phone, as explained in our privacy policy.
When you choose to use our personalization services, this data is handled securely and without access to any of your password data. We only use your data to provide you with better predictions, though a language module that is generated and pushed to your phone.
Click to expand...
Click to collapse
Thanks for answering here.
Just to clarify, when the "Learn from SMS" option is used, does SwiftKey upload or submit SMS text data stored on the phone to your servers or is everything processed on locally the phone?

anti-pop said:
Thanks for answering here.
Just to clarify, when the "Learn from SMS" option is used, does SwiftKey upload or submit SMS text data stored on the phone to your servers or is everything processed on locally the phone?
Click to expand...
Click to collapse
I wonder the same thing. Does anybody know the answer?

Personally, I would use a firewall such as avast to block out any apps I don't want reaching out to the Internet. Especially for all my keyboard apps.
And yes, you could use a packet sniffer to monitor swift or any other app you are unsure about.

a4ol said:
Personally, I would use a firewall such as avast to block out any apps I don't want reaching out to the Internet. Especially for all my keyboard apps.
Click to expand...
Click to collapse
Totally agree on this point. Use DroidWall, PDroid or LBE and feel safe? :> Using PDroid and LBE you could even configure SwiftKeyX to not be able to read any parts of private informations from your phone that you don't acknowledge.
Hope this helps The Keyboard as it rocks, i tested the trial-version myself. Too bad they don't have a free lite edition or something like that. As long as you need to pay for it i'm not jumping on that train, sorry ;/

I don't agree at all with the "CMO" of SwiftKey. The app is a huge privacy concern.
I just did a logcat and was more than shocked: The app completely misuses users trust by tracking him permanently. The logcat not even comes to equilibirum, permanently are requests made to http://api.geo.kontagent.net. To get feel how "serious" the company is about privacy, take a look here: http://www.kontagent.com/privacy-policy. Just as an example: "Kontagent employees, may, on occasion look at customer data for test purposes". Collected data includes social application data, custom data, cookies, location (!). Personally I "just" saw that serial number, phone type, ID etc. is transmitted. Plain text - no SSL - of course. I block my data anyways using XPrivacy and Droidwall and needless to say, I disabled all the clous services but this app immideately leaves my device. A keyboard is the most sensitive and important app on the device. It records everything, every single keystroke and sending out anything here is an absolute no-go. Breach of trust. I paid for the app, felt good about it and now I feel shocked how this company spies it customers.
My recommendation for everyone who takes security or privacy a little bit serious: Get rid of the software. Uninstall it immideately!
It's sad because the software is good but spying without opt-out on paying customers is unacceptable!

[APP] Visidon AppLock - Mobile face recognition for Android

I noticed that there is some discussion about this application in this forum, so I decided to make an official thread.
The description from the market:
Fast, convenient and cool way to protect your mobile with face recognition.
Protect any application (i.e. SMS, Gallery, E-Mail, Facebook, etc.) on your phone using face recognition. Convenient and cool way to increase safety of your private apps and content.
Visidon AppLock lets you choose the apps to be protected. Your face is a key to open them! Application uses the frontal camera of your mobile and verifies in real-time that the face matches the one allowed to access the private apps.
NOTES AND TIPS:
1. You must have a front facing camera in your device to use the face recognition feature. Otherwise it is disabled and you are only able to use password verification.
2. This application was developed and tested with Samsung Galaxy S GT-I9000 and Acer Iconia A500. User experience may vary with other devices due different hardware (e.g. camera etc.).
3. In addition to the applications you wish to protect, you should also add Visidon AppLock itself and any application that can be used to close or unistall applications or services (task manager, settings etc.) as well as any application that can be used to install new applications (market, myfiles etc.) to the protection list to get your mobile fully secured.
4. If the preview image is upside down or sideways, please try to set different camera orientations from the settings tab.
5. The default security level is medium. If it seems too low (i.e. other people can get in too easily), you can set it to maximum from the settings tab.
6. The most accurate recognition will be achieved when all the training images are taken directly from front (i.e. no profile images etc.). Also, you should take training images in different illuminations (in those environments where you usually use your mobile). Sufficient amount of images per person is about 5 to 10.
Btw. this app requires at least Android version 2.3, since we use the frontal camera API.
Link to marketplace: https://market.android.com/details?id=visidon.AppLock
Remember to watch the youtube video! It gives you the basic idea about how to use it.
Here: https://www.youtube.com/watch?v=0FVWmeuj3T4
Any comments, bug reports, suggestions etc.?

VisidonSupport said:
Thanks. We'll take those suggestions into consideration, but what do you mean by tasker options/plugins?
Click to expand...
Click to collapse
Tasker is an automation app for Android. It's really useful. For eg: if your app had Tasker integration, I could say, write a Tasker profile to disable the lock when I was at home, or when I performed a certain gesture.
http://tasker.dinglisch.net/developers.html

VisidonSupport said:
6. The most accurate recognition will be achieved when all the training images are taken directly from front (i.e. no profile images etc.). Also, you should take training images in different illuminations (in those environments where you usually use your mobile). Sufficient amount of images per person is about 5 to 10.
Click to expand...
Click to collapse
What do you mean "per person"? Does that mean I can add more than one person's face as a key? That would be neat!

deejaylobo said:
Tasker is an automation app for Android. It's really useful. For eg: if your app had Tasker integration, I could say, write a Tasker profile to disable the lock when I was at home, or when I performed a certain gesture.
http://tasker.dinglisch.net/developers.html
Click to expand...
Click to collapse
OK. Thanks, we'll look into it.
deejaylobo said:
What do you mean "per person"? Does that mean I can add more than one person's face as a key? That would be neat!
Click to expand...
Click to collapse
Yes.

When I hit the market link, it says request can't be found..
Sent from my Nexus S 4G

kijp15 said:
When I hit the market link, it says request can't be found..
Sent from my Nexus S 4G
Click to expand...
Click to collapse
That is strange. It works for me :/
Please try to search from the marketplace with "visidon" as search word.

VisidonSupport said:
That is strange. It works for me :/
Please try to search from the marketplace with "visidon" as search word.
Click to expand...
Click to collapse
This is what it tells me on the web market: "This app is incompatible with your Vodafone IN Samsung GT-I9100."

kalpik said:
This is what it tells me on the web market: "This app is incompatible with your Vodafone IN Samsung GT-I9100."
Click to expand...
Click to collapse
Do you use custom rom? Also, this app is copyprotected, so it might prevent you from finding the app if you have unlocked device.

VisidonSupport said:
Do you use custom rom? Also, this app is copyprotected, so it might prevent you from finding the app if you have unlocked device.
Click to expand...
Click to collapse
Yes, I am on a custom ROM which is rooted. You don't allow install on such ROMs?

yeah cant install it as well

kalpik said:
Yes, I am on a custom ROM which is rooted. You don't allow install on such ROMs?
Click to expand...
Click to collapse
It's more about that Google doesn't allow.
This is sort of gray area. I understand why you want to use rooted/unlocked phones, but it also enables piracy. Although this is free app, we still would like that the marketplace is the only distribution channel for this, so we won't be sharing this directly.
We are going to discuss this in depth and we might change our distribution politics, but don't hold your breath

Is it possible to protect launcher/home app? For example I can't see launcherpro in app list, when I try to protect it.

Entropyst said:
Is it possible to protect launcher/home app? For example I can't see launcherpro in app list, when I try to protect it.
Click to expand...
Click to collapse
Hmm. If the app can be started from the launcher, you should see it.
Anyway, there are some issues in this. I addressed them in the previous thread: http://forum.xda-developers.com/showpost.php?p=15667199&postcount=38

heres the file for direct dload from the original post for those (like me) running custom ROMs and get an incompatibility message on the Market.
/h2

It would be awesome if you could make it use the rear camera if there is no front one. I don't have an FFC but it would still be cool to feel dorky and turn my phone around to unlock things. If it isn't a big deal to add that, it would be a great way to expand your userbase even if we don't have quite as accessible functionality as those with FFCs.
Sent from my MIUI SCH-i500

The app isn't available on my Market. I'm using a Brazilia Motorola Atrix.

what about an unlock screen?

Ha. An unlock screen would be cool.
Sent from my Nexus S 4G

runs fine on HTC EVO 4G w/ CM7_#121.
ability to use it for the lockscreen would be slick.

Running on thunderbolt mostly well have it set to always run as service and not keep unlocked when screen on, every once in a while it stops running randomly. I wonder if its because I have too many apps locked? Add this to lock screen and I couldn't ask for more
Sent from my ADR6400L using XDA Premium App

[GUIDE] Using(Understanding) XPRIVACY

Using XPRIVACY​*****won't be adding any more stuff to this guide for a while. will continue this when i have enough free time*******
XPRIVACY is undoubtedly the best privacy app out there. Its because of the options it supports almost all the android versions.
But it is not as easy to understand as App Ops or Pdroid privacy guard. Thats why inspite of my many attempts to use it, i gave up after few hours or days and switched back to App Ops.
It has come along way from when i made those attempts, it has become more user friendly and interactive but so many options which is its biggest plus point, also makes it hard for new users to switch from other privacy app to XPRIVACY.
I recently made a small guide about HOW TO USE APP OPS MORE EFFECTIVELY.
So the next obvious step was GUIDE on XPRIVACY. i have been putting it off from many days but now no more will add more videos whenever i can but its about time i that i finally get started with it.
I hope this guide will help my fellow XDA members to make the required switch or to introduce them to the world of XPRIVACY
Installation instruction, minimum requirements and other usefull stuff can be found at the official thread of XPRIVACY
What this Guide is ABOUT???​
>This guide is for NOOB users, so that they can understand how to use XPRIVACY. Also as i ahven't purchased the PRO version yet this huide will only cover functions of FREE version. I will be buying the PRO version soon and then it will cover use of PRO features as well
>I will try to explain different restriction using different apps.
>Examples will be video of the app with and without those restrictions and the effect that those restriction will have on that app
>NOTE 1 - this is not full blown guide and it is just to get you started. However it can turn into full blown guide depending on the inputs from various users and also after a certain time as i get better in using this app.
>Note 2: Differnet categories are explained using different app. Most of the times category name will be used as heading as you can see in 3rd point, but at some places where permissions like location, contacts , clipboard etc are explained i will use these words only as these words will result in easier understanding.
> More and more videos will be added as i find the appropriate app and a way to demonstrate the use of a particular permission using that app.
LETS START​Youtube playlist link​
1) Faking or restriction location
I am pretty sure this is going to be very useful to many people for playing location based games or to become mayor of certain place in foursquare and i am sure you can think of using it in many other apps.
Please note that you cannot fake location for some apps like google maps and facebook. these are the only two apps that i know of. you cannot fake location for these two apps but you can restrict it.
Also as you can see in the video you will be able to fake location in foursquare but when you will try to access google maps view from inside Foursqaure app you will get no location. But still you can check in and get suggestion from foursquare based on your fake location. default fake location is CHRISTMAS ISLAND. but you can change it through XPRIVACY(which is covered in the video).
2) Blocking access to the different accounts configured in your device
For this i have used Chrome beta as you can see in the video that blocking the account permissions will result in chrome not seeing the different google accounts that are present on my device. Thus i am unable to sign in chrome beta to sync my bookmarks and other stuff.
You can use this to block access from those app which try to gain access to the different accounts configured in your device.
Note: if you block access to 9gag, Ifunny etc apps like these for which you sign in using your configured google account. You wont be able to sign in those apps as these apps won't be able to see the configured account.
Although if a you sign in using username or email id which you use only for that particular app. You can block restrict this permission as it will have no negative effect on that app behaviour
3) Xprivacy Category - View Browser
For explaining what this permission does i have used DIGG app. This permission will restrict app from opening external links. or more precisely hyperlinks from withing app. If this permission is restricted you will be displayed warning from xprivacy when you try to open any link from withing the app(shown in the video).
4) More Videos to come soon..........
More videos to be added whenever i can find time and based on users input. I am also a beginner when it comes to XPRIVACY so be patient with me and if you have any ideas to make this thread better please do share it with us.
Once you have enough understanding to use Xprivacy on daily basis you can head over to XPRIVACY thread and post you advanced question there.
Currently i have some personal stuff to take care of so updating this thread is on hold. Will update it with more videos as soon as i can. I have made the videos just need to edit them and upload.

Reserved
reserved

Other Useful threads by Me
[GUIDE] Using Apps Ops (or Privacy Guard) 4 blocking wakelocks & saving battery
[App] Samachar - Indian News app and more

thanks
thanks for this helpful tutorial.
can u please tell me if I could use xprivacy to block adds on apps , cheers

drreality said:
thanks for this helpful tutorial.
can u please tell me if I could use xprivacy to block adds on apps , cheers
Click to expand...
Click to collapse
You can block internet permission. That will block ads but that can also make app useless if it needs internet to function.
Why don't you use adaway or adblock pro to block ads?

I know this is a dumb question but I've been using Xprivacy for a few years now and I never could figure out what the two boxes to the right of the application names are for. I believe one is for restrict and one is for allow? If someone could let me know which each of those boxes means it would be much appreciated.

Good question. The two-column system is a later addition to xprivacy and many of the newbie tutorials don't cover it.
Let's take a simple example like location.
For starters, let's say the second column is unchecked. This is the easiest situation to understand. Then what happens depends on the first column.
The first column -- if it's checked then xprivacy will always deny access to location and will instead feed the app fake information as set up in the xprivacy settings.
If however the first column is unchecked then the app will be able to get to your actual location.
This is what you want with an app where the answer to "can it use this permission?" is always the same (either "always" or "never"). Second column unchecked, first column choice telling the app yes or no.
The second column controls the pop-ups that you see with xprivacy. If the second column is checked then you'll get a pop-up asking whether to allow the app the permission or not (whether or not the first column is checked).
There are four choices -- "allow", "deny", "don't know", and "oops I timed out".
"oops I timed out" will give the app whatever the answer in the first column is. You can tell what the first column is because the app says "Timeout will: allow/deny" depending on whether the first column is unchecked/checked.
If you click "allow" in the pop-up then xprivacy unchecks the second column in its settings, unchecks the first, and gives the app access to your true location. The popup will then not appear again unless you recheck the second column in the xprivacy settings.
If you click "deny" then xprivacy unchecks the second column, checks the first column and feeds the app fake location. Again you'll not see the popup again.
If you click "Don't know" then I *think* xprivacy denies access (whether or not the first column is unchecked) and leaves the second column checked, so it will ask again the next time.
How did I find this out? Well I didn't read it from a FAQ! I just downloaded xprivacy yesterday and I found it incredibly difficult to work out from scratch. In the end I just downloaded an app which prints out your gps location and nothing else, and I just experimented with it. The above is a report on my conclusions. I hope it helps other people because it is the post which I wish I could have read this time yesterday.
Note that other permissions might work slightly differently. For example it is not really possible to feed an app fake internet information, as this would require carrying around a fake internet on your phone. You can get a quick idea about what data can be faked by looking at the xprivacy settings. For example, you can fake your phone number and your MAC address. But as I've said you can't fake your internet and you can't fake your storage either -- which is quite a good idea because if you pretend to let an app write to your SD card and then pretend to let it read it and it can't find what it just wrote, this is bound to lead to trouble, probably more trouble than if you'd just denied it access in the first place.

Nice tutorial
@yannick.12
Many many thanks for you're well explained tutorial.
This is was definitley needed because is still (incredibly) very hard to find out some good guide out there, expecially for the "second column" options, as you mentioned.
Thank you, again my friend :good:

I got also another question (if someone knonw the answer) about the "shared rules". I mean, if I download the rules for some app, from the XPrivacy server, it's supposed to be the settings that someone has configure, ok. But what if I send my rules and, later in time, I download it again for that app? I got my rules (the rules that I uploaded before) or I got the " common" rules setted shared by the XPrivacy?
Sent from my Xperia E4g using XDA-Developers mobile app

Is it possible for xPrivacy to allow app's permission? I'm using a phone that runs android 5.1.1 and some apps just don't ask for permissions which makes it impossible for me to access storages. It will only respond that app has no permission to write over storages which makes the app not functional.

rUx_Gaming said:
Is it possible for xPrivacy to allow app's permission? I'm using a phone that runs android 5.1.1 and some apps just don't ask for permissions which makes it impossible for me to access storages. It will only respond that app has no permission to write over storages which makes the app not functional.
Click to expand...
Click to collapse
Won't work like that.... And that issue is still there.. Even with pie... App's developer fault..
Sent from my Redmi Note 5 Pro using Tapatalk

Kapiljhajhria said:
Won't work like that.... And that issue is still there.. Even with pie... App's developer fault..
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
Thanks for info. Is there any possible workaround for this other than contacting the devs to fix storage permission issue?

rUx_Gaming said:
Thanks for info. Is there any possible workaround for this other than contacting the devs to fix storage permission issue?
Click to expand...
Click to collapse
No, give permission manually from app info
Sent from my Redmi Note 5 Pro using Tapatalk

Kapiljhajhria said:
No, give permission manually from app info
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
I guess there'snothing I can do other than look for an alternative app, android 5.1.1 won't let you edit app permission.

rUx_Gaming said:
I guess there'snothing I can do other than look for an alternative app, android 5.1.1 won't let you edit app permission.
Click to expand...
Click to collapse
I mean give app permission from app's info. I think u can do that... Dont remember 5.1.1 interface now but it should be possible
Sent from my Redmi Note 5 Pro using Tapatalk

Kapiljhajhria said:
I mean give app permission from app's info. I think u can do that... Dont remember 5.1.1 interface now but it should be possible
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
My phone doesn't seem so. Here's how it looks like in the app settings.

Turn off location reporting

How do we turn off location reporting? Not location history.

km8j said:
How do we turn off location reporting? Not location history.
Click to expand...
Click to collapse
I don't see that option any more. Used to be right above Location History, right? What I do is this. Go to settings, apps, Google, permissions, turn off Location. Any app that explicitly needs location would prompt me to allow. That way, I know what apps use location. I realize that those apps are already listed under Location; however, I feel safer to disable permission from the Google app itself. If there's no permission, there's no location to report, right? Just an idea.

km8j said:
How do we turn off location reporting? Not location history.
Click to expand...
Click to collapse
Settings > location > Google location history

drock212 said:
Settings > location > Google location history
Click to expand...
Click to collapse
Say what?
That's to turn off location history, not location reporting. OP wants to disable location reporting like the old day.

quangtran1 said:
Say what?
That's to turn off location history, not location reporting. OP wants to disable location reporting like the old day.
Click to expand...
Click to collapse
Location history uses almost the exact same verbiage. I assume location history is what used to be location reporting.

Settings -> Apps -> Gear in top right -> App Permissions -> Location -> Disable anything you don't want having your location.
As stated above, no permission, no access.

drock212 said:
Location history uses almost the exact same verbiage. I assume location history is what used to be location reporting.
Click to expand...
Click to collapse
No problem. They're different Google concepts. Location history keeps track of where you've been, even across devices. Apps show and use your location history that you've accumulated from all Android devices that are signed in under your Google account. Location reporting gives permission to apps to record your locations. You can choose to have one but not the other.
---------- Post added at 10:14 PM ---------- Previous post was at 10:13 PM ----------
fritzgerald said:
Settings -> Apps -> Gear in top right -> App Permissions -> Location -> Disable anything you don't want having your location.
As stated above, no permission, no access.
Click to expand...
Click to collapse
Yessir.

fritzgerald said:
Settings -> Apps -> Gear in top right -> App Permissions -> Location -> Disable anything you don't want having your location.
As stated above, no permission, no access.
Click to expand...
Click to collapse
No. Completely different. Location reporting occurs passively, without user interaction. Removing permissions means you cannot do something actively which invokes location.

km8j said:
No. Completely different. Location reporting occurs passively, without user interaction. Removing permissions means you cannot do something actively which invokes location.
Click to expand...
Click to collapse
Aren't permissions just that? Regardless of passive or active they need permission to access? If an app was able to passively report your location then it would still need to collect that information. If it's still able to do so even when disabling location permissions then what is the point of even denying or allowing permission in the first place?

fritzgerald said:
Aren't permissions just that? Regardless of passive or active they need permission to access? If an app was able to passively report your location then it would still need to collect that information. If it's still able to do so even when disabling location permissions then what is the point of even denying or allowing permission in the first place?
Click to expand...
Click to collapse
Actually, apps can be written not to request active GPS or WiFi permission on the user's part. That part is very concerning. However, as an app developer myself, I have rules stipulating that I have to prompt for permission acceptance. It's vague. I can directly measure GPS and WiFi sensors without asking for permission if my purpose is to determine battery consumption or something similar. However, I can't ethically report your location without your approval for ads, for example. But it's murky water.

quangtran1 said:
Actually, apps can be written not to request active GPS or WiFi permission on the user's part. That part is very concerning. However, as an app developer myself, I have rules stipulating that I have to prompt for permission acceptance. It's vague. I can directly measure GPS and WiFi sensors without asking for permission if my purpose is to determine battery consumption or something similar. However, I can't ethically report your location without your approval for ads, for example. But it's murky water.
Click to expand...
Click to collapse
I did not know that. Thanks for clarifying for me. That is kinda concerning. Not from a foil hat wearing, OMG the government is tracking me stand point but, it leaves the general user, myself included, believing that if the permission has been denied that the app can't collect location data. Which clearly isn't the case. Personally I turn all location services I can off, not for any particular reason I just don't care to know that I went to Taco Bell for dinner at 5:37PM 6 years ago. I do however, like to know that when I say XX can't know my location, it doesn't know.

fritzgerald said:
I did not know that. Thanks for clarifying for me. That is kinda concerning. Not from a foil hat wearing, OMG the government is tracking me stand point but, it leaves the general user, myself included, believing that if the permission has been denied that the app can't collect location data. Which clearly isn't the case. Personally I turn all location services I can off, not for any particular reason I just don't care to know that I went to Taco Bell for dinner at 5:37PM 6 years ago. I do however, like to know that when I say XX can't know my location, it doesn't know.
Click to expand...
Click to collapse
I'm with you. It's noone's business where I've been.
http://www.wired.co.uk/article/android-apps-can-track-you-without-using-gps-or-wi-fi

D zzm nuujjjjjhjjkio 000
Sent from my SM-N910C using Tapatalk

fritzgerald said:
Aren't permissions just that? Regardless of passive or active they need permission to access? If an app was able to passively report your location then it would still need to collect that information. If it's still able to do so even when disabling location permissions then what is the point of even denying or allowing permission in the first place?
Click to expand...
Click to collapse
Yea but I want to be able to use location services when I initiate it. Location Reporting gathers your location in the background regularly, which I want to turn off. That is different from location history.

[Privacy] Puttin' Google in the Goolag

Situation:
I have somewhat of a "love-REALLY HATE" relationship with Google apps and ecosystem.
On one hand, they are great at what they do.
On the other, it's like having a spy satellite overhead, given how much telemetry it does.
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
What I've done so far:
My current way-to-go method involves installing RethinkDNS+firewall, then blocking every single one of google apps including Gboard. It sort-of works, but very inconvenient, as I have to manually enable internet access for a particular app and/or service when needed. I also tried edXposed's XluaPrivacy module to cut off access to certain permissions. Again, cumbersome.
After going through F-Droid, I found an app called "Insular", that claims being able to put all of the "big brother" apps (such as Gapps) behind an isolated sandbox, a digital gulag of sorts.

Thanks for the pointer to Insular whose advertising on F-Droid says:
Insular is a FLOSS fork of Island.
With Insular, you can:
Isolate your Big Brother apps
Clone and run multiple accounts simutaniuosly
Freeze or archive apps and prevent any background behaviors
Unfreeze apps on-demand with home screen shortcuts
Re-freeze marked apps with one tap
Hide apps
Selectively enable (or disable) VPN for different group of apps
Prohibit USB access to mitigate attacks with physical access
Click to expand...
Click to collapse
Based on that, I suspect this XDA thread about "Island" may be useful.
[APP][5.0+][BETA] Island - app freezing, privacy protection, parallel accounts​
"Island" is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data is still accessible (SMS, IMEI and etc).
Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked.
Click to expand...
Click to collapse
Totesnochill said:
Question:
I'd like to cut all of the Google apps' internet, location, sensor and background activity access for good when not in use. Or at least spoof whatever personal data is being sent (Device info, location, activities, etc). Any way to do that?
Click to expand...
Click to collapse
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
I don't have a contacts.db sqlite database for that reason too, so my favorite communication apps are all designed to store their own contacts db internally to the app itself.
I replace Google apps with FOSS equivalents such as NewPipe (or, more recently, Vanced YouTube) for example.
And I spoof my GPS location by default (using Lexa Fake GPS, for example).
Of course, given I don't have a Google Account on my phone, I use the Aurora Store instead of the Google Play Store. Of course, I strive for apps that don't require Google Framework Services (GSF) which Aurora neatly filters out for us.
Since I'm not rooted, I can't delete Google Play Store, but I can disable it, which is almost as good.
And, I use privacy-aware apps for my messenger, calendar, contacts, and dialer apps (many of which come from Simple Mobile Tools' suite which are available on F-Droid).
To keep my WiFi SSID/BSSID/GPS/Strength/etc. out of the hands of Google (& Mozilla and Kismet and Wigle, etc.), I add "_nomap" to the SSID and I turn off the SOHO router SSID broadcast (which "hinders" most cellphones from uploading my BSSID information to Google public servers); but then I have to also turn off "AutoReconnect" on Android 12 and also I have the Developer Options set in Android 12 to randomize the MAC address on EACH connection; however that means I need to set any "static" connections on my LAN from the phone and not with address reservation on the router (which typically utilizes the MAC address).
And it's not just Google we need to keep our data out of their hands, as I even use WhatsApp privacy aware tools such as the WhatsApp dialer and WhatsApp Click to Chat mechanisms (to keep my contacts out of Facebook's hands too).
For offline maps, I use a quick web browser lookup on a privacy browser (such as Tor or Epic or Opera), since the Google address lookup is still the best in the world... (which is the love/hate relationship, right?)... and then I paste the GPS coordinates that the privacy browser found on the maps.google.com web site into a local routing application (such as a shortcut to a browser to google maps on the phone or better yet, to a dedicated offline map program such as OSM And~), and even traffic can be gotten without Google (e.g., Sigalert & 511 apps).
I used to reset the Advertising ID with a homescreen shortcut that could be activated from Windows via a batch file over Wi-Fi, but now with Android 12 we can wipe out the Advertising ID altogether (i.e., reset it to all zeroes). However, I still periodically change my GSF ID and other supposedly unique identifiers.
I'm still trying to figure out the implication of "trackers", so if anyone has more information about them, please advise.
Off hand there must be scores more things I do for privacy, where we probably should have a main thread on this site of all the myriad things people can do to increase their privacy on Android (some of which I've screenshotted for you below).

GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Thanks heaps for the very in-depth response. Really opens up on a lot of things I wasnt aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Are there any guides where I can do some reading on the concepts and techniques you've described? Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Also, what are your thoughts on MIcroG?

Totesnochill said:
Thanks heaps for the very in-depth response.
Click to expand...
Click to collapse
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
For example, when I mentioned I spoof my GPS, I looked up the app I used and linked to it so that you wouldn't have to test a score of apps like I did to find the best one.
Totesnochill said:
Really opens up on a lot of things I wasn't aware of, and I realized that unlike desktop, when it comes to mobile privacy I'm still a bit behind.
Click to expand...
Click to collapse
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
A lot of the protection is to protect ourselves from others who don't know how to configure their phone, so they are uploading our private information (like our contacts and home locations) to Google databases.
For example, the typical Android phone when it drives by your front door uploads to google your exact location, your signal strength, your unique BSSID and your SSID... where you'll note in my response above I had to do a half dozen things on my phone and router to prevent that from happening (i.e., just adding "_nomap" doesn't work but most people don't realize that because they don't think about it).
Totesnochill said:
Are there any guides where I can do some reading on the concepts and techniques you've described?
Click to expand...
Click to collapse
I'm sure there are plenty.
But I have been in MANY situations where there are none.
Take, for example, changing the GSFID... almost nowhere on the net is that described how to do it. Almost nobody does it, but it can be done if you know how.
I really should write a set of privacy tutorials so that everyone can do it but I have to find the time, and this web site doesn't like text tutorials I found out recently. So they make it a PITA in the end to help people. Sigh.
Totesnochill said:
Especially regarding contacts.db sqlite database, GPS spoofing and privacy-aware options for accessing WhatsApp.
Click to expand...
Click to collapse
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Now that you don't have a contacts.db sqlite database, you need to find the contacts and dialer and mms/sms apps that can suck in their own contacts.vcf file, which I pointed you to in the Simple Mobile Tools suite.
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that. Once you turn that on, you can just select the mock location app of your choice (where I suggested one above which isn't perfect but none of them are).
That particular app moves your location every few feet and it gets the altitude and it can easily be stopped and started, etc., but I'd like it if it didn't move just "west by 10 feet every minute" but instead if it would follow a pre-determined route that I could give it. So they need a lot more work to be as good as we'd like them to be.
For What'sApp privacy, look at the two apps I linked to in the prior post as they don't need the contacts.sqlite database to work.
Your WhatsApp should only have an icon in your folders for the people you contact and nothing else, IMHO. That's the best privacy you can get, although WhatsApp does decent hashing on the contacts file when it uploads it to their servers - but still - why give them your entire contacts when you only contact 10 people (or whatever) on WhatsApp. Right?
Totesnochill said:
Also, what are your thoughts on MIcroG?
Click to expand...
Click to collapse
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Especially if almost nobody reads these threads.

GalaxyA325G said:
I try to put effort into the response so that others can benefit (but nobody ever presses the like button so maybe it's not worth the effort).
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
Thank you for doing God's work out there. Ethics like these are what creates the content that keeps the internet from becoming a dumpster fire otherwise. Tutorials and explanations that come from the fellow users are THE best and usually directly on-point.
When I was just starting setting up Linux environment, I wrote "how-to notes" on every successful step. At first it was more like the "sticky notes" to help me remember, but eventually (as the list grew) I started writing these tips in a way as if they were to be read by someone with little background in the subject. What used to be the "Linux notes" file became 10563 lines monstrosity now... So every time I need to answer someone's question I just copypaste from this file.
GalaxyA325G said:
That was just off the top of my head where there has to be at least a hundred different privacy things I do on Android to distance me from Google that most people don't bother to do.
I admit, sometimes it feels like we're putting a dozen locks on the front door, but in the end, we LEARN a lot about Android in the process.
Click to expand...
Click to collapse
Absolutely. I've spent about 2 weeks tweaking my new phone (Nokia X6), trying out different roms/recoveries and app setups. Pissed off a bunch of people in the process - most wouldn't understand that I'm setting up a system to last another 7 years, just like my previous phone (Galaxy Gprime). Not to mention that with the amount of sensitive info on the phone, security and privacy are a legit concern, and worth learning about just how one learns to install and use the lock on the front doors.
Phones became disposable both in software and hardware, and so have the general attitude towards the devices.
My final setup became AOSP PixelPlusUI Rom (comes with about openGapps nano worth of Google stuff) with most other stock apps (contacts , dialer, keyboards, msg etc) removed via ADB and replaced with F-Droid alternatives.
I've also used Rethink DNS with whitelist set up/AppInspector to put Google in the Goolag - no internet access for anything google-related at all times. So far my phone has 253 apps blocked (including almost all of the system apps). Surprisingly, all of the necessary apps off google play store (Whatsapp, FB messenger) still function well. Whenever I need a particular Gservice (like a translator), I just enable access for that (and only that) until I dont need it anymore.
GalaxyA325G said:
If you look at the links I gave you in my response for contacts, gps spoofing and privacy-aware WhatsApp, you'll get a good start.
A quickie is to not have a contacts.sqlite database, which means you need your own contacts.csv or more likely contacts.vcf file, which you can maintain on the PC if you like (works with Excel for example).
Click to expand...
Click to collapse
Thanks! I'm not sure why the links didnt show up at first. I'll give this a look. I've been using "simple mobile tools" for quite a while, and I must say I like how they are completely autonomous and transparent about what prems they need and why.
GalaxyA325G said:
For GPS spoofing, I didn't mention you need to turn "Mock Location" on in the Android Developer Options, but that's what most people already do so I assumed you knew that.
Click to expand...
Click to collapse
I definitely saw the option in the dev settings, but didnt experiment with it. Well, now I know, thanks!
Funny you mentioned microG since I installed it for the first time yesterday when I was setting up Vanced Youtube based on this thread.
I generally choose apps that don't use GSF but sometimes you have to use a GSF app (e.g., Zoom meetings), and then it's nice to use MicroG instead of Google Services Framework.
I only installed it yesterday so I really don't know how well it will work for me as I didn't even need to install it to install VancedYoutube. You just need it to log into YouTube but I never do that anyway.
In summary, there's probably a hundred things we do to our phones to set up privacy but I'd have to write each one up in detail to help everyone and that's a lot of work.
Click to expand...
Click to collapse
I will give microG a try (in a form of LineageOS for MicroG). In fact I did install this rom before but I was a bit confused about what it did and assumed that it is a regular LinOS repack with Gplay store and apps built-in. Time to test again.
Especially if almost nobody reads these threads.
Click to expand...
Click to collapse
Threads like these is how I passed my uni exams. Not even exaggerating XD. Thanks again for a very detailed insightful read!

Hello my friends, very happy to meet good hearted people who think alike about Gugle.
as my name suggests I'm noob still and didn't understand much of discussion but very happy to meet you friends. My love & warm regards to all here. Here is what I did uptill now before I saw this thread :
1> Load GSI/ROM.
2> Load TWRP
3> Load Magisk
4> Load microG
5> Install Service Disabler
5.1> Disable bunch of internal services like telemetry, analytics, location (FusedLocation not possible to disable) for every app (3-rd party & system app), contacts sync etc.
6> Install SD-Maid Pro
6.1> Freeze apps like Gugle Calendar Sync Adapter & Gugle Contacts Sync Adapter
7> Install CIAFirewall Fake VPN & configure it.
8> I use Opera browser for Banking, Youtube, Cab booking, Surfing, Gmail, Food Order etc.
9> Install Aurora Store for general app management & installation
10> For contacts I save all contacts in notepad app, and let all calls purposely bounce then I call back aftter checking whose call it was & state false apologies.
#FYI :- Gugle, Mycrowsowft , eFbee are not really to be blamed, rhey are having to comply with FBI, Phentagon, Central Intelligence Agencies, Interpol, etc. or they have to shut bizness.

GalaxyA325G said:
Like you, my relationship with Google is strained where I don't set up any Google Account on Android and it works just fine.
Click to expand...
Click to collapse
Hi, I’m glad to have found this thread as I’m not happy with how my normal Android phone is spied upon by google. But I’m not technically knowledgeable and I don’t want to risk bricking my phone by trying amateur attempts at rooting, or installing Insular, etc…
So far I have not signed in, I allow only minimum permissions, use Netguard, Aurora and FDroid, and have disabled bloatware. I also force-stop apps as much as possible when not in use, and enable Location and Bluetooth only when needed.
I know this is just an amateur, token attempt to reduce spying - so I may have to eventually buy a degoogled phone.
I’ve also done some of the privacy suggestions in the attachments you posted.
Could you help me with a couple of newbie questions…
1): I might have minimised some personal data harvested by most of the apps I use, but I guess my privacy precautions will have no significant effect on the amount of telemetry collected by google?
2): If my precautions really have no significant effect, I’m wondering if would it make any real difference if I was signed in as I don’t use any of the google backup services anyway?
Thanks.