[Q] Nexus 4 (or Android in general) Privacy from Google - Nexus 4 Q&A, Help & Troubleshooting

Hi,
Is it possible to completely stop information leakage to google from my telephone, such as contacts or even aps purchased?

Oxy20 said:
Hi,
Is it possible to completely stop information leakage to google from my telephone, such as contacts or even aps purchased?
Click to expand...
Click to collapse
some options:
work without google apps! most custom roms come without it! GApps package is a additional zip!
many custom roms included privacy manager from cm. you define what the app is allowed to. for example read contacts yes or no
In AOSP Android (I think since 4.3 or 4.2) is app ops included. It's like privacy manager with detailed options.
hope it hepls. What rom you are using?

carepack said:
some options:
work without google apps! most custom roms come without it! GApps package is a additional zip!
many custom roms included privacy manager from cm. you define what the app is allowed to. for example read contacts yes or no
In AOSP Android (I think since 4.3 or 4.2) is app ops included. It's like privacy manager with detailed options.
hope it hepls. What rom you are using?
Click to expand...
Click to collapse
I am on 4.3 stock ROM. The phone is unlocked and rooted.
I tried CM Rom as part of 2 way call recording patch trial but had to revert back to ROM due to stability problems. But the problems were due to the trial nature of the patched ROM http://forum.xda-developers.com/showpost.php?p=45730852&postcount=47 I tried rather then general CM problems. So I suppose could try a stable, up to date version of CM ROM.
I suppose without Google Play I can not have paid apps like skvalex call recorder? If I have to leak some info to Google can I ensure no call details, contacts, calendar etc are shared / backed up etc to Google?

Oxy20 said:
I am on 4.3 stock ROM. The phone is unlocked and rooted.
I tried CM Rom as part of 2 way call recording patch trial but had to revert back to ROM due to stability problems. But the problems were due to the trial nature of the patched ROM http://forum.xda-developers.com/showpost.php?p=45730852&postcount=47 I tried rather then general CM problems. So I suppose could try a stable, up to date version of CM ROM.
I suppose without Google Play I can not have paid apps like skvalex call recorder? If I have to leak some info to Google can I ensure no call details, contacts, calendar etc are shared / backed up etc to Google?
Click to expand...
Click to collapse
try a look at here:
http://www.androidpolice.com/2013/0...ager-control-permissions-for-individual-apps/

Technically yes, but practically no. Even if you stop now, you probably have used Google services in the past and they already have those info. Even if you do not use Google apps, there are lots of way for your phone to connect to Google server (various core Google apks). Lots of apps and websites use Google Analytic as well, although that info is supposed to be anonymous, or apps that utilize Google services in some way or purchased apps that required verification. You basically have to micromanage the permission of every app and this isn't exactly easy and is time consuming, slips up are easy too.
My recommends are:
Most effective: Be lke Richard Stallman, stop using internet completely, except for devices that isn't your. Don't use telephone at all. Have no WiFi running in your house and remove your address from Google Maps, then move to South Georgia and the South Sandwich Islands.
Less effective: Don't use 'gapps' and Google apps at all. You can use Amazon AppStore to download apps. Or use Firefox OS or Ubuntu Touch instead.
Less effective alternative: Use permission management. There are many ways to do this. Android 4.3 have AppOps and there are shortcut apps to let you access to the hidden menu, however it's not very convenient to use. It's better to use CM or SlimRoms which in addition have the Privacy Guard toggle feature (Settings -> Security-> bottom of list). SlimRoms let you turn it on for installed apps by default. It blocks access to contacts and location. I'm not sure if it block network and phone IDs info though.
For more refined permission management, there is the Xposed Framework module called XPrivacy. It has a high learning curve and blocking the wrong permission will cripple your apps or make it not working. There is also LBE Security Master and OpenPDroid, but I much prefer XPrivacy.
You can also use AFwall+ which modify the Linux kernel's iptables to block internet connection, this is the most assured method to block internet connection access for apps imo.
If you still need to make use of Google apps or services, such as facelock and photosphere, but want to avoid installing 'Google services framework', you can use these gapps packages and not install the core package. Keep in mind, 'Google services framework' is important for connecting to Google server and without it some 'find your phone' apps won't work like Cerberus.
You can see if your phone is connected or syncing to Google server by the color of the WiFi icon color, gray means no, and blue means yes.

I have always wondered about why someone would buy a smartphone, Android or iOS and then worry about security? Why not just buy a simple TracPhone or something similar?
Not trying to knock on anyone, just wondering.
Sent from the Far Reaches Of The Earth!

Related

Permissions

Will omniroms system apps have the same unnecessary and abusive permissions as stock roms and cyanogen mode roms have?
I'm quite concerned about privacy and whatever rom I use, be it stock, cyanogen mode or aosp, I have to restrict dozens of privacy related permissions.
And of course the device still works, which means that those perms weren't needed.
For example, I don't see why some system apps (I mean, not Google apps cuz I get rid of them but apps like systemui, settings, android system etc.) want to access my location, my contacts, my logs, my imei, my id, my serial number, my phone number, my provider, the list of accounts on the phone etc. eventhough they don't need it to work properly.
I guess that cyanogen mode doesn't have any other choice but to include what is to my opinion little more than spyware in the source, cuz if they didn't Google wouldn't allow them to use its material.
So what about omni roms? Will they be free from Google spyware or will they be enfeoffed to it?
unclefab said:
Will omniroms system apps have the same unnecessary and abusive permissions as stock roms and cyanogen mode roms have?
I'm quite concerned about privacy and whatever rom I use, be it stock, cyanogen mode or aosp, I have to restrict dozens of privacy related permissions.
And of course the device still works, which means that those perms weren't needed.
For example, I don't see why some system apps (I mean, not Google apps cuz I get rid of them but apps like systemui, settings, android system etc.) want to access my location, my contacts, my logs, my imei, my id, my serial number, my phone number, my provider, the list of accounts on the phone etc. eventhough they don't need it to work properly.
I guess that cyanogen mode doesn't have any other choice but to include what is to my opinion little more than spyware in the source, cuz if they didn't Google wouldn't allow them to use its material.
So what about omni roms? Will they be free from Google spyware or will they be enfeoffed to it?
Click to expand...
Click to collapse
Those permissions are there so they can interact with other things in the system.
unclefab said:
Will omniroms system apps have the same unnecessary and abusive permissions as stock roms and cyanogen mode roms have?
I'm quite concerned about privacy and whatever rom I use, be it stock, cyanogen mode or aosp, I have to restrict dozens of privacy related permissions.
And of course the device still works, which means that those perms weren't needed.
For example, I don't see why some system apps (I mean, not Google apps cuz I get rid of them but apps like systemui, settings, android system etc.) want to access my location, my contacts, my logs, my imei, my id, my serial number, my phone number, my provider, the list of accounts on the phone etc. eventhough they don't need it to work properly.
I guess that cyanogen mode doesn't have any other choice but to include what is to my opinion little more than spyware in the source, cuz if they didn't Google wouldn't allow them to use its material.
So what about omni roms? Will they be free from Google spyware or will they be enfeoffed to it?
Click to expand...
Click to collapse
Out of the box, there's no "spyware" that anyone is aware of in Android. If you install Google Apps, you are giving those apps these permissions obviously.
If you don't use Gapps (like me), then you should be fine - you can check what each app does in its own source code.
I am also looking into ways to help protect against spying third party software you install (ie. apps a user installs), for those who want added protection.
I work as a security researcher, so yes, I do care quite a bit about security, and excessive permissions is a life-long hate of mine There are no gapps when you install Omni, so you'll be safe. For those who want them, they can flash them.
What I meant with spyware is not what one usually calls spyware, but I didn't have any other term to refer to it.
What I wanted to say it's that system apps (not Google apps like gmail or gtalk but system apps like phone, android system, systemui etc.) have intrusive, and unnecessary, permissions. When I say unnecessary I mean it, cuz I block or spoof them without my phone to have any problem. I know it's not the devs' fault but Google's, who likes to know what we do, who and where we are, and thus releases android updates full of spying system apps.
So then I wanted to know if Omni's system apps will be free from such perms, since the source comes from Google.
Until cm7 it was possible to block perms directly from the app manager, but I guess Google got annoyed at it and obliged the cm team to remove that function.
Whatever rom we use now, we are left with system apps spying on us, and that's why I call them spyware.
Cuz for me apps that want to know where I am, what contacts I have, what numbers I have called, my phone number, my imei etc, eventhough they don't need it, are in a way spywares. For instance look at the framework-res.apk (android system), every time we connect to the internet it calls home (I've checked, the address is Google inc, mountain view, CA). Look at the perms the systemui or the phone apk have, it's insane! Not to mention all the other system apps that want to access the /proc folder, our serial number and the like. Oh yeah, I nearly forgot fusedlocation.apk, Google's latest spyware since 4.2.2, that one can't uninstall or freeze or block.
I do not use Google apps, and I do use apps like Xprivacy or af+wall, but still, it annoys me to always have to play cat and mouse, and it annoys me that the android system always calls Google when I connect to the internet. Not that I'm an internationally wanted terrorist, but hey, privacy is privacy!
The thing is that future android updates will be more and more filled with such spyware (above mentioned fusedlocation.apk being the perfect example), and I hope that devs will find a way to bypass it.
That's why when I saw an announcement about Omnia I came to see if it will be better than cm privacy wise, and to give some suggestions about privacy and permissions...
unclefab said:
What I meant with spyware is not what one usually calls spyware, but I didn't have any other term to refer to it.
What I wanted to say it's that system apps (not Google apps like gmail or gtalk but system apps like phone, android system, systemui etc.) have intrusive, and unnecessary, permissions. When I say unnecessary I mean it, cuz I block or spoof them without my phone to have any problem. I know it's not the devs' fault but Google's, who likes to know what we do, who and where we are, and thus releases android updates full of spying system apps.
So then I wanted to know if Omni's system apps will be free from such perms, since the source comes from Google.
Until cm7 it was possible to block perms directly from the app manager, but I guess Google got annoyed at it and obliged the cm team to remove that function.
Whatever rom we use now, we are left with system apps spying on us, and that's why I call them spyware.
Cuz for me apps that want to know where I am, what contacts I have, what numbers I have called, my phone number, my imei etc, eventhough they don't need it, are in a way spywares. For instance look at the framework-res.apk (android system), every time we connect to the internet it calls home (I've checked, the address is Google inc, mountain view, CA). Look at the perms the systemui or the phone apk have, it's insane! Not to mention all the other system apps that want to access the /proc folder, our serial number and the like. Oh yeah, I nearly forgot fusedlocation.apk, Google's latest spyware since 4.2.2, that one can't uninstall or freeze or block.
I do not use Google apps, and I do use apps like Xprivacy or af+wall, but still, it annoys me to always have to play cat and mouse, and it annoys me that the android system always calls Google when I connect to the internet. Not that I'm an internationally wanted terrorist, but hey, privacy is privacy!
The thing is that future android updates will be more and more filled with such spyware (above mentioned fusedlocation.apk being the perfect example), and I hope that devs will find a way to bypass it.
That's why when I saw an announcement about Omnia I came to see if it will be better than cm privacy wise, and to give some suggestions about privacy and permissions...
Click to expand...
Click to collapse
If there's anything that you've found like "call home" routines, please let us know - they will be looked at and removed if necessary.
Totally agree with you on privacy though here. It's very important. I have some ideas to go further than CM, but it's all ideas for now.
pulser_g2 said:
Out of the box, there's no "spyware" that anyone is aware of in Android. If you install Google Apps, you are giving those apps these permissions obviously.
If you don't use Gapps (like me), then you should be fine - you can check what each app does in its own source code.
I am also looking into ways to help protect against spying third party software you install (ie. apps a user installs), for those who want added protection.
I work as a security researcher, so yes, I do care quite a bit about security, and excessive permissions is a life-long hate of mine There are no gapps when you install Omni, so you'll be safe. For those who want them, they can flash them.
Click to expand...
Click to collapse
Question here, if you do not use gapp what exactly do you use? I mean you need ways to download apps right? so you only install the playstore and call it a day or what?
mgbotoe said:
Question here, if you do not use gapp what exactly do you use? I mean you need ways to download apps right? so you only install the playstore and call it a day or what?
Click to expand...
Click to collapse
If you want to keep only the play store you can, but you will have to keep the Google service framework as well, and maybe the Google log in.
@pulser_g2
my phone is very well protected, and skinned to the extreme (like only 20 or so remaining system apps), so for now the only app that performs a call home routine is the android system. But if I disable all the protections then the wlan test, the settings and the settings storage do call home as well. I guess other system apps would do it as well, but since I've uninstalled more than 150 of them I can't tell which ones.
One can check by oneself using this:
http://www.xda-developers.com/android/monitor-your-devices-network-connections/
and this:
https://play.google.com/store/apps/...dium=organic&utm_term=network+log+google+play
Regarding android system's home call routine, could you please point me at a tutorial explaining how to disable it (I searched the web but couldn't find anything)? I'm not a dev, but I'm not bad at modding
I'm happy to see that you are more privacy concerned than cm, and when Omnia gets released I think I will try to make a build for my galaxy grand i9082 (cuz there's not much development going on for that device)...

Omnirom preinstalled apps?

Upon first launch these apps are installed
Apollo
Browser
Calculator
Calendar
Camera
Clock
Dev Tools
Documents
Downloads
DSP manager
Email
Gallery
Messaging
Movie Studio
OmniSwitch
People
Phone
Search
Settings
SIM Toolkit
Torch
Voice Dialer
I'd like to know which of these are actually supported.
I believe many of them have been abandoned by upstream, like Email, Calendar, Gallery, Messaging, etc.
Search should be removed, seeing as it hasn't been updated since like 1.5. Same with Movie Studio.
I disabled Apollo, Browser and Email within minutes, as there are better apps for their purposes.
VLC instead of Apollo, Firefox instead of browser and K-9 Mail instaed of email.
For some reason, Apollo, a third party app by Cyanogenmod gets included but not any other third party apps.
If third party apps are going to be included, there should be some kind of system as to what is included.
Is omnirom going to come with everything included or just what you need to get started?
bump
There are some open-source apps I'd like to include, but there are some issues (regarding package signatures) that make it difficult to properly include stuff that is also available on the Play Store.
Apollo's inclusion is mostly from inertia, I think that really needs a nuke and repave. Once it was submitted to CM it kind of just sat there. (I'm wondering if it was the victim of shady manuevering by the CM leadership like Focal was...)
Most of the other apps are included as part of AOSP - fixing these apps is something pulser is working on organizing in conjunction with some other projects.
In general, if an app doesn't automatically start a background service and is part of AOSP, we don't put significant effort into removing it since free space in /system achieves nothing for the user.
Frankly most of these apps are useless as Google has alternate in market eg.
Calendar
Browser
Voice dialer
Apollo
Camera
Dash clock widget
I generally freeze them after installing. Might use a script to flash and remove these after install
Sent from my Nexus 5 using XDA Free mobile app
shri_chanakya said:
Frankly most of these apps are useless as Google has alternate in market eg.
Calendar
Browser
Voice dialer
Apollo
Camera
Dash clock widget
I generally freeze them after installing. Might use a script to flash and remove these after install
Sent from my Nexus 5 using XDA Free mobile app
Click to expand...
Click to collapse
But a solid rom *must* include apps to cover that basic functionality, regardless of what else is availabe in the market. Preferrably it should include excellent apps to cover the basics like that. No calendar? No camera? No browser? Those are *must-have* apps to be included with any rom). Unless there's a replacement baked in, it would be a major slight to cut them out. It'd be better to leave what essential apps in as placeholders until superior replacements can be developed/incorporated, instead of just shipping with gaping holes in the ROM and telling users, 'You don't like a barren, crippled build? Ha! Go fish!'
That kind of thing reminds me of so many Linux distros who spend tons of time on slick graphics, but don't even include basic functionality (*cough-elemental-hack*), leaving users to fend with a half-assed barely functional experience. That is just an atrocious way to go about things, IMO.
shri_chanakya said:
Frankly most of these apps are useless as Google has alternate in market eg.
Click to expand...
Click to collapse
To add to what Culot said a post above: an AOSP ROM should include apps to cover that basic functionality, and provide a fully functional and useful experience, not only regardless of what else is available in the Play Store, but mostly because an AOSP ROM should be usable without even having Google Play Services.

Setting up CyanogenMod with maximum privacy (no more Google)

I'll try to make it as simple as I can.
Here is what I want:
CyanogenMod with root privileges
Full control over which app, service or system component can access my data and the Internet.
(at the moment for instance I can't alter the "network access" privileges of my apps)
Safe to use speech recognition software
Safe to use, sophisticated navigation software
My questions:
Is that even achievable without a ton of work?
Is there a simple way to flash CyanogenMod without pre-installed bloatware? (e.g. Google apps, Skype, Cortana, ...)
Which tools should I use to make sure that apps can only access what I want them to?
Is there speech recognition software for Android that doesn't require Internet access?
Is there a navigation app that is capable of using the offline maps of Google Maps without requiring an Internet connection?
(e.g. Google Maps makes itself useless if you don't update from their servers every 30 days)
From your experience, do apps refuse to work when you deny certain privileges?
ferivon said:
I'll try to make it as simple as I can.
Here is what I want:
CyanogenMod with root privileges
Full control over which app, service or system component can access my data and the Internet.
(at the moment for instance I can't alter the "network access" privileges of my apps)
Safe to use speech recognition software
Safe to use, sophisticated navigation software
My questions:
Is that even achievable without a ton of work?
Is there a simple way to flash CyanogenMod without pre-installed bloatware? (e.g. Google apps, Skype, Cortana, ...)
Which tools should I use to make sure that apps can only access what I want them to?
Is there speech recognition software for Android that doesn't require Internet access?
Is there a navigation app that is capable of using the offline maps of Google Maps without requiring an Internet connection?
(e.g. Google Maps makes itself useless if you don't update from their servers every 30 days)
From your experience, do apps refuse to work when you deny certain privileges?
Click to expand...
Click to collapse
Dude- You should start developing your own rom in this case.
But consfused here and at this point i think you dont know.
CyanogenMod & Cyanogen OS
Assuming- when you said, cortana etc etc--- i think you are on cyanogen OS.. Which is the original OS for 1+1.
1- To achieve, you need to work.
2- Some optimized COS builds in XDA one android dev section- try a search. but not latest 13.1.2-ZNH2KAS3P0. Root using SuperSU. and use system app uninstaller to remove apps you dont need. Some debloater zips also lurking around in XDA. If you install CyanogenMod, then no need of gapps flashing if you dont use google account.
3. you can stop background data for the apps you dont want. Settings in most roms.
4. Speech recognition can be used offline after u download all languages of your choice. Not 100% and dont use it.
5. Try Maps.me. i didnt know google map needed to be force updated every 30 days unless some one restructures the entire landscape and routes.
6. Certain apps refuse to work if you dont grant permission. yes. its like telling some 1 without hands to eat from hand,.
:good:
Thank you so much for your reply. I indeed did not know that there is a difference between Cyanogen OS and CyanogenMod. But if I understood you correctly, CyanogenMod comes without gapps. (I hope it also comes without Google Play Services?)
The offline speech recognition you linked to seems to be from Google. I bet it will require Google Play Services and an Internet connection after some time, just like Google Maps does and I'm really afraid of that.
I might give Maps.me a try, but I think Google Maps still has by far the best most detailed and correct maps especially when it comes to POIs.
I would consider using official Google Maps, if there was a 100% safe way to wipe all the data the app collects before I allow it to update the maps. Alternatively, maybe I could download the apps from a second device and just copy the map data over to my main device every once in a while.
An even more crazy approach might be to spoof the time/date data for Google Maps so that it thinks the 30 days haven't been reached yet.
But I would still be very concerned about Google Play Services. Would microG be sufficient for my purposes to replace Google Play Services?
edit:
Okay, I have a rooted CyanogenMod without gapps now on my OPO.
edit2:
I have Xposed with modules "Xprivacy" and "Per App Hacking" installed now.
Xprivacy is an app permission manager and "Per App Hacking" can be used to spoof the system time an app will see. Hopefully I'll be able to fool Google Maps with it.
edit3:
I have microG installed now. Hopefully this will be enough to run Google Maps.
I really need to make sure I understand Xprivacy before that though.
My recommendations:
1. I recommend full device encryption with long and secure boot password and easy to use pin lock screen password. Here's more info: http://forum.xda-developers.com/general/security/guide-separate-passwords-encrypted-t3048072
2. Get an email address from a provider that respects user privacy i.e. Riseup. https://riseup.net/
This is one the most important things to do if you don't want google / yahoo / microsoft scanning your email for surveillance / marketing purposes.
3. Use apps from F-Droid. It's an app "store" for open source apps.
4. Always use Afwall+ to have control over which apps have access to internet. Even better if you use Afwall with combination of Orbot. This way you can route some apps through tor (need a custom script though). Orwall does the same thing more easily.
5. Instead of closed source Supersu, use open source superuser http://forum.xda-developers.com/android/software-hacking/wip-selinux-capable-superuser-t3216394
6. For maps I recommend openstreetmap. Download Osmand from F-Droid. It has navigation too.
7. For cellbased location provider, use unified location provider found from F-droid. It's connected to microg projects.
8. For encrypted SMS use Silence from F-droid (recipient needs the same app if you use encryption).
9. For encrypted instant messaging use Conversations (XMPP client) from F-DROID. Or Riot (which will soon have strong encryption).
Hey tofu thanks for your answer, I appreciate it!
I'm only really concerned about my phones software spying on me.
About the email thing: I'm running my own email server for that.
But I'm still looking for a way to anonymously creating a google account without providing my phone number.
I'm using F-Droid already and it's great.
I'll never go back to the play store that's for sure.
And for anyone else reading this, please don't touch the amazon app store, it's pure poison.
I'm also using AFWall+ already, but I'm not satisfied at all. The creator doesn't really seem to care about ensuring that no data gets leaked ever. I read a lot of reports that data was being leaked every once in a while, especially during system boots.
This is really scary to me... I'd really like to have a safer firewall.
Blocking Internet/networking permissions directly just causes apps and the system to become extremely unstable. I soft-bricked my phone like 5 times while playing around with it the last few days.
I was not aware supersu was closed source. I'll switch to the open source alternative soon.
I just installed OsmAnd~ and I'm not very satisfied. Navigation was ok, the tts voice was absolutely terrible and I wasn't able to find a single POI, I wouldn't even be surprised if it would fail to find the next McDonald's to my place. Google Maps just seems completely unmatched to me.
And about that: I was actually able to get Google Maps running without Google Play Services installed and I was able to successfully use it offline, spoofing the system time for that app, so that my maps would never become outdated. I notices a few downsides though, for example it only works for car navigation (bicycle mode etc are not available). After completing the installation of all the microG components I wasn't able to get it to work anymore though (I couldn't download the offline maps, because I couldn't enter my google account data anymore...).
But I'll figure out how I did it and go with Google Maps then.
To complete the microG installation I installed unifiedNlp with GSMLocationNlpBackend.
For encrypted messaging I'll probably be forced to stay with WhatsApp, as I can't possibly convince all of my friends to switch. But hey at least WhatsApp claims that your messages are end-to-end encrypted.
But obviously WhatsApp will always know who I know... that problem seems pretty much unfixable to me though...
I have btw also tried to get Google Now (speech recognition) to work offline. But I was unsuccessful. I have read reports of others getting it to work for literal voice to text applications... it won't take voice commands though. So that's not very useful... unless there was a way to define your own voice commands somehow.
But my biggest worry at the moment really is the firewall. I feel like there is nothing that you can really trust to work reliably.
And also the fact that Xprivacy can't restrict file access to certain folders... it's either all or nothing.
The worst of all might actually be IPC though (inter process communication) which a lot of apps require permissions for. And from what I understand any app with that permission could use another app as a sort of proxy to access the Internet.
I'm using a Google-free device with maximum privacy, so maybe I can not answer all your questions but I can give you an idea. First of all - disclaimer: I'm here because my girlfriend has an Oneplus One (OPO), but I do not have one. I use her old Nexus 5 (N5), but you will get the general idea. You already noticed there is a difference between CyanogenOS (COS) and CyanogenMod (CM). It also took me a while to figure out that difference. If you still have a stock Android in your OPO, it should be a COS 13.1 which is based on Android 6.0.1 and comes with alot of bloatware from Google and Microsoft.
1. First step is to find a suitable ROM for your needs. If you are used to COS and have not much experience in chosing custom ROMs, you should give CM a try. Here is the official wiki which includes Download links and installation instructions: https://wiki.cyanogenmod.org/w/Bacon_Info
2. The 2nd step after installing CM is the full device encryption, can be found in Settings > Security. If you do it on a clean phone without any apps and data it only takes a couple of minutes and chances of breaking stuff are low at this step.
3. Now I usually root it (with SuperSU) and install some magic which is called XPOSED framework. It's something which allows you to install modules on your phone on system level, not like an Appstore, but rather like a Tweakstore. There are a lot if chances you break stuff and most of the modules do not work with CM, however, one module to beat them all is the XPRIVACY module. It gives you back full control on everything. You can manage App permissions, you can fake permissions or if apps do not want to run with your set of permissions, you can even feed fake data (like wrong GPS signals, etc.). Read more here. http://repo.xposed.info/module/biz.bokhorst.xprivacy
4. F-Droid, yeah, the one open-source repository for your new apps. I'll install it at this point.
5. Now, that the device is flashed with CM, probably rooted and with a custom recovery, you have to flash a stock recovery again and lock the bootloader. Stock recovery because it does not allow any malicious party (hacker with physical access, police, intelligence services, etc.) to deploy any code to your phone which compromises your privacy. Locked bootloader is important to disallow any malicious party to boot anything they want which also compromises your privacy.
And this is pretty much what you need to get started, a rock solid environment free from Google. Make sure you have a strong PIN, I also use randomized screen locker, so people can not "observe" the way you enter your PIN.
For encrypted calls and SMS there is Signal, but that does not work without Google services and LibreSignal, the Websockets version, was discontinued just recently. For encrypted IM use ChatSecure rather than Conversations. Both are XMPP clients, but Conversations does not allow you to import or export OTR keys, which is very annoying for an Jabber client. For not so sensitive chats, I use telegram.
Finally, not having Google Play and Google Services available, makes the experience a totally different for the android device. Apps like Snapchat which do not require Google, but still do for some unknown reasons checks for Google, wont run. Also, a lot of apps work without Google, but you can't install them without downloading suspicious APKs from dubious websites. Be very carefull from where you download and install software if you can not find what you need in F-Droid.
I hope that helps you for your considerations.
---
Edit, one more final note. I also use OsmAnd and have to say it never let me down on any occasion (except when I forgot to download the maps before going somewhere remote without internet). The geodata quality is excellent in most urban areas, but the interace and usability are a mess. If you find your way around in the interface, the navigation works out pretty well. I sometimes have issues calculating very long routes, but you start to live with that.
Thanks for your input 5chdn! Most of the stuff you mentioned it already on my phone.
I made some progress yesterday and I'd like to share my current configuration:
All the apps I mention in this post are (at the time of writing) available in F-Droid, unless stated otherwise.
Everything I mention in this post is free and open source, unless stated otherwise.
Recovery Image: TWRP
ROM: CyanogenMod
'Apps' that have to be flashed:
SuperUser (this roots your phone which means you can grant root access to apps)
Xposed (provides a lot of important privacy tools)
Apps:
F-Droid (app store that provides free open source apps)
AFWall+ (manage which app can access the Internet)
Autostarts (manage triggers that apps can use to start themselves)
AdAway (can remove ads from apps)
Xposed Modules:
BootManager (manage which apps can start on boot)
Xprivacy (manage/spoof app permissions for privacy)
Safely using Google Maps offline permanently:
Please note: Google Maps is not open source.
Install microG (open source alternative to Google Play Services)
The installation complete installation consists of:
'microG Services Core' (aka 'GsmCore') (app)
At the time of writing this app is NOT available in F-Droid. This app also automatically installs 'µg unifiedNlp (NO GAPPS)' for you.
'microG Services Framework Proxy' (aka 'GsfProxy') (app)
'FakeGapps' (Xposed module)
'FakeStore' (app)
'XposedGmsCoreUnifiedNlp' (Xposed module)
'LocalGsmNlpBackend' (app)
'NominatimNlpBackend' (app)
'µg unifiedNlp (NO GAPPS)' (app) (will be installed automatically!)
Install 'Per App Hacking' (Xposed module)
Use this module to spoof the system time/date that Google Maps sees e.g. to '2016-10-14 10:00' so that offline maps don't become outdated. The feature to spoof the time is called 'time machine'.
I would really like to improve what I got so far and share it with the community.
If you know of anything that could help improve privacy please tell me.
I do not mention things like device encryption, passwords, lock screens etc, as these are a separate issue.

Regain Market access on your NST/G

I ran across this "solution" while investigating ways to avoid installing GApps on low-RAM tablets. It is not a perfect solution but if you want to be able to search, browse, etc., and download/install PlayStore apps right on your device, this may serve that purpose.
The app is called the Yalp Store and is available on F-Droid: https://f-droid.org/packages/com.github.yeriomin.yalpstore/
It runs just fine on the NST/G. Options are accessed via the menu "button". As default configured, it uses a generic shared login to access the PlayStore. You could substitute your own credentials, but I would advise against this as using this app would probably make the big G very angry. Search works fine, apps that are not compatible are listed as such and you can set the app to instantly download/install, just like the real thing. The app keeps track of your on-board apps, and can even be set to check for updates (probably unwise, as updates are likely to break functionality for our old devices).
Does this mean I don't need GApps?
Maybe, but probably not. One of the other things I discovered while pursuing this issue is that an increasing number of PlayStore apps which have nothing to do with Google sync or logins, incorporate a Google Framework Services API. So you may be able to download and install them but they will either refuse to run or else whine constantly about needing said Services to be installed. While GApps on the NST/G is not good for much these days except maybe Google Books sync, its hidden system files--which include the Services--may be needed to run PlayStore apps (like even the NPR app--go figure).
There are a few Xposed modules I tried that appear to be able to circumvent this issue (though not for apps requiring Google sync), but you're not going to get Xposed on the NST/G!
Anyway, there are a lot of other places to get apps (like the F-Droid store itself) but even if you get a "PlayStore" app from one of these sources, it may refuse to run if you don't have the GApps package installed. The Yalp Store app indicates which apps rely on GFS.
Edit: oh, and quickest way to exit the app is Settings > More > Log Out
Edit-Edit: no need for GApps except for Google Books. See https://forum.xda-developers.com/nook-touch/general/gapps-install-tested-confirmed-t3782459
the yalp apk installed but it isn't opening ...
aiamuzz said:
the yalp apk installed but it isn't opening ...
Click to expand...
Click to collapse
Wow...something majorly funky going on there with the packages at F-Doid and the GitHub. Version 0.32 is as you describe. Versions 0.31-0.30 install with a lot of Chinese characters in the title bar and then do not run. Version 0.29 from the GitHub gives a package parsing error like it's for the wrong Android version.
Version 0.28 from the GitHub is the newest that functions for me (although the anonymous login is broken). I've attached a copy below and I've made an issue report to the developer via the GitHub.
Edit: here is the response I received to my report of the issue to the developer: "Apparently, new build-tools (specifically aapt2) generate apks which are unusable on old androids.". So....it's not clear whether this will be addressed or not. One of the intents of the simplicity of the Yalp Store was to keep it available to Android systems as old as 2.0. Version 0.28 functions fine except for the anonymous login. If you use your own Google login you should be good, although you might want to open a separate account just for that purpose--to be safe.
update
Just a heads-up on the Yalp Store. The issues with installation, etc., seem to have been resolved with version 0.33 (available via the developer GitHub as of this writing, but not yet on F-Droid).
I had an issue or two at first with search but after exiting and reopening the app everything seemed to work fine. Categories are a little slow, but they do work.

Going no-Google

Hi, I am looking to move away from Google and Gapps and trying to work out what is the best way to do it on a Redmi Note 7.
I have already install OrangeFox recovery and have been reading about LineageOS+MicroG for this purpose. Would like to hear comments/suggestions from anyone who has gone down this path.
Many thanks.
Even I am also looking forward on doing the same, just did in my galaxy note 3 where I installed lineage OS 16 and MicroG for the essential google services required by apps to run properly, I use only web applications except for WhatsApp, shifted to signal as my primary messenger application, F-Droid is my source of open-source apps. I guess privacy is your concern, right? Developers kindly assist on the same
SunilNair2020 said:
I installed lineage OS 16 and MicroG for the essential google services required by apps to run properly
Click to expand...
Click to collapse
I did a bit a research on this and found that installing MicroG requires signature spoofing be enabled on the ROM which I understand is a major security issue - this is supposed to be the reason why LineageOS do not include MicroG in their builds.
I'm using an old Zenfone 2 Laser (snapdragon 410 version) with an old LAOS MicroG 14.1 (Android 7), without those massive Google Services the phone seems to be faster than my Redmi Note 7 (no joke, it's incredible), it has f-droid preinstalled as main store and MicroG Manager, all apps works fine, the only problem is Gmail (need to use the browser version, i don't know how to set the stock email app), i really need a Google free rom on this Note 7 too
N1ck474 said:
I'm using an old Zenfone 2 Laser (snapdragon 410 version) with an old LAOS MicroG 14.1 (Android 7), without those massive Google Services the phone seems to be faster than my Redmi Note 7 (no joke, it's incredible), it has f-droid preinstalled as main store and MicroG Manager, all apps works fine, the only problem is Gmail (need to use the browser version, i don't know how to set the stock email app), i really need a Google free rom on this Note 7 too
Click to expand...
Click to collapse
According to the previous comment, upon doing some research app signatures are important for apps to work safely and without malicious code being embedded, so is there any option for using lineage OS without neither Gapps nor MicroG? Also is there any option to backup contacts in the absence of google services? Thanks again !
SunilNair2020 said:
According to the previous comment, upon doing some research app signatures are important for apps to work safely and without malicious code being embedded, so is there any option for using lineage OS without neither Gapps nor MicroG? Also is there any option to backup contacts in the absence of google services? Thanks again !
Click to expand...
Click to collapse
I don't know about contacts, with MicroG they syncs normally like a Google enabled phone, i don't actually know what this problem with signatures is (i use the Zefone as secodary phone without a SIM or important personal data), i think you need to upload all of your contacts on a Cloud (OneDrive, Drive etc) then redownload them as ICS or Calendar data on your Google-Free ROM, if you have less than 200 contacts and a modern SIM you save all of them on the SIM Card without problems.
N1ck474 said:
I don't know about contacts, with MicroG they syncs normally like a Google enabled phone, i don't actually know what this problem with signatures is (i use the Zefone as secodary phone without a SIM or important personal data), i think you need to upload all of your contacts on a Cloud (OneDrive, Drive etc) then redownload them as ICS or Calendar data on your Google-Free ROM, if you have less than 200 contacts and a modern SIM you save all of them on the SIM Card without problems.
Click to expand...
Click to collapse
I don't prefer using cloud storage as it involves storing data somewhere we don't have access to...any other alternatives? Thanks again ?
SunilNair2020 said:
I don't prefer using cloud storage as it involves storing data somewhere we don't have access to...any other alternatives? Thanks again ?
Click to expand...
Click to collapse
I don't know, you can actually export your contacts locally as ICS/Calendar file on an SD Card or locally (on a PC or Hard Disk), at least, i think so, never done that
SunilNair2020 said:
According to the previous comment, upon doing some research app signatures are important for apps to work safely and without malicious code being embedded, so is there any option for using lineage OS without neither Gapps nor MicroG? Also is there any option to backup contacts in the absence of google services? Thanks again !
Click to expand...
Click to collapse
I am not 100% sure about this but I feel if the app is widely used and no security issues have been uncovered then using it via MicroG might not be a major issue. Perhaps, someone with more experience can comment on this?
I once went on a full on no google mission.
- Lineage, no gapps, not even micro g
- apps were mostly, if not all, from fdroid
- colud (storage, backup, notes) I used nextcloud, also used mega
- davx for contacts
- search engine - startpage or sometimes DDG
- email from proton
- youtube, which unfortunately doesn't have any alternative, I used newpipe.
I'm pretty sure here I forgot a thing or two, but this was mostly it.
I was happy with my privacy though, peace of mind you know. But the experience was horrible for me, a lot of time needs to be invested for maintenance, you'll see. I was still okay with it, because I had the time for all that. But I had to sacrifice, due to lack of time to handle and keeping track of every single thing, wheather it was working or not as per my needs!!
If you have that much time, and a will to do a thing or two manually than you should go for it.
Well, imho the best way to keep your privacy AND to be able to receive push notifications and download apps from google app store (via aurora store) without the need of a google account is to install an rom which supports signature spoofing (for example crDroid, AICP, ...) or a rom that already has microg included (https://download.lineage.microg.org/lavender/ )
LOS for microg purely supports signature spoofing for the MicroG components/apps (gmscore, fakestore, ..), so imho there isn't any security issue
ssaikia3 said:
I once went on a full on no google mission.
.
Click to expand...
Click to collapse
Thanks very much for sharing your experience - this is exactly the sort of information I was after.
Currently, I use NoRootFirewall to block all traffic generated by Playstore Services which helps me stop Playstore Services updates. The downside is it affects apps reliant on Playstore Services such as Gmail etc. This is not a problem as I switched to my phones native email client which handles mail without any issues. Skype complained and wanted me to update Playstore Services but I continued on and was able to make a call without obvious problems. If I have to install an app, obviously I need to enable Playstore Services but once I install the app I could block Playstore Services once again. In a sense, this gives me the option of continuing on like this but was thinking of LineageOS for MicroG may be a better alternative. Would like to hear your views on this.
Many thanks
2faraway2 said:
Well, imho the best way to keep your privacy AND to be able to receive push notifications and download apps from google app store (via aurora store) without the need of a google account is to install an rom which supports signature spoofing (for example crDroid, AICP, ...) or a rom that already has microg included (https://download.lineage.microg.org/lavender/ )
LOS for microg purely supports signature spoofing for the MicroG components/apps (gmscore, fakestore, ..), so imho there isn't any security issue
Click to expand...
Click to collapse
I did more reading about LOS for MicroG last night, in particular this one https://blogs.fsfe.org/larma/2016/microg-signature-spoofing-security/ - while I still haven't got my head around all the security issues, I feel a lot more comfortable about them now.
Many thanks for your comment.

Categories

Resources