Related
Hi there! We are a group of iPhone / Android developers who have developed a suite of web services to assist us and other developers in building great apps.
After numerous projects we have become tired of having to set up the server scripts to do all the same things for different clients. Most of the server functionality
is typical: 1) storing location data for Google Maps; 2) storing users' high scores / ranks; 3) sending Push Notifications; 4) storing files / XML; etc.
We couldn't use the existent solutions because in some cases they didn't provide the required functionality and in most cases they require your users to be exposed to some social network of theirs, while our clients just want a simple functionality without users knowing of any services behind that.
So we have launched what we call Mob1serv, a universal server solution for the typical needs of iPhone / Android apps. It consists of modules which deal with most common tasks:
• High Scores - a powerful online high scores table
• PushNote - a module allowing to send immediate or delayed Push Notifications (you can build instant messengers or alarm clocks, anything with this)
• GeoPos - stores locations of Google Map objects, their statuses and 'last seen online' time
• OAuth contracter - allows you to implement transparent authentication and integration with Facebook, Twitter, Google etc
• More modules to come!
We have tried to make it as simple as possible for developers, so you just need to register at the back end and then you can add as many apps as you want and start using these services. From the client (app) side, you need to add a library to your project and put a corresponding ID there, that's it.
The service is free, it's a 'freemium' model. It has been built by developers for developers. Some developers and apps are already using it as it was open for alpha testing before, but now we are launching it open for the world so that we can see what you're thinking of it and also get your feedback of how we can improve the existent modules or what modules to add next. Welcome to Mob1serv - mob1serv.com!
Hi,
Is it possible to completely stop information leakage to google from my telephone, such as contacts or even aps purchased?
Oxy20 said:
Hi,
Is it possible to completely stop information leakage to google from my telephone, such as contacts or even aps purchased?
Click to expand...
Click to collapse
some options:
work without google apps! most custom roms come without it! GApps package is a additional zip!
many custom roms included privacy manager from cm. you define what the app is allowed to. for example read contacts yes or no
In AOSP Android (I think since 4.3 or 4.2) is app ops included. It's like privacy manager with detailed options.
hope it hepls. What rom you are using?
carepack said:
some options:
work without google apps! most custom roms come without it! GApps package is a additional zip!
many custom roms included privacy manager from cm. you define what the app is allowed to. for example read contacts yes or no
In AOSP Android (I think since 4.3 or 4.2) is app ops included. It's like privacy manager with detailed options.
hope it hepls. What rom you are using?
Click to expand...
Click to collapse
I am on 4.3 stock ROM. The phone is unlocked and rooted.
I tried CM Rom as part of 2 way call recording patch trial but had to revert back to ROM due to stability problems. But the problems were due to the trial nature of the patched ROM http://forum.xda-developers.com/showpost.php?p=45730852&postcount=47 I tried rather then general CM problems. So I suppose could try a stable, up to date version of CM ROM.
I suppose without Google Play I can not have paid apps like skvalex call recorder? If I have to leak some info to Google can I ensure no call details, contacts, calendar etc are shared / backed up etc to Google?
Oxy20 said:
I am on 4.3 stock ROM. The phone is unlocked and rooted.
I tried CM Rom as part of 2 way call recording patch trial but had to revert back to ROM due to stability problems. But the problems were due to the trial nature of the patched ROM http://forum.xda-developers.com/showpost.php?p=45730852&postcount=47 I tried rather then general CM problems. So I suppose could try a stable, up to date version of CM ROM.
I suppose without Google Play I can not have paid apps like skvalex call recorder? If I have to leak some info to Google can I ensure no call details, contacts, calendar etc are shared / backed up etc to Google?
Click to expand...
Click to collapse
try a look at here:
http://www.androidpolice.com/2013/0...ager-control-permissions-for-individual-apps/
Technically yes, but practically no. Even if you stop now, you probably have used Google services in the past and they already have those info. Even if you do not use Google apps, there are lots of way for your phone to connect to Google server (various core Google apks). Lots of apps and websites use Google Analytic as well, although that info is supposed to be anonymous, or apps that utilize Google services in some way or purchased apps that required verification. You basically have to micromanage the permission of every app and this isn't exactly easy and is time consuming, slips up are easy too.
My recommends are:
Most effective: Be lke Richard Stallman, stop using internet completely, except for devices that isn't your. Don't use telephone at all. Have no WiFi running in your house and remove your address from Google Maps, then move to South Georgia and the South Sandwich Islands.
Less effective: Don't use 'gapps' and Google apps at all. You can use Amazon AppStore to download apps. Or use Firefox OS or Ubuntu Touch instead.
Less effective alternative: Use permission management. There are many ways to do this. Android 4.3 have AppOps and there are shortcut apps to let you access to the hidden menu, however it's not very convenient to use. It's better to use CM or SlimRoms which in addition have the Privacy Guard toggle feature (Settings -> Security-> bottom of list). SlimRoms let you turn it on for installed apps by default. It blocks access to contacts and location. I'm not sure if it block network and phone IDs info though.
For more refined permission management, there is the Xposed Framework module called XPrivacy. It has a high learning curve and blocking the wrong permission will cripple your apps or make it not working. There is also LBE Security Master and OpenPDroid, but I much prefer XPrivacy.
You can also use AFwall+ which modify the Linux kernel's iptables to block internet connection, this is the most assured method to block internet connection access for apps imo.
If you still need to make use of Google apps or services, such as facelock and photosphere, but want to avoid installing 'Google services framework', you can use these gapps packages and not install the core package. Keep in mind, 'Google services framework' is important for connecting to Google server and without it some 'find your phone' apps won't work like Cerberus.
You can see if your phone is connected or syncing to Google server by the color of the WiFi icon color, gray means no, and blue means yes.
I have always wondered about why someone would buy a smartphone, Android or iOS and then worry about security? Why not just buy a simple TracPhone or something similar?
Not trying to knock on anyone, just wondering.
Sent from the Far Reaches Of The Earth!
A little intro:I spent a lot of time with malware on windows and which apps/settings can actually protect you. By working with malware you also get a lot of background info on how people / companies / governments can steal your privacy from you and how to protect yourself against it. When I decided to care about all that, I noticed that a lot of "security forum experts for PCs" have no clue about Android and its risks although probably the same if not more data is stored on our phones than on our PCs. So I decided to do some background research, worked with Android malware and played around with the different ways and options that can protect your security & privacy.
When I am looking for a security setup then I want one that is reliable & easy-to-work-with but also lightweight on the system. I don't want my security setup to cripple down my system.
I have done similar guides for Windows and as I haven't seen anything likewise for Android I thought I would give it a go.
What can you do to protect your security & privacy:Security - Firewall: To block incoming / outcoming traffic per app or per IP/DNS/Port. Can drain the battery and be a pain to configure on Android.
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Security - SuperSU: To actively manage which apps will get "unlimited" root access.
Security - Password manager: Use a password manager for all your passwords. Built in password managers (e.g. browser, ftp, mail ,etc) aren't really a save solution (even with the so called "master password"). Apps like KeePass offer a lot more than just having all your passwords stored safely. It lets me open apps + automatic login with just 2 clicks (e.g. FTP, SSH, Mail, Browser,...). It let's me create unique password so that I won't be using the same password on all websites. And there is still a lot more.
Security & Privacy - DNS: Change the DNS-Server you use to something like NortonDNS which will protect you from malware/phishing sites as well as semi-bypass the tracking of browsing behavior by your phone/internet provider. The DNS provider/resolver that you use (usually your phone/internet provider) will transform the domain you want to access into the IP adress of the desired server (the one which hosts the website you want to visit). This means that what ever domain you are going to browse will be transmitted to your DNS provider... so choose one carefully ! Also the better the connection to your DNS provider is (and the better the providers connection to the world-wide-web is) the faster your domain requests will be processed.
Security & Privacy - VPN: An easy way for attackers in your network (especially open & free wifi's) to steal data from you are MITM (Man In The Middle) attacks. They can modify SSL certificates which means even using HTTPS might not always be safe or simply read your network activity (such as logins which includes accounts + password). By using a VPN all the traffic that leaves your device will be encrypted and routed directly to a safe receiver which means no one can interrupt your traffic and sniffs (read) it.
Security & Privacy - SSH-Tunnel: Using an SSH-Tunnel has pretty much the same effect as using a VPN but the difference is you have to configure each app that you want to use the SSH-Tunnel. I prefer this method on Windows as I can encrypt only the traffic of my browser/mail/communicator while playing games or other apps will use the non-encrypted (and often faster) internet connection. Sadly there is no app on Android that in my opinion works flawlessly as SSH-Tunnel client.
Security & Privacy - Adblockers: We all know adblockers. They block ads and trackers to protect your privacy and some of them (e.g. mdl-malwaredomainlist) also protect you from malware & phishing websites.
Privacy - App Ops: App Ops or similar apps let you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
Privacy - Android 5.x disable allowed certificates: Every website and every (good) app will have a certificate that Android and also AV's check online to see if the website/app is trustworthy. Out-of-the-box Android allows many questionable certificates from governments and companies that might sell their certificates to websites/app that are not so trustworthy. Since Android 5.x you can remove/add certificates to disallow governments or companies that sell their certificates to questionable websites/apps.
Privacy - Encrypt your phone: By encrypting your phone you ensure that no one who finds your phone will be easily able to read anything saved on your phone. Not even by entering the recovery mode. It may slow down the performance a bit and increase battery drain slightly, but for me (Nexus 6) I had no troubles so far.
You can make that list longer by using only secure apps for communication (e.g. encrypted chats with Telegram or using Firefox and add-ons such as HTTPS-Everywhere) but I think that is more advanced and takes away the freedom and choice of readers/users. So I will stop here as I think I have covered the basics and most important things.
Which setup should you choose?Well first of all I recommend using only apps/services of companies that you can trust. E.g. companies that exist for a long time but haven’t done any questionable actions in the past. I have been a long-time-user of Comodo but looking at what Comodo has allowed itself in the past made me choose something different. On Android a good example are sms/call blockers. There are many options to choose from for example one is produced by a company named "NQ Security". Now do your google work and you will find some details that either makes you think of this company as trustworthy or not. Or maybe there are other companies with the same product which you would rather trust?
One thing to notice is that in the end your setup should cover most if not all aspects that I have mentioned above. Now you can either choose to use many different products (e.g. if they are free) or use on paid solution that covers everything at once. In any case, don't forget about stuff that might get installed but be useless to you. E.g. at some point I found my setup to have 3 different call blockers and 4 different sms blocker installed.
I have made a list of a few picks that I would recommend:
Must-HaveSuperSU / Rooted device (Click for Google play): 99% of all apps & configurations listed here will need your device to be rooted. Also SuperSU gives you a good overview about which apps have root access and is a good tool to configure those apps.
Override DNS (Click for Google play): It automatically changes the used DNS Server for 2G/3G/4G/WIFI to whatever you want (e.g. NortonDNS which has malware & phishing protection but also is one of the fastest DNS providers available world wide). Currently it is the only app that works with Android 5.x.
AdAway (Click for download link): Lets you block ads, tracking, malware and phishing sites. I recommend the standard sources + www.malwaredomainlist.com/hostslist/hosts.txt
App Ops (Click for Google play): App Ops lets you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
KeePass2Android online/offline (Click for Google play): KeePass2Android comes as two different apps that you can choose from in the GooglePlayStore. One supports online syncing via various services so that you can sync your password database on all your devices (Android, Windows, OSX, Linux, iOS,... ). The other option is called "KeePass2Android offline" which completely removes all features that would require an internet connection. The App doesn't even have permissions for internet connections ! If you don't know KeePass, it is one of the oldest password managers around. It is opensource, has a lot of plugins and the leightweight but feature rich app supports nearly every device & operating system. On Android you can even log into websites from the browser via KeePass2Android by clicking -> Share -> KeePass2Android -> Log into your database -> it will automatically get the right login data for the website you are currently browsing and pastes it into the login fields. My personal setup: KeePass2Android offline with another syncing/backup app that will sync my passwords via my own server. On my laptop I use KeePass with a plugin which replaces my browsers built-in password manager with KeePass.
GSP - Good Security Practice (Recommendations)Disable untrusted certificates (Android 5.x) (Mozilla Firefox list of allowed certificates): Use a source you trust and check what certificates they usually allow in their software (e.g. Mozilla Firefox). Then check that with what is enabled in your Android's security settings and disable whatever Android has enabled but e.g. Mozilla Firefox doesn't.
A very recommended app is "Trust Manager (Click for Google play)" by Bluebox. It lists all certificates on the phone and sorts them by categories which makes it easy to disable all untrusted certificates within two clicks.
Encrypt your phone: Enable encryption of your Android device.
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
VPN if you use public WIFI: I also recommend the use of a VPN from a trustworthy VPN provider. They don't cost too much and improve your security & privacy on public wifi a lot. Avast offers a great VPN service. Actually their app makes their services superior to me comlared to other VPN providers and apps. You might want to try the Avast VPN 14-day-trial.
Firefox (HTTPS-Everywhere + Adblock Edge) > Chrome: Firefox seems to be the winner in terms of privacy and security. But on my system Chrome is a lot faster than Firefox.
TextSecure > Telegram > WhatsApp > Facebook: Telegram was my favorite choice until @muppetmania and @bmstrong informed me about flaws and trust issues with Telegram. Instead it is highly recommended to use TextSecure. It is available on iOS and Android. Feature wise it might not be as good as Telegram (e.g. missing desktop client for windows/osx/linux) but I believe that this is a fair trade for privacy.
The bottom line
I tried to give a little overview of what kind of protection is available and what it does. I also added my choice of tools which will provide you with protection. It is up to you to decide whether it is useful in your case (based on your phone-behavior) and if you are willing to pay money for it or rather use free services. I will gladly help you with any questions or configuration/setup related things. Please let me know if you have any suggestion or corrections so that I can improve this thread !
Useful resources / links
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
https://youtu.be/seNHe5oMquw
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/
https://securityinabox.org/en
http://www.infoworld.com/article/29...managers-for-pcs-macs-and-mobile-devices.html
https://www.reddit.com/r/trackers/comments/30xtk9/trackers_security_and_you/
AV tests & comparisons:
http://www.av-test.org/en/antivirus/mobile-devices/
http://www.av-comparatives.org/mobile-security/
Thanks to:
Yuki2718 @wilderssecurity.com for teaching me a few things
@bmstrong for useful links and suggestions
@muppetmania for pointing out flaws and trust issues with Telegram !
Changelog:
01.08.2015 - Removed Telegram and replaced it with TextSecure
28.06.2015 - Updated useful resources & links
08.06.2015 - Updated useful resources & links
06.06.15 - Added "Trust Manager" by Bluebox to quickly and easily disable a punch of root certificates. Also added Avast VPN app
22.05.15 - Added a good link/explenation on non-trustworthy certificates that are installed on mobile devices out of the box ( https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/ )
18.04.15 - Added ressources for AV tests and comparisons
07.04.15 - Added more useful resources & links
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
10.03.15 - Added useful resources & links
06.03.15 - Added "password managers" and "KeePass2Android online/offline" as recommended password manager
01.03.15 - Added a more detailed description of DNS and why you should care about it
28.01.15 - Fixed typos and grammar
zakazak said:
Changelog:
28.01.15 - Fixed typos and grammar
Click to expand...
Click to collapse
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
bmstrong said:
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
Click to expand...
Click to collapse
Thanks, I might add those later but I wanted to keep this guide as "easy" as possible so that every "normal" android user could increase his security and privacy with simple tools in a short time. E.g. yubikey is awesome and a very interesting topic but not very handy for the average guy?
01.03.15 - Added a more detailed description of DNS and why you should care about it.
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Good suggestion, I have a few more and will add both (your link) and my stuff to the thread
KeePass2Android offline + KeePass on desktop + syncing via own server = win !
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Aaaaand it's done ! Added password managers to the OP.
zakazak said:
Aaaaand it's done ! Added password managers to the OP.
Click to expand...
Click to collapse
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
bmstrong said:
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
Click to expand...
Click to collapse
bmstrong said:
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
Click to expand...
Click to collapse
Thanks ! I added all the links to the OP and mentioned you for giving such great feedback and suggestions
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
bmstrong said:
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
Click to expand...
Click to collapse
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
zakazak said:
10.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
Click to expand...
Click to collapse
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
bmstrong said:
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
Click to expand...
Click to collapse
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Utini said:
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Click to expand...
Click to collapse
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Cyclu said:
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Click to expand...
Click to collapse
You are right, XPrivacy seems to be a really nice tool but I haven't been able to try it myself (as it is not compatible with Android 5.x) which is the reason why I haven't added it to the list yet
I might give it a try on my Nexus 4 with Android KitKat !
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
bmstrong said:
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
Click to expand...
Click to collapse
Once again thanks for your input. I added them to the OP but I am still really busy with my job/reallife. I hope I can improve the OP soon.
Question about choices
Utini said:
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
Click to expand...
Click to collapse
Hi, I've been juggling this question for a few days now and I'm hoping you will have an answer to assist me. First, I have read your post and this is absolutely what I have been looking for for the past few weeks. Thanks has been given and I hope you keep this up. Second, I read the wildersecurity link but still do not have an answer to this question.
Why choose ESET Premium over BitDefender. Can you tell me what one offers that the other doesn't? I've been leaning to BitDefender only because I have and use an Android Wear device. Again, thank you for any assistance or time.
I'll try to make it as simple as I can.
Here is what I want:
CyanogenMod with root privileges
Full control over which app, service or system component can access my data and the Internet.
(at the moment for instance I can't alter the "network access" privileges of my apps)
Safe to use speech recognition software
Safe to use, sophisticated navigation software
My questions:
Is that even achievable without a ton of work?
Is there a simple way to flash CyanogenMod without pre-installed bloatware? (e.g. Google apps, Skype, Cortana, ...)
Which tools should I use to make sure that apps can only access what I want them to?
Is there speech recognition software for Android that doesn't require Internet access?
Is there a navigation app that is capable of using the offline maps of Google Maps without requiring an Internet connection?
(e.g. Google Maps makes itself useless if you don't update from their servers every 30 days)
From your experience, do apps refuse to work when you deny certain privileges?
ferivon said:
I'll try to make it as simple as I can.
Here is what I want:
CyanogenMod with root privileges
Full control over which app, service or system component can access my data and the Internet.
(at the moment for instance I can't alter the "network access" privileges of my apps)
Safe to use speech recognition software
Safe to use, sophisticated navigation software
My questions:
Is that even achievable without a ton of work?
Is there a simple way to flash CyanogenMod without pre-installed bloatware? (e.g. Google apps, Skype, Cortana, ...)
Which tools should I use to make sure that apps can only access what I want them to?
Is there speech recognition software for Android that doesn't require Internet access?
Is there a navigation app that is capable of using the offline maps of Google Maps without requiring an Internet connection?
(e.g. Google Maps makes itself useless if you don't update from their servers every 30 days)
From your experience, do apps refuse to work when you deny certain privileges?
Click to expand...
Click to collapse
Dude- You should start developing your own rom in this case.
But consfused here and at this point i think you dont know.
CyanogenMod & Cyanogen OS
Assuming- when you said, cortana etc etc--- i think you are on cyanogen OS.. Which is the original OS for 1+1.
1- To achieve, you need to work.
2- Some optimized COS builds in XDA one android dev section- try a search. but not latest 13.1.2-ZNH2KAS3P0. Root using SuperSU. and use system app uninstaller to remove apps you dont need. Some debloater zips also lurking around in XDA. If you install CyanogenMod, then no need of gapps flashing if you dont use google account.
3. you can stop background data for the apps you dont want. Settings in most roms.
4. Speech recognition can be used offline after u download all languages of your choice. Not 100% and dont use it.
5. Try Maps.me. i didnt know google map needed to be force updated every 30 days unless some one restructures the entire landscape and routes.
6. Certain apps refuse to work if you dont grant permission. yes. its like telling some 1 without hands to eat from hand,.
:good:
Thank you so much for your reply. I indeed did not know that there is a difference between Cyanogen OS and CyanogenMod. But if I understood you correctly, CyanogenMod comes without gapps. (I hope it also comes without Google Play Services?)
The offline speech recognition you linked to seems to be from Google. I bet it will require Google Play Services and an Internet connection after some time, just like Google Maps does and I'm really afraid of that.
I might give Maps.me a try, but I think Google Maps still has by far the best most detailed and correct maps especially when it comes to POIs.
I would consider using official Google Maps, if there was a 100% safe way to wipe all the data the app collects before I allow it to update the maps. Alternatively, maybe I could download the apps from a second device and just copy the map data over to my main device every once in a while.
An even more crazy approach might be to spoof the time/date data for Google Maps so that it thinks the 30 days haven't been reached yet.
But I would still be very concerned about Google Play Services. Would microG be sufficient for my purposes to replace Google Play Services?
edit:
Okay, I have a rooted CyanogenMod without gapps now on my OPO.
edit2:
I have Xposed with modules "Xprivacy" and "Per App Hacking" installed now.
Xprivacy is an app permission manager and "Per App Hacking" can be used to spoof the system time an app will see. Hopefully I'll be able to fool Google Maps with it.
edit3:
I have microG installed now. Hopefully this will be enough to run Google Maps.
I really need to make sure I understand Xprivacy before that though.
My recommendations:
1. I recommend full device encryption with long and secure boot password and easy to use pin lock screen password. Here's more info: http://forum.xda-developers.com/general/security/guide-separate-passwords-encrypted-t3048072
2. Get an email address from a provider that respects user privacy i.e. Riseup. https://riseup.net/
This is one the most important things to do if you don't want google / yahoo / microsoft scanning your email for surveillance / marketing purposes.
3. Use apps from F-Droid. It's an app "store" for open source apps.
4. Always use Afwall+ to have control over which apps have access to internet. Even better if you use Afwall with combination of Orbot. This way you can route some apps through tor (need a custom script though). Orwall does the same thing more easily.
5. Instead of closed source Supersu, use open source superuser http://forum.xda-developers.com/android/software-hacking/wip-selinux-capable-superuser-t3216394
6. For maps I recommend openstreetmap. Download Osmand from F-Droid. It has navigation too.
7. For cellbased location provider, use unified location provider found from F-droid. It's connected to microg projects.
8. For encrypted SMS use Silence from F-droid (recipient needs the same app if you use encryption).
9. For encrypted instant messaging use Conversations (XMPP client) from F-DROID. Or Riot (which will soon have strong encryption).
Hey tofu thanks for your answer, I appreciate it!
I'm only really concerned about my phones software spying on me.
About the email thing: I'm running my own email server for that.
But I'm still looking for a way to anonymously creating a google account without providing my phone number.
I'm using F-Droid already and it's great.
I'll never go back to the play store that's for sure.
And for anyone else reading this, please don't touch the amazon app store, it's pure poison.
I'm also using AFWall+ already, but I'm not satisfied at all. The creator doesn't really seem to care about ensuring that no data gets leaked ever. I read a lot of reports that data was being leaked every once in a while, especially during system boots.
This is really scary to me... I'd really like to have a safer firewall.
Blocking Internet/networking permissions directly just causes apps and the system to become extremely unstable. I soft-bricked my phone like 5 times while playing around with it the last few days.
I was not aware supersu was closed source. I'll switch to the open source alternative soon.
I just installed OsmAnd~ and I'm not very satisfied. Navigation was ok, the tts voice was absolutely terrible and I wasn't able to find a single POI, I wouldn't even be surprised if it would fail to find the next McDonald's to my place. Google Maps just seems completely unmatched to me.
And about that: I was actually able to get Google Maps running without Google Play Services installed and I was able to successfully use it offline, spoofing the system time for that app, so that my maps would never become outdated. I notices a few downsides though, for example it only works for car navigation (bicycle mode etc are not available). After completing the installation of all the microG components I wasn't able to get it to work anymore though (I couldn't download the offline maps, because I couldn't enter my google account data anymore...).
But I'll figure out how I did it and go with Google Maps then.
To complete the microG installation I installed unifiedNlp with GSMLocationNlpBackend.
For encrypted messaging I'll probably be forced to stay with WhatsApp, as I can't possibly convince all of my friends to switch. But hey at least WhatsApp claims that your messages are end-to-end encrypted.
But obviously WhatsApp will always know who I know... that problem seems pretty much unfixable to me though...
I have btw also tried to get Google Now (speech recognition) to work offline. But I was unsuccessful. I have read reports of others getting it to work for literal voice to text applications... it won't take voice commands though. So that's not very useful... unless there was a way to define your own voice commands somehow.
But my biggest worry at the moment really is the firewall. I feel like there is nothing that you can really trust to work reliably.
And also the fact that Xprivacy can't restrict file access to certain folders... it's either all or nothing.
The worst of all might actually be IPC though (inter process communication) which a lot of apps require permissions for. And from what I understand any app with that permission could use another app as a sort of proxy to access the Internet.
I'm using a Google-free device with maximum privacy, so maybe I can not answer all your questions but I can give you an idea. First of all - disclaimer: I'm here because my girlfriend has an Oneplus One (OPO), but I do not have one. I use her old Nexus 5 (N5), but you will get the general idea. You already noticed there is a difference between CyanogenOS (COS) and CyanogenMod (CM). It also took me a while to figure out that difference. If you still have a stock Android in your OPO, it should be a COS 13.1 which is based on Android 6.0.1 and comes with alot of bloatware from Google and Microsoft.
1. First step is to find a suitable ROM for your needs. If you are used to COS and have not much experience in chosing custom ROMs, you should give CM a try. Here is the official wiki which includes Download links and installation instructions: https://wiki.cyanogenmod.org/w/Bacon_Info
2. The 2nd step after installing CM is the full device encryption, can be found in Settings > Security. If you do it on a clean phone without any apps and data it only takes a couple of minutes and chances of breaking stuff are low at this step.
3. Now I usually root it (with SuperSU) and install some magic which is called XPOSED framework. It's something which allows you to install modules on your phone on system level, not like an Appstore, but rather like a Tweakstore. There are a lot if chances you break stuff and most of the modules do not work with CM, however, one module to beat them all is the XPRIVACY module. It gives you back full control on everything. You can manage App permissions, you can fake permissions or if apps do not want to run with your set of permissions, you can even feed fake data (like wrong GPS signals, etc.). Read more here. http://repo.xposed.info/module/biz.bokhorst.xprivacy
4. F-Droid, yeah, the one open-source repository for your new apps. I'll install it at this point.
5. Now, that the device is flashed with CM, probably rooted and with a custom recovery, you have to flash a stock recovery again and lock the bootloader. Stock recovery because it does not allow any malicious party (hacker with physical access, police, intelligence services, etc.) to deploy any code to your phone which compromises your privacy. Locked bootloader is important to disallow any malicious party to boot anything they want which also compromises your privacy.
And this is pretty much what you need to get started, a rock solid environment free from Google. Make sure you have a strong PIN, I also use randomized screen locker, so people can not "observe" the way you enter your PIN.
For encrypted calls and SMS there is Signal, but that does not work without Google services and LibreSignal, the Websockets version, was discontinued just recently. For encrypted IM use ChatSecure rather than Conversations. Both are XMPP clients, but Conversations does not allow you to import or export OTR keys, which is very annoying for an Jabber client. For not so sensitive chats, I use telegram.
Finally, not having Google Play and Google Services available, makes the experience a totally different for the android device. Apps like Snapchat which do not require Google, but still do for some unknown reasons checks for Google, wont run. Also, a lot of apps work without Google, but you can't install them without downloading suspicious APKs from dubious websites. Be very carefull from where you download and install software if you can not find what you need in F-Droid.
I hope that helps you for your considerations.
---
Edit, one more final note. I also use OsmAnd and have to say it never let me down on any occasion (except when I forgot to download the maps before going somewhere remote without internet). The geodata quality is excellent in most urban areas, but the interace and usability are a mess. If you find your way around in the interface, the navigation works out pretty well. I sometimes have issues calculating very long routes, but you start to live with that.
Thanks for your input 5chdn! Most of the stuff you mentioned it already on my phone.
I made some progress yesterday and I'd like to share my current configuration:
All the apps I mention in this post are (at the time of writing) available in F-Droid, unless stated otherwise.
Everything I mention in this post is free and open source, unless stated otherwise.
Recovery Image: TWRP
ROM: CyanogenMod
'Apps' that have to be flashed:
SuperUser (this roots your phone which means you can grant root access to apps)
Xposed (provides a lot of important privacy tools)
Apps:
F-Droid (app store that provides free open source apps)
AFWall+ (manage which app can access the Internet)
Autostarts (manage triggers that apps can use to start themselves)
AdAway (can remove ads from apps)
Xposed Modules:
BootManager (manage which apps can start on boot)
Xprivacy (manage/spoof app permissions for privacy)
Safely using Google Maps offline permanently:
Please note: Google Maps is not open source.
Install microG (open source alternative to Google Play Services)
The installation complete installation consists of:
'microG Services Core' (aka 'GsmCore') (app)
At the time of writing this app is NOT available in F-Droid. This app also automatically installs 'µg unifiedNlp (NO GAPPS)' for you.
'microG Services Framework Proxy' (aka 'GsfProxy') (app)
'FakeGapps' (Xposed module)
'FakeStore' (app)
'XposedGmsCoreUnifiedNlp' (Xposed module)
'LocalGsmNlpBackend' (app)
'NominatimNlpBackend' (app)
'µg unifiedNlp (NO GAPPS)' (app) (will be installed automatically!)
Install 'Per App Hacking' (Xposed module)
Use this module to spoof the system time/date that Google Maps sees e.g. to '2016-10-14 10:00' so that offline maps don't become outdated. The feature to spoof the time is called 'time machine'.
I would really like to improve what I got so far and share it with the community.
If you know of anything that could help improve privacy please tell me.
I do not mention things like device encryption, passwords, lock screens etc, as these are a separate issue.
Hi everyone. I am getting an SM-G975F with the Exynos chipset. I was planning on flashing LineageOS on it but now I have stumbled upon MicroG for LineageOS and been doing a little reading up on it. Now I am not clear what the best choice would be from a privacy perspective.
My intention with LineageOS was to *not* install GApps and see how much I can make do with the default apps (i.e. the stock mail app, etc.). If that is my intention, then am I better off with LineageOS? or MicroG?
I don't really care about Google Apps. The only thing I can see myself struggling without is without some kind of semi-decent mapping application like Google Maps. Is there a decent alternative? Do I need MicroG for that? If I do cave and find I need Google Maps, then would I be better off with MicroG or LineageOS?
Also, is there a way to get Office apps (Word, Excel, etc.) on LineageOS? Or is that undesirable from a privacy perspective?
Lastly, is there a way to enable LTE bands 29, 30, and 46 on the SM-G975F model? These are enabled on the SM-G975W (Canadian) model, and I will be using the phone in Canada on Bell Mobility.
If these questions have been asked/answered elsewhere, can you please just drop a link?
Thanks,
The Fish
Your post does not qualify for Development. Please read the stickies before posting!
Moved to Questions and Answers.
Hi XDA’ers
I thought I would provide an update on my experience thus far with LineageOS 19.1 on my Exynos SM-G975F and answer some of my own questions which I asked above. Maybe some of this is obvious stuff or maybe not. Maybe it will be helpful for others in the future.
The operating systemI installed LineageOS from the official lineageos.org website. I did not install GApps so I am operating without the Google Play Services.
While Android itself is open source, the “Google Play Services” are not. They are a proprietary library from Google that are included with most (all?) Android devices and provide a number of services, APIs, etc. to apps running on Android. It's not part of the operating system per se, but lots of apps require it. So, I am operating with LineageOS only without the Google Play Services.
As a side note, there is an open-source re-implementation of Google Play Services called microG. MicroG cannot be installed as an app but needs to be installed as part of the OS. There are basically two flavors of LineageOS that include microG. They are “LineageOS for microG” and /e/OS. Both of these include microG. Pure LineageOS on its own however includes neither Google Play Services (unless you install GApps bundle) nor microG.
I was surprised how small the download file was for LineageOS. It weighs in at just 777 MB. I am used to Samsung firmware that weighs in at about 6 GB. So, this seemed really small to me.
Upon first boot up I was impressed with how clean the operating system was. Not only is there no bloatware but there is basically almost nothing at all. There is a dialer app, an SMS app, a camera app, a calculator, and a mini browser. There is also a local-only address book (no link to cloud services) and a local calendar app. The browser is fairly limited but gets the job done. Notably there isn’t a mail app (although I understand that there used to be one on previous versions of LineageOS). So, I set about seeing what I could do.
AppsI installed the F-Droid app store but there are not any mainstream apps in there. Some of the apps in there might be good (I still need to explore it more) but I needed a solid email app. My company is on Office 365 so Outlook would be my first choice.
I stumbled upon APKPure and APKMirror. Both are very ad-filled spammy looking website that seems to be a web-based front end to the Google Play Store. Using these sites website, you can download official APKs for mainstream apps like Outlook, Word, Excel, etc. Be very careful where you click. Lots of the ads on the site include "Download Now" type buttons that you can click on thinking you are downloading an APK but instead are clicking on a spammy ad. So, navigate carefully on these sites.
I was able to install Word, Excel, OneDrive and Outlook. This was huge because I needed a decent mail app. Being able to install OneDrive meant I could now sync my camera with OneDrive. All the Microsoft apps worked flawlessly on LineageOS even without Google Play Services. The one thing I noticed however is that Outlook does not give me notifications when I get a new email. I have to go into Outlook and swipe down to refresh. I believe this is due to the lack of Google Play Services. Maybe using microG would eliminate this problem (not sure). I can live with this for now but would obviously like a way to resolve it.
Installing Outlook synced the local Calendar and Contacts apps with my Outlook contacts and calendar so that worked great.
Bible AppsBoth the Olive Tree Bible Reader app and the ESV Bible app installed no problem from APKPure. Both of these are offline Bible apps (they download the whole Bible and can be used offline). I like Olive Tree because I have several translations (including the SBLGNT) and Olive Tree lets me switch between them. The ESV app is great because they have recordings and so you can hear Kristyn Getty or David Cochran Heath read the Bible to you in natural non-synthetic voices.
SignalI installed Signal directly from their website (they offer the APK directly on their website). Signal detects that it is being installed on a device without Google Play Services and so registers itself as a service and consequently I do get notifications for new Signal messages (unlike Outlook). I wonder if there is some way to make Outlook run the same way. I tried installing Microsoft Teams which we use at work but don't get any notifications when people send me messages. So that makes Teams pretty useless.
BrowserThe build-in default browser renders HTML/CSS just fine but is very limited in terms of features. When you install a progressive web app as an app on the home screen it works but launches in the full browser with the address bar visible which breaks the app-like experiance which is really the whole point of a PWA. So I set about trying to fix this. To my surprise I was able to install Microsoft Edge without ANY issues whatsoever. It works great and web apps pin to the home screen the way they should (and open as apps). So I made Edge my default browser.
KeyboardsThe default keyboard in LineageOS does not have stickers or GIFs. That is as it should be I think for a default built-in keyboard. But it does not support swipe typing either. This surprised me. It seemed like a huge step backwards to have to tap out every letter with my thumbs. Do people still type like that on their phones?!?! Oh, the humanity!
There is a microphone icon at the top of the keyboard for speech-to-text transcription. I used this all the time before on my Samsung S8+. But tapping it did nothing. Apparently I am missing a speech-to-text engine. This surprised be because Outlook has dictation built-in using Microsoft's engines and works well. But it only works in Outlook and not universally throughout the phone as it would if it was built-in on the keyboard.
I installed the Microsoft SwiftKey keyboard and that gave me stickers, GIFs and... swipe typing! Woo Hoo! But I was really hoping it would give me speech-to-text since I dictate almost all of my text messages. I figured it would use Microsoft's engine like Outlook does since it was a Microsoft app. But tapping the microphone on the SwiftKey keyboard promptly tells me that I need to download "Google Voice Search".
Microsoft AuthenticatorI installed the Microsoft Authenticator app for 2FA and it installed just fine. But it was impossible to add any accounts by scanning the QR codes. I think this is due to notifications not working properly, probably also due to the lack of Google Play Services or microG.
Outstanding IssuesSo, the outstanding issues I have right now are:
Microsoft Authenticator is non-usable. This is a huge issue for me
No speech-to-text transcription from keyboard
No notifications in Microsoft Teams
No notifications in Microsoft Outlook (this I can live with).
What I LikeWhat I like about LineageOS is the clean, minimalistic design of the operating system. I am not pushed into any particular "ecosystem" be it Google, Samsung, Microsoft or Apple. I can decide which ecosystem I want to participate in and to which extent. For example, I could download Outlook without downloading Edge and I don't need to backup my photos to OneDrive unless I want to. You can do this, to some extent, with OEM versions of Android, but it requires ignoring and disabling things. Come to think of it, that is really what an operating system should be - a platform for running apps, not an on-ramp into an ecosystem.
What irritates me is that not all apps work as they should. It seems like Google Play Services is an important part of the mix and many apps fail to function properly without it. Signal seems like one exception. It detects that you are not using Google Play Services and adapts the functioning the app accordingly.
Just a minor update. I tried several diffrent TTS engines (Pico TTS, Flite TTS, RHVoice) and none of these gave me text typing.
I ended up installing Speech Services by Google and it worked. I was surprised that it worked considering I do not have GApps (and thus no Google Play Services) and no microG on my phone.
So, I guess I can live with a little Google on my phone, but I would have preferred to find an open-source alternative or, barring that, a Microsoft alternative.