this post was submitted on 08 Aug 2020

9 points (69.6% liked)

Privacy

31273 readers

642 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

Smartphone Hardening non-root Guide 2.0 (for normal people) (lemmy.ml)

submitted 4 years ago* (last edited 4 years ago) by [email protected] to c/[email protected]

36 comments fedilink hide all child comments

(1/2) Lemmy does not allow too long post walls

UPDATED 16/8/2020: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid. ~~This guide is nearly FOSS supported now.~~

UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy's F-Droid repo. This guide is completely FOSS.

Hello! I am the founder of /r/privatelife . Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious.

A kind request to share this guide to any privacy seeker.

#User and device requirement

ANY Android 9+ device
knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me)

#Why not Apple devices?

iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable.

17/9/2020: Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire.

Also, they recently dropped plan for encrypting iCloud backups after FBI complained. They also collect and sell data quite a lot. Siri still records conversations 9 months after Apple promised not to do it. Apple Mail app is vulnerable, yet Apple stays in denial.

Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent, and Louis Rossmann dismantled Apple's PR stunt "repair program".

Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper to do than Android.

#LET'S GO!!!

ALL users must follow these steps before "for nerdy users" section.

Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.

Sign out all your Google and Huawei/Samsung/other phonemaker accounts from your device so that Settings-->Accounts do not show any sign-ins except WhatsApp/Telegram
Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/
Use "Universal Android Debloater" to easily debloat your bloated phone.

NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/

Make DIY camera covers, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). My rear camera cover
Install F-Droid app store from here
Install NetGuard app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS]

NOTE: NetGuard with Energized Ultimate HOSTS file with any one of the above mentioned DNS providers is the ultimate solution.

NOTE: Set DNS provider address in Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS

In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below:

Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu.

###LIST OF APPS TO GET

Get Firefox Preview web browser from F-Droid (install uBlock Origin addon inside (if technically advanced, try doing this)). Also get Firefox Klar if you like a separate incognito browser.
Get Aurora Store from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in
for 3rd party APKs source them only from APKMirror OR APKPure OR APKMonk, quite trusted, BUT TRY AND AVOID IT IF POSSIBLE
Get Privacy Indicator from F-Droid for iOS 14 like camera/mic dot indicator feature
Get OSMAnd+ from F-Droid or Qwant Maps inside web browser for maps and/or print physical maps if you live and travel in one or two states or districts.

NOTE: Qwant Maps has better search results than OSMAnd+

Get PilferShush Jammer from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking)
Get OpenBoard (user friendly) OR AnySoftKeyboard (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware
Get FTP Server (Free) from F-Droid and FileZilla on computer for computer-to-phone internet less file sharing

NOTE: for phone-computer sync or sharing, can TRY KDE Connect, available for Android, Windows, Linux

Get TrebleShot instead of SHAREIt for phone to phone file sharing
Get K-9 Mail or FairEmail as e-mail client
Get NewPipe for YouTube watching, or YouTube in Firefox Preview/Klar
Get QKSMS from F-Droid as SMS client app
Get Shelter from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal)
Get SuperFreezZ from F-Droid to freeze any apps from running in background
Get Librera Pro from F-Droid for PDF reader
Get ImgurViewer from F-Droid for opening reddit/imgur/other image links without invasive tracking
Get InstaGrabber from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is here, thanks u/sad_plan )
Get GreenTooth from F-Droid to set Bluetooth to disable after you have used it
Get Material Files or Simple File Manager from F-Droid for file manager app
Get ImagePipe from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date)
Get Note Crypt Pro from F-Droid for encrypted note taking app
Get Vinyl Music Player from F-Droid for music player
Get VLC from F-Droid for video player

###CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING

I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things.

AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us.

Now that you would have set up your phone with installing apps, now is a good time to perform this procedure.

Step 1: Install AppOpsX from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/)

Step 2: Plug phone to computer, and enable USB debugging in Settings --> Developer Options (you probably already did this in the starting of the guide)

Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app.

Step 4: On computer, type commands in order:

adb devices

adb tcpip 5555

adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &

Step 5: Now open "AppOpsX" app, and:

disable "read clipboard" for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al.

NOTE: Most apps that have text field to copy/paste text require this permission.

disable "modify clipboard" for every app except for your virtual keyboard or office suite app or clipboard monitor/stack special apps.
disable "GPS", "precise location", "approximate location" and "coarse location" for every app except your maps app (Firefox and OSMAnd+)

(2/2) in comment below.

top 36 comments

sorted by: hot top controversial new old

[–] [email protected] 0 points 3 years ago (1 children)

Thanks for this, I had some of this completed already but didn't know about AppOpsX - that piece helped a lot for my peace of mind (as I like my device otherwise quite a bit).

[–] [email protected] -2 points 3 years ago* (last edited 3 years ago)

The fact that people keep reaching this guide keeps my hope alive for my mission of a pro privacy libre culture. Thank you.

[–] [email protected] 0 points 4 years ago* (last edited 4 years ago) (1 children)

Netguard with HOSTS

I was under the impression you cannot edit the hosts file without root? How do you do this?

Debloat Script

Also obviously a backup is recommended, but didn't really want to fresh install, I should be fine to run the debloat script without fresh installing correct? Also will this break apps like Signal that check for Google Services and if it doesn't find it doesn't rely on them? I had an issue with Signal not sending notifications because of this (Blocking off Google Services with Netguard). I know on systems where Google Services are removed it works fine because it doesn't detect them, but the debloat script looks like it just disables them correct? So I assume I may run into issues with Signal notifications? I don't know why Signal can't just allow us to choose.

[–] [email protected] -1 points 4 years ago

NetGuard without root works using the VPN function on Android, by routing all traffic through it. Since you employ the HOSTS rules on NetGuard, it effectively acts the same as system HOSTS rules, since all traffic is routed through NetGuard.

The script is totally safe, and you can just re enable packages that the sh scripts list, and which disabling seem to have crippled your phone ROM's functions (for example the PC suite packages should be re enabled if you sync and backup via them).

Apps that rely on Google Cloud Messaging (GCM) service will have issues with notifications, not all of them though. Signal probably listed the issues with F-Droid build, so they will stay on Play Store (and Signal will stay out of my device).

[–] [email protected] 0 points 4 years ago* (last edited 4 years ago) (2 children)

Thanks for your post but your Apple section is questionable. Could you please provide sources for your claim that Apple sells data they collect? Also, after that Qualcomm f*ckup, using T1/T2 vulnerability as a reason not to buy Apple device is weird. The only valid arguments are all outlined in the Gist and they are surely concerning. But that’s not nearly enough to say that Apple devices should be avoided.

[–] [email protected] 0 points 4 years ago* (last edited 4 years ago) (1 children)

Cook has gone so far as to call for tighter regulations on explicit user data sales, so likely not much there. Maybe in its ad platform aggregated data might be used.

The closest thing in that regard I could find was their mention of advertising sales in their quarterly report. Likely user data in some aggregated form is sold to sellers, like FB does

Services Services net sales increased during the third quarter of 2020 compared to the third quarter of 2019 due primarily to higher net sales from the App Store, Video and Cloud Services. Year-over-year Services net sales increased during the first nine months of 2020 due primarily to higher net sales from the App Store, Advertising and AppleCare. Advertising net sales includes net sales from licensing arrangements and the Company’s advertising platforms.

Here is one snippet on their ad efforts (from an unlinkable ad cancer adweek site):

Apple Is Quietly Ramping Up Its Ad Game With Search Ads Expansion The App Store is trying again at one of its few failures

[–] [email protected] 0 points 4 years ago (1 children)

Yes, there is Apple Search Ads thing which allows to advertise an app on App Store. The thing is they are transparent on how it works and explicitly say that they don't sell any data. See here: https://searchads.apple.com/privacy/

[–] [email protected] -1 points 4 years ago

Does Apple talk about being NSA partner, and this? https://i.imgur.com/n8Bk0bA.jpg

Or their T1/T2 hardware flaw, or Apple Mail exploit denial, or how they faked the San Ferdandino shooter incident for publicity?

[–] [email protected] -1 points 4 years ago (1 children)

I provided sources for that already. https://i.imgur.com/n8Bk0bA.jpg

I do not trust Apple or Qualcomm as they are NSA arms and USA has extended jurisdiction over me in India.

All of the above reasons are why Apple devices must clearly be avoided for privacy and security, without doubt.

Also, you cannot use app store until you make an Apple ID in Apple devices, unlike Android.

[–] [email protected] 0 points 4 years ago* (last edited 4 years ago) (1 children)

There's nothing about Apple selling data to third-parties. Moreover, they are clearly saying in they privacy policy that they don't sell it. So, again, do you have any sources on that?

Any company from Five Eyes are potential NSA partners. Companies from other countries may be partners as well. See Crypto AG from Switzerland. If you don't trust Apple that much then why do you trust other vendors? How can you be sure that, for example, Sony or LG does not ship backdoored phones to US or India or other countries? Most of the Android phones are with Qualcomm chips too. So, I don't see how iPhones are less secure. You can have more privacy with something like GrapheneOS but definitely not more security.

You can use fake Apple ID for App Store, you don't need a credit card for it.

[–] [email protected] -1 points 4 years ago (1 children)

You probably missed the 3rd link from bottom about selling data there. Not sure if you are intentionally overlooking it. Here, take it: https://hongkongfp.com/2017/06/08/china-uncovers-massive-underground-network-apple-employees-selling-customers-personal-data/

Also this recent one: https://www.thewrap.com/apple-lawsuit-user-data-itunes/

How can you be sure that, for example, Sony or LG does not ship backdoored phones to US or India or other countries?

Bold claim. I wonder if there is someone else who blabbered a sentence similar to this.. "backdoors in transit"? Until it is proven, I will just declare it to be FUD garbage.

You can use fake Apple ID for App Store, you don’t need a credit card for it.

And you still end up making an Apple account with plenty of your data going to Apple servers. You cannot avoid making an Apple account, which is the whole gist of it. On Android, you need not make a Google account, or root/jailbreak phone to install 3rd party FOSS app store like F-Droid.

[–] [email protected] 0 points 4 years ago (1 children)

Yeah, I missed these two links, thanks. So, the first one talks about unauthorised access from some employees. I don’t see how this proves that Apple sells personal data.

From the second link:

For example, any person or entity could rent a list with the names and addresses of all unmarried, college-educated women over the age of 70 with a household income of over $80,000 who purchased country music from Apple via its iTunes Store mobile application.

I’ve tried to find a way to rent such a list and didn’t found how can I achieve this. Moreover, you can’t even get names nor addresses via Search Ads targeting. Given that this article is almost 1.5 years old and there was no more info about that lawsuit it’s either a fake or someone tried to get some easy money.
So, we’re back to the question.

Bold claim. I wonder if there is someone else who blabbered a sentence similar to this… “backdoors in transit”? Until it is proven, I will just declare it to be FUD garbage.

Its not a claim. I’m asking why you don’t trust Apple but trust other vendors? Why they deserve your trust? Why other people should trust them more than Apple? That was the question.

And you still end up making an Apple account with plenty of your data going to Apple servers.

Yes, and that’s why I said you can get more privacy with something like GrapheneOS. But you won’t get more security by switching away from iPhone.

[–] [email protected] -1 points 4 years ago (1 children)

If you are trading verifiable open privacy off for security that is totally proprietary and unknown (and unreliable as seen with Apple T1/T2 chips), it is same as claiming you have a great accuracy rate with blindfold shooting.

The claim was not fake, Apple just happens to have too much money and power.

Also, Apple works with NSA (and that data goes to 14 Eyes via NSA). Some other entities happen to have no relations with 14 Eyes or NSA.

As we know, Google AI is used to murder people in foreign countries via US military drones: https://www.wired.co.uk/article/google-project-maven-drone-warfare-artificial-intelligence

Also, we know Facebook, Apple, Google and other US companies are very friendly in giving and taking data: https://www.nytimes.com/interactive/2018/06/03/technology/facebook-device-partners-users-friends-data.html

As such, giving data to NSA or 14 Eyes in any manner can put people at high risk of safety and real-life security. In the end, this proprietary Apple security is a facade and marketing ploy.

[–] [email protected] 0 points 4 years ago (1 children)

Are you intentionally evading questions related to profs for Apple selling user data? You still didn’t provide any sources nor you said anything about trust in other vendors.

I can’t care less about Google or Facebook as well as I don’t care about US military. This thread is about Apple and how it handles personal data.

[–] [email protected] -1 points 4 years ago* (last edited 4 years ago) (1 children)

Are you intentionally evading questions related to profs for Apple selling user data?

Are you intentionally acting ignorant towards the evidence I already gave for Apple spying and selling user data?

Guess what, your tiny comment train is not the thread. The thread is about the guide I made, and it seems to contain facts that others are not criticising except you.

[–] [email protected] 0 points 4 years ago (1 children)

Are you intentionally acting ignorant towards the evidence I already gave for Apple spying and selling user data?

Sorry for the questions, but did you read the “evidences” you provided? Could you please point me? Maybe I’m blind or something but I yet to see evidences for Apple selling my data.

Guess what, your tiny comment train is not the thread. The thread is about the guide I made, and it seems to contain facts that others are not criticising except you.

Apparently, I’m not the only one: https://news.ycombinator.com/item?id=24091709

[–] [email protected] -1 points 4 years ago* (last edited 4 years ago) (1 children)

You are coming off as agressive. Kindly request you to be a gentleman even if we have disagreements. The evidences are surely something you may have missed.

Apple employees were selling data in China, which you can read. For the iTunes lawsuit, it was found that iTunes does collect personal data on you, but I will give you the leeway and benefit of doubt.

How about Siri recording conversations, and continuing to record them 9 months after they promised they would not do it? https://www.theregister.co.uk/2020/05/20/apple_siri_transcriptions/

You can watch The Hated One's video on Apple as well, discussing the Epsilon values on differential privacy fake claims: https://yewtu.be/watch?v=shxTTon5lfs

AHH HACKERNEWS definitely credible people. Comments and opinions are all over the place among those people. None of those even have an opinion they are clear about.

One of the first things this article lists is enabling Huawei screen capture and record. This is overall an unserious guide

So this user seems to ignore the fact that these Huawei packages have no internet permissions, and that they do not have any suspicious things in manifest either, but "demonise Huawei, Western social validation +100".

It suggests installing many closed source, Advertising-ridden apps from the play store.

I wonder which app I wrote about is "ad-infested". The only non FOSS app is App Ops which does not have any ads and it seems to do a fine job. I even instructed to turn wifi and cell data off for it. It has not been reported to, or misuses the ADB authorisation given to it, and is a baseless accusation on the app and/or my recommendation.

iPhone does not allow you to have privacy due to its blackbox nature

This is a stupid argument. My mobile banking app isn't open source either but I'm pretty sure it's reasonably private.

So this user wanted to negate my argument, yet they are "pretty sure it's reasonably private". How vague is "reasonably" here? How much is "pretty sure" sure? Do they live in la la land fantasy?

A bunch of app suggestions for reading reddit and watching youtube is terrible security advice and borderline dangerous.

User should probably explain where did I tell users that the guide is only suitable for "reading reddit and watching youtube". Their "security" claims are weird, as an unlocked bootloader and root are far bigger risks to contain compared to a locked bootloader phone with my guide basically telling to install a firewall with HOSTS rules and DNS, bunch of FOSS apps, an image metadata cleaner, a work profile based app sandboxer, and crippling hidden app permissions via using system APIs via ADB.

I have noticed a lot of these privacy folks do not understand the meaning of and throw around the word "hardening" like it is a rocket science project that only musicians in a football team would research upon to understand. I need to make a post on this word for folks now, it is so scary and getting out of hand.

[–] [email protected] 0 points 4 years ago (1 children)

You are coming off as agressive. Kindly request you to be a gentleman even if we have disagreements.

To be honest, I don't see where I was aggressive in my comments. All I was doing is asking questions and arguing about your choice of words in the article.

Apple employees were selling data in China, which you can read.

There's a difference between Apple and an Apple's employee who's got an unauthorised access to data.

For the iTunes lawsuit, it was found that iTunes does collect personal data on you, but I will give you the leeway and benefit of doubt.

Yes, I'm 100% sure that this lawsuit is bullshit because:

This is not the first time someone claims something like this.
There's no proof that Apple sells iTunes data.
There's a common sense that says me this is bullshit.

You can tell me I was wrong after the court will rule that Apple was selling user data. But I doubt this will happen. As you said, "Until it is proven, I will just declare it to be FUD garbage."

How about Siri recording conversations, and continuing to record them 9 months after they promised they would not do it.

Yep, they collecting user's recording and only recently allowed you to opt-out. Still, they didn't sell it.

You can watch The Hated One’s video on Apple as well, discussing the Epsilon values on differential privacy fake claims.

To watch a YouTuber discussing differential privacy? Yeah, sure. Right after he will show me his PhD degree in math.

I see you went crazy on HN's comments but my point was not to insult you but instead to address your comment:

The thread is about the guide I made, and it seems to contain facts that others are not criticising except you.

The whole point of this discussion for me was simply to ask you to be more careful with accusations in the article. There're no proofs on Apple's selling user data and I would be highly surprises they do this after all their effort in making their devices, software and SDKs more privacy-aware.

Instead of throwing such a strong claims you could instead say something like "placing your trust in companies and giving away your personal info is not a good idea if you're privacy conscious person" or something. But you just grabbed few links with headlines like "YO YO Apple selling your data, no shit" without even reading them. I suppose, to give more weight to your article and for hype? This makes really hard to take the rest of the guide seriously.

[–] [email protected] -1 points 4 years ago (1 children)

Apple employee is Apple's responsibility, and if Apple did not fire them before they did this, they count as Apple employee, and thus it is Apple's doing.

Yep, they collecting user’s recording and only recently allowed you to opt-out. Still, they didn’t sell it.

Why are they collecting data when "what happens on iPhone stays on iPhone"? Is that not false advertisement about claiming to protect a human right?

To watch a YouTuber discussing differential privacy? Yeah, sure. Right after he will show me his PhD degree in math.

Calling The Hated One an ordinary YouTuber on the subject of privacy is not just disingenuous, but ignorant and shows a lack of understanding. He is educated enough to talk about it, which almost nobody else talks about.

There is proof of Apple selling user data (Apple employee is not separate from Apple), so they are clearly doing it, as well as having some lovely relations with data give and take with Facebook and Google.

Enough people are taking my guide seriously, and it helps with privacy of their personal data or metadata, so it is good enough for now. Bickering people have not done anything to help the majority of people, and keep basking in the glory of custom ROM and tinkering all day. I am helping that lowest common denominator, which needs the most help and improves the privacy of others as a net indirect result.

[–] [email protected] 0 points 4 years ago (1 children)

Apple employee is Apple’s responsibility

That’s why they were prosecuted.

they count as Apple employee, and thus it is Apple’s doing

By your logic, if a citizen of a country will kill another citizen then it’s the country who killed that citizen. Pretty flawed, huh?

Why are they collecting data when “what happens on iPhone stays on iPhone”? Is that not false advertisement about claiming to protect a human right?

How’s it related to selling user data? There’s a lot of things to blame Apple for. But this is off topic.

Calling The Hated One an ordinary YouTuber on the subject of privacy is not just disingenuous, but ignorant and shows a lack of understanding.

I don’t care about YouTubes. What’s his accomplishments except for retelling other sources? How is his content different from lifehacks and minecraft letsplays? Did he proved a flaw in differential privacy? If so, where can I take a look at the paper?

There is proof of Apple selling user data (Apple employee is not separate from Apple)

I’ve showed that this doesn’t work like that. This is also contradicts their privacy policy. Are you saying that they are lying in their public legal document? Then why no one won a lawsuit agains them given that there were lawsuits?

For the third day in a row I’m asking you to provide a source for your claim and we’re still here. That’s not even funny anymore.

——

I’m not saying that your guide is complete garbage or anything like that. I believe that there are people who will find it useful. Your claims on Apple selling personal data and pointing to unrelated links as an “evidence” is the problem. Well, you’re not the first one in the hype train and you’re definitely not the last one.

[–] [email protected] -1 points 4 years ago

But you did not acknowledge the prosecution, and denied that it had anything to do with Apple. This is the problem with the way you are arguing. Your criticism seems acceptable, but then it becomes a bad faith argument couple sentences later.

Apple is not a country, but a corporation that makes tall claims of protecting privacy in exchange for $1000+ device people buy, then backstab them. Understanding this is fundamental to educating masses about privacy.

How’s it related to selling user data? There’s a lot of things to blame Apple for. But this is off topic.

Apple makes privacy claims then does these backstabbing things, which clearly indicate that privacy is a marketing tool to them, and not a human right as Tim Cook stated publicly.

Did he proved a flaw in differential privacy? If so, where can I take a look at the paper?

He is not proving a theory himself but making the information about Epsilon values of handled data by these corporations more visible to public. I am sure this can be checked via searching.

Then why no one won a lawsuit agains them given that there were lawsuits?

I hope you are joking. Apple is the national brand of USA, and US government is there to protect them. Besides, Apple has nearly infinite money and political power to crush people criticising them via lawsuits.

For the third day I showed you couple sources that prove Apple sells and collects data, and you are continuing to stay in denial or argue in a nullifying manner.

You are not the first and last one to believe in the religion of Apple. There are plenty of those at reddit.com/r/privacy.

[–] [email protected] 0 points 4 years ago (1 children)

You probably want Firefox Beta now instead of Preview. There are more whitelisted add-ons now; I also have Privacy Badger enabled and am tempted to also enable Decentraleyes (last time I tried it on desktop it broke some sites).

[–] [email protected] -1 points 4 years ago (1 children)

Looking into it quickly. I just wanted a normal user to be able to install FF quickly without going to GitHub/GitLab releases, so I saw Preview, and that was that. :/

[–] [email protected] 0 points 4 years ago* (last edited 4 years ago) (1 children)

Ah. Well, preview and beta are both oh Play Store. Preview is no longer updated now that the new core is deemed stable enough for beta (though some people were upset when initially it didn't have any add ons)

Haven't checked if they're on the ffox fdroid repo though

[–] [email protected] -1 points 4 years ago

They both are there.one reddit user pointed it out to me as well. Looking into it, just woke up.

[–] [email protected] 0 points 4 years ago (1 children)

I think you can replace AppOps with AppOpsX, it also supports adb method and it's free unlike AppOps that's freemium

[–] [email protected] -1 points 4 years ago (1 children)

You get a big kiss on forehead, sir/madam! Thank you for this wonderful suggestion. This makes my guide fully FOSS.

[–] [email protected] 0 points 4 years ago (1 children)

Thanks, AppOpsX also got bulk permission disabling which is better than Shizuku AppOps :)

[–] [email protected] -1 points 4 years ago

I agree, tested it fully yesterday. Will take another day to see if I missed anything.

The non root privacy hardening guide is fully FOSS now. AppOpsX seems super good as of now!

[–] [email protected] -1 points 4 years ago (1 children)

If you don't use your smartphone often, just buy a PinePhone.

[–] [email protected] -1 points 4 years ago (1 children)

The reality is we all use smartphones often, as that is how you can function well in society. PinePhone, Necunos or Librem 5 are a utopian dream, and will stay like that for quite sometime.

[–] [email protected] 0 points 4 years ago* (last edited 4 years ago) (1 children)

yeah, I plan to use a PinePhone as my secondary device and start helping port apps to it, but will probably use either Android or iOS for some time.

Alas, my next phone might be an iPhone -- though I'll try to steer clear from Apple services.

I currently use a Pixel as my daily driver, but I want to help contribute to OpenStreetMap and there's no OSM navigation app with Android Auto support, whereas MAPS.ME is open source, uses OSM and supports CarPlay. I wonder if it's technically more difficult to get Android Auto support or it's Google ironically abusing their gatekeeper role here (normally Apple is the one accused of doing that with the App Store).

[–] [email protected] -1 points 4 years ago

Not sure, Apple is not too great and very unmodifiable. Jailbreaking it makes its security garbage, and without Apple ID you cannot even install any app there.

Android is just lot freer unless you are looking for that convenient life with Apple.

[–] [email protected] -2 points 4 years ago* (last edited 4 years ago) (1 children)

(2/2)

disable "calendar" for every app except your calendar and email app
disable "read contacts", "modify contacts" and "get contacts" for every app except your "Phone", "Phone Services", "Phone/Messaging Storage", contacts and messenger apps
disable all "send/receive/view messages" permissions for every app except "Phone", "Phone Services", "Phone/Messaging Storage", QKSMS, contacts, dialler and messenger apps
disable "body sensors" and "recognise physical activity" for every app except games needing gyroscope, or any compass dependent app like camera or bubble leveling app
disable "camera" for every app except your camera and messenger apps
disable "record audio" for every app except camera, recorder, dialler and messenger apps
disable all "Phone" permissions for apps except your SMS app (like QKSMS) and Contacts, Dialler and call recorder apps
disable "change WiFi state" for every app except file sharing apps (like TrebleShot)
disable "display over other apps" for any third party app not from F-Droid
disable "read storage" and "write storage" for apps except file manager, file sharing app and messenger apps
enable all permissions for "Phone", "Phone Services" and "Phone/Messaging Storage" system apps, critical for cell radio calling and sending SMS

Step 6: Profit! Now you can plug off phone from computer.

NOTE: Remember to use AppOpsX everytime you install a new app outside of F-Droid store, which is done not too often by people.

#FOR NERDY USERS

Get App Manager from Izzy's F-Droid repo (here) to inspect app's manifest, trackers, activities, receivers, services and even signatures via Exodus Privacy built-in, all without root
Get Warden from Izzy's F-Droid repo (here) for checking loggers (rest app is inferior to App Manager)

#HOW TO USE NETGUARD

By default, all apps will be blacklisted from WiFi and mobile data access.

If not, go to Settings via 3 dot menu --> Defaults (white/blacklist) --> Toggle on "Block WiFi", "Block mobile" and "Block roaming"

Whitelist your web browsers, messengers (WhatsApp, Zoom et al), file sharing apps, download managers, "Aurora Store" app and any game if needs internet and give them WiFi and mobile data access.

Also, whitelist "Downloads" and "Download Manager" as these are system apps that allow web browsers and other apps without built-in downloader to download files. Whitelisting this will keep apps and system stable.

#WHICH PHONE BRANDS ARE GOOD AND BAD? (FACTS)

Now we will need to evaluate what manufacturers are relatively safe, no appeasing, I will be blunt. I will make tier lists to help. I will give explanation for each, so read before jumping with pitchforks.

NOTE: If you have anti-Chinese political allergy, kindly read facts, or choose the other non-Chinese options listed.

Tier 1: Huawei/Honor, Asus, Nokia, Motorola, Sony, LG, FairPhone

Tier 2: Samsung, OnePlus, Oppo, Vivo, Xiaomi, Realme

Tier NOPE NOT AT ALL: Google

FairPhone: Clean software, ethical, recyclable components, good phone but bit extra price for midrange hardware. Status: good.

Huawei: (still no evidence by US government after one year of market protectionism ban, contrary to what Sinophobic US propaganda and condemned joke research papers (refer to this for why), may make you believe, all countries except US, Australia, Japan and UK are allowing them for 5G participation, there is absolutely ZERO EVIDENCE against specifically Huawei (does not count other Chinese companies), earlier ironically audited by UK GCHQ to be safe and on any of their global devices, to date there has been no telemetry found IFF you do NOT use Huawei ID account or Huawei AppGallery store (as instructed above). I have an OpenKirin rooted unlocked Honor 6X, and now a locked P30 Lite to confirm this.

If Huawei's CEO is a former PLA technician, so do plenty US companies. What does it prove?

NOTE: Real reason for this propaganda ban is USA could not monopolise 5G unlike it did 4G, and so they are playing their cards to put China out of commission. And Huawei did not steal 5G from USA, since USA does not even have a proper 5G vendor yet.

To add, for the rest of world outside China it is better to own a device from a country which has no jurisdiction over them, and you can use their phones without Huawei and Google accounts very safely. BONUS: baseband modem not associated with NSA. Also, good cameras, battery, display and performance in general. Status: good.

Asus, Sony, Motorola: their software is nearly stock, and as such quite beneficial and peace of mind assuring. Status: good.

LG: less stock-y software, still good. Good cameras. display too. Status: good.

Nokia: a bit of skepticism here with them helping spy with nexus with Russia's MTS and recently found Chinese telemetry as well, but nothing that NetGuard cannot stop by blocking domains via HOSTS from interacting with your device. Status: Potential issues, can be mitigated.

Samsung: Multiple issues with Qihoo 360 on phones with IMEI MAC sent over HTTP, Samsung Pay selling user data with no optout till now, Replicant devs discovering backdoors, Knox hardware blackbox with no idea what microcode it runs, certification from NSA even worrying, lockscreen and notification ads in OneUI, ads on Smart TVs, this all accounts to being quite shady company, but Blokada or NetGuard can mitigate it. Status: avoid for other brands if possible.

Xiaomi: They have quite a bit of telemetry in their MIUI skin, similar to Samsung. Now they have tracking in Incognito Mode in their Browser as well. Status: avoid unless you implement my guide properly.

OnePlus, Oppo, Vivo: They have considerably less telemetry and ads, better than Samsung and Xiaomi. But they will start doing the same thing as Realme which I will mention below soon. Status: potential but passable for now.

Realme: They are implementing ads into their UI, which will soon come to Oppo and Vivo phones too, a bit of an issue. This allows for telemetry and tracking concerns. Status: avoid if possible.

Google: In general an evil megacorp, Titan M security chip is self-claimed to be great on Pixels, but there is no way to verify if the microcode it contains is the same as that open sourced by Google. Having faith in Google's promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person. Moreover, they are known as:

NSA partner and collecting data and spy on users in googolplex capacity
AI used by US military for drone bombing in foreign countries based on metadata Google collects on smartphones
use dark patterns in their software to make users accept their TOS to spy
repeated lies about how their data collection works claiming anonymity
forcing users to use their Play Services which is spyware and scareware
monopolising the web and internet via AMP
use of non standard web browser libraries and known attempts to cripple lone standing ethical competitors like Firefox and Gecko web engine (now with Microsoft making their default Edge Chromium-based too)

TL;DR there is no summary, privacy is an indepth topic and you must take a couple of hours to go through this simple guide, as long as it looks it should clear all your concerns with smartphone privacy.

This is the best you can do without rooting or modding a phone, and it is working for me since almost a year now, personally tested and verified on my locked P30 Lite.

I have a history of rooting and modding phones, one being an Honor 6X before Huawei disabled unlocking policy, one being a Xiaomi and one being a Lenovo before that. Also, one Samsung Galaxy S2 long time ago.

Credit to /u/w1nst0n for the Universal Android Debloater (authorised me to use his tool). Hope this guide serves as a great tool for any privacy seeker.

[–] [email protected] 0 points 4 years ago (1 children)

One exception to the no-Google phone rule: if you are using GrapheneOS, though obviously that is a lot more involved to install a whole new custom ROM.

[–] [email protected] -1 points 4 years ago

No exceptions. Google Pixels have a Titan M proprietary chip that runs unverifiable code and that Google does not let any independent third party audit.

Having faith in Google is as good as trusting cyanide to not kill me if I ate it.