(1/2) Lemmy does not allow too long post walls
UPDATED 16/8/2020: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid. This guide is nearly FOSS supported now.
UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy’s F-Droid repo. This guide is completely FOSS.
Hello! I am the founder of /r/privatelife . Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious.
A kind request to share this guide to any privacy seeker.
#User and device requirement
- ANY Android 9+ device
- knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me)
#Why not Apple devices?
iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered in Apple’s T1 and T2 “security” chips, rendering Apple devices critically vulnerable.
17/9/2020: Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire.
Also, they recently dropped plan for encrypting iCloud backups after FBI complained. They also collect and sell data quite a lot. Siri still records conversations 9 months after Apple promised not to do it. Apple Mail app is vulnerable, yet Apple stays in denial.
Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent, and Louis Rossmann dismantled Apple’s PR stunt “repair program”.
Also, Android’s open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper to do than Android.
#LET’S GO!!!
ALL users must follow these steps before “for nerdy users” section.
Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.
-
Sign out all your Google and Huawei/Samsung/other phonemaker accounts from your device so that Settings–>Accounts do not show any sign-ins except WhatsApp/Telegram
-
Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/
-
Use “Universal Android Debloater” to easily debloat your bloated phone.
NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/
-
Make DIY camera covers, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). My rear camera cover
-
Install F-Droid app store from here
-
Install NetGuard app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS]
NOTE: NetGuard with Energized Ultimate HOSTS file with any one of the above mentioned DNS providers is the ultimate solution.
NOTE: Set DNS provider address in Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS
- In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below:
Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu.
###LIST OF APPS TO GET
-
Get Firefox Preview web browser from F-Droid (install uBlock Origin addon inside (if technically advanced, try doing this)). Also get Firefox Klar if you like a separate incognito browser.
-
Get Aurora Store from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in
-
for 3rd party APKs source them only from APKMirror OR APKPure OR APKMonk, quite trusted, BUT TRY AND AVOID IT IF POSSIBLE
-
Get Privacy Indicator from F-Droid for iOS 14 like camera/mic dot indicator feature
-
Get OSMAnd+ from F-Droid or Qwant Maps inside web browser for maps and/or print physical maps if you live and travel in one or two states or districts.
NOTE: Qwant Maps has better search results than OSMAnd+
-
Get PilferShush Jammer from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking)
-
Get OpenBoard (user friendly) OR AnySoftKeyboard (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware
-
Get FTP Server (Free) from F-Droid and FileZilla on computer for computer-to-phone internet less file sharing
NOTE: for phone-computer sync or sharing, can TRY KDE Connect, available for Android, Windows, Linux
-
Get TrebleShot instead of SHAREIt for phone to phone file sharing
-
Get K-9 Mail or FairEmail as e-mail client
-
Get NewPipe for YouTube watching, or YouTube in Firefox Preview/Klar
-
Get QKSMS from F-Droid as SMS client app
-
Get Shelter from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal)
-
Get SuperFreezZ from F-Droid to freeze any apps from running in background
-
Get Librera Pro from F-Droid for PDF reader
-
Get ImgurViewer from F-Droid for opening reddit/imgur/other image links without invasive tracking
-
Get InstaGrabber from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is here, thanks u/sad_plan )
-
Get GreenTooth from F-Droid to set Bluetooth to disable after you have used it
-
Get Material Files or Simple File Manager from F-Droid for file manager app
-
Get ImagePipe from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date)
-
Get Note Crypt Pro from F-Droid for encrypted note taking app
-
Get Vinyl Music Player from F-Droid for music player
-
Get VLC from F-Droid for video player
###CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING
I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things.
AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us.
Now that you would have set up your phone with installing apps, now is a good time to perform this procedure.
Step 1: Install AppOpsX from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/)
Step 2: Plug phone to computer, and enable USB debugging in Settings --> Developer Options (you probably already did this in the starting of the guide)
Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app.
Step 4: On computer, type commands in order:
adb devices
adb tcpip 5555
adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &
Step 5: Now open “AppOpsX” app, and:
- disable “read clipboard” for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al.
NOTE: Most apps that have text field to copy/paste text require this permission.
-
disable “modify clipboard” for every app except for your virtual keyboard or office suite app or clipboard monitor/stack special apps.
-
disable “GPS”, “precise location”, “approximate location” and “coarse location” for every app except your maps app (Firefox and OSMAnd+)
(2/2) in comment below.
Sorry for the questions, but did you read the “evidences” you provided? Could you please point me? Maybe I’m blind or something but I yet to see evidences for Apple selling my data.
Apparently, I’m not the only one: https://news.ycombinator.com/item?id=24091709
You are coming off as agressive. Kindly request you to be a gentleman even if we have disagreements. The evidences are surely something you may have missed.
Apple employees were selling data in China, which you can read. For the iTunes lawsuit, it was found that iTunes does collect personal data on you, but I will give you the leeway and benefit of doubt.
How about Siri recording conversations, and continuing to record them 9 months after they promised they would not do it? https://www.theregister.co.uk/2020/05/20/apple_siri_transcriptions/
You can watch The Hated One’s video on Apple as well, discussing the Epsilon values on differential privacy fake claims: https://yewtu.be/watch?v=shxTTon5lfs
AHH HACKERNEWS definitely credible people. Comments and opinions are all over the place among those people. None of those even have an opinion they are clear about.
So this user seems to ignore the fact that these Huawei packages have no internet permissions, and that they do not have any suspicious things in manifest either, but “demonise Huawei, Western social validation +100”.
I wonder which app I wrote about is “ad-infested”. The only non FOSS app is App Ops which does not have any ads and it seems to do a fine job. I even instructed to turn wifi and cell data off for it. It has not been reported to, or misuses the ADB authorisation given to it, and is a baseless accusation on the app and/or my recommendation.
So this user wanted to negate my argument, yet they are “pretty sure it’s reasonably private”. How vague is “reasonably” here? How much is “pretty sure” sure? Do they live in la la land fantasy?
User should probably explain where did I tell users that the guide is only suitable for “reading reddit and watching youtube”. Their “security” claims are weird, as an unlocked bootloader and root are far bigger risks to contain compared to a locked bootloader phone with my guide basically telling to install a firewall with HOSTS rules and DNS, bunch of FOSS apps, an image metadata cleaner, a work profile based app sandboxer, and crippling hidden app permissions via using system APIs via ADB.
I have noticed a lot of these privacy folks do not understand the meaning of and throw around the word “hardening” like it is a rocket science project that only musicians in a football team would research upon to understand. I need to make a post on this word for folks now, it is so scary and getting out of hand.
To be honest, I don’t see where I was aggressive in my comments. All I was doing is asking questions and arguing about your choice of words in the article.
There’s a difference between Apple and an Apple’s employee who’s got an unauthorised access to data.
Yes, I’m 100% sure that this lawsuit is bullshit because:
You can tell me I was wrong after the court will rule that Apple was selling user data. But I doubt this will happen. As you said, “Until it is proven, I will just declare it to be FUD garbage.”
Yep, they collecting user’s recording and only recently allowed you to opt-out. Still, they didn’t sell it.
To watch a YouTuber discussing differential privacy? Yeah, sure. Right after he will show me his PhD degree in math.
I see you went crazy on HN’s comments but my point was not to insult you but instead to address your comment:
The whole point of this discussion for me was simply to ask you to be more careful with accusations in the article. There’re no proofs on Apple’s selling user data and I would be highly surprises they do this after all their effort in making their devices, software and SDKs more privacy-aware.
Instead of throwing such a strong claims you could instead say something like “placing your trust in companies and giving away your personal info is not a good idea if you’re privacy conscious person” or something. But you just grabbed few links with headlines like “YO YO Apple selling your data, no shit” without even reading them. I suppose, to give more weight to your article and for hype? This makes really hard to take the rest of the guide seriously.
Apple employee is Apple’s responsibility, and if Apple did not fire them before they did this, they count as Apple employee, and thus it is Apple’s doing.
Why are they collecting data when “what happens on iPhone stays on iPhone”? Is that not false advertisement about claiming to protect a human right?
Calling The Hated One an ordinary YouTuber on the subject of privacy is not just disingenuous, but ignorant and shows a lack of understanding. He is educated enough to talk about it, which almost nobody else talks about.
There is proof of Apple selling user data (Apple employee is not separate from Apple), so they are clearly doing it, as well as having some lovely relations with data give and take with Facebook and Google.
Enough people are taking my guide seriously, and it helps with privacy of their personal data or metadata, so it is good enough for now. Bickering people have not done anything to help the majority of people, and keep basking in the glory of custom ROM and tinkering all day. I am helping that lowest common denominator, which needs the most help and improves the privacy of others as a net indirect result.
That’s why they were prosecuted.
By your logic, if a citizen of a country will kill another citizen then it’s the country who killed that citizen. Pretty flawed, huh?
How’s it related to selling user data? There’s a lot of things to blame Apple for. But this is off topic.
I don’t care about YouTubes. What’s his accomplishments except for retelling other sources? How is his content different from lifehacks and minecraft letsplays? Did he proved a flaw in differential privacy? If so, where can I take a look at the paper?
I’ve showed that this doesn’t work like that. This is also contradicts their privacy policy. Are you saying that they are lying in their public legal document? Then why no one won a lawsuit agains them given that there were lawsuits?
For the third day in a row I’m asking you to provide a source for your claim and we’re still here. That’s not even funny anymore.
——
I’m not saying that your guide is complete garbage or anything like that. I believe that there are people who will find it useful. Your claims on Apple selling personal data and pointing to unrelated links as an “evidence” is the problem. Well, you’re not the first one in the hype train and you’re definitely not the last one.
But you did not acknowledge the prosecution, and denied that it had anything to do with Apple. This is the problem with the way you are arguing. Your criticism seems acceptable, but then it becomes a bad faith argument couple sentences later.
Apple is not a country, but a corporation that makes tall claims of protecting privacy in exchange for $1000+ device people buy, then backstab them. Understanding this is fundamental to educating masses about privacy.
Apple makes privacy claims then does these backstabbing things, which clearly indicate that privacy is a marketing tool to them, and not a human right as Tim Cook stated publicly.
He is not proving a theory himself but making the information about Epsilon values of handled data by these corporations more visible to public. I am sure this can be checked via searching.
I hope you are joking. Apple is the national brand of USA, and US government is there to protect them. Besides, Apple has nearly infinite money and political power to crush people criticising them via lawsuits.
For the third day I showed you couple sources that prove Apple sells and collects data, and you are continuing to stay in denial or argue in a nullifying manner.
You are not the first and last one to believe in the religion of Apple. There are plenty of those at reddit.com/r/privacy.