This is a direct mirror of my reddit writeup.
UPDATED (June) 03/06/2020: MASSIVE UPDATE plus I will post on /r/privatelife from now on, my own subreddit.
Hello! It is 2020, and recently a “STOP GATEKEEPING” post among others made me realise a guide is needed by this subreddit’s majority of users and visitors that DO NOT ROOT their devices and buy them off-the-shelf or online and use them as it is without much tampering.
The real issue: most do NOT want to ROOT their DEVICES, which presents us with a lot of issues.
First and foremost, I have a set of instructions you need to follow. It is presumed you buy or use Android device, since iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by corporates to you. Also, they recently dropped plan for encrypting iCloud backups after FBI complained.
Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent and Louis Rossmann dismantled Apple’s PR stunt “repair program”.
Firstly, if your device is filled to the brim or used for long time, recommend backing it up and factory resetting for clean slate start.
-
Use ADB via computer to remove Google and other manufacturer installed packages, disable if cannot be removed
-
Make DIY camera covers, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month)
-
Sign out all your Google and Huawei/Samsung/other phonemaker accounts from your device so that Settings–>Accounts do not show any sign-ins except WhatsApp/Signal
-
Disable all app permissions for “Google Play Store” and “Google Play Services” in Apps, then disable both of them via ADB (see NOTE below) completely with these commands (connect to computer, then turn on Settings --> Developer Options --> USB debugging (in about phone, touch “Build Number” 7 times to activate this):
adb shell pm disable-user --user 0 com.google.android.gms
adb shell pm disable-user --user 0 com.google.android.gms.location.history
adb shell pm disable-user --user 0 com.google.android.ims
adb shell pm disable-user --user 0 com.google.android.syncadapters.contacts
NOTE: prerequisite OEM drivers for your phone and ADB
-
Install F-Droid app store from here
-
Install Blokada (easier) OR NetGuard (complicated, see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard or DNS.WATCH] and [appropriate filter lists like Energised Blu and AdAway] et al and manual whitelisting of required domains
NOTE: NetGuard app firewall with Energized Ultimate HOSTS file with any DNS address from the above mentioned DNS providers is the ultimate solution. Only use one, not multiple DNS at same time to avoid conflict
-
In F-Droid store, open Repositories setting and add the repository link mentioned here (repository is basically like a kids store you can buy candies from instead of going to factory to buy a carton)
-
Use Firefox Preview (now 5.0 with uBlock Origin (if technically advanced, try doing this from F-Droid for web browsing (both GeckoView based)
-
Install Aurora Store from F-Droid for apps from Play Store without actually using Play Store, get yourself an anonymous Google account to signin
-
for 3rd party APKs source them only from APKMirror OR APKPure OR APKMonk, quite trusted, BUT TRY AND AVOID IT IF POSSIBLE
-
Use OSMAnd+ from F-Droid or Qwant Maps inside web browser for maps and/or print physical maps if you live and travel in one or two states or districts.
NOTE: Qwant Maps has better search results than OSMAnd+
-
Use PilferShush Jammer from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking)
-
Use OpenBoard OR AnySoftKeyboard from F-Droid instead of GBoard, SwiftKey etc, they keylog you openly and are closed source
-
Check every app you install with Classy Shark 3xodus from F-Droid for trackers and evaluate yourself
-
Use FTP Server (Free) from F-Droid and FileZilla on computer to share files to and from computer instead of apps like SHAREIt
NOTE: for phone-computer sync or sharing, can TRY KDE Connect, available for Android, Windows, Linux
-
Use K-9 Mail or FairEmail as e-mail client
-
Use NewPipe for YouTube watching, or YouTube in Firefox Klar/Preview/Fenix
-
Use QKSMS or Silence (not as simple) from F-Droid as SMS client app
-
Use Shelter from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal)
-
Use SuperFreezZ from F-Droid to freeze any apps from running in background, use it to seal Google Play Store and Google Play Services and other Google preloaded apps most importantly
-
Use Note Crypt Pro or S. Notes or Joplin from F-Droid for note taking app
-
Use Phonograph or Vinyl Music Player from F-Droid for music player
-
Use VLC from F-Droid for video player
Now we will need to evaluate what manufacturers are relatively safe, no appeasing, I will be blunt. I will make tier lists to help. I will give explanation for each, so read before jumping with pitchforks.
Tier 1: Huawei/Honor, Asus, Nokia, Motorola, Sony, LG, FairPhone
Tier 2: Samsung, OnePlus, Oppo, Vivo, Xiaomi, Realme
Tier NOPE NOT AT ALL: Google
FairPhone: Clean software, ethical, recyclable components, good phone but bit extra price for midrange hardware. Status: good.
Huawei: (still no evidence by US government after one year of market protectionism ban, contrary to what Sinophobic US propaganda and condemned joke research papers (refer to this for why), may make you believe, all countries except US, Australia and Japan are allowing them for 5G participation, there is absolutely ZERO EVIDENCE against specifically Huawei (does not count other Chinese companies), audited by UK GCHQ to be safe and on any of their global devices, to date there has been no telemetry found IFF you do NOT use Huawei ID account or Huawei AppGallery store (as instructed above). I have an OpenKirin rooted unlocked Honor 6X, and now a locked P30 Lite to confirm this.
[spoiler1](/s"If Huawei’s CEO is a former PLA technician, so do plenty US companies. What does it prove?“) [spoiler2](/s"NOTE: real reason for this propaganda is 5G could have potentially boosted US economy by $500B, which China will now benefit from, after US benefited from 4G and monopolised it via Qualcomm largely.”).
To add, for the rest of world outside China it is better to own a device from a country which has no jurisdiction over them, and you can use their phones without Huawei and Google accounts very safely. BONUS: baseband modem not associated with NSA. Also, good cameras, battery, display and performance in general. As bonus, you get builtin system firewall which works really well. Status: good.
Asus, Sony, Motorola: their software is nearly stock, and as such quite beneficial and peace of mind assuring. Status: good.
LG: less stock-y software, still good. Good cameras. display too. Status: good.
Nokia: a bit of skepticism here with them helping spy with nexus with Russia’s MTS [cleaned link trackers lol] and recently found Chinese telemetry as well, but nothing that Blokada or NetGuard cannot stop by blocking domains from interacting with your device. Status: Potential issues, can be mitigated.
#CONTINUED IN PINNED COMMENT, TOO LONG
I’ve been slowly implementing steps from this guide, but I just don’t understand changing the default SMS app to a different app…is it a case of using open source applications? I guess in Silence case, that provides some level of encryption, but wouldn’t there still be metadata? Also, I have a VPN that works on my phone always, and I noticed both Blokada and Netguard require the one port used for the VPN…should I drop the VPN on my phone and use Blokada instead? Thank you for making this guide by the way, I have a Samsung device and can’t find any open source OS that support it so I have to keep using it as is and wanted to find ways to secure it.
QKSMS is open source, and that helps with transparency. I personally do not use Silence, because you should never use SMS for personal communications. They are only good for reaching out in emergencies.
Non rooted phones require that you use either a VPN or a HOSTS/tracker blocker in the one VPN slot. I avoid using VPNs for most of the time as you can trust yourself more with your strong setup. VPNs are mostly required for geoblock bypassing, and only a handful VPNs are good to trust for no log secure clearnet usage.
This guide, while not being outdated, is not perfect. I am working on a 2.0 version of the guide to incorporate scripts to debloat OEM packages and apps via ADB by manufacturer. This will massively help folks in attaining privacy without root or custom ROM requirements.