Privacy On Phone

Don’t forget Apple, they are current hero’s for not giving FB user data… For “free”…

@cord_winder

The BraX Phone 2 (?) appears appears to be a UMIDIGI (Power 3?) with a MT6771, modified Android 10, and a kernel from 933 days ago (4.14.141).

Might not be the Power 3 exactly because the camera looks slightly different from website image (it isn’t shown in video) but the baseband version, kernel version, holepunch camera, and speaker grill are identical.

This is a $100 phone on Alibaba, and marked up by Brax to $379.

I don’t think you are. I am apalled he is using Google’s infrastructure. Which is why his app will never be seen on f-droid too.

Good point

Ooh. Interesting. I have a theory that he is being slow on
releasing source code so he can sell as many phones as he can (with nice profit) before others catch on.

Pinephone was my daily again … for about 2 weeks. Now you see I’m back here on F-Droid.

PP has come a long way in the 2 years that I’ve repeatedly tried switching to it, but dropped voice calls – like while talking to my manager, or the guy towing my car! --, and missed text messages – like important ones from your partner – still happen. Doesn’t matter if the phone is on a nightly or stable for the various OSes. And the new PPro is the same modem as the original PP, so those users are in the same bucket.

The PP/Pro would actually be a great device for someone like @cord_winder who doesn’t use a SIM and wants physically shut off things like GPS :slight_smile:

Mmm, not always. I will say this for the Pine64 company: they are hella organized! Great content, regular announcements, etc. They spell out how to disable things like geolocation. Compare their wiki & forums, or Mobian’s or Ubuntu Touch, compared to XDA – wow, XDA is a mess now compared to the Cyanogenmod days. So-called flashing “Guides” that forum users say doesn’t take on their phones but the author doesn’t reply and then there’s a follow-up guide on how to revert to stock :open_mouth:

So F-Droid to the rescue again.

1 Like

I got nav almost working on my PP with OSMScout backing PureMaps. The location worked, the offline maps worked, but actual live turn-by-turn did not work :frowning:

The problem with voice calls on PP are many:

  • audio volume needs raising but raising too much causes echo
  • noise, such as ticking
  • dropped calls
  • VoLTE profile mapping

The PP folks do indeed say “voice just works” but Devil in Details here. It seems to me most PP Daily Drivers don’t actually make many phone calls.

The VoLTE problem is starting to rear it’s ugly head this year with the carriers terminating 2G/3G service. PP folks started reporting no calls and my guess it’s because their modems weren’t actually doing VoLTE but doing fallback. The PP modem can do VoLTE, sure, but it doesn’t have all the LTE profiles for all carriers to set itself up with their towers; it has just a few generic ones. Librem does a very thorough list of carrier profiles. Hopefully Pine64 can find a way to support the tiny variations that each carrier has for LTE.

Good afternoon:

By the way is it reliable Rob Braxman ?.

I say this because I was looking for a new terminal, and I see that they have phones without google. And even that you can put GrapheneOS

Because I do not see so decent cheap phones that you can put official lineageos for example. And the carbon or Pinephone or Fairphone are expensive…

Then I do not know if you would put something else on a mobile with lineageos without gaps. I have:

Adaway
Afwall+
App Manager
Mull
Fennec (both browsers with user)
Autostarts
XPrivacyLua
XPosed
Fdroid
Silence (sms only, mms blocked)
Simple Gallery
NFC and Bluetooth disabled LTE Cleanner

Then I do not use or have any social network.

And blocked by hosts telemetry, changed time server and some other stuff.

By the way I found an article that almost comes to say that Fdroid bad no, better to use Google. It would be F-Droid: how is it weakening the Android security model? | Wonder's Lab . Anyway…

I apologize for the article. It is not my intention to offend or anything bad. It is that or is paid or I do not understand that article and privacy …

Best regards and thanks for your time

@gallegonovato
Brax is a very bad deal.
Just like all these others:

$210 markup on p4a and $180 on p4a5g - https://brax[.]me/prod/host.php?f=_store&h=rob&p=&version=
$387 markup on p6 - https://shop[.]nitrokey.com/shop/product/nitrophone-2-244
$360 markup on p6 - https://de-googled[.]com/
$400 markup on p6 - https://above-agency[.]com/product/above-phone/
$200 markup on p3 - https://www[.]ebay.de/itm/334338818552
$80 markup and doesn't include charger - https://iode[.]tech/shop/fairphone3/

You can get a OnePlus 5 or 6 depending on where you live for $50-$120 and put DivestOS on it.

edit: some updated numbers

1 Like

Goodnight @SkewedZeppelin

Thanks for the help and time.

The Oneplus I already liked by itself. Since they have a good sound, screen and things that I liked. Since they have so many cameras I don’t care, that I take photos without so many things that they put now.

But of course I looked at the 8 or 9 series. And some 7. I say series because there are (for example) 8, 8T, 8Pro. And so the rest. But they were sweet.

A few hours ago I saw a stock 8t 256 for €270 or $296. What there is is a lot of 128 storage. And it doesn’t seem fair to me. But for privacy it is not good to have many things on the phone either.

And both Lineageos and DivestOS don’t bring unnecessary things (Facebook, Google and derivatives, Neflix and other things) and you increase the space. I did not realize and that I use one without anything. Ains… My neurons are already failing

A hug

https://wonderfall.dev/fdroid-issues/

While the info is correct, the intents are dubious. I’ll leave it at that…

@vap0rtranz

The problem with voice calls on PP are many:

Agreed. I retract almost everything good I’ve previously said about PP, PPP, or Pine64.

I also got complaints from others on my calls, about echoes or “I can’t hear you now” low sound.

I never received a voice message after missed calls. I got a weird, cryptic text message instead. After switching that SIM back to an Android phone, a flood of old voicemail notifications came in, and it was easy to listen to them, as it should be.

An update seems to have killed my PP; now it does not even boot. A re-install in a few days may fix it, but my PP will be a tablet without SIM for the foreseeable future, even if it does start booting again.

Not giving details, but suffice to say my order of a PPP was one of my worst customer experiences ever, and I won’t be ordering anything more from Pine64.

I haven’t given up hope for eventually using PostmarketOS on one of my old phones, but I’m not holding my breath. :laughing:

1 Like

The whole android was build for one purpose only. The mess that come next this purpose is not fully controllable.
We need an other entire platform. (and better that this could be that people wake-up about those stuffs)

1 Like

Good evening @Licaon_Kter

Well under my point of view that article has many flaws and attempts on privacy. Encouraging to use Google which is anything but secure and private.

From what I’ve been reading, they speak very well of the play store. And its security. But every little while things come out of the play applications that do everything but good things. For example

https://www.cronista.com/infotechnology/actualidad/las-8-apps-peligrosas-que-hay-que-borrar-de-tu-telefono-hoy-si-o-si/

And many others…

Then they talk about the signature of the applications. I saw play apps updated from github or fdroid.

About it being faster in updates. That if. But of course in the play reaches more people and make money. Something that in fdroid not. But almost better to update from github or gitlab of the developer. Or wait for it to come out in fdroid.

Then the apk that you can download from apkmirror or other unreliable sites because they can bring everything. And I saw Google Protect (I think it was) that analyzes applications (which is included in the play store). Pass things and not detect anything. Instead there is an application that analyzed applications (now I do not remember the name) and gave you surprises.

They say that in fdroid are before the applications, or rather obsolete. That if it is true there are applications that are in fdroid for years and there are no updates. But you go to the developer’s github, and there if there are. For example amaze among others.

What I did not read in the article, is that the application of fdroid. It has access to nfc, bluthut (I always spell it wrong) and something else. But that it can lock in app manager or Xlua for example.

Then fdroid or github what if they tell you the permissions as they are for each application. The play no. Even in terminal settings, applications, the app that is, permissions. Then show hidden you will see more hidden permissions and not mentioned. Not to mention the permissions that have applications: Google Play services, Google Rv (I think it was called), Play store, Google and some other …

Then fdroid you can remove it to boot with the system. And you do not spend data saying you have updates. A phone with pure Android and Google Play. Saldra the notice that you have updates. And it is not the first time I saw that things were updated alone. Even having marked check for updates and install manually. For example in Htc Desire 820 that I got I have it rotated but as it is single sim does not have lineageos. If it were dual sim if I had it. And I have it with supersu. And with Android and put Afwall, sd maid and some other with root permissions. And you block many things. I use it for testing. And without google account, since I do not have (nor want). And even using an old android gets rid of connections and you can make things from Android itself do not go. And so get rid of an endless number of things. But I’ve already gone off the deep end…
The problem is that a Play application. If you don’t know how to get the code you won’t see it. And to know. Apart from what Google asks developers to upload it to your store. And in the open source if you see it. And if you can also add bad things. But that as putting a license to windows with a crack. Or use paid applications from the play, downloading the apk from sites out there … Yes there are also applications like https://simplemobiletools.com/ that are in the play, github and others. But for example you will see applications and same name but developers to know in the play. Many with gifts and so on, which the original does not have. Not to mention the different permissions.

I think it would almost be better to download things from FDROID, github, gitlab, of the developer. Because this way you can also create a suggestion, or say this fails and so on. For play, you can write a review. Or send an email. Little else.

In the article says The F-Droid client allows several repositories to coexist within the same application. So the Play that allows copy on copy of applications and on gifts without monitoring either one or the other … But fdroid has for example the repo of the creator of Newpipe, newpipe inside fdroid (for example). What fdroid does have, is that you can download the first application. That is, if you activate fdroid archive you can see Icecat or the first fennec stuff. Something that in the play, if I’m not fooled that can not be done.

Even github and gitlab is not the panacea, since github is from Microsoft. And if it were in Codeberg for example it would be better. But well…

If I didn’t misunderstand the article when I read it but it’s my reliable opinion … It is like what it speaks of that under the permissions RECEIVE_BOOT_COMPLETED because the hidden ones of the things downloaded from the play, that use that and others… (I repeat myself hahaha)

By the way the funny thing of the article is :

In addition, Play Store restricts the use of highly invasive permissions , such as MANAGE_EXTERNAL_STORAGEthose that allow apps to opt out of limited storage if they cannot work with more privacy-friendly approaches (such as a file explorer). Apps that cannot justify the use of this permission (which again must be granted dynamically) can be removed from the Play Store.

Here excuse me but I crack myself up. For example a simple file cleaner Lte cleaner fdroid LTE Cleaner | F-Droid - Free and Open Source Android App Repository and in the google play has network permissions, see your connections and so on. Otherwise check out Thoughts on optional ads? · Discussion #205 · TheRedSpy15/LTECleanerFOSS · GitHub . Among many other applications. If the Google Play already has each permission that you do not see hehehe

Everything has its bugs and so on. And if not I put as an example an application that is on github and play. But not in fdroid. https://github.com/D4rK7355608/com.d4rk.cleanerSiendo an application that joins Lte Cleaner, Cache Cleaner, Clipboard Cleaner among others. The permissions and connections and advertising that has if you download it from Play Store or Github… and for example Clipboard Cleaner that is included in the code d4rk.cleaner code, has permissions https://f-droid.org/es/packages/io.github.deweyreed.clipboardcleaner/ and no telemetry and weird stuff.

In short the article says use Google things that you get rid of everything. And the rest well do not touch and look for bad things to do to fdroid. I will never use Play and I will use Fdroid.

A hug and sorry for the long text

Mmmhmm.

So we are to trust Graphene over F-Droid. The history of Graphene undermines that for me: History | GrapheneOS

I should trust packages signed by Graphene and/or Google but ignore the politics of their businesses?! Seems naive, and Graphene themselves appear to distrust any company: “It [GrapheneOS] will never again be closely tied to any particular sponsor or company”. ← That assumes all companies are evil or suspect, which is ridiculous. No 501 for them, like most of the OSS foundations, because those aren’t free of politics! Hah!

That article tells me Graphene is naive about the world of supporting OSS development and will have difficulty raising funds unless they get a philanthropist on their side. I hear Melinda Gates is giving out $$$ … oh wait, they don’t want any sponsors. Wow.

TL;DR but I’m with you at the conclusion! Except, there’s always exceptions to “never” rules: one phone I haven’t been able to install an alternative ROM, but rarely turn on.

1 Like

Good afternoon:

I never use the play. Even in that Htc I could not install any room, since there was none. I only use fdroid, and I have the whole system capado things. It is also an old Android since there was no more. But it still serves to detect everything. I still continue with my terminal without Google nda and so I will continue. The Htc used it to detect things and then put them into the hosts or block them :slight_smile:

But all the people I tell you to remove android from stock, in their terminals. And they give it to me to give to do. Do not see how well it lives without so much, allow me the expression, Google crap. And they all agree on the same thing, because I didn’t know Fdroid and this before.

I also know people who use Android. Either pure or as I call it with the extras of some manufacturer. And they tell me Google is lying. And I ask them why. And they tell me is that I take permissions to Google, Google Play Services and others. And do not stop leaving notifications that this does not go because Play or Play Services does not have such permission. And they say they look for privacy and that if you can remove permissions. And also if you update from the Play you menten things without warning. Or the same security updates. That if Google Rv, that if more crap that you do not use. And more and more and more the phone becomes slow and so on. And I answer Fdroid and custom with nothing. Or remove things by adb.

What if at best for a person who never did root, or for the normal person or user. It can and does turn out to be a difficult and scary thing. But then they are in love with that freedom.

The truth is that they should make some phones at a reasonable price. Without anything from Google. But of course compete at the level of advertising, or that people buy terminals every two by three is difficult. And of course they always talk about Google, Apple, Amazon and Microsoft. And people are not looking for or do not look any more. It’s like the example I give, like fast food. You go to buy and you eat at the moment, and in the mobile phones you also buy and use. You don’t look for more.

And the companies be it Google, Apple, Microsoft, Amazon, Lg, Samsung, etc etc… privacy is…

The funny thing is that governments come to say about privacy. And laws and so on. And then you find this. Telemetry and others in mobiles and everything. Where is the privacy and those laws…

But of course then you see news that if you use encrypted or secure emails. To the governments or the police, they say you do illegal things. And that they have to put a backdoor or allow them to be read. And there will be everything, but maybe you are just protecting your personal information, without doing anything illegal as they claim. But all in the same bag.

A hug

Good afternoon:

I have just been handed some news that already borders on anything but privacy.

Now our data in the EU is going to the USA. Although it was already seen by Google,Facebook and others. But now they approved it.

The US ensures that when our data is stored there, the government will take care that the NSA does not spy on us EE.UU asegura que cuando nuestros datos se almacenen allí, el gobierno cuidará que la NSA no nos espíe or Tus datos podrán transferirse a Estados Unidos libremente: el acuerdo de Europa con Joe Biden que tanto quería Mark Zuckerberg.

we will have to use anti nsa filters or hosts. And I don’t know of any updated :frowning: . Since the one that I knew was GitHub - tigthor/NSA-CIA-Blocklist: This is the github repository for all NSA and CIA spying servers, including those revealed by Edward Snowden and other studies we conducted on the whole world's servers, enumerating those that spy on individuals and sell data to the NSA and CIA. , GitHub - Aman2406/NSA-block , https://github.com/DerMuffin/NSABlocklist-pi-hole-edition , GitHub - gasull/adblock-nsa: uBlock/Adblock filters for NSA list of known compromised servers

I do not know if you know of any updated @Morgoth @SkewedZeppelin @Licaon_Kter

A hug and thanks for your help

I suggest you don’t root a person who hasn’t asked for it, installing a custom ROM is enough to get rid of Google Play Services.
If they leave you the phone to do it, it says that they are not very skilled with these issues and therefore should NOT have a rooted phone.
Understand that it is totally unnecessary and carries a big risk in security, this should also be notified to all those who want to root.
A rooted phone is more exploitable than a non-rooted one.

Another thing is, custom ROMs don’t have to be “peer reviewed”, they are supposed to have some control and have more eyes on them when they are made official on LineageOS, but an unofficial ROM always involves TRUSTING that developer, which you don’t know.

I just want to give a warning, everyone has the right to be informed so as not to commit imprudences on a phone that may be compromised.

I also think that the intentions are doubious, as @Licaon_Kter says.

I don’t want the below opinion to be linked to him, as it is completely personal, of course:

In my opinion, even if they are right, they give off an aura of elitism that I really despise, in a way, it seems more like destructive criticism than constructive criticism.
In the process, they promote Graphene’s future project, but according to the article, they have nothing to do with Graphene, hmmm.
F-Droid is already famous in the general public, but instead they don’t really seem to have a collaborative stance to improve it.

This is why I really respect Tad @SkewedZeppelin and his work on DivestOS, bringing a security-enhanced LineageOS to the humblest public, economically speaking as well.

I encourage all who can to donate to DivestOS.

2 Likes

They said they can’t contribute here since it’s GPL3 and therefore they can’t include it in their ROM (by default), something about signing keys iirc. At that point they said they’ll invest in something new, I assumed it’s a new fdroid-client…reality was very different.

Or the methods that an otherwise trustworthy dev uses.

The NPM lib takeover of a dev’s account comes to mind – mostly because I like to poke at Javascript whenever I can :slight_smile: So a trustworthy dev had not locked down their Github account, and who has time to bother with code commits + tight authorization controls – that became the weakest link. Out came a poor method of generating secure, shared libs and massive masquerading as legit code.

So the Graphene article, if well intentioned, has a point about the methods used to redistribute secure binaries / libs. And what is a user to do?

Do we ask for the real IDs of whoever made the code commits? Or ask that static code analysis reports be made available? Or demand results of pentests when that binary / lib is used? Or do a self-hack – trust but verify each piece of OSS we download via our own tests. ← that is something I’ve toyed around with but it’s lots of work.

So lots of folks trust that companies, like Google, that have $$$ and armies of “InfoSec” workers act as Big Bro on their behalves. It sounds like the pro-Graphene author prefers the Big Bro approach of trusting a company, and I do get where they’re coming from. At least we know (something) of who Google is compared to a Devs who’ve we’ve never talked to. And companies loath being liable for things like hacks that get them into court rooms paying damages, and so you see Google now advertising their Android security checks (and yes I did watch one of their ads! pfft).