Privacy On Phone

80

@gallegonovato
Brax is a very bad deal.
Just like all these others:

$210 markup on p4a and $180 on p4a5g - https://brax[.]me/prod/host.php?f=_store&h=rob&p=&version=
$387 markup on p6 - https://shop[.]nitrokey.com/shop/product/nitrophone-2-244
$360 markup on p6 - https://de-googled[.]com/
$400 markup on p6 - https://above-agency[.]com/product/above-phone/
$200 markup on p3 - https://www[.]ebay.de/itm/334338818552
$80 markup and doesn't include charger - https://iode[.]tech/shop/fairphone3/

You can get a OnePlus 5 or 6 depending on where you live for $50-$120 and put DivestOS on it.

edit: some updated numbers

2 Likes
81

Goodnight @SkewedZeppelin

Thanks for the help and time.

The Oneplus I already liked by itself. Since they have a good sound, screen and things that I liked. Since they have so many cameras I donā€™t care, that I take photos without so many things that they put now.

But of course I looked at the 8 or 9 series. And some 7. I say series because there are (for example) 8, 8T, 8Pro. And so the rest. But they were sweet.

A few hours ago I saw a stock 8t 256 for ā‚¬270 or $296. What there is is a lot of 128 storage. And it doesnā€™t seem fair to me. But for privacy it is not good to have many things on the phone either.

And both Lineageos and DivestOS donā€™t bring unnecessary things (Facebook, Google and derivatives, Neflix and other things) and you increase the space. I did not realize and that I use one without anything. Ainsā€¦ My neurons are already failing

A hug

82

https://wonderfall.dev/fdroid-issues/

While the info is correct, the intents are dubious. Iā€™ll leave it at thatā€¦

1 Like
83

@vap0rtranz

The problem with voice calls on PP are many:

Agreed. I retract almost everything good Iā€™ve previously said about PP, PPP, or Pine64.

I also got complaints from others on my calls, about echoes or ā€œI canā€™t hear you nowā€ low sound.

I never received a voice message after missed calls. I got a weird, cryptic text message instead. After switching that SIM back to an Android phone, a flood of old voicemail notifications came in, and it was easy to listen to them, as it should be.

An update seems to have killed my PP; now it does not even boot. A re-install in a few days may fix it, but my PP will be a tablet without SIM for the foreseeable future, even if it does start booting again.

Not giving details, but suffice to say my order of a PPP was one of my worst customer experiences ever, and I wonā€™t be ordering anything more from Pine64.

I havenā€™t given up hope for eventually using PostmarketOS on one of my old phones, but Iā€™m not holding my breath. :laughing:

1 Like
84

The whole android was build for one purpose only. The mess that come next this purpose is not fully controllable.
We need an other entire platform. (and better that this could be that people wake-up about those stuffs)

1 Like
85

Good evening @Licaon_Kter

Well under my point of view that article has many flaws and attempts on privacy. Encouraging to use Google which is anything but secure and private.

From what Iā€™ve been reading, they speak very well of the play store. And its security. But every little while things come out of the play applications that do everything but good things. For example

https://www.cronista.com/infotechnology/actualidad/las-8-apps-peligrosas-que-hay-que-borrar-de-tu-telefono-hoy-si-o-si/

And many othersā€¦

Then they talk about the signature of the applications. I saw play apps updated from github or fdroid.

About it being faster in updates. That if. But of course in the play reaches more people and make money. Something that in fdroid not. But almost better to update from github or gitlab of the developer. Or wait for it to come out in fdroid.

Then the apk that you can download from apkmirror or other unreliable sites because they can bring everything. And I saw Google Protect (I think it was) that analyzes applications (which is included in the play store). Pass things and not detect anything. Instead there is an application that analyzed applications (now I do not remember the name) and gave you surprises.

They say that in fdroid are before the applications, or rather obsolete. That if it is true there are applications that are in fdroid for years and there are no updates. But you go to the developerā€™s github, and there if there are. For example amaze among others.

What I did not read in the article, is that the application of fdroid. It has access to nfc, bluthut (I always spell it wrong) and something else. But that it can lock in app manager or Xlua for example.

Then fdroid or github what if they tell you the permissions as they are for each application. The play no. Even in terminal settings, applications, the app that is, permissions. Then show hidden you will see more hidden permissions and not mentioned. Not to mention the permissions that have applications: Google Play services, Google Rv (I think it was called), Play store, Google and some other ā€¦

Then fdroid you can remove it to boot with the system. And you do not spend data saying you have updates. A phone with pure Android and Google Play. Saldra the notice that you have updates. And it is not the first time I saw that things were updated alone. Even having marked check for updates and install manually. For example in Htc Desire 820 that I got I have it rotated but as it is single sim does not have lineageos. If it were dual sim if I had it. And I have it with supersu. And with Android and put Afwall, sd maid and some other with root permissions. And you block many things. I use it for testing. And without google account, since I do not have (nor want). And even using an old android gets rid of connections and you can make things from Android itself do not go. And so get rid of an endless number of things. But Iā€™ve already gone off the deep endā€¦
The problem is that a Play application. If you donā€™t know how to get the code you wonā€™t see it. And to know. Apart from what Google asks developers to upload it to your store. And in the open source if you see it. And if you can also add bad things. But that as putting a license to windows with a crack. Or use paid applications from the play, downloading the apk from sites out there ā€¦ Yes there are also applications like https://simplemobiletools.com/ that are in the play, github and others. But for example you will see applications and same name but developers to know in the play. Many with gifts and so on, which the original does not have. Not to mention the different permissions.

I think it would almost be better to download things from FDROID, github, gitlab, of the developer. Because this way you can also create a suggestion, or say this fails and so on. For play, you can write a review. Or send an email. Little else.

In the article says The F-Droid client allows several repositories to coexist within the same application. So the Play that allows copy on copy of applications and on gifts without monitoring either one or the other ā€¦ But fdroid has for example the repo of the creator of Newpipe, newpipe inside fdroid (for example). What fdroid does have, is that you can download the first application. That is, if you activate fdroid archive you can see Icecat or the first fennec stuff. Something that in the play, if Iā€™m not fooled that can not be done.

Even github and gitlab is not the panacea, since github is from Microsoft. And if it were in Codeberg for example it would be better. But wellā€¦

If I didnā€™t misunderstand the article when I read it but itā€™s my reliable opinion ā€¦ It is like what it speaks of that under the permissions RECEIVE_BOOT_COMPLETED because the hidden ones of the things downloaded from the play, that use that and othersā€¦ (I repeat myself hahaha)

By the way the funny thing of the article is :

In addition, Play Store restricts the use of highly invasive permissions , such as MANAGE_EXTERNAL_STORAGEthose that allow apps to opt out of limited storage if they cannot work with more privacy-friendly approaches (such as a file explorer). Apps that cannot justify the use of this permission (which again must be granted dynamically) can be removed from the Play Store.

Here excuse me but I crack myself up. For example a simple file cleaner Lte cleaner fdroid LTE Cleaner | F-Droid - Free and Open Source Android App Repository and in the google play has network permissions, see your connections and so on. Otherwise check out Thoughts on optional ads? Ā· TheRedSpy15/LTECleanerFOSS Ā· Discussion #205 Ā· GitHub . Among many other applications. If the Google Play already has each permission that you do not see hehehe

Everything has its bugs and so on. And if not I put as an example an application that is on github and play. But not in fdroid. https://github.com/D4rK7355608/com.d4rk.cleanerSiendo an application that joins Lte Cleaner, Cache Cleaner, Clipboard Cleaner among others. The permissions and connections and advertising that has if you download it from Play Store or Githubā€¦ and for example Clipboard Cleaner that is included in the code d4rk.cleaner code, has permissions Clipboard Cleaner | F-Droid - Free and Open Source Android App Repository and no telemetry and weird stuff.

In short the article says use Google things that you get rid of everything. And the rest well do not touch and look for bad things to do to fdroid. I will never use Play and I will use Fdroid.

A hug and sorry for the long text

86

Mmmhmm.

So we are to trust Graphene over F-Droid. The history of Graphene undermines that for me: History | GrapheneOS

I should trust packages signed by Graphene and/or Google but ignore the politics of their businesses?! Seems naive, and Graphene themselves appear to distrust any company: ā€œIt [GrapheneOS] will never again be closely tied to any particular sponsor or companyā€. ā† That assumes all companies are evil or suspect, which is ridiculous. No 501 for them, like most of the OSS foundations, because those arenā€™t free of politics! Hah!

That article tells me Graphene is naive about the world of supporting OSS development and will have difficulty raising funds unless they get a philanthropist on their side. I hear Melinda Gates is giving out $$$ ā€¦ oh wait, they donā€™t want any sponsors. Wow.

1 Like
87

TL;DR but Iā€™m with you at the conclusion! Except, thereā€™s always exceptions to ā€œneverā€ rules: one phone I havenā€™t been able to install an alternative ROM, but rarely turn on.

2 Likes
88

Good afternoon:

I never use the play. Even in that Htc I could not install any room, since there was none. I only use fdroid, and I have the whole system capado things. It is also an old Android since there was no more. But it still serves to detect everything. I still continue with my terminal without Google nda and so I will continue. The Htc used it to detect things and then put them into the hosts or block them :slight_smile:

But all the people I tell you to remove android from stock, in their terminals. And they give it to me to give to do. Do not see how well it lives without so much, allow me the expression, Google crap. And they all agree on the same thing, because I didnā€™t know Fdroid and this before.

I also know people who use Android. Either pure or as I call it with the extras of some manufacturer. And they tell me Google is lying. And I ask them why. And they tell me is that I take permissions to Google, Google Play Services and others. And do not stop leaving notifications that this does not go because Play or Play Services does not have such permission. And they say they look for privacy and that if you can remove permissions. And also if you update from the Play you menten things without warning. Or the same security updates. That if Google Rv, that if more crap that you do not use. And more and more and more the phone becomes slow and so on. And I answer Fdroid and custom with nothing. Or remove things by adb.

What if at best for a person who never did root, or for the normal person or user. It can and does turn out to be a difficult and scary thing. But then they are in love with that freedom.

The truth is that they should make some phones at a reasonable price. Without anything from Google. But of course compete at the level of advertising, or that people buy terminals every two by three is difficult. And of course they always talk about Google, Apple, Amazon and Microsoft. And people are not looking for or do not look any more. Itā€™s like the example I give, like fast food. You go to buy and you eat at the moment, and in the mobile phones you also buy and use. You donā€™t look for more.

And the companies be it Google, Apple, Microsoft, Amazon, Lg, Samsung, etc etcā€¦ privacy isā€¦

The funny thing is that governments come to say about privacy. And laws and so on. And then you find this. Telemetry and others in mobiles and everything. Where is the privacy and those lawsā€¦

But of course then you see news that if you use encrypted or secure emails. To the governments or the police, they say you do illegal things. And that they have to put a backdoor or allow them to be read. And there will be everything, but maybe you are just protecting your personal information, without doing anything illegal as they claim. But all in the same bag.

A hug

89

Good afternoon:

I have just been handed some news that already borders on anything but privacy.

Now our data in the EU is going to the USA. Although it was already seen by Google,Facebook and others. But now they approved it.

The US ensures that when our data is stored there, the government will take care that the NSA does not spy on us EE.UU asegura que cuando nuestros datos se almacenen allƭ, el gobierno cuidarƔ que la NSA no nos espƭe or Tus datos podrƔn transferirse a Estados Unidos libremente: el acuerdo de Europa con Joe Biden que tanto querƭa Mark Zuckerberg.

we will have to use anti nsa filters or hosts. And I donā€™t know of any updated :frowning: . Since the one that I knew was GitHub - tigthor/NSA-CIA-Blocklist: This is the github repository for all NSA and CIA spying servers, including those revealed by Edward Snowden and other studies we conducted on the whole world's servers, enumerating those that spy on individuals and sell data to the NSA and CIA. , GitHub - Aman2406/NSA-block , https://github.com/DerMuffin/NSABlocklist-pi-hole-edition , GitHub - gasull/adblock-nsa: uBlock/Adblock filters for NSA list of known compromised servers

I do not know if you know of any updated @Morgoth @SkewedZeppelin @Licaon_Kter

A hug and thanks for your help

90

I suggest you donā€™t root a person who hasnā€™t asked for it, installing a custom ROM is enough to get rid of Google Play Services.
If they leave you the phone to do it, it says that they are not very skilled with these issues and therefore should NOT have a rooted phone.
Understand that it is totally unnecessary and carries a big risk in security, this should also be notified to all those who want to root.
A rooted phone is more exploitable than a non-rooted one.

Another thing is, custom ROMs donā€™t have to be ā€œpeer reviewedā€, they are supposed to have some control and have more eyes on them when they are made official on LineageOS, but an unofficial ROM always involves TRUSTING that developer, which you donā€™t know.

I just want to give a warning, everyone has the right to be informed so as not to commit imprudences on a phone that may be compromised.

91

I also think that the intentions are doubious, as @Licaon_Kter says.

I donā€™t want the below opinion to be linked to him, as it is completely personal, of course:

In my opinion, even if they are right, they give off an aura of elitism that I really despise, in a way, it seems more like destructive criticism than constructive criticism.
In the process, they promote Grapheneā€™s future project, but according to the article, they have nothing to do with Graphene, hmmm.
F-Droid is already famous in the general public, but instead they donā€™t really seem to have a collaborative stance to improve it.

This is why I really respect Tad @SkewedZeppelin and his work on DivestOS, bringing a security-enhanced LineageOS to the humblest public, economically speaking as well.

I encourage all who can to donate to DivestOS.

2 Likes
92

They said they canā€™t contribute here since itā€™s GPL3 and therefore they canā€™t include it in their ROM (by default), something about signing keys iirc. At that point they said theyā€™ll invest in something new, I assumed itā€™s a new fdroid-clientā€¦reality was very different.

93

Or the methods that an otherwise trustworthy dev uses.

The NPM lib takeover of a devā€™s account comes to mind ā€“ mostly because I like to poke at Javascript whenever I can :slight_smile: So a trustworthy dev had not locked down their Github account, and who has time to bother with code commits + tight authorization controls ā€“ that became the weakest link. Out came a poor method of generating secure, shared libs and massive masquerading as legit code.

So the Graphene article, if well intentioned, has a point about the methods used to redistribute secure binaries / libs. And what is a user to do?

Do we ask for the real IDs of whoever made the code commits? Or ask that static code analysis reports be made available? Or demand results of pentests when that binary / lib is used? Or do a self-hack ā€“ trust but verify each piece of OSS we download via our own tests. ā† that is something Iā€™ve toyed around with but itā€™s lots of work.

So lots of folks trust that companies, like Google, that have $$$ and armies of ā€œInfoSecā€ workers act as Big Bro on their behalves. It sounds like the pro-Graphene author prefers the Big Bro approach of trusting a company, and I do get where theyā€™re coming from. At least we know (something) of who Google is compared to a Devs whoā€™ve weā€™ve never talked to. And companies loath being liable for things like hacks that get them into court rooms paying damages, and so you see Google now advertising their Android security checks (and yes I did watch one of their ads! pfft).

94

Good afternoon:

I always warn you. And even that the updates are not going to be the same and so on.

I even warn it when they tell me. JolĆ­n there is no way to remove this application from my terminal. And you tell them about adb. And that it can cause system problems and so on.

But donā€™t think Iā€™m dedicated to do those things professionally. Only friends and family who tell me.

But always go or talk to people tell you the same thing. I like the terminal but it says that it has so much storage and then you put mieā€¦ That I will never use and you are touching the ā€¦

But even if for example you buy a terminal of brand x, for example Xiaomi, Samsung, etcā€¦ You also have to rely on their customization layers. And we already know that they bring everything but privacy and other jejeje

Neither does Google, and the Play stuff. They are safe some if (they say), since either you know how to look at the code and interpret it or it is also to trust. And then how many discover that it does everything but well?

A hug

95

Universal Android Debloater is a user-friendly way to uninstall / disable unwanted apps. You can disable instead of uninstall via settings.

I recommend to build it yourself, easiest way to do is with an Arch Linux based distro and use the AUR package script to build it with pacman / pamac. (Not the -bin package)
More info:
https://archive.ph/DoRyK
(static archive page cause itsfoss is a javascript nightmare, omgā€¦)

3 Likes
96

Hell thanks! Installed under Arch via AUR ā€¦ testing right nowā€¦
It also describe what the services areā€¦ great!! So , tons of time gained avoiding to search any entry in the net.
Very good tip!

edit: no seriously ā€¦ you make my day happy. Was almost impossible to gather all the informations for the single service. Probably soon google will nuke github for make this beauty disappear :neutral_face:.

97

Privacy in general is difficult and only getting harder, the FBI, CIA and NSA have all been hacked previously

98

Itā€™s always been difficult, thereā€™s really no such thing depending on how you look at it.

We can however limit as much personal data from becoming public as we can. And there are still ways to do this but they are not for everyone.

Government agencyā€™s have high threat models compared to average citizens, 1 of many people trying to get in will always happen.

99

Good afternoon:

Privacy if you can get it. But in general people have no appreciation for their data.

Since they give it left and right. They donā€™t even read the terms of the programs etcā€¦ Not to say that they do not read the small print of the contracts or loyalty cards that are made ā€¦

And then everything is published on social networks. Thatā€™s why Facebook, Google and others make a killing.

It is easier to buy a mobile phone and not stop to look at what it collects from us. Already the own brands of terminals. Not to mention Google, Apple, Whatsapp, etc. ā€¦

And even more people put them at home. Tell me alexaā€¦ Ok Googleā€¦ Siriā€¦

When there are rooms and programs that do not collect data.

And then a lot of people excuse that they use vpn for privacy. Anywayā€¦

But if it can be achieved, it is increasingly difficult because of that, because of the detachment that people had and have to their data. I always hear the same thing: I donā€™t have anything to hideā€¦ And then why Google has a photo of me from 5 years ago, if I deleted itā€¦

If not look at the evolution of windows itself. How much telemetry they add in each version and nonsense. And the mobiles idem, Xiaomi , Smsung, Oppo, etc etcā€¦

And whoever says that Apple is the best for privacy. In shortā€¦ Just read the things they put in their terms and conditions. And how many things came to light that they collected and made excuses or covered it up. And they said they stopped there.

Mebos bad that we have the customs rooms, fdroid

A hug