Android

Android is a smartphone operating system developed by Google and supported by a very loose collective of other companies called Open Handset Alliance. Although it is technically open source (in the sense that the basic source is available), it is tightly controlled by Google and turned into one of the most potent weapons of surveillance capitalism. Google uses Android to actively erode user's privacy in new and innovative ways, and yet our modern life is nigh impossible with this one side of the smartphone duopoly coin. Yet, some things can be done to improve things, which is what this page seeks to achieve.

Manufacturer skins
Virtually all manufacturers produce their own variant of Android commonly referred as manufacturer skin. This page is for Android in general and content found here is applicable to most, if not all, Androids. Check out specific manufacturer skin's pages for specifics relating to individual manufacturer skins.


 * Stock Android/Pixel Experience
 * The software skin produced by Google for it's Pixel line-up. It tends to have the least amount of difference compared to the source code of the Android itself. However, there are still exclusive features on Pixels.


 * One UI/Samsung Experience
 * Samsung's take on Android. Historically considered a bit ugly, it runs on untold million of Samsung devices in the wild.


 * EMUI
 * Found on Huawei's phones, this skin is quite divisive. Western nations, particularly USA government, consider it close to spyware. Be that as it may, Huawei phones are very popular in Europe and Asia.


 * MIUI
 * Xiaomi's attempt at Android. Much like Huawei, it faces heavy criticism in the West, but somewhat less than Huawei.


 * OxygenOS
 * Near-stock skin by OnePlus. OnePlus is the Western facing brand of BBK Electronics.

= Easy wins = These 'easy wins' are steps recommended for most Android users. They are applicable to almost all phones and will not significantly inconvenience you.

Screen lock
Let's start with the most obvious privacy feature of any phone; the screen lock.

Most Android phones offer a few different ways to lock you screen. Some are good, others are near useless.

Starting with the near useless ones, swipe pattern and camera unlock should never be used, by anyone. They have repeatedly been proven to be insecure and easily defeated. It is pretty trivial for a shoulder surfing attacker to see and memorise your swipe pattern, no matter how complicated it is, not to mention that unless you're absolutely overzealous about screen cleanliness, most times you can still see the swipe smudges left by the previous unlocks. Camera unlocks on the other hand are primarily a jump on the bandwagon started by Apple's much better FaceID solution. But, while Apple uses actual 3D face analysis, most Android do simple facial recognition analysis on the front facing camera which is nowhere near secure enough.

PIN and fingering recognition are much better, but hardly fool proof. Most PINs are simply too short to stand up to serious scrutiny, and fingerprint sensors have reliably been defeated by security researchers. Ultimately, there is no substitute for a good password, but we also recognise the reality that some users unlock their phone upwards of 150 times a day and won't bother with a 12 character password.

Therefore, on balance, probably the best option is using the fingerprint sensor or, lacking that, a PIN to keep up casual snoops.

Legal status of passwords
Biometric security, such as fingerprint readers, have one legal weakness however. Certain jurisdictions provide a defendant with a right to remain silent or a right to not self-incriminate, which often protects them from being forced to disclose a password or a PIN when faced with such requests from law enforcement. Where these right do apply, biometric unlocks are usually not similarly protected, meaning that a police officer usually cannot compel you to give them your password, but can lawfully force you to unlock you phone with a fingerprint scan.

To help with this, some Android versions offer a lockdown mode which will lock the device and disable the biometric unlock until the PIN or password is manually entered. All modern Androids do, however, disable biometric unlock for the first unlock following a boot. If you're expecting to interact with law enforcement, and you plan not to record the interaction (which you really should), it is a good practice to shut down you phone to prevent the law enforcement for from using the biometrics loophole. Of course, if you are ever in this situation, everything hinges on your password strength or police's access to data extraction tools such as product of Cellbrite or GrayKey.

Permission management
Since mid-2015 and Android Marshmallow, the platform has supported app permission, where the user could opt to deny an app access to a certain features. Although we understand that the urge to make that little window go away is very great, it is worth to take a moment to consider the impact of such decision. Ask yourself: does it makes sense that at simple chat app or a video player is asking for your location? If app purpose justifies the requested, does the request have to be granted right now, rather than just prior to actually using the app. If the chat app needs storage permission to let you attach files, why not grant that just prior to files being attached, rather than letting the app rummage through the contents of your storage at will? In the computing circles this is called the principle of least privilege, but you might know it as need to know basis. Always ask yourself 'does this app **need to know** this about me?' and err on the side of '**no**'.

Temporary permissions
Currently, a permission, once granted, does not expire or get removed unless the user manually removes it. This is not ideal, but there is a hacky workaround via a Proprietary app called | Bouncer. This app will use Android accessibility service to quickly remove permissions from other apps based on your rules.

Prior to Marshmallow
Prior to the advent of deniable app permissions, the system simply told you about permissions that the app wanted and granted all of them. However, in the interest of compatibility, it is still possible to install those old apps, and they will be granted all permissions they want, even on modern devices. If you encounter this sort of interface upon installing an app, it'd be wise to cancel it instead as you have no control over the permissions. Not to mention that such old apps are not required to use secure communication via TLS/SSL.

Private DNS
From version 9 'Pie' Android supports private DNS using the DNS over TLS protocol. By default Android uses wither the WiFi's DNS server (usually from the ISP of the WiFI) or the mobile provider's DNS server. While this is not necessarily a bad thing, the problem lies in the fact that the DNS requests are completely unprotected and transparent to the network provider or anyone listening in on the network. This metadata, when collected and analysed, grants a deep insight into your personal behaviours and habits. It is, essentially, your browsing history, except in this case you cannot delete it as it is held by a third party. To avert this, you can use any private DNS server compatible with DNS over TLS protocol.

Set Private DNS
To set private DNS on most devices, go to Settings -> Wifi & Network -> Private DNS. In the new window add the hostname of the DNS server and click Ok.

Filter tracking and ads
See also: adblocking

Additional privacy benefit form Private DNS is using an adblocking and tracker blocking DNS server. While a standard Private DNS server will resolve all DNS requests over an encrypted connection, there are certain servers which will refuse to resolve ads, tracking, malware or other undesired content. The result of this is that when your phone tries to resolve and ad or a request by an app to access a tracker, the server will instead respond saying that this ad or tracker does not exist. This will result in the ad not being loaded and the tracking information not being sent to the tracker.

A recommended service to achieve this is blahdns.com but, of course, any other valid DNS over TLS server may be used. A fairly comprehensive list is maintained by the good folks over at privacytools.io.

Free and open source first approach
Whenever you consider installing an app or signing up to a service, it is always good to consider whether the same or similar experience can be achieved by Concept:free and open source software. Free and open source software can be more easily checked by the community of it's users, and it is much harder to hide nefarious code or functionality as all the code is transparent. There are also far fewer incentives to do anything untoward as most open source software is written with the public benefit in mind.

F-Droid
The easiest way to do this is to install Recommended:F-Droid. This Android store only hosts free and open source apps, thus, anything you find here will be inherently more trustworthy than closed source software. = A step further = Following steps may require a little bit of effort or sacrifice, but they are still recommended for most Android users who care about their privacy.

Secure your communication
This step is actually very easy, although the difficult part comes in when you attempt to get other people to contact you via these privacy preserving options.

If you use text messaging aka SMS or standard phone calls your communications are transmitted in plain text and are easily visible to your service provider. Depending where you live, your service provider or government may be logging and analysing this information, building a model of your behaviour and building a permanent record which may be used against you in many ways. Even if you mainly correspond via apps such as Facebook messenger or WhatsApp, you're hardly any better off. Rather than with your provider, your messages and/or the metadata are now in the hands of big companies such as Facebook who's core business model is to violate your privacy. Those companies are, of course, subject to coercion by government in charge of their servers.

When it comes to secure communication, the gold standard is always-on enabled-by-default end-to-end encryption. To break this down further:
 * always-on - the encryption is always on and cannot be disabled by either yourself or any third party, including the service provider or the government
 * enabled-by-default - the encryption is on for all users of the service, by default and without any additional opt-in steps
 * end-to-end encryption - the encryption is structured in such a way that no third party, not even service provider or the government, has access to the shared secret, a so called 'private key', which can be used to decrypt the communicationSignal ultramarine icon.svg

A 'nice to have' property of a communication systems is also peer to peer communication, but this often is not achievable without significant sacrifice in usability.

Sadly, not many service meet these requirements. These are recommended options.

Texting and calling
At this moment, the best choice for texting and calling is the Signal app. Developed and operated by not-for-profit Signal Foundation, this app meets all three of the above outlined criteria. It is based on the well-regarded E2EE Signal Protocol, developed by the Signal Foundation's co-founder Moxie Marlinspike and it has also received an independent audit which did not find any notable flaws or omissions which could result in a breach of privacy.

Signal is great for direct one-on-one messaging, small group messaging, voice calls as well as video calls. It also can send and receive SMS, though SMS is not protected by the encryption. Aside from SMS, every other form of communication through the app is end-to-end encrypted.

Peer to peer options
When it comes to peer to peer, there are also couple options, although none are as polished as Signal.

| Tox is a good peer to peer option. The problem is that the IP address of the conversation participants is transparent. Another major issue is that you cannot send messages unless both parties are online.

| Briar solves those issues, but the problem here is that the service is only available on Android. No desktop or iOS options.

| Session Messenger is a fork of Signal which removes the central server, replacing them with decentralised service nodes, provides a type of Onion routing through the LokiNet thus obfuscating participant's IP addresses and eschews the need for a phone number. However, this is a very new service, and has not been audited and embraced by the privacy community yet, so cation is very much advisable.

Video calls and conference
In this category, | Jami and | Jitsi are strong entries.

Avoid Google services
See more: Alternatives:Google services

Once again, this step is pretty easy to perform, but can be much harder to commit to.

Your Android comes preloaded with a suite of Google access offering you an easy and convenient access to plethora of Google services. The services are free, apps are of high quality and Google's dark patterns seamlessly guide you into sharing your every thought and feeling with Google who will be eager to monetise it.

The problem is that Google has absolutely zero shame when it comes to exploiting your information, and will use it against you every chance they get. Google's privacy policy spells quite plainly that since you're not paying for the service, you're the product.

= Going all the way = These steps are not for the feint of heart, either because they require a degree of technical know-how or because they may requires certain sacrifice of convenience or a change of established habits. This however does not mean that these steps are not effective in protecting your privacy or that they are not 'worth it'. The reality is that if you're willing to learn something new or spend some time re-adjusting, the end result will be a reasonable usability sacrifice with significant privacy gains.

Flash a custom ROM
Custom ROM's are community-created versions of Android, usually focusing on making significant changes to how Android runs, more than what is possible by just installing an app. Custom ROMs allow you to take back control of your device and fully remove Google's control over your Android phone. There are many different custom ROMs, focusing on all kinds of enhancements, so it can be a bit hard to separate the wheat from the chaff, however, from the privacy perspective, these are good bets:
 * Copperhead logo.svg| CopperheadOS - Google-free version of Android usually considered the gold standard when it comes to privacy on Android
 * | LineageOS - formerly known as CyanogenMod, while this project is not specifically focused on privacy, if you simply avoid installing Google Apps you'll have yourself a pretty decent phone privacy-wise

Living without Google services
You might wonder how does one obtain or update apps on a device without Google services. Well, there are few ways.
 * | F-Droid - aforementioned open source-only app store should be the first stop for app needs on Google-free devices
 * | Auroroa Store - despite the name, not really a store, but a way to download app off Google Play store without using the actual Google Play Store app. It will also update your apps.
 * | ApkMirror - repository of apps (apk files) ran by folks from well respected Android-enthusiast site [|androidpolice.com]
 * you may use | APKUpdater to check for updates from ApkMirror and automatically update the apps

= Additional reading = Analysis:Fundamental problem with Android Alternatives:Google services = Footnotes =