Android: Difference between revisions
→Living without Google services: apkmirror is flooded with enormous Google ads and Google trackers are discovered in the site. The other 2 suggestions are enough.
(→Living without Google services: apkmirror is flooded with enormous Google ads and Google trackers are discovered in the site. The other 2 suggestions are enough.) |
|||
(27 intermediate revisions by 3 users not shown) | |||
Line 1:
{{Template:Draft}}
{{TOC right}}
[[File:Android logo 2019.png|thumb|The little green <s>robot</s> android is always watching you.]]
'''Android''' is a smartphone operating system developed by Google and supported by a very loose collective of other companies called Open Handset Alliance.
Yet, ''some'' things can be done to improve things, which is what this page seeks to achieve.<br>
[[File:Google play services logo.svg|thumb|And he brings along the finest <s>spyware</s> services that Google has to offer.]]
<br>
{{ombox | image=[[Image:JS Icon Edit.svg|80px]] | text =
'''Main takeaways'''
* Android is broken up into several different manufacturer versions, each of which have some variation in the feature set.
* Android offers a limited set of privacy controls which we will aim to document here.
* Android smartphones are hard to update which is a glaring privacy and security risk for the users.
* Users should seek to opt for free software alternatives to Google whenever possible.
}}
<br>
== Manufacturer skins ==
Virtually all manufacturers produce their own variant of Android commonly referred as manufacturer skin.
Line 18 ⟶ 22:
:* The software skin produced by Google for it's Pixel line-up. It tends to have the least amount of difference compared to the source code of the Android itself. However, there are still exclusive features on Pixels.
* [[One UI/Samsung Experience]]
:* Samsung's take on Android. Historically considered a bit ugly, it runs on
* [[EMUI]]
:* Found on Huawei's phones, this skin is quite divisive. Western nations, particularly USA government, consider it close to [[w:spyware]]. Be that as it may, Huawei phones are very popular in Europe and Asia.
Line 26 ⟶ 31:
:* Near-stock skin by OnePlus. OnePlus is the Western facing brand of [[w:BBK Electronics]].
----
== Screen lock ==
Let's start with the most obvious privacy feature of any phone; the screen lock.
Line 34 ⟶ 38:
Starting with the near useless ones, swipe pattern and camera unlock should never be used, by anyone. They have repeatedly been proven to be insecure and easily defeated. It is pretty trivial for a shoulder surfing attacker to see and memorise your swipe pattern, no matter how complicated it is, not to mention that unless you're absolutely overzealous about screen cleanliness, most times you can still see the swipe smudges left by the previous unlocks.<br>
Camera unlocks on the other hand are primarily a jump on the bandwagon started by Apple's much better FaceID solution. But, while Apple uses actual 3D face analysis, most
PIN and fingering recognition are much better, but hardly fool proof. Most PINs are simply too short to stand up to serious scrutiny, and fingerprint sensors have reliably been defeated by security researchers.<br>
Line 60 ⟶ 64:
However, in the interest of compatibility, it is still possible to install those old apps, and they will be granted all permissions they want, even on modern devices.
If you encounter this sort of interface upon installing an app, it'd be wise to cancel it instead as you have no control over the permissions. Not to mention that such old apps are not required to use secure communication via TLS/SSL.
At this time, we highly encourage you to pause what you're doing and go review all the current permissions on your device.
== Private DNS ==
From [[w:Android_version_history#Android_9_Pie_(API_28)|version 9 'Pie']] Android supports private DNS using the [[encrypted DNS|DNS over TLS protocol]]. By default Android uses
To avert this, you can use any private DNS server compatible with DNS over TLS protocol.
=== Set Private DNS ===
Line 69 ⟶ 75:
=== Filter tracking and ads ===
[[File:Adblock Plus 1.3.0.369 settings in Android 2.3.6.png|thumb|Adblock software on Android.]]
{{See also
Additional privacy benefit
While a standard Private DNS server will resolve all DNS requests over an encrypted connection, there are certain servers which will refuse to resolve ads, tracking, malware or other undesired content. The result of this is that when your phone tries to resolve and ad or a request by an app to access a tracker, the server will instead respond saying that this ad or tracker does not exist. This will result in the ad not being loaded and the tracking information not being sent to the tracker.
Line 77 ⟶ 83:
== Free and open source first approach ==
[[File:F-Droid Logo 4.svg|border|left|frameless|alt=|180x180px]]
Whenever you consider installing an app or signing up to a service, it is always good to consider whether the same or similar experience can be achieved by [[Concept:free and open source]] software.<br>
Free and open source software can be more easily checked by the community of it's users, and it is much harder to hide nefarious code or functionality as all the code is transparent. There are also far fewer incentives to do anything untoward as most open source software is written with the public benefit in mind.
=== F-Droid ===
The easiest way to do this is to install [[Recommended:F-Droid]]. This Android store only hosts free and open source apps, thus, anything you find here will be inherently more trustworthy than closed source software.
▲= A step further =
== Secure your communication ==
This step is actually very easy, although the difficult part comes in when you attempt to get other people to contact you via these privacy preserving options.
If you use [[w:SMS|text messaging aka SMS]] or standard phone calls your communications are transmitted in plain text and are easily visible to your service provider. Depending where you live, your service provider or government may be logging and analysing this information, building a model of your behaviour, and building a permanent record which may be used against you in many ways.
Even if you mainly correspond via apps such as Facebook messenger or WhatsApp, you're hardly any better off. Rather than with your provider, your messages and/or the metadata are now in the hands of big companies such as Facebook who's core business model is to violate your privacy. Those companies are, of course, subject to coercion by government in charge of their servers.
When it comes to secure communication, the gold standard is always-on enabled-by-default [[Concept:End-to-
* '''always-on''' - the encryption is always on and cannot be disabled by either yourself or any third party, including the service provider or the government
* '''enabled-by-default''' - the encryption is on for all users of the service, by default and without any additional opt-in steps
* '''[[Concept:End-to-
A 'nice to have' property of a communication systems is also peer to peer communication, but this often is not achievable without significant sacrifice in usability.
Line 104 ⟶ 105:
=== Texting and calling ===
====Signal====
At this moment, the best choice for texting and calling is the [https://www.signal.org/ Signal] app.<br>
Developed and operated by not-for-profit [[w:Signal Foundation|Signal Foundation]], this app meets all three of the above outlined criteria. It is based on the well-regarded E2EE [[w:Signal Protocol]], developed by the Signal Foundation's co-founder [[w:Moxie Marlinspike|Moxie Marlinspike]] and it has also received an independent audit<ref>https://ia.cr/2016/1013</ref> which did not find any notable flaws or omissions which could result in a breach of privacy.
Signal is great for direct one-on-one messaging, small group messaging, voice calls, as well as video calls <ref>they're working on group video calls, although they're not currently available</ref>. It also can send and receive SMS, though SMS is not protected by the encryption. Aside from SMS, every other form of communication through the app is end-to-end encrypted.
=====Don't use Telegram=====
== Peer to peer options ==▼
One piece of bad advice that is often given out by people who should know better is to use [[Telegram]].<br />
Telegram is not end-to-end encrypted, its server software is closed source, and the service provider can read all your messages.
<!-- This commented out section probably goes into too much detail.
▲===== Peer to peer options =====
When it comes to peer to peer, there are also couple options, although none are as polished as Signal.
======Tox======
[https://tox.chat/| Tox] is a good peer to peer option. The problem is that the IP address of the conversation participants is transparent. Another major issue is that you cannot send messages unless both parties are online.
======Briar======
[https://briarproject.org/| Briar] solves those issues, but the problem here is that the service is only available on Android. No desktop or iOS options.
======Session Messenger======
[https://getsession.org/| Session Messenger] is a fork of Signal which removes the central server, replacing them with decentralised service nodes, provides a type of Onion routing through the LokiNet thus obfuscating participant's IP addresses and eschews the need for a phone number. However, this is a very new service, and has not been audited and embraced by the privacy community yet, so
=== Video calls and conference ===
==== Jami ====
[https://jami.net/ Jami] is a pretty feature complete {{p|Skype}}/{{p|Zoom}}/{{p|Teams}} replacement that allows you to have virtual calls and meetings without any third party in the middle spying on what you're saying. It's service is decentralised, and aside from a little bit of help from a central server to established the initial connection, all the data is sent and received directly between the parties who are using the program.
==== Jitsi ====
[https://jitsi.org/ Jitsi] is another strong contender, particularly if you want to speak with somebody who is resistant towards having to install another app/program. With Jitsi, you simply create a new meeting on one of many community-ran instances, and send out the unique link. Anyone can use this link to simply join you using any modern browser.
{{See
Once again, this step is pretty easy to perform, but can be much harder to commit to.
Line 132 ⟶ 139:
The problem is that Google has absolutely zero shame when it comes to exploiting your information, and will use it against you every chance they get. Google's privacy policy spells quite plainly that since you're not paying for the service, you're the product.
<br>
This however does not mean that these steps are not effective in protecting your privacy or that they are not 'worth it'. The reality is that if you're willing to learn something new or spend some time re-adjusting, the end result will be a reasonable usability sacrifice with significant privacy gains.
== Flash a custom ROM ==
Custom
There are many different custom ROMs, focusing on all kinds of enhancements, so it can be a bit hard to separate the wheat from the chaff, however, from the privacy perspective, these are
*[[File:
* [https://lineageos.org/
* [https://calyxos.org/ CalyxOS] - developed by not-for-profit Calyx Institute, which was founded by [[w:Nicholas Merrill|Nicholas Merrill]], this is another solid solution
=== Living without Google services ===
You might wonder how does one obtain or update apps on a device without Google services. Well, there are few ways.
* [https://f-droid.org/
* [https://auroraoss.com/
=== LineageOS with MicroG ===
If you can't quite manage a Google-free existence, one halfway step is using MicroG on previously mentioned LineageOS. MicroG project is an effort to [[w:Clean room design|clean room]] re-implement many of the services Android apps have come to depend on due to Google's anticompetitive behaviour, such as {{p|[[w:Google Play Service|Google Play Services]]}}, Google's location services and Maps API.<br />
This means you would still be using a reduced set of Google services, but only the ones that are necessary to prevent the app from malfunctioning. Because MicroG code is open source, only necessary functionality is implemented, and any client-side tracking is absent.
* [https://lineage.microg.org/ LineageOS with MicroG] - While you can just take almost any custom ROM and add MicroG to it, an easier solution is simply flashing a ROM from LineageOS with MicroG project.
----
= Additional reading =
[[Analysis:Fundamental problem with Android]]<br>
|