Android: Difference between revisions

← Older edit

Android (edit)

Revision as of 07:45, 26 July 2022

1,452 bytes added , 1 year ago

→‎Living without Google services: apkmirror is flooded with enormous Google ads and Google trackers are discovered in the site. The other 2 suggestions are enough.

VisualWikitext

Matttest

Confirmed users

63

edits

Revision as of 20:18, 14 September 2020 (edit) 21x (talk \| contribs) (→‎Secure your communication: commenting out too detailed section) ← Older edit		Latest revision as of 07:45, 26 July 2022 (edit) (undo) Matttest (talk \| contribs) (→‎Living without Google services: apkmirror is flooded with enormous Google ads and Google trackers are discovered in the site. The other 2 suggestions are enough.)
(17 intermediate revisions by 3 users not shown)
Line 1: {{Template:Draft}} {{TOC right}} [[File:Android logo 2019.png\|thumb\|The little green <s>robot</s> android is always watching you.]] '''Android''' is a smartphone operating system developed by Google and supported by a very loose collective of other companies called Open Handset Alliance. ~~Although it is technically~~While open source (in the sense that the basic source is available) means the software is free, it is also true that open source comes nowhere when it comes to privacy. Android is tightly controlled by Google and turned into one of the most potent weapons of surveillance capitalism. Google uses Android to actively erode user's privacy in new and innovative ways, and yet our modern life is nigh impossible with this one side of the smartphone duopoly coin.<br> Yet, ''some'' things can be done to improve things, which is what this page seeks to achieve.<br> [[File:Google play services logo.svg\|thumb\|And he brings along the finest <s>spyware</s> services that Google has to offer.]] <br> {{ombox \| image=[[Image:~~Emblem-wiki~~JS Icon Edit.svg\|80px]] \| text = '''Main takeaways''' * Android is broken up into several different manufacturer versions, each of which have some variation in the feature set. Line 21 ⟶ 22: :* The software skin produced by Google for it's Pixel line-up. It tends to have the least amount of difference compared to the source code of the Android itself. However, there are still exclusive features on Pixels. * [[One UI/Samsung Experience]] :* Samsung's take on Android. Historically considered a bit ugly, it runs on ~~untold~~the ~~million~~roughly of956 million Samsung devices in the wild. * [[EMUI]] :* Found on Huawei's phones, this skin is quite divisive. Western nations, particularly USA government, consider it close to [[w:spyware]]. Be that as it may, Huawei phones are very popular in Europe and Asia. Line 29 ⟶ 31: :* Near-stock skin by OnePlus. OnePlus is the Western facing brand of [[w:BBK Electronics]]. ---- = {{Easy wins =}} ~~These 'easy wins' are steps recommended for most Android users. They are applicable to almost all phones and will not significantly inconvenience you.~~ == Screen lock == Let's start with the most obvious privacy feature of any phone; the screen lock. Line 37 ⟶ 38: Starting with the near useless ones, swipe pattern and camera unlock should never be used, by anyone. They have repeatedly been proven to be insecure and easily defeated. It is pretty trivial for a shoulder surfing attacker to see and memorise your swipe pattern, no matter how complicated it is, not to mention that unless you're absolutely overzealous about screen cleanliness, most times you can still see the swipe smudges left by the previous unlocks.<br> Camera unlocks on the other hand are primarily a jump on the bandwagon started by Apple's much better FaceID solution. But, while Apple uses actual 3D face analysis, most ~~Android~~Androids do simple facial recognition analysis on the front facing camera which is nowhere near secure enough. PIN and fingering recognition are much better, but hardly fool proof. Most PINs are simply too short to stand up to serious scrutiny, and fingerprint sensors have reliably been defeated by security researchers.<br> Line 63 ⟶ 64: However, in the interest of compatibility, it is still possible to install those old apps, and they will be granted all permissions they want, even on modern devices. If you encounter this sort of interface upon installing an app, it'd be wise to cancel it instead as you have no control over the permissions. Not to mention that such old apps are not required to use secure communication via TLS/SSL. At this time, we highly encourage you to pause what you're doing and go review all the current permissions on your device. == Private DNS == From [[w:Android_version_history#Android_9_Pie_(API_28)\|version 9 'Pie']] Android supports private DNS using the [[encrypted DNS\|DNS over TLS protocol]]. By default Android uses ~~wither~~either the WiFi's DNS server (usually from the [[w:ISP]] of the WiFI) or the mobile provider's DNS server. While this is not necessarily a bad thing, the problem lies in the fact that the DNS requests are completely unprotected and transparent to the network provider or anyone listening in on the network.<br>This [[Concept:Metadata\|metadata]], when collected and analysed, grants a deep insight into your personal behaviours and habits. It is, essentially, your browsing history, except in this case you cannot delete it as it is held by a third party. To avert this, you can use any private DNS server compatible with DNS over TLS protocol. === Set Private DNS === Line 72 ⟶ 75: === Filter tracking and ads === [[File:Adblock Plus 1.3.0.369 settings in Android 2.3.6.png\|thumb\|Adblock software on Android.]] {{See also\|~~adblocking~~Adblocking}} Additional privacy benefit ~~form~~from Private DNS is using an adblocking and tracker blocking DNS server.<br> While a standard Private DNS server will resolve all DNS requests over an encrypted connection, there are certain servers which will refuse to resolve ads, tracking, malware or other undesired content. The result of this is that when your phone tries to resolve and ad or a request by an app to access a tracker, the server will instead respond saying that this ad or tracker does not exist. This will result in the ad not being loaded and the tracking information not being sent to the tracker. Line 85 ⟶ 88: === F-Droid === The easiest way to do this is to install [[Recommended:F-Droid]]. This Android store only hosts free and open source apps, thus, anything you find here will be inherently more trustworthy than closed source software. = {{A step further =}} ~~Following steps may require a little bit of effort or sacrifice, but they are still recommended for most Android users who care about their privacy.~~ == Secure your communication == This step is actually very easy, although the difficult part comes in when you attempt to get other people to contact you via these privacy preserving options. If you use [[w:SMS\|text messaging aka SMS]] or standard phone calls your communications are transmitted in plain text and are easily visible to your service provider. Depending where you live, your service provider or government may be logging and analysing this information, building a model of your behaviour, and building a permanent record which may be used against you in many ways. Even if you mainly correspond via apps such as Facebook messenger or WhatsApp, you're hardly any better off. Rather than with your provider, your messages and/or the metadata are now in the hands of big companies such as Facebook who's core business model is to violate your privacy. Those companies are, of course, subject to coercion by government in charge of their servers. When it comes to secure communication, the gold standard is always-on enabled-by-default [[Concept:End-to-~~End~~end ~~Encryption~~encryption\|end-to-end encryption]]. To break this down further: * '''always-on''' - the encryption is always on and cannot be disabled by either yourself or any third party, including the service provider or the government * '''enabled-by-default''' - the encryption is on for all users of the service, by default and without any additional opt-in steps * '''[[Concept:End-to-~~End~~end ~~Encryption~~encryption\|end-to-end encryption]]''' - the encryption is structured in such a way that no third party, not even service provider or the government, has access to the shared secret, a so called 'private key', which can be used to decrypt the communication[[File:Signal ultramarine icon.svg\|thumb\|Signal strikes the right balance between usability and very strong crypto.]] A 'nice to have' property of a communication systems is also peer to peer communication, but this often is not achievable without significant sacrifice in usability. Line 107 ⟶ 109: Developed and operated by not-for-profit [[w:Signal Foundation\|Signal Foundation]], this app meets all three of the above outlined criteria. It is based on the well-regarded E2EE [[w:Signal Protocol]], developed by the Signal Foundation's co-founder [[w:Moxie Marlinspike\|Moxie Marlinspike]] and it has also received an independent audit<ref>https://ia.cr/2016/1013</ref> which did not find any notable flaws or omissions which could result in a breach of privacy. Signal is great for direct one-on-one messaging, small group messaging, voice calls, as well as video calls <ref>they're working on group video calls, although they're not currently available</ref>. It also can send and receive SMS, though SMS is not protected by the encryption. Aside from SMS, every other form of communication through the app is end-to-end encrypted. =====Don't use Telegram===== One piece of bad advice that is often given out by people who should know better is to use [[Telegram]].<br /> Telegram is not end-to-end encrypted, its server software is closed source, and the service provider can read all your messages. <!-- This commented out section probably goes into too much detail. ===== Peer to peer options ===== Line 116 ⟶ 121: [https://briarproject.org/\| Briar] solves those issues, but the problem here is that the service is only available on Android. No desktop or iOS options. ======Session Messenger====== [https://getsession.org/\| Session Messenger] is a fork of Signal which removes the central server, replacing them with decentralised service nodes, provides a type of Onion routing through the LokiNet thus obfuscating participant's IP addresses and eschews the need for a phone number. However, this is a very new service, and has not been audited and embraced by the privacy community yet, so ~~cation~~caution is very much advisable.--> === Video calls and conference === ==== Jami ==== [https://jami.net/ Jami] is a pretty feature complete {{p\|Skype}}/{{p\|Zoom}}/{{p\|Teams}} replacement that allows you to have virtual calls and meetings without any third party in the middle spying on what you're saying. It's service is decentralised, and aside from a little bit of help from a central server to established the initial connection, all the data is sent and received directly between the parties who are using the program. ==== Jitsi ==== ~~In this category, [https://jami.net/\| Jami] and [https://jitsi.org/\| Jitsi] are strong entries.~~ [https://jitsi.org/ Jitsi] is another strong contender, particularly if you want to speak with somebody who is resistant towards having to install another app/program. With Jitsi, you simply create a new meeting on one of many community-ran instances, and send out the unique link. Anyone can use this link to simply join you using any modern browser. == Avoid Google services == Line 131 ⟶ 139: The problem is that Google has absolutely zero shame when it comes to exploiting your information, and will use it against you every chance they get. Google's privacy policy spells quite plainly that since you're not paying for the service, you're the product. = {{Going all the way =}} <br> These steps are not for the feint of heart, either because they require a degree of technical know-how or because they may requires certain sacrifice of convenience or a change of established habits.<br> This however does not mean that these steps are not effective in protecting your privacy or that they are not 'worth it'. The reality is that if you're willing to learn something new or spend some time re-adjusting, the end result will be a reasonable usability sacrifice with significant privacy gains. == Flash a custom ROM == Custom ~~ROM's~~ROMs are community-created versions of Android, usually focusing on making significant changes to how Android runs, more than what is possible by just installing an app. Custom ROMs allow you to take back control of your device and fully remove Google's control over your Android phone.<br> There are many different custom ROMs, focusing on all kinds of enhancements, so it can be a bit hard to separate the wheat from the chaff, however, from the privacy perspective, these are good bets: [[File:~~Copperhead~~GrapheneOS ~~logo~~Logo.svg\|alt=\|thumb\|~~CopperheadOS~~GrapheneOS is what Android was meant to be.]][https://~~copperhead~~grapheneos.coorg/\| ~~CopperheadOS~~GrapheneOS] - Google-free version of Android usually considered the gold standard when it comes to privacy on Android [https://lineageos.org/\| LineageOS] - formerly known as CyanogenMod, while this project is not specifically focused on privacy, if you simply avoid installing Google Apps you'll have yourself a pretty decent phone privacy-wise * [https://calyxos.org/ CalyxOS] - developed by not-for-profit Calyx Institute, which was founded by [[w:Nicholas Merrill\|Nicholas Merrill]], this is another solid solution ~~<!-- Add https://calyxos.org/ -->~~ === Living without Google services === You might wonder how does one obtain or update apps on a device without Google services. Well, there are few ways. * [https://f-droid.org/\| F-Droid] - aforementioned open source-only app store should be the first stop for app needs on Google-free devices * [https://auroraoss.com/\| Auroroa Store] - despite the name, not really a store, but a way to download app off Google Play store without using the actual Google Play Store app. It will also update your apps. * [https://www.apkmirror.com/\| ApkMirror] - repository of apps (apk files) ran by folks from well respected Android-enthusiast site [[https://www.androidpolice.com/\|androidpolice.com]] === LineageOS with MicroG === ~~:* you may use [https://www.apkmirror.com/apk/rumboalla/apkupdater/\| APKUpdater] to check for updates from ApkMirror and automatically update the apps~~ If you can't quite manage a Google-free existence, one halfway step is using MicroG on previously mentioned LineageOS. MicroG project is an effort to [[w:Clean room design\|clean room]] re-implement many of the services Android apps have come to depend on due to Google's anticompetitive behaviour, such as {{p\|[[w:Google Play Service\|Google Play Services]]}}, Google's location services and Maps API.<br /> This means you would still be using a reduced set of Google services, but only the ones that are necessary to prevent the app from malfunctioning. Because MicroG code is open source, only necessary functionality is implemented, and any client-side tracking is absent. * [https://lineage.microg.org/ LineageOS with MicroG] - While you can just take almost any custom ROM and add MicroG to it, an easier solution is simply flashing a ROM from LineageOS with MicroG project. ----