The quest for privacy and Android FOSS life: Beginnings

The following text is targeted at people new to /r/privacy and who are just starting out with taking control over their privacy. If you are a “veteran” here, you probably know everything I’ve written below or won’t find it useful. However feel free to correct my suggestions, add or help me make them more understandable. Also be nice!

Also please note that protecting your privacy is a best effort practice and the decisions you make usually depend on how comfortable you are with the privacy routine and also should always depend on your chosen threat level. My suggestions are mostly meant as a guide for an easy and stressless transition. If your threat level is very high however, this is not a text for you.

I’ve been around for a while and find that a lot of people coming here read a few posts and immediately go extreme privacy mode. They install custom roms, ditch accounts, ditch their friends that don’t want to go extreme privacy mode and so on. And at the end of the day feel exhausted and stressed. So I’ve gathered some tips below that might help you make your first steps to having a fair control over your privacy in Android and going FOSS (free open source software).

Firstly, installing a custom rom like LineageOS doesn’t mean instant privacy. Before everything you need to trust the developer of the rom, but I won’t discuss this here. Here is some general info on how Android apps work , how to separate private from public and what compromises you need to make to start the journey to privacy: * Removing google services is fine. But continuing to use facebook/instagram/whatsapp or any other app that gathers massive amounts of your data somewhat defeats the purpose of going google-free. I.e. facebook have proven they are more aggressive in data collection and don’t respect their users much in comparison to google for example. * Removing app permissions doesn’t mean the app cannot gather data from your phone or even from other apps. It means it doesn’t have access to the resources you have disabled permissions for. (no source, but is an easy search) So in this case is more or less 0% or 100% privacy. At least until there is a good way to manually sandbox / compartmentalize in Android. * So if you cannot find an alternative service and still need to use google or facebook etc. the best you can do is try using them in a separate browser (dedicated only for social networks etc.) on your phone. That way they will only have access to your browser and not your phone data. Of course if there is a FOSS client alternative, all the better, but don’t count on that. Sadly nowadays protecting your privacy means to compromise on convenience. Info on why you should use a separate browser for privacy unfriendly services can be found in /r/privacy The theory is the same for your computer and phone – the more you separate your online identities and apps, the better. * However in case you need / must use google apps or other privacy unfriendly services for work or for whatever reason, maybe consider getting a separate phone for that.

At this point something you must make sure you understand and this is important: Privacy and Security are NOT the same thing! If a piece of software protects your privacy that does not mean it is 100% robust and that it 100% protects you from worms, viruses etc. This is important to consider when installing little known apps, but is critical when choosing a custom rom for your phone! Hence always look for reputable apps/roms that are regularly updated and preferably avoid these that were spawned as some university student’s side project. 😉

And finally, my main topic – going FOSS. The best way to protect your privacy is using open source software. That is, because the code is available for free and for auditing and popular software is usually checked for malicious code. Still many people are asking what can happen if they keep using the closed source app they love so much. Well actually you cannot be sure, since you do not have access to the code. For all you know the app might be mining bitcoins in the background or whatever. A world without trust is a very sad place though. So if you really love the app, the developer has a good history and the privacy policy, permissions, etc. are adequate, I’d say keep it. Many apps from the Google Play Store require Google Play Services, but once you move to a custom rom you can use microG, which is an open source alternative for google’s framework.

Now, what if you want to try out a degoogled and FOSS life, but are worried about rooting and/or flashing your phone? You can actually follow the steps below and see if it works for you before attempting to change your phone OS.

DISCLAIMER: This requires a bit of tinkering. Google services are hard to even disable and in my case they kept giving themseves permissions back until I managed to finally disable them. In theory this should work for you, but I cannot guarantee it will work on every phone, so your results may vary.

IMPORTANT: Make sure you are able to and know how to do a factory reset of your phone at boot in case it gets stuck on boot screen, because of some google service or service by your phone manufacturer you disabled. Also before doing anything BACKUP YOUR DATA!

Here it goes: 1. Install f-droid and update repos. f-droid is a reputable store for FOSS apps. Make sure you check the cryptographic signature of the apk before actually installing it on your phone, so that you are sure it is the one provided by f-droid. 2. Install OpenLauncher or a launcher of your choice and other FOSS alternatives to the apps you use. OpenLauncher is somewhat buggy, but is in active development. It’s pretty nice overall. IMPORTANT: make sure you have FOSS alternatives to the core services on your phone and that they are working. E.g. the launcher app. Once you disable your Google App, if you don’t have another launcher running, you’ll probably only be able to see your wallpaper and will probably have to do a factory reset and start over. Make sure your FOSS apps (calendar, contacts and sync, camera etc.) are working before continuing to 3. 3. Go to your settings and for every google app and service clear data, force stop, remove permissions and disable it. Google Play Services must be disabled last. If some google service is still running you won’t be allowed to disable Google Play Services. For some google apps you’ll need to tap the 3 dot menu and choose Uninstall app updates for the Disable App button to become available. (After a factory reset you might actually have to wait for the app to update first, before Uninstall app updates becomes availabe). IMPORTANT: Make sure Show system is enabled in the App list and disable the Google services. Also you might hit xdadevs and some other forums to help you with disabling the right system services by your manufacturer (e.g. Motorola Alert, Checkin on Moto phones, that are not available as apps). 4. After setting up your FOSS apps and disabling everything unwanted in the apps and services, you can restart your phone. If everything is working as intended, it should start normally. 5. Enjoy battery life and profit from saving on electricity 😉 I have found that disabling Google Services extends my usage time by 1-2 hours, which is ridiculous and also extra good.

Try this setup for as long as you feel like. If you’re content with it, you can safely make the next step and install LinageOS or whichever rom you prefer (as long as it supports your phone!). If not, you can simply re-enable all google apps, wait for them to update and you good to go with your factory setup.

SIDE NOTE: Degoogleing your phone removes Google Play Store. However there are alternatives for downloading free Play Store apps on yourr degoogled phone. One of them is Yalp Store, which is available on f-droid. You don’t even need a google account to use, but some people are concerned how legitimate it is. For those people there is a workaround. Android Studio and SDK tools allow you to run an Android version of your choice in a virtual machine. Only some versions have the Play Store available, but once running, you can simply login, download the apps you need and back up the apks with Ghost Commander or another software of your choice.

Edit: formatting; which seems to not work for me, so I made some stuff bold. Hopefully it’s readable enough!

Privacy Galaxy!