8
100% FOSS Smartphone Hardening non-root Guide 4.0 - Lemmy
lemmy.ml(1/5) Edit(11/1/2022): * MIUI has no biometric Lockdown, solution. * FFUpdater
and UntrackMe apps recommended. * Added back Vinyl Music Player. NOTE (June)
15/06/2020: r_privacy moderator trai_dep revengefully
[https://np.reddit.com/r/privatelife/comments/h8hsdh/exclusive_rprivacy_moderator_deleted_smartphone/]
deleted my highly gilded 1.0 guide post
[https://np.reddit.com/r/privacy/comments/em8doj/smartphone_hardening_guide_for_normal_people/]
before. # NOTE: I will NOT respond to prejudiced and political trolls. Hello! It
took a while before I could gather enough upgrades to create this fourth
iteration of the smartphone guide so many people love. It seems to have
benefitted many people, and it was only a matter of time before things got
spicier. It is time to, once again, shake up the expectations of how much
privacy, security and anonymity you can achieve on a non rooted smartphone, even
compared to all those funky “security” custom ROMs. It is time to get top grade
levels of privacy in the hands (pun intended) of all you smartphone users. Steps
are as always easy to apply if you follow the guide, which is a pivotal
foundation of this guide I started 2 years ago. After all, what is a guide if
you feel unease in even being able to follow its lead? Unlike last year, I want
to try and fully rewrite the guide wherever possible, but some parts will seem
similar obviously, as this, while technically being an incremental improvement,
is also a massive jump for darknet users. This version of the guide took a while
compared to the previous versions. A kind request to share this guide to any
privacy seeker. ----- # User and device requirement * ANY Android 9+ device
(Android 10+ recommended for better security) * knowledge of how to copy-paste
commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very
simple, trust me) * For intermediate tech users: typing some URLs and saving
them in a text file ----- # What brings this fourth iteration? Was the previous
version not good enough? No, it was not, just like last time. There is always
room for improvement, but I may have started to encounter law of diminishing
returns, just like Moore’s Law has started to fail with desktop CPU transistor
count advancements. This does not mean I am stopping, but upgrades might get
marginal from here on. The upgrades we now have are less in number, higher in
quality. So, we have a lot explanation to read and understand this time around.
A summary of new additions to the 3.0 guide
[https://np.reddit.com/r/privatelife/comments/lpyl1s/100_foss_smartphone_hardening_nonroot_guide_30/]:
* Update to the Apple section * Many additions in section for app
recommendations and replacements * NetGuard replaced with Invizible Pro (this is
massive) * A colossal jump in your data security in the event of a possible
physical phone theft using a couple applications * An attempt at teaching the
importance of Android/AOSP’s killswitch feature for VPNs/firewalls * (FOR XIAOMI
USERS) How to configure Work Profile, as Second Space causes issues, and adding
back biometric Lockdown * How to be able to copy files from work profile to main
user storage without Shelter/Insular’s Shuttle service * Some changes in phone
brand recommendations * Caveat(s) ----- # Why not Apple devices? iPhone does not
allow you to have privacy
[https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d] due to its
blackbox nature, and is simply a false marketing assurance by Apple to you.
Recently, an unpatchable hardware flaw was discovered
[https://9to5mac.com/2020/08/01/new-unpatchable-exploit-allegedly-found-on-apples-secure-enclave-chip-heres-what-it-could-mean/]
in Apple’s T1 and T2 “security” chips, rendering Apple devices critically
vulnerable. Also, they recently dropped plan for encrypting iCloud backups after
FBI complained
[https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT].
They also collect and sell data quite a lot [https://i.imgur.com/n8Bk0bA.jpg].
Siri still records conversations 9 months after Apple promised not
[https://www.theregister.co.uk/2020/05/20/apple_siri_transcriptions/] to do it.
Apple Mail app is vulnerable, yet Apple stays in denial
[https://9to5mac.com/2020/04/27/iphone-mail-vulnerabilities-2/]. Also, Apple
sells certificates to third-party developers that allow them to track users
[https://www.theatlantic.com/technology/archive/2019/01/apples-hypocritical-defense-data-privacy/581680/],
The San Ferdandino shooter publicity stunt was completely fraudulent
[https://www.aclu.org/blog/privacy-technology/internet-privacy/one-fbis-major-claims-iphone-case-fraudulent],
and Louis Rossmann dismantled Apple’s PR stunt “repair program”
[https://invidio.us/watch?v=rwgpTDluufY]. Apple gave the FBI access to the
iCloud account of a protester accused of setting police cars on fire
[https://www.businessinsider.com/apple-fbi-icloud-investigation-seattle-protester-arson-2020-9].
Apple’s authorised repair leaked a customer’s sex tape during iPhone repair.
[https://www.youtube.com/watch?v=xt3YSD36ZNc] This is how much they respect your
privacy. You want to know how much more they respect your privacy? Apple’s Big
Sur(veillance) fiasco seemed not enough
[https://np.reddit.com/r/privatelife/comments/jvdokk/writeup_beware_of_shills_defending_apple_big/],
it seems. Still not enough to make your eyes pop wide open? Apple’s CSAM
mandatory scanning of your local storage is a fiasco that will echo forever.
This blog article
[https://www.hackerfactor.com/blog/index.php?%2Farchives%2F929-One-Bad-Apple.html]
should be of help. But they lied
[https://www.icenterpro.eu/apples-csam-system-was-hacked-but-the-firm-claims-it-is-protected/]
how their system was never hacked. I doubt
[https://np.reddit.com/r/MachineLearning/comments/p6hsoh/p_appleneuralhash2onnx_reverseengineered_apple/].
They even removed CSAM protection references
[https://www.macrumors.com/2021/12/15/apple-nixes-csam-references-website/] off
of their website for some reason. Pretty sure atleast the most coveted privacy
innovation of App Tracking protection with one button tracking denial would
work, right? Pure. Privacy. Theater.
[https://www.yahoo.com/news/former-apple-engineer-says-button-164452709.html]
Surely this benevolent company blocked and destroyed Facebook and Google’s ad
network ecosystem by blocking all those bad trackers and ads. Sigh. Nope.
[https://twitter.com/PatrickMcGee_/status/1449608262492459011] Now it is just
Apple having monopoly over your monetised data. Also, Android’s open source
nature is starting to pay off in the long run. Apple 0-day exploits are far
cheaper [https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/]
to do than Android. ----- # LET’S GO!!! ALL users must follow these steps except
the “FOR ADVANCED/INTERMEDIATE USERS” tagged points or sections. Firstly, if
your device is filled to the brim or used for long time, I recommend backing up
your data and factory resetting for clean slate start. * Sign out all your
Google and phone brand accounts from your device so that Settings–>Accounts do
not show any sign-ins except WhatsApp/Signal/Telegram * Install ADB on your
Linux, Windows or Mac OS machine, simple guide:
https://www.xda-developers.com/install-adb-windows-macos-linux/
[https://www.xda-developers.com/install-adb-windows-macos-linux/] * Use
“Universal Android Debloater”
[https://gitlab.com/W1nst0n/universal-android-debloater] to easily debloat your
bloated phone. NOTE: Samsung users will lose Samsung Pay, as Samsung has been
caught and declares they sell this data:
https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/
[https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/]
* Install F-Droid app store from here [https://f-droid.org/en/] * Install
NetGuard app firewall (see NOTE) from F-Droid and set it up with privacy based
DNS like AdGuard/Uncensored/Tenta/Quad9 DNS. NOTE: NetGuard with Energized
Ultimate [https://block.energized.pro/ultimate/formats/hosts.txt] HOSTS file
with any one of the above mentioned DNS providers is the ultimate solution.
NOTE: Download the Energized Ultimate hosts file from
https://github.com/EnergizedProtection/block
[https://github.com/EnergizedProtection/block] and store it on phone beforehand.
This will be used either for NetGuard or Invizible, whichever is picked later
on. (FOR ADVANCED USERS) If you know how to merge HOSTS rules in one text file,
you can merge Xtreme addon pack from Energized GitHub. You can also experiment
with the Porn and Malicious IP domain lists. NOTE: Set DNS provider address in
Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS * Install Invizible Pro
from F-Droid (LONG SECTION FOR THIS BELOW) * In F-Droid store, open Repositories
via the 3 dot menu on top right and add the following repositories below: 1.
https://gitlab.com/rfc2822/fdroid-firefox
[https://gitlab.com/rfc2822/fdroid-firefox] 2.
https://apt.izzysoft.de/fdroid/index.php
[https://apt.izzysoft.de/fdroid/index.php] 3.
https://guardianproject.info/fdroid/repo/
[https://guardianproject.info/fdroid/repo/] Go back to F-Droid store home
screen, and hit the update button beside the 3 dot menu. (This may vary if you
have newer F-Droid store app with new user interface.) -----
Lemmy unfortunately has a word limit for posts, and I had to break my post into 5 parts, 4 as comments, to be able to post it. So, comments and questions can be put here.
Yeah I would have banned you too. It seems like you simply have a bone to pick with strcat since you got banned.
Your arguments are cyclical and you have not given any valid evidence towards pixel devices being backdoorerd or graphene being google/NSA/CIA/etc shills.
Also I’m pretty sure most of the stock ROMs you recommend keeping all have cameras with shutter sounds.
If you hate google so much then why are you recommending ANY android devices?
EDIT: just to test it, I muted all sounds on my phone and tried taking a picture. Guess what? No shutter sounds.
Sure, I am picking a bone. Go express your love to strcat, I have no time for trolls that worship him and his grifty cult that bans any people that question him.
Want to be a mental gymnast? 2022 Olympics are coming soon. I am not one, so I no longer want to compete with you.
In case you want to delete your comments…
screenshot
I think my ‘mental gymnastics’ are actually valid criticisms. Honestly I want to know why if you’re so worried about privacy and security then why not just reccomend a Linux device with no ties to google? Or better yet, no connected devices since its super easy for the gubmebt to track LTE signals.
Every device you recommended is an android device yet you claim that google is the enemy. Why wouldn’t you also assume that these stock vendor ROMs have backdoors in them as well? Just degoogling and using fdroid isn’t enough when some random company holds the keys to your device.