Android privacy “beginner’s” guide

Are you concerned with your Android privacy but are not comfortable enough to root your phone then this blog is for you.

So if you’re not going to root your android you are quite limited at what you can do for your privacy but you don’t lose your warranty.  So there is that.

Weakest link

You

The user itself is always the weakest link in all things cybersecurity. The best thing you can do is to read and educate yourself about what you install and what not.  I have a habit of always checking the permissions from the app if I install something from the Play Store. It’s already old news that many random apps like flashlight need your contact info and other installed apps for example but people still haven’t learned about it.

One thing you can do is to turn off everything from your Google privacy settings

https://privacy.google.com/take-control.html?categories_activeEl=sign-in

then you don’t see your location history of your search history or anything else like that and we can hope fingers crossed that  it applies to Google themselves also. I’m a bit skeptical about it. But that’s the best we have right now. Don’t keep your GPS on all the time. There have been reports that Google will still track you even if you have your GPS turned off

https://gadgets.ndtv.com/apps/news/google-tracking-user-location-data-on-android-even-when-disabled-report-1778542

I myself always look from the F-droid if there’s an alternative and very often there is.

What is F-Droid you may ask? F-Droid is an app store its ideology is to keep everything free and open source and with no ads. I try to link as much from F-Droid as possible.

Hacking VPN

Cover art

Firewall Netguard

If you need the firewall on your Android Netguard is very good option. Netguard is a VPN based firewall. You can restrict even system apps with it. It only works on  Android 5.1 and up and the best experience you get with Android 7 or newer because they introduced something called Always on VPN. You can get netguard F-Droid or on the Google Play Store the Google Play Store when it has ads but it’s updated more frequently.

Blokada ad blockerAnother option for using your VPN  is to use Blokada. It’s an ad blocker which uses VPN to get around the root requirements. So no Netguard and Blokada at the same time. Blokada is easier for install and forget it like for kids Or you don’t want to deal with the firewall each time you install something.  You can use the same host files as your Adblock on your computer. Blokada is only available from F-droid.

One thing to remember with the VPN tools is you cannot restrict the access to VPN so if you are concerned that someone will turn it off you cannot do anything about it. The VPN and OFF switch can be found in the normal Android settings.

Managing your passwords

File:KeePass icon.svg - WikipediaKansikuvaFor your passwords there is Keepass where  you have full control of your key file. Keepass can be found for all operating systems but it’s a bit finicky to find the right for you because they are so many of them. For android  there are many apps that can use keepass files. At the moment I’m using on android one called Keepass2Android Password Safe Which can be found only on the Play Store it still open source but it’s quite Advanced compared to others it has its own keyboard for protecting from clipboard snooping and it can use the built-in out of fill feature with Android Oreo. If your search for keepass on F-Droid you find many more.

 

The other option for your Kansikuvapasswords is Bitwarden.  it’s a lot like LastPass with full support to all operating system and Cloud syncing but it’s open source so I’m inclined to trust it a bit more. This is also from Play Store only. You don’t have full control of  your password file but it means also that it’s much harder to lose. Bitwarden uses the Amazon cloud services to store your passwords. It uses local encryption so Amazon or Bitwarden and cannot see your passwords. I myself use keypass a lot more but I play around with Bitwarden and it’s quite handy.

Messages messages messages...

KansikuvaSignal Private Messenger is a quite famous for cracking the problem to end-to-end encryption in phone space where someone can suddenly lose the internet.  It uses centralized server to relay your messages other people and each message is encrypted with a different encryption. It also has voice call and video call with  full end-to-end encryption.

Many companies even Facebook yes you’re right that’s right even Facebook is using nowadays Singal protocol to end to encrypt your messages if both of you are using the Facebook app and WhatsApp is using Singal protocol as default. But I’m not too trusting of them and it’s quite hard to verify that your messages are really end-to-end encrypted when you cannot see the code. My number one option is still the original one. Sadly it needs to Google Play services because it uses the GCM or Google Cloud messagingto work.

 

If you’re feeling really adventurous you can use XMPP it’s an old messaging protocol that can be used with hundreds of different apps and has a ton of plugins and  customizing options you can even host yourself yourself. about 5 years ago this was my go to messaging option with my friends. fun fact even Facebook uses xmpp as it’s base  so you can install an xmpp client and encrypt the traffic from your Facebook so Facebook only sees random letters and numbers. Probably the best app for xmpp for Android is Conversations It even has OMEMO encryption option.

The cloud is a lie

If you are reading this you probably know already the cloud is not your friend or not to be trusted at least.  finding the right Cloud solution for me has been a big Quest and I think I have cracked the code so to speak. There are a couple of free end-to-end encrypted commercial Cloud Solutions but they give you really limited space and none of them are  sadly to my knowledge open source. None of them doesn’t have a free option anymore Spideroak and Tresorit used to have one. That tells us at least how much profit other companies make with mining all the data you give them freely. Those who want to protect your data don’t survive with  providing the service for free. I’m using one called Tresorit I have still my free 5gb subscription active And it’s working wonderfully so if you want an easy solution use Tresorit.

The solution I found is to host your Cloud by yourself then you don’t need to trust no one and you make the rules.   Here we’re Nextcloud jumps in. It works on every platform and you can find the Android app in F-Droid (here). Nextcloud is fully open source and free and it’s amazing what  all you can do with it. Open your keepass files, video chat, file sharing, calendar, syncing your contacts, real-time collaboration in text documents it even has two Factor Authentication, file history and a lot more! The problem is it’s not for the non techies. By myself I’m still learning with it the easiest solution  I found already configured nextcloud installation image for your RaspberryPi called NextcloudPi.  It works straight out of the box in your local network  the only thing to do is to attach a hard drive to it and optionally configure it to work outside the network.

So this was a quick look on maximizing your Android privacy without root.  Did I miss something? Let me know.