Bitcoin Forum

Other => Beginners & Help => Topic started by: bitmover on December 20, 2019, 10:13:48 AM



Title: How to stay private when using Android (protonmail blog)
Post by: bitmover on December 20, 2019, 10:13:48 AM
I just found this article by protonmail with some tips on how to stay private on android
https://protonmail.com/blog/android-privacy/?pk_campaign=ww-en-mail-brd-end_year_comms2019&pk_source=backend-email&pk_medium=link&pk_content=android&pk_kwd=cta

I will make a quick summary:

Avoid Google data protection
Use a pin
Encrypt your device
Keep up to date
Use a VPN
Don't use Google search
Use a secure email provider
Don't share location with apps
Review default apps
Use a non Google version  of android


Quote
The basic principle: Turn everything off
In short: if you are not using a service right now, turn it off.

-snip-

Using Android privately

In closing, it’s also worth pointing out that, although Android is a risk to your privacy if you don’t lock it down correctly, smartphones per se are not evil.

In fact, if used correctly they can be extremely useful in securing other parts of your online life. The clearest example of this is two-factor authentication, in which a time-based code from a smartphone app is required in addition to your password to log in to your account. (Where possible, you should set up this kind of system for all of your online accounts.)

The trick to using a smartphone securely, as with any other device, is to take the time to find out how it actually works. That way, you can disable the data-collection and data-sharing “functions” that you don’t need.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: Lucius on December 20, 2019, 02:58:10 PM
~snip~
I would like to start by looking at the last point, Android without Google services. In this case, there are positive and negative sides to which we should pay attention. By using clean Android you give up all Google services, and that includes Gmail, YouTube, Earth&Maps, Google Play and many other things. The question then is what apps to use on your smartphone, where to get them from and how to be sure of their credibility? Google Play Store is not perfect, but still provides a somewhat solid level of security. Should I mention that you need custom ROM for free Android, and the knowledge to install it...

Using PIN, keep device up to date, and turn off all unnecessary spy features are smart tips. For those who would like to avoid Android completely, there are some alternatives in the form of Linux smartphones (https://www.makeuseof.com/tag/linux-smartphone-operating-systems/).



Title: Re: How to stay private when using Android (protonmail blog)
Post by: hd49728 on December 20, 2019, 04:19:01 PM
Can you give me more information on the way to use VPN for android devices, smartphones for example. I have not yet known how to stay private when browsing on mobile. There is no private browsers on mobile as far as I know (I might miscatch something).


Title: Re: How to stay private when using Android (protonmail blog)
Post by: poochpocket on December 20, 2019, 04:51:30 PM
For those who would like to avoid Android completely, there are some alternatives in the form of Linux smartphones (https://www.makeuseof.com/tag/linux-smartphone-operating-systems/).

Linux Smartphones are worth to be mentioned in the space of morden world privacy phones, the are a smart alternative too. But one cannot use android as suggested in the OP mostly, as most of the people use it as a daily driver and google provides one of the best data storing techniques and best user experiences in there daily driving apps.

Btw, even if you use custom roms, using Google apps is still important.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: bitmover on December 20, 2019, 07:23:44 PM
There is no private browsers on mobile as far as I know (I might miscatch something).


There are so many good privacy browsers for mobiles.
 firefox for example has a mobile only privacy version called firefox focus.

You also have tor as mentioned above.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: o_e_l_e_o on December 22, 2019, 01:13:17 PM
Can you give me more information on the way to use VPN for android devices, smartphones for example.
Most good VPN providers will have their own native app which you can install on Android. If not, then there are apps such as OpenVPN or WireGuard which will let you connect to any VPN service, and again, most good VPN providers will provide pre-made configuration files to use with these.

Firefox for mobile is just as powerful as their desktop version. You can still access the necessary privacy and security add-ons such as HTTPS Everywhere, uBlock Origin, and Privacy Badger, and you can also still access the about:config to apply necessary security/privacy tweaks.

Tor browser is obviously a good choice, but you can also use an app called Orbot, which will route all your internet traffic (from any browser or app) through the Tor network.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: libert19 on December 23, 2019, 05:06:29 AM
'Don't use Google search' — I just can't find the fluidity that Google search has, to other search engines.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: ice18 on December 23, 2019, 05:37:00 AM
Can you give me more information on the way to use VPN for android devices, smartphones for example. I have not yet known how to stay private when browsing on mobile. There is no private browsers on mobile as far as I know (I might miscatch something).
Im not sure if Opera GX browser is already working on android but it has a built-in vpn for users privacy just enabled it and you're good to go.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: joniboini on December 23, 2019, 05:49:25 AM
'Don't use Google search' — I just can't find the fluidity that Google search has to other search engines.

Try Duckduckgo. I'm not sure what kind of fluidity you're seeking here but it's clear that thing is built from collecting hundreds of petabytes of users data.



Im not sure if Opera GX browser is already working on android but it has a built-in vpn for users privacy just enabled it and you're good to go.

IIRC Opera Mini already supports VPN (or at least a built-in proxy). Good enough as long as you don't use it for risky activities such as logging on your web wallet.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: o_e_l_e_o on December 23, 2019, 05:53:08 AM
it has a built-in vpn
Opera's VPN, like most free or built in VPNs, is a terrible choice. Using it makes your privacy worse, not better. Using it redirects all your internet traffic via Opera's servers, and they monitor all your traffic and collect and sell your data to third parties.

If you aren't paying for a service, then you are not the customer, you are the product. Free VPNs are spying tools. A good VPN costs only a few dollars a month.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: ABCbits on December 23, 2019, 08:56:04 AM
'Don't use Google search' — I just can't find the fluidity that Google search has to other search engines.

Try Duckduckgo. I'm not sure what kind of fluidity you're seeking here but it's clear that thing is built from collecting hundreds of petabytes of users data.

Searx and Qwant also good alternative since DDF result is terrible for non-english keyword


Title: Re: How to stay private when using Android (protonmail blog)
Post by: o_e_l_e_o on December 23, 2019, 11:19:53 AM
Searx and Qwant also good alternative since DDF result is terrible for non-english keyword
Yeah, SearX is the way to go if you find other search engines' results to be inadequate, or are "addicted" to Google. You can edit your preferences and configure it so it will simply search Google on your behalf and return the results to you, but stripped of all tracking cookies and without sharing your IP, browser fingerprint, or other identifiable information.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: boyptc on December 23, 2019, 11:27:22 AM
Use a non Google version  of android
I've always thought that android was developed by Google. To the tech experts, is it possible to uninstall the google version on our android phones and install it with the LineageOS as mentioned in the article?

Is anyone here have done this before?


Title: Re: How to stay private when using Android (protonmail blog)
Post by: o_e_l_e_o on December 23, 2019, 11:53:27 AM
I've always thought that android was developed by Google.
It is, partly. It is developed by a consortium of developers know as the Open Handset Alliance, of which Google is the largest member. Once development of a new version is completed, it is published to the Android Open Source Project, which as the name suggests, is open source.

There are multiple projects which build upon the open source code, and end up with a more privacy or security focused product. Examples include GrapheneOS and LineageOS, which you mentioned.

To the tech experts, is it possible to uninstall the google version on our android phones and install it with the LineageOS as mentioned in the article?
Yes. You will find instructions for how to do so on their respective websites: https://wiki.lineageos.org/devices/ and https://grapheneos.org/install.

Be aware that doing so is not without risk. It is possible to brick your phone if you make mistakes while installing a custom OS.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: bitmover on December 23, 2019, 11:58:25 AM
To the tech experts, is it possible to uninstall the google version on our android phones and install it with the LineageOS as mentioned in the article?
Yes. You will find instructions for how to do so on their respective websites: https://wiki.lineageos.org/devices/ and https://grapheneos.org/install.

Be aware that doing so is not without risk. It is possible to brick your phone if you make mistakes while installing a custom OS.

Unfortunately my new phone is not supported (a30) in this list.
Maybe I will install in my old one just for testing purposes.

But let me ask. You said there was a risk and it may brick the phone. But can't you just  factory reset the phone to fix it?


Title: Re: How to stay private when using Android (protonmail blog)
Post by: o_e_l_e_o on December 23, 2019, 12:22:22 PM
But can't you just  factory reset the phone to fix it?
Sure, in most cases it would be a "soft brick", which would be recoverable provided you are able to flash the stock OS back on to the phone. However, I wouldn't claim that there is no conceivable way that it could be hard bricked and unrecoverable. I'm sure there's someone out there who could mess up badly enough. :P


Title: Re: How to stay private when using Android (protonmail blog)
Post by: libert19 on December 23, 2019, 02:04:30 PM
To the tech experts, is it possible to uninstall the google version on our android phones and install it with the LineageOS as mentioned in the article?
Yes. You will find instructions for how to do so on their respective websites: https://wiki.lineageos.org/devices/ and https://grapheneos.org/install.

Be aware that doing so is not without risk. It is possible to brick your phone if you make mistakes while installing a custom OS.

Unfortunately my new phone is not supported (a30) in this list.
Maybe I will install in my old one just for testing purposes.

But let me ask. You said there was a risk and it may brick the phone. But can't you just  factory reset the phone to fix it?

When your phone is hard bricked, it can't boot, doing factory reset is next thing.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: Harlot on December 23, 2019, 03:23:36 PM
Another thing to add is the carelessness of people when it comes to adding/allowing the installation of 3rd party apps from unknown sources. This is one of the most easiest way how you introduce your phone to malware since  you are the one allowing your device to install unsafe and unsecure apps found in the internet. Most people do this because they want to instally a paid app for free or install an app that is cracked or with a cheat they don't see the danger when it comes to doing this on their system.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: o_e_l_e_o on December 23, 2019, 03:35:20 PM
Another thing to add is the carelessness of people when it comes to adding/allowing the installation of 3rd party apps from unknown sources.
Just because an app is from outside the play store doesn't automatically mean it is untrustworthy, and similarly, just because an app is from inside the play store doesn't make it safe.

Google are pretty bad at screening apps before they are published on the play store, and we frequently see apps with either malware hidden in them or apps designed to mimic another (such as a fake wallet app) showing up and being downloaded. There was a user on here a while ago who had their seed stolen because they installed a custom keyboard app from the play store, which recorded everything they typed and sent it back to the scammer who developed it. Similarly, if I'm installing Electrum (for example), and choose to download and install the APK myself from electrum.org, that doesn't automatically mean it's more likely to be malicious.

The better advice is to not install any app unless you absolutely must. Apps which give you sparkly keyboards, or fancy wall papers, or silly mobile games, are completely unncessary. One of the top apps on the Google play store right now is an app that takes a photo of your face and makes you look like an elf. Completely pointless, and every additional app you download and give permission to is an additional security risk.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: Harlot on December 23, 2019, 08:39:16 PM
Another thing to add is the carelessness of people when it comes to adding/allowing the installation of 3rd party apps from unknown sources.
Just because an app is from outside the play store doesn't automatically mean it is untrustworthy, and similarly, just because an app is from inside the play store doesn't make it safe.

Google are pretty bad at screening apps before they are published on the play store, and we frequently see apps with either malware hidden in them or apps designed to mimic another (such as a fake wallet app) showing up and being downloaded. There was a user on here a while ago who had their seed stolen because they installed a custom keyboard app from the play store, which recorded everything they typed and sent it back to the scammer who developed it. Similarly, if I'm installing Electrum (for example), and choose to download and install the APK myself from electrum.org, that doesn't automatically mean it's more likely to be malicious.

The better advice is to not install any app unless you absolutely must. Apps which give you sparkly keyboards, or fancy wall papers, or silly mobile games, are completely unncessary. One of the top apps on the Google play store right now is an app that takes a photo of your face and makes you look like an elf. Completely pointless, and every additional app you download and give permission to is an additional security risk.

I'm fully aware of that and even Google's own playstore is bad at screening apps being made available to their own app store. The recent news I know related to the app store is about the xHelper app a malicious program that pops up ads in your device which was previously available in the app store where if the user installs it would find it hard to be uninstalled fully. My point is downloading apk files in the internet where you also don't know the origin is also dangerous on being downloaded in your device, unlike Google's Playstore where you can see reviews from other users who have downloaded it you wouldn't have that convenience on downloading apk files from the internet which in anyone's case would be more riskier since you wouldn't see any kind of feedback for that file.


Title: Re: How to stay private when using Android (protonmail blog)
Post by: o_e_l_e_o on December 23, 2019, 08:51:25 PM
unlike Google's Playstore where you can see reviews from other users
Google reviews are easily and frequently manipulated. There are people who sell this as a service using bots and multiple accounts, either hacked or created solely for this purpose. For not much money, certainly far less than a successful scam app might make, you can purchase multiple fake positive reviews, just like you can buy Facebook likes or comments, Twitter likes or comments, forum posts, bumping services, and so on. You shouldn't be trusting Google reviews to tell you what's safe to download.

Don't trust. Verify.