Bitcoin Forum

I just found this article by protonmail with some tips on how to stay private on android
https://protonmail.com/blog/android-privacy/?pk_campaign=ww-en-mail-brd-end_year_comms2019&pk_source=backend-email&pk_medium=link&pk_content=android&pk_kwd=cta

I will make a quick summary:

Avoid Google data protection
Use a pin
Encrypt your device
Keep up to date
Use a VPN
Don't use Google search
Use a secure email provider
Don't share location with apps
Review default apps
Use a non Google version  of android

I would like to start by looking at the last point, Android without Google services. In this case, there are positive and negative sides to which we should pay attention. By using clean Android you give up all Google services, and that includes Gmail, YouTube, Earth&Maps, Google Play and many other things. The question then is what apps to use on your smartphone, where to get them from and how to be sure of their credibility? Google Play Store is not perfect, but still provides a somewhat solid level of security. Should I mention that you need custom ROM for free Android, and the knowledge to install it...

Using PIN, keep device up to date, and turn off all unnecessary spy features are smart tips. For those who would like to avoid Android completely, there are some alternatives in the form of Linux smartphones (https://www.makeuseof.com/tag/linux-smartphone-operating-systems/).

Can you give me more information on the way to use VPN for android devices, smartphones for example. I have not yet known how to stay private when browsing on mobile. There is no private browsers on mobile as far as I know (I might miscatch something).

Linux Smartphones are worth to be mentioned in the space of morden world privacy phones, the are a smart alternative too. But one cannot use android as suggested in the OP mostly, as most of the people use it as a daily driver and google provides one of the best data storing techniques and best user experiences in there daily driving apps.

Btw, even if you use custom roms, using Google apps is still important.

There are so many good privacy browsers for mobiles.
 firefox for example has a mobile only privacy version called firefox focus.

You also have tor as mentioned above.

Most good VPN providers will have their own native app which you can install on Android. If not, then there are apps such as OpenVPN or WireGuard which will let you connect to any VPN service, and again, most good VPN providers will provide pre-made configuration files to use with these.

Firefox for mobile is just as powerful as their desktop version. You can still access the necessary privacy and security add-ons such as HTTPS Everywhere, uBlock Origin, and Privacy Badger, and you can also still access the about:config to apply necessary security/privacy tweaks.

Tor browser is obviously a good choice, but you can also use an app called Orbot, which will route all your internet traffic (from any browser or app) through the Tor network.

'Don't use Google search' — I just can't find the fluidity that Google search has, to other search engines.

Im not sure if Opera GX browser is already working on android but it has a built-in vpn for users privacy just enabled it and you're good to go.

Try Duckduckgo. I'm not sure what kind of fluidity you're seeking here but it's clear that thing is built from collecting hundreds of petabytes of users data.

---

IIRC Opera Mini already supports VPN (or at least a built-in proxy). Good enough as long as you don't use it for risky activities such as logging on your web wallet.

Opera's VPN, like most free or built in VPNs, is a terrible choice. Using it makes your privacy worse, not better. Using it redirects all your internet traffic via Opera's servers, and they monitor all your traffic and collect and sell your data to third parties.

If you aren't paying for a service, then you are not the customer, you are the product. Free VPNs are spying tools. A good VPN costs only a few dollars a month.

Searx and Qwant also good alternative since DDF result is terrible for non-english keyword

Yeah, SearX is the way to go if you find other search engines' results to be inadequate, or are "addicted" to Google. You can edit your preferences and configure it so it will simply search Google on your behalf and return the results to you, but stripped of all tracking cookies and without sharing your IP, browser fingerprint, or other identifiable information.

I've always thought that android was developed by Google. To the tech experts, is it possible to uninstall the google version on our android phones and install it with the LineageOS as mentioned in the article?

Is anyone here have done this before?

It is, partly. It is developed by a consortium of developers know as the Open Handset Alliance, of which Google is the largest member. Once development of a new version is completed, it is published to the Android Open Source Project, which as the name suggests, is open source.

There are multiple projects which build upon the open source code, and end up with a more privacy or security focused product. Examples include GrapheneOS and LineageOS, which you mentioned.

Yes. You will find instructions for how to do so on their respective websites: https://wiki.lineageos.org/devices/ and https://grapheneos.org/install.

Be aware that doing so is not without risk. It is possible to brick your phone if you make mistakes while installing a custom OS.

Unfortunately my new phone is not supported (a30) in this list.
Maybe I will install in my old one just for testing purposes.

But let me ask. You said there was a risk and it may brick the phone. But can't you just  factory reset the phone to fix it?

Sure, in most cases it would be a "soft brick", which would be recoverable provided you are able to flash the stock OS back on to the phone. However, I wouldn't claim that there is no conceivable way that it could be hard bricked and unrecoverable. I'm sure there's someone out there who could mess up badly enough. :P

When your phone is hard bricked, it can't boot, doing factory reset is next thing.

Another thing to add is the carelessness of people when it comes to adding/allowing the installation of 3rd party apps from unknown sources. This is one of the most easiest way how you introduce your phone to malware since  you are the one allowing your device to install unsafe and unsecure apps found in the internet. Most people do this because they want to instally a paid app for free or install an app that is cracked or with a cheat they don't see the danger when it comes to doing this on their system.

Just because an app is from outside the play store doesn't automatically mean it is untrustworthy, and similarly, just because an app is from inside the play store doesn't make it safe.

Google are pretty bad at screening apps before they are published on the play store, and we frequently see apps with either malware hidden in them or apps designed to mimic another (such as a fake wallet app) showing up and being downloaded. There was a user on here a while ago who had their seed stolen because they installed a custom keyboard app from the play store, which recorded everything they typed and sent it back to the scammer who developed it. Similarly, if I'm installing Electrum (for example), and choose to download and install the APK myself from electrum.org, that doesn't automatically mean it's more likely to be malicious.

The better advice is to not install any app unless you absolutely must. Apps which give you sparkly keyboards, or fancy wall papers, or silly mobile games, are completely unncessary. One of the top apps on the Google play store right now is an app that takes a photo of your face and makes you look like an elf. Completely pointless, and every additional app you download and give permission to is an additional security risk.

I'm fully aware of that and even Google's own playstore is bad at screening apps being made available to their own app store. The recent news I know related to the app store is about the xHelper app a malicious program that pops up ads in your device which was previously available in the app store where if the user installs it would find it hard to be uninstalled fully. My point is downloading apk files in the internet where you also don't know the origin is also dangerous on being downloaded in your device, unlike Google's Playstore where you can see reviews from other users who have downloaded it you wouldn't have that convenience on downloading apk files from the internet which in anyone's case would be more riskier since you wouldn't see any kind of feedback for that file.

Google reviews are easily and frequently manipulated. There are people who sell this as a service using bots and multiple accounts, either hacked or created solely for this purpose. For not much money, certainly far less than a successful scam app might make, you can purchase multiple fake positive reviews, just like you can buy Facebook likes or comments, Twitter likes or comments, forum posts, bumping services, and so on. You shouldn't be trusting Google reviews to tell you what's safe to download.

Don't trust. Verify.