I know that stock Android itself is spyware.

What tips about setting up my stock Android phone would you give me? It’s not factory unlocked so I’m sticking with Google Android.

Things I’ve done:

  • Stopped and disabled all apps that I don’t use or need.
  • Replaced all apps that I can with FOSS alternatives from github using Obtainium.
  • Not installed things that I can just check on my laptop like email.

Is there anything else that I can do? Thanks in advance

Edit I’ve also:

  • Changed my DNS to Mullvad DNS
  • Restricted app permissions to only what they need
  • Not signed into the phone. I don’t even have Gmail account.
  • DeathByBigSad@sh.itjust.works
    link
    fedilink
    arrow-up
    9
    ·
    1 day ago

    Rethink DNS is both a firewall app, and you can run a VPN at the same time using a wireguard configuration.

    I use a VPN system wide, and for some apps like Fennec or a Torrent app (yes I torrent on my phone lol), I use a different wireguard config for each one of these apps. For the systemwide VPN, its using a server in my country, for individual apps, it goes to switzerland or iceland (So the IP used to check for system updates isn’t correlated to the IP used for everyday browsing, watch youtube videos, or torrenting). I block everything from internet access unless it needs internet to function, like a phone app for example (for VoLTE). Enable “block connections without VPN”.

    Mullvad has the cheapest VPN at €5 Euro per month, and ProtonVPN have some free servers, but free servers have slower speeds.

      • utopiah@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        22 hours ago

        a VPN doesn’t protect your privacy

        Does from your ISP unless they do deep pack inspection.

        • squaresinger@lemmy.world
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          22 hours ago

          As I said, it doesn’t protect, it changes who can see the data.

          Your ISP might not be able to see it, but your VPN provider will instead. VPN providers are hardly ever under any kind of regulation, except those run by secret services, of which there are many.

          And there are more than enough VPNs that sell customer data while claiming to be amazing for your privacy.

          • utopiah@lemmy.ml
            link
            fedilink
            arrow-up
            3
            ·
            19 hours ago

            I’'d argue changing who can see your data from either a large group to a smaller one or one you do trust vs one you do not trust precisely is protecting your privacy.

            Also FWIW you can host your VPN, you do not have to rely on a commercial VPN provider.

            • squaresinger@lemmy.world
              link
              fedilink
              arrow-up
              1
              arrow-down
              2
              ·
              5 hours ago

              I’'d argue changing who can see your data from either a large group to a smaller one or one you do trust vs one you do not trust precisely is protecting your privacy.

              It’s always astounding to me that people put more trust in an intangible rando from the internet than into organizations governed by law. Like those people who don’t accept mainstream medicine but eat random supplements they imported from India by the kilogram.

              Also FWIW you can host your VPN, you do not have to rely on a commercial VPN provider.

              Sure you can. And where does that traffic go?

              If you e.g. host a VPN in your home network and you connect to it from your phone, and then you use this connection to access the internet, then your traffic will just be visible to your home network’s ISP instead of your phone’s ISP.

              • utopiah@lemmy.ml
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                edit-2
                5 hours ago

                No idea what your analogy about non conventional medicine is about. Feel free to explain.

                just be visible to your home network’s ISP instead of your phone’s ISP.

                Indeed, which is already what I mentioned, namely another group. It’s about the threat model namely if you trust one ISP more than another. I believe your understood that but chose not to acknowledge it and I’m not sure why but maybe it related to your analogy that I didn’t get.

                Edit: if you and others are interested in the topic I recommend https://splintercon.net/ plenty of resources on the topic.

                PS: FWIW I didn’t suggest VPN is the solution to all problems but they do alleviate some. The point is one must understand both how they work and their OWN threat model rather than an idealized one.

                • squaresinger@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  4 hours ago

                  The analogy is that on the one hand you have a corporation where you know who they are, where you know which laws they are governed by, where you know how to file a privacy complaint, where you know who to sue in case something goes wrong. And you don’t trust them.

                  Instead you choose to trust some rando from the internet. Where anyone with a sane mind knows they will get screwed over.

  • crankyrebel@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    18
    arrow-down
    1
    ·
    edit-2
    2 days ago

    I assume you are using F-droid app manager, and also added IzzyonDroid repo to it? There you can get a lot of apps, like firewalls to block apps that call home when you don’t really use them. Replace most of your apps with open source alternatives from F-droid. Get an email hosting alternative that isn’t one of the big (spy, data mining) companies. Use decentralized privacy focused social media options. What type of phone manufacturer do you use and is it unlocked? You could use an android privacy rom like CalyxOS, that is what I use, completely de-googled, uses MicroG instead of Google Play services. A VPN would be my last option to add, especially when connecting to outside wifi.

  • asudox@lemmy.asudox.dev
    link
    fedilink
    arrow-up
    14
    ·
    edit-2
    1 day ago

    With Shizuku and Canta, you can remove the spying system apps. You can break your phone though (fixable with a factory reset), so do be careful. If you want to play it safe, use the recommended list in Canta. These should be safe to remove.

    • s38b35M5@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 day ago

      I like NetGuard, but think that TrackerControl is a bit more privacy focused. It had tracker detection, includes a traffic log as a free feature (NG requires purchase), and a few of the other NG Pro features are implemented in TC as well. In the end having either is better than neither.

  • pathos@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    1 day ago

    I guess you mean whatever factory OS is installed on your phone. Nobody uses stock OS.

    What phone do you use?

  • Peffse@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    2 days ago

    So one of the gotchas about stopped/disabled apps is that other apps can still call and launch them. I frequently saw my apps pop back up even after being disabled, since I used SuperFreezZ to monitor them. https://f-droid.org/packages/superfreeze.tool.android/

    The alternative to that would be an ADB disable. IIRC it takes the app away from userspace completely. It doesn’t touch the system-level though, so a factory reset will bring it back.

    If you can’t handle setting up ADB and it’s hoops, there is an app combo that can set up a bridge and run the ADB disable for you: https://f-droid.org/en/packages/io.github.samolego.canta/

    • s38b35M5@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 day ago

      This looks cool, but the dev seems pretty unavailable for updates for the past few years. Does the app still seem pretty solid in spite of that?

  • slackness@lemmy.ml
    link
    fedilink
    arrow-up
    6
    arrow-down
    4
    ·
    edit-2
    2 days ago

    Depends on what you mean by stock android. Google’s phones does not come with stock android.