From a85434e4c2bac15c8f429c3d00169fc50fcdc846 Mon Sep 17 00:00:00 2001 From: Jorgu81 Date: Sat, 1 May 2021 12:50:17 +0000 Subject: [PATCH] Update README.md --- Google/README.md | 46 +++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/Google/README.md b/Google/README.md index 5a4da73..c0cacf8 100644 --- a/Google/README.md +++ b/Google/README.md @@ -1,23 +1,31 @@ ## Avoiding Google using Android + + Nowadays, if we want to have privacy on Android we should avoid Google Services as their telemetry is really alarming. The most effective way would be to flash a clean ROM like LineageOS without gapps. + Unfortunately many people do not have the possibility to do so (non-unlockable phones) However all is not lost for these terminals. + It is possible to regain some of our privacy by disabling the aforementioned Services via ADB: https://www.droidwin.com/remove-uninstall-bloatware-apps-from-android-via-adb-commands/ + We will have to do the same even with the Play Store. Once we have crushed the Google applications we can download our apps, even the paid ones through the Aurora Store (by entering our Google account), which is available on F-Droid, another store where there are only open source apps. + We will try whenever possible to choose our popular apps from there. Download from Aurora Store: https://f-droid.org/en/packages/com.aurora.store/ + However, the ideal would be to start with a ROM already clean of these programs, and the most popular, with more terminals available is undoubtedly LineageOS. + The problem is that this ROM is not designed with the purpose of guaranteeing privacy, and maintains certain automatic connections with Google and Qualcomm by default. The moment we activate the wifi or data we will see the following: -Ping to Google to see if we have internet connection. It is the so-called captive portal mode. The domains are: @@ -25,10 +33,13 @@ www.google.com connectivitycheck.gstatic.com If we disable them we will not be able to log into a public wifi. + -Time servers, or NTP for the system time. Even if we uncheck automatic time in the System they will also connect to the internet as soon as we have connection. By default: time.android.com/time3.android.com. time.google.com + + -GPS servers. By default, Izatcloud. Even if GPS is disabled, it will automatically connect to the internet to download the Almanacs. xtra1.gpsonextra.net @@ -42,8 +53,10 @@ izatcloud.net supl.google.com. + -Connection with stats.lineageos.org for statistical purposes. + -When we open an app, Intent Filter Verification securization servers. By default: play.googleapis.com @@ -52,12 +65,15 @@ Amazon servers This application can be disabled without consequence. There is virtually no information on the internet about this tool. + Our main purpose will be that there will be no background or automatic connections of any kind every time we connect to the internet, be it to Google or anywhere else. + I do not consider MicroG as a good option because it makes many automatic connections to Google, and not only the system itself but because 90% of the apps we download from Aurora/Play Store will have trackers of the big G. Hence the need to always use F-Droid applications. I say this because many people think it is a good alternative, and unfortunately it is not, unless we use apps that do not require internet connection. The exception to all this would supposedly be Replicant, but it supports few devices, so we will address this guide, compatible with Android 7-11. + To prevent the computer from making unwanted connections while we prepare the system is highly recommended (but not essential) a computer that provides us with wifi with PiHole, router with domain blocking integrated in its options or with openwrt (and adblock), or a mobile with AdAway sharing data. All of them must have these domains blocked: https://time.android.com @@ -111,24 +127,28 @@ https://supl.google.com To alleviate the Google spying we will follow the following steps highlighting not to connect to the Internet until it is specifically marked. Similarly we will remove the Sim so that it does not take data in the configuration process. + Remember also that most of the apps do not need internet. We can remove it manually in Settings/Applications demarcating both Wifi, mobile and background. If the use is going to be sporadic we will allow it momentarily and then remove it again. + I will divide the guide into two sections, without and with root. The latter will be a bit more comprehensive and restrictive, but neither will have connections to Google or Qualcomm. + + -WITHOUT ROOT 1.- Before installing/rooting/flashing we export our contacts in .vcf format and we will recover them later by importing the file from the Contacts application. If you want to synchronize later you can use, for example, DAVdroid in Nextcloud/Ownclowd. This file and our photos/videos we take them to the PC and vice versa, that is to say with the cable of all life. In the same way we download the apks of F-Droid, and the NetGuard firewall from the web of the aforementioned F-Droid store. We can place them on the microsd memory or on a USB OTG stick. -Then we flash a LineageOs ROM, without gapps and without MicroG (because it generates too many connections with Google). +2.- Then we flash a LineageOs ROM, without gapps and without MicroG (because it generates too many connections with Google). 3.- Skip the wizard of the wizard and make sure NOT to establish/use data or wifi connection. Otherwise every time we install again there will be a massive sending of data to Google/Qualcomm servers. In its options we will uncheck Automatic Date/Time. -The next step is to disable the captive portal mode. All Android phones send a ping to www.google.com to verify that the internet is working. +4.- The next step is to disable the captive portal mode. All Android phones send a ping to www.google.com to verify that the internet is working. We will do it through adb, whose minimum drivers for Windows can be downloaded here: https://adb.clockworkmod.com/ @@ -160,7 +180,7 @@ reboot On the other hand, we will remove the internet access to the system app Phone. In the same way we will enter it as if we were going to call and we will click on the 3 dots at the top, next to Search contacts, then Settings and finally Search phone number. Uncheck all the options that appear enabled. Before executing this action you can change Google for Openstreetmaps. -Disable "Intent Filter Verification" a system application that makes connections with Google (play.googleapis.com) and Amazon to supposedly "secure" them. We force it to stop and disable it without consequence. +6.- Disable "Intent Filter Verification" a system application that makes connections with Google (play.googleapis.com) and Amazon to supposedly "secure" them. We force it to stop and disable it without consequence. To make it appear in the list of applications, click on the 3 dots, Show System. @@ -254,22 +274,27 @@ Regarding these I recommend the following to minimize our digital footprint: uBlock Origin. If you want to avoid web crawling by Google we must block their domains with the aforementioned plugin. + In the lists I recommend checking all those that appear especially those that have to do with the Privacy section. Other 2 highly recommended to add are: No Coin host I don't care about cookies host (to remove the annoying notice of "accept cookies" that appears on every website). This procedure is done by going to the Filter List, at the bottom under Custom, check the Import box, copy the address and click on Apply changes. + In order not to lose the configuration of the same after uninstalling/reinstalling we will do the following: Basically a copy of the configuration of our ublock origin (Backup to file). Then uninstall ublock. We go to the mozilla addons page and reinstall it. We enter ublock and click on Restore from the file we saved. + LocalCDN. (also open source, naturally) As we cannot block www.gstatic.com nor www.google.com because they break the webs that require captchas, to minimize the tracking of the first one we will install the extension (it also falsifies the cdns of the webs). Inside the options (the little wheel at the bottom) we will give to Advanced and we will look for the last entry, Generate the set of rules for your advertising blocker. There we will choose ublock and paste those domains inside ublock origin, in the My Rules section. + AutoDelete Cookie. Every time we close a tab in the browser will delete cookies from that site. It is highly recommended to set AutoClean enabled (with 1 second) and Notifications disabled. It is possible that we unlog out of the forum after a while, in which case we must add to the white list (m.forocoches.com). + Chameleon. Chameleon is a very complete tool loaded with many options to reduce our digital footprint. What interests us most is the ability to generate a different fingerprint every x time, otherwise we will always have the same one. We will leave the real profile. In the Options section, Injection, only the screen size should be checked, choosing 1920x1080. @@ -281,16 +306,20 @@ With this we have finished the antifingerprinting configuration of Iceraven/Fenn + -WITH ROOT For this purpose we will install/flash Magisk. In settings we will check Systemless hosts and reboot. + 1, 2 and 3.- Same as without root, but instead of downloading NetGuard we will change it for AfWall+ apks and add AdAway. + 4.- It can be done in the same way or through the Android console. + In Development Options we will enable the local Terminal/Shell. Once done we look for the new app in the application drawer, we open it and to have root access we type: su @@ -306,6 +335,7 @@ settings put global captive_portal_https_url https://captiveportal.kuketz.de (Ge settings put global captive_portal_https_url https://e.foundation/net_204/ (web of the creators of /e/ a de-Googleized ROM) + 5 and 6.- Idem. @@ -318,6 +348,7 @@ In your experimental options there is one that controls this behavior. "To let u On the other hand in its preferences, Rules/connectivity we will mark the compatibility with IPv6 to block the consumption of data due to the Multicast Listener Discovery. + b) We will install AdAway. Now we can connect via wifi to put the lists below and update it. After this it is important to reboot manually. In this way the sending of data will be less in case we do not have a PiHole or similar. In Android 10 it will probably be necessary to check Enable systemless mode (if it is not checked) so that it does not give us an error when applying the hosts. In the same way we will check Enable ipv6. We will block Google servers (time.google.com and time.android.com) and Qualcomm servers (Izat, izatcloud.net) because despite blocking them in the firewall, disabling automatic date/time and using only the integrated GPS will connect as soon as they get connection. @@ -336,6 +367,7 @@ That's it. It will no longer connect to that site. If we use Fennec it could also appear "dynamicua.cdn.mozilla.net" and it would be advisable to add it in the same way. + 8.- Idem. Or we can use the Terminal again like this. su @@ -347,8 +379,10 @@ reboot It may be necessary to give permission in the firewall to the above mentioned time servers (NTP). + 9 and 10.- Idem. + 11.- App Manager (or even MyAndroidTools) and AppWarden. With the first ones we are going to freeze system apps and even suppress tracking permissions of apps, specifically those related to Google. These are boot (autostart), analytics, tracking, firebase and in general those that refer to Google. If the apps contain any of them, we will remove them. I recommend to do it in Services and/or receivers since in the others it could cause an erratic behavior of the app. @@ -369,10 +403,14 @@ This program can also scan and disable everything you find at once if we click a However by removing certain trackers/loggers we could make the applications more unstable and it is possible that they may close from time to time. Although for me, personally, it makes up for it. + + With this we have finished the initial configuration to avoid, as far as possible, spying on our system. + + ## Common bugs -Gps takes time to connect. @@ -380,9 +418,11 @@ Something logical considering that it only uses the integrated device. Normally To speed up the connection with the satellites I recommend the SatStat program (from F-Droid, of course) and once it has triangulated we can return to the program with which we need the use of GPS that after the previous step will be instantaneous. + -At startup/restart the automatic date and time will be disabled. It would be desirable, although messy, to change the values manually. + -The apps take time to establish connection, sometimes a minute or more (or even some apps don't do it at all). The culprit is AdAway and its host lists. One of its disadvantages, if not the most important. If the time is excessive you can momentarily disable their lists by leaving the default "host" file.