this post was submitted on 04 Mar 2025
328 points (98.5% liked)

Privacy

35517 readers
452 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Firewalls are a great way to tell if new apps are secrely installed

Btw what is the key verifier thing?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 114 points 1 week ago (5 children)

So glad I moved to GrapheneOS last month.

[–] [email protected] 26 points 1 week ago

Got myself a Pixel 9 pro just to go Graphene... Sold my s24 ultra

[–] [email protected] 8 points 1 week ago

Yeah I'm super keen, but my lower-tier Samsung isn't supported. I really wish FairPhone would offer a cheaper option :(

[–] [email protected] 6 points 1 week ago* (last edited 1 week ago) (2 children)

I already have a pixel. Is it just as easy as installing Lineage OS on the phone?

[–] [email protected] 15 points 1 week ago* (last edited 1 week ago) (1 children)

Yes, perhaps even easier if you use a Chromium based browser with their WebUSB installer.

[–] [email protected] 4 points 1 week ago

Even if it's not the case, I found the console installer to be surprisingly easy.

[–] [email protected] 3 points 1 week ago* (last edited 1 week ago)

Absolutely the easiest phone OS installation I've ever done. Completely web-based and easy enough for anyone to use. Even easier than flashing LineageOS.

The big hurdle to GrapheneOS is can you do without Google Wallet and other apps that won't work. The flashing process isn't something to worry about IMO.

[–] [email protected] 5 points 1 week ago (2 children)

Does lichess work on graphene os? How is compatibility with classic stuff line firefox, signal, ...?

[–] [email protected] 8 points 1 week ago (1 children)

I play Lichess on my GrapheneOS Pixel6a, works well. Same with Signal, Firefox with several mobile browser extensions.

Bitwarden, NewPipe, Tailscale, Duolingo, Uber, Discord, Matrix Element, all the Proton mobile apps, Backblaze, etc etc.

Pretty much every app I try works flawlessly. On rare occasion I'll experience minor bugs, and twice I've had to use GOS's extra privilege mode to get an app to work.

Overall, Love GrapheneOS and I'll use them as long as they are around and making an awesome alternative to Google's garbage.

[–] [email protected] 3 points 1 week ago (1 children)

Thanks!

Is graphene available on Xiaomi phones?

[–] [email protected] 5 points 1 week ago (2 children)

Only on Google Pixel phones. You might want give LineageOS a shot.

[–] [email protected] 3 points 1 week ago

Lineage is great, been using it for years

load more comments (1 replies)
load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 58 points 1 week ago (3 children)

There are functional firewall apps for android? Is Rethink good?

[–] [email protected] 29 points 1 week ago

Rethink is better than good. It's great.

[–] [email protected] 18 points 1 week ago

Yes, it also let you change your DNS and block websites. There's also invizible pro which also adds tor and i2p but rethink have a better UI.

[–] [email protected] 11 points 1 week ago* (last edited 1 week ago)

RethinkDNS allow you to use a Firewall, Use a VPN (via wireguard), set your DNS, and various other things I didn't mess with in the app. I don't even use RethinkDNS for the DNS, its just a great app.

[–] [email protected] 52 points 1 week ago (5 children)

It often feels like I am just a user of someone else's device.

Even from the stuff that is shown like "Your device has new features" and "Settings changed by carrier". And how Motorola tried forcing updates by using non-dismisable (they would re-appear immediately) full-screen notifications, and trying to disable the app led me to "Blocked by your IT admin" (I returned that phone).
Also when I connect any modern phone to Wi-Fi not manually set as metered it starts downloading a bunch of random shit automatically.
It keeps killing apps I want running (I had to use a cheap dumb phone as alarm clock with the past 2 smartphones), but keeps all Google services conveniently spending data and battery.

[–] [email protected] 11 points 1 week ago* (last edited 1 week ago) (1 children)

Also when I connect any modern phone to Wi-Fi not manually set as metered it starts downloading a bunch of random shit automatically.

That must be a carrier phone, right?

Usually, unlocked non-carrier phones would download stuff during setup, but after setup, they don't do that anymore (well, except the safetycore thing).

It keeps killing apps I want running (I had to use a cheap dumb phone as alarm clock with the past 2 smartphones)

For Samsung, you have to go to Settings --> Device Care --> Memory --> Excluded Apps --> Tap the + Symbol then find the apps to add it, and that should prevent it from being killed due to memory.

Then you need prevent it from ebign killed due to battery usage, so you have to set battery usage to "Unrestricted" (you can find this in the app's setting page). Then there's also another secret menu to disable battery optimization that you'll need an app called "Activity Launcher" to find (its available in Fdroid). Search "Power" in the app, then tap "Settings" --> "Optimize battery usage" --> launch it. Then tap "Apps not optimized" which shows a dropdown menu, then tap "All" then you find the apps and uncheck battery optimizations.

Its such a cumbersome process, most people would just give up.

[–] [email protected] 6 points 1 week ago

Not a carrier phone. I don't know what specifically it is, Google Play... something. I disabled automatic updates in Play store, so probably something else. I usually just quickly pull down notification shade and click "Cancel".

Even disabling all available restriction settings often doesn't quite work. For clock app I set it to unrestricted and disabled optimization in DuraSpeed, still, it's a dice roll. The chances are lower when charging. (Ulefone Armor 24)
On previous phone Unrestricted setting and locking in recent apps also didn't quite work, but that phone had more issues. I'd often find that everything just randomly crashed overnight. (Poco X3 Pro)

But it also seems per-app. From experience, the most kill-resistant app is Termux (terminal emulator), but only if you disable child process restriction in developer settings. LibreTorrent also survives well, making the 2 only reliable large background download methods LibreTorrent and wget in Termux.

But anyway, my Alcatel 1066G dumb phone was just 10 bucks. A more reliable solution (and it supports animated GIF wallpapers πŸ™‚).

[–] [email protected] 3 points 1 week ago (1 children)

This shit is why I buy carrier agnostic, bootloader-unlockable phones with a healthy ROM dev scene. Rocking a Pixel 9 Pro XL, currently on stock ROM (rooted of course), but will be moving to Calyx or Graphene at some point.

[–] [email protected] 5 points 1 week ago* (last edited 1 week ago)

Unfortunately, especially with lower budget, that often ends up being choice between hardware and software.

I didn't want to run custom ROM on the X3 Pro due to warranty. I had the motherboard replaced thrice, on average surviving for 9 months each... But there were theoretically options.

Armor 24 doesn't seem to have any custom ROMs available, as seems to be usual with MTK devices, but the hardware is quite unique. I already had numerous strangers ask me what that phone is, how often it needs to be charged, or "what can that thing do" and "I am not surprised it has such strong light anymore" (it's a massive 85.14Wh brick).
To be honest I like how it feels in hand compared to a fragile thin slab.

But the only ones making crazy devices like this seem to be brands like Ulefone, Oukitel and Unihertz (they even have a projector phone like Samsung did, but modern) which most likely won't see custom ROMs, and I am too dumb to try building and maintaining something myself. I don't even know how it works with device-specific drivers.

load more comments (3 replies)
[–] [email protected] 13 points 1 week ago (1 children)

I uninstalled it on my Samsung last time and just checked but it hasn't reinstalled itself again (yet).

[–] [email protected] 6 points 1 week ago

You can install this to prevent the official one from being installed automatically .https://github.com/daboynb/Safetycore-placeholder

[–] [email protected] 12 points 1 week ago (1 children)

Yeah, what is the key verifier thing? It's not like it's Windows and needs a purchased license key, right?

[–] [email protected] 3 points 1 week ago

It's for E2E encryption in chat apps.

[–] [email protected] 10 points 1 week ago (2 children)

Bit out of the loop. What am I looking at?

[–] [email protected] 30 points 1 week ago (1 children)

Google is automatically installing an app on you phone that analyzes your media β€žto prevent you accidentally viewing nudes”

[–] [email protected] 11 points 1 week ago* (last edited 1 week ago) (1 children)

Phew, I'm always terrified of that. It won't affect my gore folders, will it?

[–] [email protected] 12 points 1 week ago (1 children)

Videos of mass murders βœ…οΈ

A tiny glimpse of a woman's breast ❌️

[–] [email protected] 8 points 1 week ago

Just as American Jesusβ„’ would have wanted.

[–] [email protected] 14 points 1 week ago (1 children)

Google's secret app that scans your photos for CSAM, but my firewall is configured to autoblock newly installed apps from internet access, thus the notification alerting me an app is trying to access the internet.

[–] [email protected] 4 points 1 week ago

Nothing about the app is secret, Google openly advertises it

[–] [email protected] 9 points 1 week ago (1 children)
[–] [email protected] 36 points 1 week ago (2 children)

Provides a single process that can be used by all message apps so that they don't need to implement backdoors into all of them?

[–] [email protected] 24 points 1 week ago (2 children)

Worried I'm getting a bit too paranoid, but...

Why backdoor the messaging apps when you can just monitor the entire OS?

[–] [email protected] 17 points 1 week ago (2 children)

Having control over the OS doesn't help if the OS doesn't understand the app's data.

[–] [email protected] 11 points 1 week ago

If only there was an AI that monitors everything going on on the device which they could force onto everyone

[–] [email protected] 4 points 1 week ago (2 children)

... the OS doesn't understand the app's data.

I assume you are referring to End to End Encrypted (E2EE) messaging apps here. I'm no programmer/developer/software engineer and I'll be the first to admit that I don't know a ton about how most apps work on the backend. That being said, my understanding is that E2EE apps decrypt whatever is being transmitted to them when they get to your device (assuming phone here) (of course it would decrypt it, otherwise how would you make sense of the information?). Once the data is on your phone, it is decrypted. From what I understand, sandboxing apps is not all that robust on Android (at least on "mainstream" versions)

Therefore, the data that was Encrypted from End to End was decrypted at the End and therefore accessible by other applications and processes on your phone. Unless Android sandboxing has improved greatly in the last few weeks.

[–] [email protected] 2 points 1 week ago

You're right that the e2ee part is only about protecting the data while in transit, but that is because it's the hardest part. Apps can also store the data in an encrypted format so that other apps won't be able to read it.

[–] [email protected] 2 points 1 week ago

If the Apple security decision in the UK is anything to go by as well as the Trump administration in the US pushing hard for government backdoors in cloud storage and messaging apps, which has been asked for for a long time but didn't have much chance of getting past court oversight in the US until the Supreme Court was so corrupted, then likely this is going to be a way that governments can enforce the idea of having encrypted data transmissions to keep data out of the hands of foreign hackers, but still have corporate backdoors that allow governments to access the unencrypted data. That's exactly what the UK said the Apple thing was supposed to help with. Of course data is only as secure as the weakest link and corporations are often much easier targets than individual users anyway. So it has the same result, but it appeases the majority who don't get it.

[–] [email protected] 3 points 1 week ago

And with it unified, it's easier to tie multiple online identities back to which one single person they all are.

[–] [email protected] 7 points 1 week ago

Note: The "Key Verifier" one is supposed to be tied to E2EE on Google chat platforms or something on those lines, although you shouldn't be using those and go for a safer chat instead though

[–] [email protected] 7 points 1 week ago* (last edited 1 week ago) (3 children)

Which FW (Firewall) could be recommended?

[–] [email protected] 12 points 1 week ago (1 children)

LineageOS or /e/OS would be my picks. Graphene and Calyx are better, but likely don't support the device in question.

RIP DivestOS.

[–] [email protected] 9 points 1 week ago (1 children)

Lol, I think they asked for a firewall, not alternative OS

[–] [email protected] 3 points 1 week ago

Oh, I thought they meant firmware.

[–] [email protected] 6 points 1 week ago

FW? If you mean firewall, I use RethinkDNS because it's both a Firewall and a VPN (via wireguard).

I don't actually use the RethinkDNS for its DNS, I'm just using the app.

load more comments (1 replies)
[–] [email protected] 7 points 1 week ago

These are usually installed as core Google apps on Android, and most flavours have them hidden since they're really just background daemons/libraries.

Gf had the same happen on her Huawei P30 which clearly wasn't set up to have the apps hidden by default.

If youre degoogling obvs not what you wanna have on your device but technically they shouldn't be doing much on their own.

load more comments
view more: next β€Ί