Welcome to our New Forums!

Our forums have been upgraded and expanded!

Welcome to Our New Forums

  • Our forums have been upgraded! You can read about this HERE

Security On Android - Advanced Information

Joined
Oct 27, 2021
Messages
886
After the recently completed Linux project, the Android version is finally here. You can't get nearly as much security on Android as you can on your PC, but there are many things you can do to get the security you need. If you do these, you've done this.

If you have any comments or advice on this, let me know.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

A certain level of security can be achieved on phones, but not as much as on Linux.

There are many people who are forced to use their phones for forum surfing, spiritual warfare, email, and the list goes on. To use these you need the right applications and settings. In this section we discuss phone security in detail.

Let's start with a full phone reset, as you will be performing these techniques on a brand new system, not one you have used a lot. We'll cover F-droid, secure and anonymous apps, mobile versions of programs running on Linux system's, Android versions and more.

If you want to select "PrivateSpace", do it in the settings. There you will get a detailed description and you can decide whether you want it or not. I recommend you use it.

Do not use your Google account to sign in to your phone.

Change the region as far away as possible and don't set it to your own time zone.

Once you have a completely clean system in hand, go to settings. Find the Applications menu item, then under 3, select System Applications. In the application finder, type "Google" and disable everything that spits it out. Go to the "Data Usage" app and turn off all of them - Background Data, WiFi and Mobile Data. Do this with all the apps you have disabled.

In the Settings menu, select the 3-dot area in the top right or top left corner to turn on the "Show system settings" section. Everything you need is here. In the same way, type Google/Facebook address words in the search box and disable the ones you publish. Again, disable apps like "Support" and so on.

There are many apps on Android that look "harmless" but can track your activities. Remove any default applications (drivers, support, wallpaper) that you don't need. If you are offered the option to delete, do so.

For example - Click on Google and it will say "Data Usage", click on it, then under "Network Access" - Mobile Data, Background Data and Roaming Data. It will highlight in color that they are turned on. Just click on it and it will be turned off. Do this for each app you want to disable.

Do not disable the Google Chrome browser for a while as it will be used for something. Then of course disable it, but I'll state that later.

Then, under Permissions, remove everything you can. Delete the application storage and look at the permissions again. If there's nothing there, you can move on. Some permissions cannot be turned off because of the system. Following the same paradigm, disable everything you post for the words "Google" and "Facebook".

Next, find Calls, Calculator, Messages, Map and any similar default apps (Clock, Calendar) and disable them in the same way as above. Many "safe" apps can follow you on Android, so disable them. Take away all the permissions you can from them, remember.

Also disable apps like "Support" and anything else you will never use. They are unnecessary.

Then in the Settings search box, type - Write System Preferences, or something similar. Here, turn everything off, (Google Play services, and so on). Then, in the search box, type "Drawing for other app". There also turn off almost everything. Then look for Google in the settings. Stop Google from sending you location information, and turn off Autofill Services from Google, and then Google Play Protect. Check these often, as they may start on their own.

In WiFi settings, go to WiFi long, then "Advanced settings" and change the IP address to Static. Then scroll down and paste the Two DNS addresses.

DNS 1 - 45.90.28.178.

DNS 2 - 45.90.30.178.

Go to Google Chrome and download APKPure in incognito mode. Once you have downloaded and installed APKPure, type DuckDuckGo in the search box and download. Download CalyxVPN as well, then select "Use Bridge" in the settings. Download OpenBoard or AnySoftKeyboard, which are secure keyboards. Then in the settings, disable the default keyboard and replace it with the New Keyboard.

Wait until it loads and then install it. Once installed, disable Google Chrome and delete APKPure as it was downloaded from Google.

From downloads folder, delete APKPure so it is not there twice.

Now we have a secure browser with VPN. Go to DuckDuckGo and type in APKPure, then download it again. Then download F-Droid. Once you have downloaded APKPure, delete DuckDuckGo and the VPN and keyboard, then download again. For the keyboard, disable the default in the same way. I know it's annoying, but I can't help how unreliable Google is.

On F-Droid, download Insular. It's a work profile where you can freeze all the chaotic and annoying programs that run by default on your system. Google Play Store, default apps, and so on. From "Mainland" clone all the default, unused and annoying apps you don't need and freeze them in "Island". You can do this by long-clicking on the app and then selecting Island from there.

With Insular, you work within a work profile where many "unwanted" applications are blocked. Remember, the ones that you blocked on your system (Google, Facebook and the others I mentioned above, do it again, because Insular clones many systems and default apps, so what you block, you block in Insular. This may seem complicated, however I will explain everything.

Likewise, in the settings, in the top right or left corner, in the area marked with three dots, turn on "Show system applications" and you will see what belongs to Insular, as the application icon will be marked differently. Disable these in the same way.

In the Google section, you can see if you have "ADS, Auto-fill, Backup, Data, Device - go into each one and turn them off.

With Insular, you can do your work within a work profile where many "unwanted" apps are blocked.

In Settings, type "Permissions" and open the Permissions Manager. There you can see which default applications have which permissions. If any of the Google or Maps apps still have permissions that you can disable, disable them. For any of these apps, disable any unnecessary permissions.

Now comes the part about downloading apps. All default apps on the system will be replaced with safe ones. From F-Droid, download the following apps, and when you're done, type "Default apps" in the Settings search box and click on it. From there, replace the defaults with the new ones.

Simplre Dialer, Simple Contacts, Simple Music Player, Simple Clock, Simple Calender, Simple Calculator, Simple Camera, Simple Gallery Pro, Simple SMS Messenger, Simple Notes.

privacytools.io. Here you will find a lot of useful apps for Android.

After replacing them with new ones, remove the old ones from everywhere. In the same way as above. Many apps, such as the default camera, keyboard, etc., need to be turned off every time you start your phone, so after turning it on, go to Settings, then Apps, find them and turn them off.

Firefox setup - go to Settings, set the Security setting to strict, and do everything I wrote in the "Advanced Linux advice" post in a similar way. What I wrote there as an extension and the techniques I wrote for it, do what you can. Firefox on phone is available with less add-ons.

Add-ons - NoScript, HTTPS EveryWhere, Ublock Origin, Ghostery, PrivacyBadger, Bitwarden (Secret Password Store), Privacy Possum, DecantralEyes. Firefox default search engine should be DuckDuckGo, delete the rest. "Enhanced Tracking Protection" - On, "Delete Browsing data on quit" - On.

Configure FoxyProxy in the same way as in the Linux post. HTTP Proxy - 127.0.0.1, localhost. Port - 4444.

Firefox Focus - Always disable cookies, Script. Block AD Trackers, Block Analytic Trackers, Block Social Trackers, Block other content trackers - On. Block web fonts - On. Block cookies - Yes. Security - Block potentially dangerous and deceptive sites - On. HTTPS mode only - Yes. Send Usage Data - Off, Studies - Off.

Firefox Focus default search engine should be DuckDuckGo, delete the rest.

Set DuckDuckGo or Firefox, or whichever you prefer, as the default browser under "Default Applications" in Settings. Later in this post we'll talk about the Tor browser - never set Tor as your default browser.

Apps that I recommend for Android - ProtonVPN, RiseupVPN, CalyxVPN, HideMe.VPN, ProtonMail, Tutanota Email, Firefox/Focus, DuckDuckGo, I2P, i2pd, Freenet, Proton Calendar, NetGuard, TrackerControl, Package Manager (from F-Droid), KeyPass, KePassDX, DroidFS, OpenKeyChain, Brave, Ecosia, WireGuard / OpenVPN, NextCloud, Photok, NewPipe (Youtube Alternative), K9-Mail, IceDrive (set a password in IceDrive settings), Mega, Invizeible Pro, Tor Browser, Orbot, TorServices. Tor Browser should be configured similarly as described in the Linux post. Always use a bridge between Tor Browser and OrbotVPN.

About Invizible Pro - An application that by default includes programs like Tor, DNSCrypt, I2P - even has separate Proxy and VPN. It is an all-in-one application. If you tick "Hide IP With Tor, "DNSCrypt" and "PurpleI2P" and enable VPN in the top right corner, it will completely hide your IP address, Encrypt your DNS and it can be Firewalled your Network with Purple I2P.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Invizible Pro settings - Quick settings - Here you can choose what to start when the system boots. I recommend DNSCryp and I2P. Under Bridges at the bottom, choose one, even obfs4 Bridge.

Tor settings - scroll down and select "Enable Socks Proxy and enable, Socks Port 9050, then under that select "Enable Socks Output proxy - enable.

DNSCrypt settings - Enable Proxy - enable.

I2P Settings - HTTP Proxy - Enable, below Port - 4444. HTTPS OutProxy - Enable, below Proxy Address - http://false.i2p (Just copy the name and paste it). Socks Under Proxy - Enable, directly under Socks Proxy port - 4447. Socks Outproxy - Enable, under Proxy Address - 127.0.0.1, then under OutProxy port - 9050.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

From F-Droid, download KISS Launcher and in Phone Settings, enter "Default Apps" and change the default Laucnher to New. For the default PDF reader, set IceDrive or Mega, and for the default email address, set ProtonMail or Tutanota Mail. Be sure to replace any default application with a secure alternative, following the same paradigm as above.

Download Greentooth from F-Droid. This app will automatically disable Bluetooth.

If you can root your phone, you can use Kali Linux with Nethunter.

Here is a tutorial video - https://www.youtube.com/watch?v=HO0WYf27rsA

File encryption apps - OpenKeyChain (F-Droid), KeyPassDX (F-Droid), DroidFS (F-Droid, Photok (secure cloud for storing pictures, password protected - F-Droid), Secure File Manager - here you can encrypt any folder you find except Android folder.

But if you dare to risk it, you can encrypt that too. I don't think it will be a problem as you are encrypting it, not deleting it, but I haven't tried this method yet.

You can use Hypatia (F-Droid) to analyze the state of your system.

Other encryption options - Standard Notes, EcryptText, Wassword (Password Store), KeyPass (also Password Store). Use ScrambledExit, which is used to delete metadata from images before sharing. This is essential for security.

NetGuard (F-Droid) can be used to disable countless applications with internet access on your system. In the top right corner, in the settings, select Show System Settings and remove permissions for unnecessary apps (Google, Facebook, YouTube, Maps, Google Play Store, etc.)

Do the same for TrackerControl, as they are similar applications.

You can replace the package installer with Package Manager or Insular's package installer. Take advantage of this.

Write your passwords/login details into an encrypted application, preferably KeyPass (F-Droid). Choose a security password for all applications where possible.

Note that you cannot achieve the same level of security on a phone as you can on Linux systems, for example. But these tips can help you monumentally.

You may have apps on your phone that you don't know what to do with, and they may log what you do - but they don't know what you do within those apps.

Phone security is relative. Always remember that the greatest security is still you.

Tips and advice

1. Check the default applications in Settings (Messages, Contacts, etc.) each time you start up, as they may start automatically with the system. Always disable them.
2. Always turn on I2P or i2pd and always use a VPN (ProtonVPN, RiseupVPN, CalyxVPN, but if you have WireGuard set up on Linux you can do it on your phone with the same settings as on Linux).
3. Use a secure browser - Firefox, Firefox Focus, DuckDuckGo. For Firefox and Firefox Focus the search engine should be DuckDuckGo, for Tor Browser DuckDuckGoOnion. For Tor Browser use Orbot and the I2P or i2pd.
4. Download the DNS provider apps - NextDNS (APKPure), personalDNSFilter (F-Droid) or DNS66.
5. Use an encrypted application to store photos - Photok, Ente.
6. Use encrypted and secure email - ProtonMail, Tutanota Mail. Use TorMail or TorBox in the Tor browser.
7. Whatever app you download, do it from F-Droid or APKPure.
8. Use an encrypted cloud - Mega or IceDrive. For the Tor browser, use MegaTor.
9. Store your login details in a secure place - KeyPass. Also disable default notes.
10. Look for more security apps on F-Droid, there are many others.
11. Add app locks to all apps in Settings.
12. Use an encrypted calendar to lock your apps - ProtonCalendar, or Simple Calendar. Also disable the default clock and calendar in Settings.
13. When you leave, turn off your phone. Take the SIM card out of your phone and put it in a phone that you only use to call someone.
14. Change the system default wallpaper.
15. Make your PIN difficult and known only by you. Make your phone code similarly difficult, preferably using a PIN or pattern there too. Never use facial recognition or fingerprint unlocking.
16. Cover the front camera of your phone with a black cloth when not in use for taking photos.
17. When sending a picture to someone, use Scrambled Exif to delete metadata. You can do this by clicking the "Share" button in the image gallery and selecting Scrambled Exif.
18. Once you have successfully rooted your phone using Magisk, you can permanently disable several apps. Read more about this in part 5 of the CyberSecurity series.
19. If your phone supports Ubuntu Touch, Kali Linux OS for Android, CalyxOS or LineageOS, download and use them as they are much more secure. Of course, install them after following the instructions in this post.
20. If you want to chat with a friend via an app, don't use Facebook, Instagram and so on - for security reasons. Instead, use encrypted apps such as - Anonymous Messenger (F-Droid), Wire (F-Droid).
21. Always turn off NFC (you can turn this off in the settings), never turn on Wi-Fi unnecessarily, always turn off Bluetooth. However, if you are waiting for a message or anything else and need to keep Wi-Fi on for an extended period of time, turn on NetGuard or TrackerControl, or start a VPN. You can disable the ADS in your settings.
22. Instead of YouTube, download NewPipe from F-Droid, which is like YouTube but safe. You can watch the same videos the same way.
23. When you call someone, always hide your phone number and don't give your phone number to anyone but people you trust.

If you follow these, you will have gained a great virtue in security. It's not 100% security, but you will make it very difficult for people who want to see what you are doing. If you do everything in a PrivateSpace, and within that in an Isolated work profile, it will be even more to your advantage.

Here it is the Offline, PDF File - https://mega.nz/folder/k00zzSAL#flIiQQSLbLLdEqcbjQkXUQ

BrightSpace666
 
If you use an iPhone, you can do some of these things there too. Although I have no experience with iPhone phones, you can do a lot of things by looking at the options.
 
Google can be avoided on a full scale by choosing a de-googled android phone instead of a mainstream one, like FairPhone or mobiles that have been manually de-googled. Plenty of these exist and this new line of smartphones can only improve as time goes. Aptoid can be used instead of google store.
 
The Alchemist7 said:
Google can be avoided on a full scale by choosing a de-googled android phone instead of a mainstream one, like FairPhone or mobiles that have been manually de-googled. Plenty of these exist and this new line of smartphones can only improve as time goes. Aptoid can be used instead of google store.

Yes, buying one is a good perspective.
 
Change

The DuckDuckGo search engine can be replaced by the Mojeek or MetaGer search engine. Both seem to be safe search engines.

https://www.mojeek.com/

https://metager.org/
 
I think there's money to be made in the VPN market still. I don't have the application programming knowledge to deal with creating software for it, but there's still room in that "game" for a king VPN. Imagine if we owned it? I'd love to be a network administrator for a living.
 
Security On Android - Part 2

https://ancient-forums.com/viewtopic.php?f=3&t=79499&sid=e6692299af5106e9bea7bad4b64a2e0f
 
Impetigo said:
I think there's money to be made in the VPN market still. I don't have the application programming knowledge to deal with creating software for it, but there's still room in that "game" for a king VPN. Imagine if we owned it? I'd love to be a network administrator for a living.
No doubt. However the competition is tight, infrastructure requires a lot of initial investment and upkeep and risks are involved as with any business. It's much more than programing a software.
 
Henu the Great said:
Impetigo said:
I think there's money to be made in the VPN market still. I don't have the application programming knowledge to deal with creating software for it, but there's still room in that "game" for a king VPN. Imagine if we owned it? I'd love to be a network administrator for a living.
No doubt. However the competition is tight, infrastructure requires a lot of initial investment and upkeep and risks are involved as with any business. It's much more than programing a software.

Indeed more, but if it were ours as a VPN, it would be the most secure solution for SS. Logging, IP address storage, etc would all be eliminated and we would have the most secure and encrypted VPN possible, although it would require servers and IP addresses, which is by no means a simple task.
 
BrightSpace666 said:
Henu the Great said:
Impetigo said:
I think there's money to be made in the VPN market still. I don't have the application programming knowledge to deal with creating software for it, but there's still room in that "game" for a king VPN. Imagine if we owned it? I'd love to be a network administrator for a living.
No doubt. However the competition is tight, infrastructure requires a lot of initial investment and upkeep and risks are involved as with any business. It's much more than programing a software.

Indeed more, but if it were ours as a VPN, it would be the most secure solution for SS. Logging, IP address storage, etc would all be eliminated and we would have the most secure and encrypted VPN possible, although it would require servers and IP addresses, which is by no means a simple task.
It's just not the material structure, but there would also have to be one or more people administrating the network, plus the people in customer service, marketing and so on and so forth. It's unrealistic to make something like that happen with a very small team.

That being said, it's totally realistic to setup your own private vpn server. However, you would not be able to change geolocation from home. On the upside, all traffic would be encrypted and as long as appropriately maintained, is the safest option.
 

Al Jilwah: Chapter IV

"It is my desire that all my followers unite in a bond of unity, lest those who are without prevail against them." - Satan

Back
Top