I’ve had a Galaxy S22+ for 2 years and still want to use it. When I look up how to maximize privacy on Android, many results say to install custom ROMs which I can’t since its a US model and the bootloader is locked. I just want to minimize tracking and sharing of personal information. I could use a firewall app like RethinkDNS to block trackers, but could I completely block tracking from Google and Samsung? Are there any lists of packages to uninstall to improve privacy? (I’ve used ADB to remove a bunch of bloatware. Ex: pm uninstall -k --user 0 com.samsung.android.arzone
)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
Cutoff internet access on all apps that expressly do not need it. Install Netguard or the likes if you don’t used a VPN and see what apps are calling home.
I thought you needed root for app-level firewalls?
Straight from their site.
NetGuard provides simple and advanced ways to block access to the internet - no root required. Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.
Blocking access to the internet can help:
reduce your data usage save your battery increase your privacy
Edit: Uses the same slot as VPN on a phone. Thus you have one or the other. Not both. PC is different.
Unfortunately I cannot use a VPN because several apps I use (including android auto) do not work with it.
in netGuard you can create exceptions for apps that “do not work with” a vpn
how on earth does that work? I thought it had to have an always-on VPN connection to do any filtering (or not)
it’s an “always-on vpn connection”. NetGuard passes through the apps in the exception list unfiltered
exactly… it needs the vpn to even pass anything through… but the apps that don’t work with vpns… don’t work with vpns. as in, it detects the presence of an android vpn connection and refuses to work, it’s not related to what internet connection it actually uses, just that a system-controlled vpn is active on the device.
Then perhaps this could be a way for you to lockdown internet traffic to and from your device. Major privacy improvement.
I don’t understand how if this requires a VPN which I can’t use?
You can “increase” your privacy but there’s some limit, you can’t block the manufacturer integrated trackers, the best you can is using something like rethink to block foreign app’s trackers. Nothing more.
I limit as much as I can through a combination of privacy-respecting apps and fewer apps (if I can reliably use the web browser for something, I will) and then use custom DNS filters (NextDNS) to minimise further leakage. I also disable any pre-installed applications I don’t need (you can remove them with Universal Android Debloater but I don’t need the extra storage space). I also use a VPN at all times.
I would strongly recommend getting something with Lineage OS support at least. You can get a old phone for reasonably cheap
Are you sure it can’t be unlocked?
https://xdaforums.com/t/guide-to-root-galaxy-s22-plus-b-e-n-0-unlock-bootloader-and-flash-official-firmware-noob-friendly.4404351/
Many phones that don’t officially support unlocking can be exploited to do so anyway. Some will lose relatively minor functionality in the process (camera enhancements were lost on mine, but the camera still works fine) but the tradeoff is often worth it.
He is right, because usa samsungs coming snapdragon exclusive and most of them not unlockable nowdays. Exynos version is fine.
Every time I think about running custom roms or degoogled stuff, I remember that NFC payments will no longer work and then I get sad.
deleted by creator
Yes I mean google wallet. I’ve never heard of a banking app supporting NFC payments by itself, I was not aware that was even a thing… googling suggests that might be an EU-only thing.
What I did on my old Oneplus 7t (from a fresh install) was using Shelter to create a work profile and keep anything google related there. On the main profile I didn’t sign in to google or installed any google apps. I also disabled all OEM bloatware and apps I didn’t use. Not ideal, but better than nothing and all I could do before getting a new phone without unlocking the bootloader.
The reverse may be a better option(?), as you can completely remove / disable ALL google services (google play, google play services, google framework, etc.) within the work profile
I use insular, which is a fork of shelter/island.
The biggest hurdles are unavoidable under stock Android, but it really depends on your needs. What are you trying to protect against?
Use this tool.
https://github.com/0x192/universal-android-debloater
That one is old and unmaintained. Use this newer version of it instead: https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/
Can also use Canta directly on the phone without needing a PC.
Thanks for posting this! Didn’t know the original was not maintained anymore.
Last Git commit to the old UAD repo was on April 10th, 2023, so yeah, I think it’s fair to say that it’s unmaintained. For comparison, UADng was last updated yesterday.
Just buy a new phone. Don’t waste your life micro-managing malware. Spend your time on making money to buy a new phone.
Downvoted by broke bois but they ain’t finding privacy anytime soon
I’m not micromanage it, that may be a privacy tradeoff i make for convenience. I want to see what I can do without constant maintenance.
Like the other guy said, some only learn the hard way.
Good advice but people have to suffer to learn these lessons.
Example: i spent years fighting windows but linux “too complicated” … instead of wasting years learning linux i was running scripts and editing registry which always broke the OS eventually… rinse repeat…
This is the thing that gets me about that level of user. I understand basic users who dont care prefering windows, but I always kind of found it amusing to watch people “Linux too hard booo CLI…now excuse me while I learn to manipulate the registry, and run scripts/disable certain things via the checks notes CLI.”
Are there actually Windows users that say Linux is too complicated but then jump through hoops with registry even CMD prompt?!
I can’t speak to how often, but it definitely happens.
Its a perception thing, they see it as “I dont have to’learn’ anything I just follow these tutorials” even though a similar amount of effort would get them through the few commands they might need on Linux.
guilty 🤡
the entire loop was idiotic waste of life instead of acquiring a valuable skill. let’s be real any self respecting homeadmin has to be fluent in linux nowadays.
but at the end of the day it is proton/steam that opened the gates for this type of user to switch. if you are a gamer, you can figure linux mate lol
but yet we still people accepting windows parasite because CoD or BF, same guy prolly still buying intel chips 🫢
Eh, no use crying over spilt milk, youre here now. :) Linux is still stuck in a weird cultural hole, its not your fault it took a while.
Ive always been familiar but a daily driver of windows. I started self hosting a year or two ago, and recently switched my office PC to Linux with a secondary win partition. Ive just never had issues with windows but I’m pretty tired of what they’ve been up too lately so for me it was time. Whenever I get around to grabbing another m.2 for my living room rig I’ll do the same for it.
disable Google Play Services and the Google Play Store. And that will help a lot. And if you still need apps from the Google Store, you can use the Aurora Store from f-droid
Edit: you may also want to look into controld.com since their free dns blocks known malware, ads, and trackers. They have several options including standard DNS, DNS over HTTPS, and DNS over TLS, and Android supports DNS over TLS. So you can use it directly.
I’ve found disabling play services on Samsung causes weird errors.
You can try, it may work.
Thanks for the DNS link!