We’ve come a long way from the Internet of the 90s and early 00s. Not just in terms of technology, capabilities, and culture, but in the attitude most of us take when accessing the ‘net. In those early days most users had a militant drive to keep any personal or identifying information to themselves beyond the occasional (and often completely fictional) a/s/l, and before eBay and Amazon normalized online shopping it was unheard of to even type in a credit card number. On today’s internet we do all of these things with reckless abandon, and to make matters worse most of us carry around a device which not only holds all of our personal information but also reports everything about us, from our browsing habits to our locations, back to databases to be stored indefinitely.
It was always known that both popular mobile operating systems for these devices, iOS and Android, “phone home” or report data about us back to various servers. But just how much the operating systems themselves did was largely a matter of speculation, especially for Apple devices which are doing things that only Apple can really know for sure. While Apple keeps their mysteries to themselves and thus can’t be fully trusted, Android is much more open which paradoxically makes it easier for companies (and malicious users) to spy on users but also makes it easier for those users to secure their privacy on their own. Thanks to this recent privacy report on several different flavors of Android (PDF warning) we know a little bit more on specifically what the system apps are doing, what information they’re gathering and where they’re sending it, and exactly which versions of Android are best for those of us who take privacy seriously.
The Real Research Confirms Suspicions
The report takes a look at six different “flavors” of Android and what each one is doing behind the scenes. The researchers studied operating systems from Samsung, Xiaomi, Huawei, and Realme which all also produce their own devices, but also looked at two alternative Android-based operating systems — LineageOS and /e/OS — that can be installed on some devices and customized for privacy if the user chooses. /e/OS is built with privacy in mind, while LineageOS is more of a drop-in replacement which doesn’t specifically focus on privacy. It should be no surprise that the four Android versions customized by the device manufacturers report a ton of user data, or that any device with a Google Apps (GApps) package reports a seemingly unending stream of user information back to Google servers, but some of the specific results that the research team found are definitely worth noting.
First, the paper points out that all of these companies are trivially able to link devices to users. Companies match IMEI numbers and other identifiers of devices to other user data that makes linking these accounts together a simple game of connect-the-dots. Largely the reason for doing this is to target ads, but all of these companies will also share this information indiscriminately with various governmental agencies. They also aren’t perfectly secure, so any black-hat attacker who gets access to this information will have it as well. This shouldn’t be too surprising, but the new information here is that researchers also found this data is shared among companies. For example, Samsung and Google seem to share each other’s data amongst themselves. Swiftkey, a popular keyboard app, also sends information to Microsoft via Google. It’s quite a complex web of data sharing and services from one company to support another’s data gathering efforts. Some of these data gathering efforts also include details such as timestamped app usage and personal contact gathering. While a lot of the information the operating systems are actually gathering is sometimes obfuscated, it’s clear that anything done on any of these devices might as well be recorded as if it was a Twitch stream as there’s evidence to suggest that literally everything could be monitored by someone (or some piece of software), right down to a user’s keystrokes.
The researchers contrast this rampant data gathering activity with /e/OS, a privacy-oriented version of Android. /e/OS is a fork of LineageOS which is specifically devoted to privacy, includes no Google-related software, and gathers essentially no user data on its own apart from information about available updates and some other necessary information. LineageOS is only marginally better than the Android offerings from the major manufacturers when the GApps package is installed with it, largely because the Google system apps are so pervasive at gathering user data. It is possible to use LineageOS without the GApps package but the researchers did not take this approach and largely focused on /e/OS as the de-Googled version of study.
Beyond This Study
While /e/OS is certainly an excellent choice for privacy-conscious users of smartphones, there are a few others worth mentioning that were not included in the study. Drawing the conclusion from this research that the real privacy violator is GApps (as long as you can avoid the other spyware from Samsung et. al.), it is possible to install LineageOS on a wider array of devices than /e/OS currently supports. Since installing GApps is something that is typically sideloaded after installing LineageOS and is an optional step, this can simply be omitted.
Additionally, if you absolutely can’t live without Google Maps or Gmail, there is a way of accessing Google services without actually installing them on your device. A software package called MicroG is available which is an open-source replacement for GApps and allows the user to access Google services that otherwise would be available but restricts tracking and gathering of user data by Google in key ways. There is a fork of LineageOS called “LineageOS for MicroG” which includes this package instead of GApps by default, although there have been squabbles between the maintainers of this project and LineageOS over concerns with the way that MicroG accesses the Google services by signature spoofing.
For those with Google Pixel devices specifically, there are two other privacy options. GrapheneOS is the Cadillac of privacy-focused versions of Android and has a number of improvements to enhance security as well, such as app sandboxing, implementation of secure/verified boot, disabling of peripherals via toggles, and other enhancements. CalyxOS is based on GrapheneOS and is similar but does allow for the use of MicroG and has some less-intense security practices than GrapheneOS. The only downsides with these flavors of Android is that they are built almost exclusively for the Google Pixel and at a minimum requires trust that Google didn’t build a hardware backdoor of some sort into their phones.
Android Isn’t The Only Option
There are a few other options for improving online privacy when using a smartphone. Linux-only phones such as the Pinephone are available but are not as fully-featured as Android. Some versions of Linux are also available for phones that would otherwise run Android. It’s also probable that an iPhone is a security and privacy improvement over a factory Android device from any major service carrier or device manufacturer, although the fact that their software is closed-source and behind a walled garden makes this extremely difficult to verify. Still, if a user isn’t willing to jump through all of these hoops to install /e/OS, GrapheneOS, or Ubuntu Touch, or if their phone has a locked bootloader making it impossible to flash a new OS (or if their device just isn’t supported), it’s preferable to choose an iPhone only if all other options are exhausted. Of course, the only other option is to not own a smartphone at all, which is arguably the easiest way of improving the privacy concerns with these devices.
The paper goes into great detail on methodology and also includes information on how they determined what data was being sent for those curious about specifics. It’s also worth noting that they point out that none of this research investigates any specific apps that might be installed on a phone and only looks at the operating system apps. If you install random freemium games, banking apps, or Facebook on your GrapheneOS install, for example, it’s likely to void any and all of your privacy efforts. The paper itself is worth a read though even for those who haven’t considered their online privacy before, even if they did grow up in the 90s.
I have Xiaomi Redmi 8 and i’ve noticed strange activity in files matching following pattern:
/storage/emulated/0/MIUI/debug_log/common/tcpdump.pcap*
(MIUI is proprietary GUI that ships exclusively with Xiaomi phones)
These are unencrypted pcap files which seem to be regulary rotated. Can be opened in wireshark and contain actual dumps of my personal traffic.
(luckily most of it is TLS encrypted, but RNG in their kernel might be compromised as well…)
Is your phone doing this too?
Mi 10, fully updated with newest android available and newest MIUI available
No such file to be found. Neither there nor anywhere else.
Swiss Provider
The paper is garbage. I’m not sure why these guys are carrying water for e/OS. LineageOS does not ever come with GApps. They had to manually install them after loading Lineage (which you mentioned, kudos). To call e/OS a fork of Lineage is a bit much. It’s essentially a rebrand. See https://www.reddit.com/r/LineageOS/comments/q6rb9f/comment/hggbk99/?utm_source=share&utm_medium=web2x&context=3 for the LineageOS director’s comments.
That’s a little harsh.
The authors of the paper _do_ say that they’re considering Lineage to be Lineage + GApps, and they mention that it’s GApps that’s the source of the problems. That hardly makes the paper “garbage”. You would have preferred that they were more explicit about decoupling the two?
Because that’s what Lineage for MicroG and e/OS do — integrate MicroG better into Lineage so that it’s as user friendly as the “normal” install with GApps.
(I run Lineage without either. It’s not always smooth sailing.)
Their MITM work to get at everything that Google and the other manufacturers are sending home is pretty solid, if not entirely surprising or groundbreaking. But it’s nice to see it all written up and documented.
Maybe a little harsh, but I know the LineageOS devs considered the paper a hit piece against their work. The one place where the paper makes it clear that they have manually installed gapps, they also claim that you must install gapps. Ironically, MicroG is just as easy to install on Lineage as Gapps.
To fix it? Maybe also run the tests using Lineage and F-droid — without gapps, to have a fair comparison with e/OS. And make it clear at the top of the paper that they weren’t actually testing the default Lineage install.
“Just as easy to install as Gapps” is a complete falsehood, getting the OS (and other company’s apps) to recognize the microG install requires signature spoofing, which is absolutely a pain in the ass.
In fact, it’s the primary reason I switched to Calyx.
Do better research, or just be quiet.
I haven’t done it, so I might be misunderstanding, but there appears to be a single zip that patches the signature spoofing and installs the MicroG package. Either way, though, you’re going to need to flash a zip, which is what I really had in mind.
I don’t know if he’s maintained all of his “Hacker Cred”, but I sat in talk w/ Kevin Mitnick (Digicert conference in Las Vegas) where he basically said that all mobile devices’ security was crap. At the time he personally used an iPhone, and the reason why was b/c black hatters paid the most for iPhone vulnerabilities, so he figured that must be the best of the worst.
I’m skeptical of that reasoning. It seems just as likely that ios vulns get you into more phones, that the security model makes most worth less, or that the lower level of customization reduces the chances of your payload shitting the bed because the user had a weird setup.
It’s also probable that an iPhone is a security and privacy improvement over….
Why do you think that?
Well, Apple isn’t known for playing nice with anyone really, so while it’s safe to assume they have all the same info an android phone would have harvested from you, they’re keeping it to themselves for the moment.
Sent from my iPhone.
That does not follow.
Nope, makes sense. No one can speak in black and white terms about this whole issue, but Apple are much more tight-fisted about their ecosystem, their app dev system, what they will and won’t tolerate on their app store, and finally, they only have one app store anyway. Android has an entire universe of app stores, and if you focus on the most secure, Google Play’s store itself, it’s quite a mess (waaaay better than the wild west that was mid-00s tho.) Everyone who makes an android phone needs to effectively transact with Google, so this report identifying the criss-crossing of data exchange is not surprising, but it is illuminating.
“Apple isn’t known for playing nice with anyone really” you can say that again, not even the US Justice Department. Remember when they asked Apple to open a phone for them, and Apple refused for a while. Then the Justice Department said “don’t bother, we cracked it ourselves.” Which sent a nice message to Apple’s customers!
You mean the toxic request for them to break their own encryption and trust the US JD with the “backdoor / master key”?
This was on (of the few?) times were Apple actually did really good.
The more general cryptowars still raging in western democracies and not ending even after ~30 years is bad enough…. (EU, DSA, Canada, Australia, etc. and whatnot).
-> https://www.youtube.com/watch?v=zsjZ2r9Ygzw “Encryption: Last Week Tonight”
-> https://www.schneier.com/blog/archives/2016/03/another_fbi_fil.html (Linkt to ^LWT clip is recommended there too).
Don’t read too much into the initial Apple refusal. It was a no brainer at the time. DOJ comes back with a court order and publicly forces them, Apple comes out looking strong on security and on privacy at the same time even though they complied. There was no reason to comply before a court order.
Apple didn’t comply. DOJ found someone to do it for a fee and dropped the case. That is when Apple knew something was up. Fast forward to the recent stuff with NSO Group. No device is safe.
Possibly because Apple PR and marketing has succesfully put out this idea.
Current research suggest it is the other way around: https://www.scss.tcd.ie/doug.leith/apple_google.pdf
I wonder why the better prvacy option of using a dumb phone is not mentioned anywhere. Or the existence of privacy hardened devices. Or even the possiblity to free yourself of the mobile phone and get rid of it.
“using a dumb phone” isn’t really an option. An old dumb phone, like a 20 year old Nokia, is 2G only, so it won’t connect to a maderns network. What about a modern “dumb phone,” that has no touchscreen, and no apps? Well, I recently bought one (advertised for seniors and claimed to be “simple to use”) and under the skin it runs android. So, you could avoid the extra tracking that comes from various apps, but any tracking that is baked into the OS is still there. Oh, and android is an aboslutely shitty OS for a lightweight phone with a low-spec CPU and not much RAM. The interface is laggy as hell and it often completely misses key presses, and the predictive text is such a joke I had to turn it off. I WISH my old Nokia still worked, those things were so snappy. The only good thing about my new dumb phone is its passable 4G hotspot… So the phone is only used for calls and SMS, while all the other web stuff (browsing, maps etc) get done on other devices. Battery life suffers on the phone, but the shutty OS chews so much battery that the hotspot only reduces my runtime by about 10% over all.
Oh, the phone is an “Opel Big Button X.” I believe all Opel branded phones use a similar cut-down android to run them.
Apple’s bread-and-butter isn’t personal data reselling to third parties, nor it is advertising, so I’d say the have the benefice of the doubt: while it’s sure Google shares your data with everybody, it’s more likely kept in-house at Apple. They don’t need to sell data to make money, while it’s literally Google’s business model.
Google doesn’t sell the data either, that’s not how their business model works. Advertisers don’t buy any of this data from Google, they pay Google to deliver the ads to the user with the actual relevant data being kept privately in-house by Google.
Thanks for this – I was getting worried and you saved me some digging. I just recently loaded LineageOS on a new-to-me Samsung A5, specifically because I wanted a safe, private, de-Googled phone. I’m happy to know I wasn’t deluding myself. I know I’m still trackable – yada yada yada – but I seldom have mobile data or WiFi enabled, so at least I’m not low-hanging fruit, privacy-wise. I’d really be upset if LineageOS wasn’t what I thought it was.
I’ve been using lineage OS for years and I highly recommend it. I don’t see why anyone would install GApps with it. What’s the point of having a more private OS if you’re just going to hand your data to google on a platter?
Without GApps it’s worth noting that you can no longer use play store. That’s the biggest, and only significant inconvenience of a privacy focused phone. You can get the free apps by using an app that scrapes the play store (Aurora store), and you can still use F-Droid and other open source app stores, but you can’t buy apps from google. That can sometimes be inconvenient.
Maybe the point isn’t in installing a “more private OS”, but an up-to-date one? I, for example, have several phones that haven’t received updates from their manufacturers for years now, but LineageOS does supply up-to-date firmware for them.
“What’s the point of having a more private OS if you’re just going to hand your data to google on a platter?” better support, maintenance, customizability, control. less adware, bloatware, mysteries. the answer is simple, lineageos is so much more than just “more private”.
personally, i don’t know the point of having a supercomputer in my pocket if i can’t run google maps on it. that one app is just so handy, and so well-integrated into search. to me, it’s the indispensable part of the google ecosystem, the sine qua non which makes the rest worthwhile. and yes, it sends my location to google every 10 minutes. i figure it would do it anyways, but i specifically asked it to do so.
you know, different strokes, different folks.
i do wish i could run lineageos on my phone though, the vendor really did a number on the crap software it came with.
Google Maps works on Android without signing into an account. The difficult part is in completing your device setup without logging in, as some manufacturers might have more customisations that rely upon a Google account. But as long as you have a mostly vanilla Android experience, it’s quite easy to skip the setup, open the browser, download an app store, and disable the app that manages the setup notifications.
At that point Google only knows which device is accessing their services, and not who.
Google Maps will figure out who you are even if you don’t log in, they will look at where you go and correlate with all the other data they already have about you.
This goes not just for Maps but the whole Google experience. Every search, every destination, how fast you drive, your limp from that old accident, your spelling tendencies, how often you charge your phone and when you charge it, which pocket do you keep your phone in, they can tell all this stuff from the sensors and they record and correlate all of it. They can get all this stuff even if you don’t log in.
The report is overturning exactly what you’re saying – it goes deeper than just logging in. We’re talking about the entire layer that runs Google play services, and with it, it’s an entire bundle of data that’s is streaming from everything, even the widget clock and weather services.
As it says, getting a complete profile on a device and it’s user is trivial.
I can’t access searches or other data from my Google account without logging in, so whatever tracking the phone does when I don’t have services connected to my account doesn’t seem to be linked to activity that I can see from my account. And more importantly I cannot prevent someone from using parallel construction to track me anyway, so if I really want to disappear for a bit it’s just as easy to leave the phone at home.
If you have reason to believe you’re being tracked for nefarious purposes then you should probably just stay away from cellular phones, period. Even if you take control of the OS you still don’t own the networks, and it’s certainly not going to keep you safe from professional or state sponsored hackers.
Google is paid to develop this OS primarily through advertising dollars. That’s as deep as it goes, they just build whatever they think will deliver the best advertising and consumption experience. And most users are too lazy or too busy to regularly fill out surveys, so Google prefers to use the telemetry to automate it.
This conversation always ends up making mountains out of molehills because privacy advocates on the Internet falsely assume average users will care that their data is left out in the open. And even if consumers wanted such a solution, who pays to develop and test? Remember, GNU/Linux is free as in freedom, but definitely not free to develop, test, and push to upstream. Someone is usually paying these developers a regular salary, even if the code was written off the clock or in a personal repository.
And conversely, with the Play store, essentially all of your privacy is hosed.
F-Droid is pretty good, and a number of important apps will also give you the APKs directly. (Thanks, Signal!)
Occasionally, there’s something that you really can’t live without, and there’s usually a way to find it. For instance, if you have some old phones sitting around, reserve it for running Google Apps. Keep it turned off except when you need to download software, then copy the APK over to your real phone and turn it back off.
It’s definitely less convenient, and you’ll find yourself downloading fewer stupid little apps that do funny things, because the installation burden is higher. You might find your quality of life improves without that farts sound deck, though. Try it.
What about apps that ‘phone home’, they are still sending back info on you and your phone.
If you are running foreign code on a machine with internet access, your privacy is non existent. Full Stop. You have no idea what is being sent to the internet. Snooping gets you nothing because it’s all encrypted.
I firewall it so it can’t get out. And if I get paranoid I’ll put it on my own basestation for a while and check it with wireshark just to make sure the firewall still works. Only very few apps can get round the firewall, such as some micro$haft stuff and some of the google system apps.
Do you have a firewall for cellular data? Do you have an SMS firewall? If not you have no privacy. How useless it is to have a phone that you can’t actually use.
I dabble in LineageOS combined with the Aurora store myself, and I do wonder how much access any installed app from the aurora store gets to my device telemetry data. Does Lineage actually restrict any data retrieved by apps, or is that exclusively a Graphene or CalyxOS feature?
Too bad Android is practically useless to me without GApps. For one, I have zero interest in constantly messing around with side-loading updates to my apps. Secondly, I use several closed-source apps, so I’d have jump through hoops to obtain them.
honestly its not just privacy im worried about i switched out my old Samsung (old and mostly dead battery) with a Xiaomi mi 10 lite 5g and to my dismay this thing is a power-hog. even with a bigger battery and 5g disabled i get much less uptime per charge….either there is way to much “mystery” stuff running in the background or the MIUI is just an inefficient piece of **** (or worse yet both). hmm maybe i need to try and give lineageOS a go i read somewhere its a bit cumbersome but possible on Xiaomi devices…
Poor software at times, but mil ruggedized (my need) and big battery/time, DooGee S96Pro, or a sister of it.
Or Ulefone Armor.
I’ve been using lineage for a few years on a second hand phone, it’s been great. No google apps either.
Just disabling most google services on a stock android as serious effect on battery life, if not for the privacy, lineage is a big plus on the uptime.
Discord is my only non open source app (and it’s easy enough to download the apk from somewhere slightly shady), a guy made a series of “simple” FOSS apps for all the basic things such as notes and calendar, so you can still have an “ecosystem”, this and about everything I want is on fdroid.
I also find GPS to be the “killer app” of a smartphone (with the linux-y bits such as a good terminal, SSH and octave).
But GPS does not have to mean google maps. OsmAnd is a very good open source GPS app, you also get the full version on Fdroid as it is compiled from the git.
You don’t get the real-time traffic of Gmaps with osmAnd, but otherwise I find it better. The route calculation is slower but it’s way more customizable, you can ask it to make a route with ONLY dirt roads for example (which is nice for biking).
Most locations (fast foods, stores and such) are presents on the map, google is still better as it shows pictures and menus, but that is fairly minor to me.
The map itself is way more precise for singletrack and hiking routes.
And more importantly, you don’t need network connectivity to have the maps as they’re pre-downloaded locally.
Just like you can now have more than a kernel and a basic shell with FOS software, you can get a very good user experience with FOSS apps. You have a comprehensive ecosystem in lineage with Fdroid.
That ecosystem is mostly thanks to one guy ( https://github.com/tibbi ) thou, so many thanks to him.
Guess what we need is a phone that runs Google inside a virtual machine, so it acts like a sand box and the user can just tell Google apps whatever it wants and Google can scream as loud as it wants.
You’d need to sniff the traffic in both directions, then you could inject whatever you want as the out going data and keep up with Google’s data requests so you can still use the services whilst at the same time giving them as little as possible or just plain garbage. The best way to hide after all, is to hide in plain sight, else you’ll just be conspicuous by your absence.
Officially supported Sailfish OS devices already do this, sandboxed Android layer with transparent APK installation and F-Droid support.
There’s also Waydroid for community ports.
Works really well.
Who is surprised the I formation gathered is like a twitch stream? Knew this quite some time ago, as these devices are essentially trying to record reality happening to harvest data, which is the maximum amount of data one can collect. Hmm, I wonder how much energy/resources are consumed by this. Think of the ‘food chain’ required to make these shenanigans happen 24/7/365. Talk about waste. A bigger story here, just saying.
Companies that harvest data eventually hit unexpected outcomes when they base their decision making solely on what they interpret from the data. Zillow tried to predict the housing market and used an algorithm to decide when to buy homes, and ultimately had to shut it down and fire 1/4 of their staff because it led to a buying spree on homes that they couldn’t flip.
Passive data gathering is not a replacement for in person interactions and research. Really it’s not so scary when you realize how often these projects end up costing more than what they deliver. It’s hyped up a lot on both the pro and anti privacy media as being the best way to track consumer habits, but it’s mostly just gathering garbage.
I think I’ve fallen for the commercial and article hype of how good and useful technology really is, from the consumers prospective, based only from my experience of the past few years. Really confirming what you said about collecting junk, although selling ‘data’ seems to be profitable. A quick survey of suggestions based off recent purchases, talking about bugs in the house generating useless pesticide ads on the internet for us, a host of advertising blunders, which is rather easy to avoid considering the data available, leads me to think they have no idea what they are doing as common sense seems to be absent in whatever method is being used. Not to mention AI isn’t suffeciently evolved yet to sift through the gobs of data in their server farms yet. This to me points to a tremendous source of waste crossing a few industries in the name of profit. A worthy article to write IMO.
I agree that in most cases they don’t make very good use of the collected data collected. Call someone a pain in the ass, they’ll send you Anusol ads. That’s pretty much it.
darn no edit…
I was gonna add that it’s a volume business. Online ads are so cheap that even if 99 out of 100 targeted ads are duds, they still win if #100 results in a click-thru.
What about phones designed from the ground up for security ?
Blackberry made a device specifically for national security users.
Motorola Solutions – the police radio business, NOT “motorola mobility”, which is the consumer cellphone division that was sold off years ago to Google, then Lenovo, then who knows who?
Anyway, MSI makes the LEX L11 Android based device, allegedly approved by NSA for classified traffic up to TOP SECRET
https://newsroom.motorolasolutions.com/news/motorola-solutions-lex-l11-meets-us-federal-government-criteria-for-secure-wireless-sharing-classified-information.htm
I wonder how much is transmitted via SailfishOS, which is linux based and mostly open source. One of the big pros is that microg works great on SFOS, and SFOS can run Alien Dalvik (android in an lxc container) pretty seamlessly. To the end user apks are easy to install and rpms are also easily installed via repos or cli. Both apps coexist in the app drawer and there is no difference opening or using them.
Honestly, SFOS is quiet. I’ve used it exclusively (on both official and community devices) since 2014. In the US, no significant issues. I rarely use the Android layer, even on official devices with Alien Dalvik. It’s amazing how much longer your battery lasts without nasty stuff in the background phoning home constantly.
systemd is my only gripe. Traditional Linux tools, dbus, ofono, QML configs, Wayland, LXC/jails, dm-crypt… it all adds up to a great experience. If anything IS… talkative… it’s easy to find it and stop it.
I have used it for a few years with Aurora and microg and aside from banking apps and Hulu I have been very satisfied. Love gesture navigation. Now I just need Jolla to actually follow through and implement voLTE.
Between disabling hundreds of apps and hidden services on my Samsung device along with protection afforded by Adguard (website version not play store version, they are completely different) I’m able to block the analytics and telemetry being sent to Samsung and Google. Well all of Samsung and most of Google. I’d say about 95%+ gets blocked from phoning home.
What all did you disable/block? Did you use adb?
What about Android One ?
My xiaomi has it which means no social network crap and I also used Android-ADB-tools to deactivate some more native apps. Battery last at least six days.
Not an Android guru by far but sometime I wonder if I should switch back to my old Nokia…
A request for everyone here: What’s the “dumbest” 4G phone you know of?
As far as I can find there are NO 4G dumbphones. (To me a true dumbphone can only do voice calls and maybe SMS. No MMS, internet, apps, email, over-the-air updates, GPS, cameras, Bluetooth, WiFI etc.)
My understanding is that there can not be a 4G dumb phone because 4G is for data, so for smartphone only. 4G being the first standard to be internet only. The so called “feature phones” with 4G are running KaiOS and come with facebook preinstalled among other internet.
A dumb phone would be 2G.
3G?
My android phone doesn’t know my router’s wpa key. I use it only as a phone. But I suspect it to connect toward google via unprotected access point, like the public wifi at the church. Most of the time, I turn my phone off and I would switch it on only to get my messages. Since it’s worrying me so much, Instead of call it an android, I now call it an “hemorrhoid”.
You can also opt out of ALL Google tracking services via Android 12 Pixel 6 edition plus mask your imei number.
why would anyone believe that to be true ?
These server can be easily blocked by PiHole SW
Not over cellular data
Yes, if you use Pi-vpn with your own pi-hole
Perhaps they should test how good this tool is?
https://github.com/0x192/universal-android-debloater
My prediction: Not as good as LineageOS without Gapps, but a nice option for devices that don’t have a decent LineageOS port.
I wish I could have the targeted ads without any of my data going anywhere else. I kind of like that so many of the ads I see these days are for tools, parts and other hobbyist making stuff. I don’t really want to go back to the days when the typical ads to pop up were the same for everyone. I don’t really need ads for purses, shoes, male enhancement and maxi pads.
Every time i see an advert for tampons or viagra, I know that my privacy habits are working. If i see an ad for something i actually want or would use, that’s an indication that something about my real online behaviour is leaking out.
Life is far too short to let this worry me, I’ve lost a son and recently spent two months in the hospital with my mom and nearly lost her as well.
If I were younger I suppose what my Pixel reports back to Google may worry me, as it stands it doesn’t.
Then shut up about it… If you are unable, or unwilling to invest the time, energy, and critical consideration into the topic then why has broadcasting nihilistic ignorance become a valid counter position? The fact is, people who don’t have the time or ability to carefully to interact with the primary, secondary, and societal externalities, have no business discussing the topic at all. They don’t have rational contributions, they have ignorance and emotion.
The issue isn’t simply one of technological capability, but of the nature of our individual and collective relationship with it. While we are suicidally expanding our populations without regard for their long continuance or the caliber of people we are absorbing, we are also become vastly poorer collectively. Meanwhile, literal trillions of dollars annually is reaped by the digital agrarians of big tech. These companies farm the never-ending a free digital cash crop produced by human chattel – for free.
Identification and control over the nature of our own monetization is a necessary evolutionary step in adapting ourselves to new ways of earning money, reigning in a tech industry that is becoming more powerful than many nation states, and accepting that the original nature of our societies demanded a participatory involvement by each and every citizen of the body politic. We all experience death, infirmity, financial hardship, relationship and familial stress, and we always have… Nonetheless, we are failing – we have failed, to respect the existentially transformative nature of the technology we are implementing without foresight or regard.
We treat everything like toys, trinkets without consequence, and we outsource our responsibility to nameless entities to protect us – when we absolutely know they won’t.
No one is saying you have to care. You don’t. That doesn’t change the gravity of the issue. It doesn’t change the threat is poses. And it doesn’t imply your brand of impotent apathy is a valid position to take… It’s just lazy.
We need a 3rd party audit of the new Google Tensor chips and Pixel 6 series.
Volla Phone is another degoogled phone option.
I’m on LineageOS/Cyanogen for ages (without GApps, without MicroG). I am generally happy with what is available in F-Droid. For the three commercial apps that I like to have installed I contacted the respective manufacturers. One sent me an APK specifically built for AOSP, the second offered APK download from some remote corner of their web site, the third sent an APK with the bill. All thee routinely notify me of updates.
I am really happy with what is available already today.
thx for the imformative aticle. i’ve been struggeling somehow with fact some time ago and its easy to write just use e\os or some similar forks. the question is can you do your daily tasks with a phone running for instance “e”?
a lot of apps require gapps as framework and just dont work without and im not takling about social networking apps. its the public transport app, the banking app and so on. so in the end of the day the question is really use a smartphone or not.
One thing worth noting is most apps are really just a wrapper for a web app. So in most cases, you can use things like your bank’s website from your phone just fine, you may just lose the nice big-buttoned touch friendly interface.
That and the company that actually did the hacking was essentially advertising the ability openly. There is little to no chance that apple didn’t know of their existence and capability. So the whole thing was likely a PR stunt.
If you really care : Switch it off.
It’s why most “government” sites say “no phones” and many will ask regular visitors/contractors to turn them off well away and not in the carpark.
Switching the phone off is not the same as cutting off the phone’s ability to communicate. “No phones” means that the phones will be stored in a place outside of restricted areas (they are not communicating inside the restricted area because they are still outside the restricted area). If the phone is inside a restricted area, the phone’s communication abilities are actually cut off since they are placed inside a faraday bag or faraday cage. FYI: a microwave is not a faraday cage.
https://www.askaprepper.com/15-things-think-know-faraday-cages-dont/
CalyxOS is not based on GrapheneOS. The owner of GrapheneOS Daniel Micay routinely argues and fights CalyxOS and other projects online. A youtube video here explainin
https://www.youtube.com/watch?v=Dx7CZ-2Bajg