Android

Android is the most used mobile operating system. It’s base is completly free and open source software provided by the Android Open Source project with Google as the main contributor. But sadly, all the Google services and applications are proprietary and closed source software that violate user privacy. At least with Android you have to escape this surveillance nightmare by switching away from preinstalled Android with Google Services.

Since Android 7.0 Vulkan compatibility has been provided and some games are using the new graphic API already. But your mobile GPU driver must support Vulkan, so just having Android 7.0 is not enough.

Important Note: Only buy Android phones where you know you can do an OEM Unlock. Companies that block this should not be supported. And try to buy a phone that allows custom ROM’s or where usually a high community support is expected.

Side Note: Unfortunatly Android is all about non-free firmware blobs and doesn’t encourage/enforce upstream Linux drivers.

OEM Unlock

Usually the OEM Unlock is done on any device with the following steps

  1. Enable Developer Mode (tab 7 times on the software version)
  2. Enable OEM Unlock
  3. Enable Advanced Boot
  4. Make a backup of all you important data (it will be deleted later on the mobile device)
  5. Reboot to Bootloader (fastboot mode)
  6. Install android-tools on Linux (sudo pacman -Sy android-tools android-udev)
  7. Type in a terminal “fastboot oem unlock”
  8. Confirm on the mobile device that all data will be wiped/deleted during this factory reset

Devices:

Install Recovery

To install custom Android ROM’s, you need to first flash a recovery like TWRP https://twrp.me. Basically it works like this:

  1. Make sure OEM Unlock is done (see above)
  2. Reboot to bootloader (fastboot)
  3. Download the latest TWRP for your device
  4. sudo fastboot flash recovery twrp-VERSION-DEVICENAME.img

As soon as you have installed TWRP, you can download e.g. LineageOS on your mobile device. Flashing can be done then directly on the mobile device after rebooting to recovery mode.

Custom ROM’s

To install a custom ROM’s without a recovery, basically it can be done like this:

  1. Reboot to bootloader (fastboot)
  2. fastboot update lineageos-*******

LineageOS

LineageOS (https://lineageos.org) is one of the well known Android custom ROM’s and it has been created out of the ashes of the CyanogenMod community. Issues:

  • No replacements for Google Services
  • No support for free software apps (F-Droid)
  • Google apps are advertised on the LineageOS website even though most of the Google services violate user privacy

Use LineageOS for MicroG instead of the original LineageOS!

LineageOS for MicroG

LineageOS for MicroG (https://lineage.microg.org) builds LineageOS with out of the box MicroG and F-Droid support. Updates are provides weekly for all official supported LineageOS devices.

/e/ Foundation

The e.foundation (https://e.foundation) is focusing on user privacy and free and open source software + services.

One of the main issue of /e/ is, that for some devices only quite old Android versions are provided, in case of the OnePlus 3 it is Android 7 nougat.

MicroG – Ungoogle your phone

MicroG (license Apache, https://microg.org) is a free software replacement for the proprietary Google services that violate user privacy. It provides for example:

  • Location services based on GSM cell towers and Wifi networks
  • Maps api
  • Cloud massaging

Several MicroG apps can be installed directly from F-Droid. But some Android Rom’s like LineageOS disallow MicroG to claim to be a Google Services replacement and therefore a quite complicated setup is required. As such it is recommended to use Lineage MicroG OS directly!

Android unGoogle Setup

As for some devices a custom rom is not yet available, the below installation procedure is based on the default Vendor Android that includes all proprietary, bloated, user privacy violating Google Apps (GApps).

Warning: To disable some Google function like location tracking is not enough, you need to replace Android with Google Apps (gapps) with a custom ROM. The COVID19 contact tracing was installed by Google without any user interaction and notification. Google even tracked the location of users even though users disabled it.

Steps to setup a new Android Google phone:

  1. Do not agree to any not mandatory terms & service contract (if you use a custom ROM without Gapps, this issue doesn’t exist)
  2. Disable Google location and data collection (if you use a custom ROM without Gapps, this issue doesn’t exist)
  3. Use a PIN to unlock the device (secure start is probably not available in vendor rom’s) and if available a finger print (drawing a pattern is insecure as people can remember it and you can see it usually on the screen when holding it against the light)
  4. Disable all Google and pre-installed apps (if you use a custom ROM without Gapps, this issue doesn’t exist)
  5. Download f-droid from https://f-droid.org (already included in LineageOS for MicroG) and install f-droid from you file browser
  6. Disable Google Chrome or the pre-installed Chrome Browser
  7. Disable the default calendar application (as it always tries to connect to an Google account)
  8. Disable the default E-Mail app
  9. Disable the default Music app
  10. Disable the default Galery & Fotos apps (at least OnePlus tries to enforce on the user to agree to a usage agreement, decline it!)
  11. Install free and open source software from F-Droid, see below Android Free Software Apps
  12. Disable Google Play Protect if you only want to use free and open source software from F-Droid. If you plan to use other sources like Aptoide, you may keep it active (and send this data to Google).
  13. Disable tracking id in data protection
  14. Disable Google Play Trust agent
  15. Google Keyboard
    1. Text correction
      1. Disable bad language block
    2. Search
      1. Disable search suggestions
      2. Disable search & more button
    3. Language recognition
      1. Disable language recognition
    4. Additional
      1. Disable telemetry data
      2. Disable personalization
      3. Disable help improving Gboard

LineageOS setup

  • LineageOS Setup Agent
    • Decide if you would like to use Wifi and GSM mobile station towers for geo location (recommended if you use MicroG)
    • Decide if you would like to send telemetry data to LineageOS
    • Activate data protection (<=LineageOS 16, LineageOS 17.1 is using the default Android permissions manager)
  • Download f-droid from https://f-droid.org (already included in LineageOS for MicroG) and install f-droid from you file browser
  • Disable Google Chrome or the pre-installed Chrome Browser (it is too integrated to Google and sends telemetry)
  • Disable the default calendar app (it promotes and tries to open Google Calendar even in the LineageOS rom!)
  • Disable the default E-Mail app
  • Disable the default Music app
  • Install free and open source software from F-Droid, see below Android Free Software Apps

Android Settings

  • Adjust settings
    • Network & Internet
      • Advanced
        • Private DNS
          • Select hostname of private DNS provider and type in 1dot1dot1dot1.cloudflare-dns.com. This will hide DNS requests from your mobile service provider and limit cencorship in some countries.
    • Apps & Notifications
      • Standard-Apps
        • SMS-App – Select QKSMS. Now you can disable as well the default SMS app!
    • Display
      • Niglight – Enable it, select time plan from sun rise to dust, adjust night light colors to own liking
      • Automatic brigtness – Enable
    • System
      • Gestures & Movements
        • System usage
          • Usage of gestures – Enabled
  • Settings / Security check if mobile phone is encryptedSettings / Security / Allow Unknown SourcesSettings / System settings press 7 times on build name to enable developer menuSettings / Developer settings. Activate enhanced reboot menu
  • Home screen settings – change to compact view, remove search, remove fast scroll ABC bars, increase raster to 5

LineageOS for MicroG Setup

Follow the normal LineageOS setup above and then do the following steps for MicroG.

  • Install from F-Droid Déjà Vu, Local GSM Location, WiFi Location Service and Radiocells.org UnifiedNlp Backend
  • Open MicroG settings and run the self test
    • Disable battery optimizations if you would like to run it in the background (keep it disabled if you do not have any app that requires this feature)
  • UnifiedNlp settings
    • Location services backend
      • Decide if you would like to enable the online Mozilla Location Service (recommendation is keep it disabled as Mozilla showed recently that they provide data to third parties)
      • Enable Déjà Vu for offline WiFi and GSM cell tower collection
      • Enable GSM Location backend and select Mozilla location service. Then create the local database.
    • Address resolution backed
      • Enable Nominatim and make sure that in settings OSM (OpenStreetMap) is selected

Firefox Android Setup

  1. Remove all unfree search engines like Google, Bing, Amazon, Qwant, Twitter
  2. Enable Do Not Track
  3. Set Do Not Track to always active
  4. Disable Third Party Cookies (Firefox Mobile doesn’t allow yet to enable only cookies from visited sites, this option is only available in the desktop variant)
  5. Disable the status report (to avoid sending this data to Mozilla and unknown third parties!)
  6. Install addons
    1. uBlock origin
    2. https everywhere
    3. I don’t care about cookies
    4. Privacy Badger
    5. Decentraleyes
    6. Cookies AutoDelete (make the setup to Automatically delete after 15 seconds, delete when changing the domain). If you have websites where you really do always want to stay login, add this website to the whitelist!

Android Free Software Apps

So this is my list of essential replacements:

  • Browser => Fennec (Firefox, MPL2) or IceCat. Install Fennec or IceCat and follow Firefox Android Setup below
  • Mail => Mail K-9 Mail (Apache2)
  • Music => Phonograph (GPLv3)

List of recommented replacements:

  • File Manager => Material Files (GPLv3)
  • SMS => QKSMS (GPLv3)
  • Navigation & Maps => OsmAnd (GPLv3)

List of additional replacements:

  • Calculator => Mathdroid (GPLv3), disable Calc app
  • Cloud Storage => nextcloud (GPLv3, you need a private own owncloud server)
  • DNS changer
    • Not existing => DNS man (GPLv3, use DNS servers from https://opennicproject.org)
    • Alternatively activate DNS over https 1.1.1.1 in Android settings
  • Editor => Turbo Editor (GPLv3+)
  • Messenger => Telegram (GPLv2+ only client, server is proprietary!), Riot (almost completly open source based on Matrix network)
  • Media
    • Media Center
      • not existing => Kodi (Client)
    • Media Server
      • not existing => Kodi (Server via uPNP/DLNA)
    • Remote Controle
      • not existing => Kore (GPLv3)
  • Password
    • Google, Firefox Sync => Hash It! (GPLv3)
  • Privacy
    • WLAN Privacy
      • Not existing => Wi-Fi Privacy Police (GPLv3, do not show a list of previously connected WLAN networks)
  • RSS Newsreader – spaRSS (GPLv)
  • Security – Encryption Passwort changer doens’t exist in Android, to replace the boot password and keep a simple PIN only for the lock screen use => SnooperStopper (GPLv3)
  • Software
    • Google Play => F-Droid (GPLv3)
  • Sync for Contacts, Calendars, Tasks
    • Google => DAVx5 (GPLv3) and Nextcloud server
  • Tasks
    • Google => Tasks (GPLv3)
  • Video
    • Offline
      • Video => VLC (GPLv3)
    • Online
      • Youtube => NewPipe (GPLv3), MusicPiped

Enable Guardian project as a package source in F-Droid:

  • Tor Browser => after installation, install some addons, see Firefox Android Setup

Root applications:

  • Backup => Oandbackup (GPLv3, just for app backup and restore, but it requires root!!!)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.