Smartphone Hardening non-root Guide 2.0 (for normal people)
NOTE (June) 15/06/2020
: r_privacy moderator trai_dep revengefully
deleted my highly gilded 1.0 guide post
before. UPDATED 16/8/2020
: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid.
This guide is nearly FOSS supported now. UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy's F-Droid repo. This guide is completely FOSS.
Hello! I am the founder of /privatelife
. Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious. A kind request to share this guide to any privacy seeker.
User and device requirement
- ANY Android 9+ device
- knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me)
Why not Apple devices?
iPhone does not allow you to have privacy
due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered
in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable.
17/9/2020: Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire
Also, they recently dropped plan for encrypting iCloud backups after FBI complained
. They also collect and sell data quite a lot
. Siri still records conversations 9 months after Apple promised not
to do it. Apple Mail app is vulnerable, yet Apple stays in denial
Also, Apple sells certificates to third-party developers that allow them to track users
, The San Ferdandino shooter publicity stunt was completely fraudulent
, and Louis Rossmann dismantled Apple's PR stunt "repair program"
Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper
to do than Android.
LET'S GO!!! ALL users must follow these steps before "for nerdy users" section.
Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.
NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/
NOTE: NetGuard with Energized Ultimate HOSTS file with any one of the above mentioned DNS providers is the ultimate solution.
- Make DIY camera covers, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). My rear camera cover
- Install F-Droid app store from here
- Install NetGuard app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS]
NOTE: Set DNS provider address in Settings -> Advanced settings VPN IPv4, IPv6 and DNS
- In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below:
Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu.
LIST OF APPS TO GET
NOTE: Qwant Maps has better search results than OSMAnd+
- Get Firefox Beta web browser from F-Droid (install uBlock Origin addon inside (if technically advanced, try doing this)). Also get Firefox Klar if you like a separate incognito browser.
- Get Aurora Store from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in
- for 3rd party APKs source them only from APKMirror OR APKPure OR APKMonk, quite trusted, BUT TRY AND AVOID IT IF POSSIBLE
- Get Privacy Indicator from F-Droid for iOS 14 like camera/mic dot indicator feature
- Get OSMAnd+ from F-Droid or Qwant Maps inside web browser for maps and/or print physical maps if you live and travel in one or two states or districts.
NOTE: for phone-computer sync or sharing, can TRY KDE Connect, available for Android, Windows, Linux
- Get PilferShush Jammer from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking)
- Get OpenBoard (user friendly) OR AnySoftKeyboard (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware
- Get FTP Server (Free) from F-Droid and FileZilla on computer for computer-to-phone internet less file sharing
- Get TrebleShot instead of SHAREIt for phone to phone file sharing
- Get K-9 Mail or FairEmail as e-mail client
- Get NewPipe for YouTube watching, or YouTube in Firefox Preview/Klar
- Get QKSMS from F-Droid as SMS client app
- Get Shelter from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal)
- Get SuperFreezZ from F-Droid to freeze any apps from running in background
- Get Librera Pro from F-Droid for PDF reader
- Get ImgurViewer from F-Droid for opening reddit/imguother image links without invasive tracking
- Get InstaGrabber from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is here, thanks u/sad_plan )
- Get GreenTooth from F-Droid to set Bluetooth to disable after you have used it
- Get Material Files or Simple File Manager from F-Droid for file manager app
- Get ImagePipe from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date)
- Get Note Crypt Pro from F-Droid for encrypted note taking app
- Get Vinyl Music Player from F-Droid for music player
- Get VLC from F-Droid for video player
CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things.
AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us.
Now that you would have set up your phone with installing apps, now is a good time to perform this procedure.
Step 1: Install AppOpsX from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/)
Step 2: Plug phone to computer, and enable USB debugging in Settings Developer Options (you probably already did this in the starting of the guide)
Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app.
Step 4: On computer, type commands in order:
adb tcpip 5555
adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &
Step 5: Now open "AppOpsX" app, and:
NOTE: Most apps that have text field to copy/paste text require this permission.
- disable "read clipboard" for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al.
Step 6: Profit! Now you can plug off phone from computer.
- disable "modify clipboard" for every app except for your virtual keyboard or office suite app or clipboard monitostack special apps.
- disable "GPS", "precise location", "approximate location" and "coarse location" for every app except your maps app (Firefox and OSMAnd+)
- disable "calendar" for every app except your calendar and email app
- disable "read contacts", "modify contacts" and "get contacts" for every app except your "Phone", "Phone Services", "Phone/Messaging Storage", contacts and messenger apps
- disable all "send/receive/view messages" permissions for every app except "Phone", "Phone Services", "Phone/Messaging Storage", QKSMS, contacts, dialler and messenger apps
- disable "body sensors" and "recognise physical activity" for every app except games needing gyroscope, or any compass dependent app like camera or bubble leveling app
- disable "camera" for every app except your camera and messenger apps
- disable "record audio" for every app except camera, recorder, dialler and messenger apps
- disable all "Phone" permissions for apps except your SMS app (like QKSMS) and Contacts, Dialler and call recorder apps
- disable "change WiFi state" for every app except file sharing apps (like TrebleShot)
- disable "display over other apps" for any third party app not from F-Droid
- disable "read storage" and "write storage" for apps except file manager, file sharing app and messenger apps
- enable all permissions for "Phone", "Phone Services" and "Phone/Messaging Storage" system apps, critical for cell radio calling and sending SMS
NOTE: Remember to use AppOpsX everytime you install a new app outside of F-Droid store, which is done not too often by people.
FOR NERDY USERS
- Get App Manager from Izzy's F-Droid repo (here) to inspect app's manifest, trackers, activities, receivers, services and even signatures via Exodus Privacy built-in, all without root
- Get Warden from Izzy's F-Droid repo (here) for checking loggers (rest app is inferior to App Manager)
HOW TO USE NETGUARD By default, all apps will be blacklisted from WiFi and mobile data access.
If not, go to Settings via 3 dot menu Defaults (white/blacklist) Toggle on "Block WiFi", "Block mobile" and "Block roaming"
Whitelist your web browsers, messengers (WhatsApp, Zoom et al), file sharing apps, download managers, "Aurora Store" app and any game if needs internet and give them WiFi and mobile data access.
Also, whitelist "Downloads" and "Download Manager" as these are system apps that allow web browsers and other apps without built-in downloader to download files. Whitelisting this will keep apps and system stable.
WHICH PHONE BRANDS ARE GOOD AND BAD? (FACTS) Now we will need to evaluate what manufacturers are relatively safe, no appeasing, I will be blunt. I will make tier lists to help. I will give explanation for each, so read before jumping with pitchforks.
NOTE: If you have anti-Chinese political allergy, kindly read facts, or choose the other non-Chinese options listed.
Tier 1: Huawei/Honor, Asus, Nokia, Motorola, Sony, LG, FairPhone
Tier 2: Samsung, OnePlus, Oppo, Vivo, Xiaomi, Realme
Tier NOPE NOT AT ALL: Google
FairPhone: Clean software, ethical, recyclable components, good phone but bit extra price for midrange hardware. Status: good.
Huawei: (still no evidence by US government after one year of market protectionism ban, contrary to what Sinophobic US propaganda and condemned joke research papers (refer to this for why), may make you believe, all countries except US, Australia, Japan and UK are allowing them for 5G participation, there is absolutely ZERO EVIDENCE against specifically Huawei (does not count other Chinese companies), earlier ironically audited by UK GCHQ to be safe and on any of their global devices, to date there has been no telemetry found IFF you do NOT use Huawei ID account or Huawei AppGallery store (as instructed above). I have an OpenKirin rooted unlocked Honor 6X, and now a locked P30 Lite to confirm this.
If Huawei's CEO is a former PLA technician, so do plenty US companies. What does it prove?
NOTE: Real reason for this propaganda ban is USA could not monopolise 5G unlike it did 4G, and so they are playing their cards to put China out of commission. And Huawei did not steal 5G from USA, since USA does not even have a proper 5G vendor yet.
To add, for the rest of world outside China it is better to own a device from a country which has no jurisdiction over them, and you can use their phones without Huawei and Google accounts very safely. BONUS: baseband modem not associated with NSA. Also, good cameras, battery, display and performance in general. Status: good.
Asus, Sony, Motorola: their software is nearly stock, and as such quite beneficial and peace of mind assuring. Status: good.
LG: less stock-y software, still good. Good cameras. display too. Status: good.
Nokia: a bit of skepticism here with them helping spy with nexus with Russia's MTS and recently found Chinese telemetry as well, but nothing that NetGuard cannot stop by blocking domains via HOSTS from interacting with your device. Status: Potential issues, can be mitigated.
Samsung: Multiple issues with Qihoo 360 on phones with IMEI MAC sent over HTTP, Samsung Pay selling user data with no optout till now, Replicant devs discovering backdoors, Knox hardware blackbox with no idea what microcode it runs, certification from NSA even worrying, lockscreen and notification ads in OneUI, ads on Smart TVs, this all accounts to being quite shady company, but Blokada or NetGuard can mitigate it. Status: avoid for other brands if possible.
Xiaomi: They have quite a bit of telemetry in their MIUI skin, similar to Samsung. Now they have tracking in Incognito Mode in their Browser as well. Status: avoid unless you implement my guide properly.
OnePlus, Oppo, Vivo: They have considerably less telemetry and ads, better than Samsung and Xiaomi. But they will start doing the same thing as Realme which I will mention below soon. Status: potential but passable for now.
Realme: They are implementing ads into their UI, which will soon come to Oppo and Vivo phones too, a bit of an issue. This allows for telemetry and tracking concerns. Status: avoid if possible.
Google: In general an evil megacorp, Titan M security chip is self-claimed to be great on Pixels, but there is no way to verify if the microcode it contains is the same as that open sourced by Google. Having faith in Google's promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person. Moreover, they are known as:
TL;DR there is no summary, privacy is an indepth topic and you must take a couple of hours to go through this simple guide, as long as it looks it should clear all your concerns with smartphone privacy.
- NSA partner and collecting data and spy on users in googolplex capacity
- AI used by US military for drone bombing in foreign countries based on metadata Google collects on smartphones
- use dark patterns in their software to make users accept their TOS to spy
- repeated lies about how their data collection works claiming anonymity
- forcing users to use their Play Services which is spyware and scareware
- monopolising the web and internet via AMP
- use of non standard web browser libraries and known attempts to cripple lone standing ethical competitors like Firefox and Gecko web engine (now with Microsoft making their default Edge Chromium-based too)
This is the best you can do without rooting or modding a phone, and it is working for me since almost a year now, personally tested and verified on my locked P30 Lite.
I have a history of rooting and modding phones, one being an Honor 6X before Huawei disabled unlocking policy, one being a Xiaomi and one being a Lenovo before that. Also, one Samsung Galaxy S2 long time ago.
Credit to w1nst0n for the Universal Android Debloater (authorised me to use his tool). Hope this guide serves as a great tool for any privacy seeker.
submitted by TheAnonymouseJoker
Nvidia Shield Android TV Retro Gaming Emulator Hyperspin setup No Clutter Collection How To videos Best way
NVIDIA SHIELD HYPERSPIN SETUP RETRO EMULATION HEAVEN ! https://youtu.be/P3rz1uzNkGw
: Hyperspin Nvidia Shield TV Retro Gaming Emulator https://youtu.be/00SzYTO4nPQ
: Bandit's No Clutter Collection - Hyperspin Android Shield-TV https://youtu.be/bLbxx2q1YeU
: FIRST: Download and extract to USB drive, SD card etc. https://www.arcadepunks.com/android-front-ends/
: SECOND: (USE THIS VERSION OF Retro Arch) Custom version of Retro Arch & Dreamcast ini file http://www.mediafire.com/file/jo4ot22zuuifkzn/Retroarch-dreamcast.zip/file
: Use the Dreamcast ini file, and replace the one in the Settings_Android folder of Hyperspin install directory.
Download the file and expand the contents in to a folder called Hyperspin on the root of your USB Drive / hard drive. The root of USB drive looks like: https://www.techdoctoruk.com/wp-content/uploads/2020/08/image-26.png
Install and run these required programs from the Google Play Store
on your device:
PPSSPP standard version
Install Fix RetroArch 1.7.5 from the link above (this is a custom version for Hyperspin)
Inside RetroArch, install the following cores:
Atari Lynx – Handy
MAME – 2010
NES – Nestopia
SNES – SNES9x
GB+ and GBC+ – mGBA (under gameboy advance)
GAMEBOY Advance – VBA NEXT
Dreamcast – Flycast
SMS, Genesis – Genesis Plus GX
Playstation – PCSX reARMed
Use the Dreamcast ini file, and replace the one in the Settings_Android folder of Hyperspin install directory.
: Yes you can add other systems, roms, emulators etc. MORE INFO on this setup: https://www.arcadepunks.com/no-clutter-classics-hyperspin-build-for-nvidia-shield-tv-2019-release
: Configure RetroArch:
Enable advanced options under Settings->User Interface->Show Advanced Settings
Enable bios in rom folder at Settings->Saving->System Files are in Content Dir
Setting up a button to exit directly out of retroarch makes it more usable. I would recommend configuring your hotkeys in Retroarch in a similar fashion:
Enable Hotkeys : Right Joy Click
Menu : Left Joy Click Exit : Back Button
Load State : L Bumper
Save State : R Bumper
"Configure controllers in all previously mentioned emulators! Retroarch is the easiest to set up controllers, some require more than one layout such as the N64 for some of the FPS games which had strange control schemes.
For specific configuration of the Dolphin emulator I would suggest setting the forced clock speed to 65% under general and turn on all the checkboxes. Under graphics options enable vulkan and at the bottom of the page under hacks turn everything on except immediate xfb. With these settings I am able to play soul calibur at full speed. Only other game that needs adjustments from this is Simpsons Hit’n Run which needs slightly lower clock rate to run at a playable speed." If you are not sure how to setup your gamepads controllers in the individual emulators, search YouTube lots of video tutorials on this.
: If after you setup all this following the guide above and would like to use a more recent version of RetroArch 1.8.8 follow below. Uninstall your current version of Fix RetroArch 1.7.5 and install and use this version Fix RetroArch 1.8.8 http://www.mediafire.com/file/k1rglnc7695pi7h/RetroArch_ra32+version+1.8.8.apk/file . With this fix Retroarch we can continue to use mame 2010 as the original build was intended this modified version of the Android Retroarch 1.8.8 apk which has been fixed to work with the Bandit build. (june/18/2020).
Make sure you watch the three videos especially the last two above in guide on setting up RetroArch and settings. In Fix RetroArch 1.8.8 download and update these cores, the settings and name of some of the cores have change and the layout of the app but they are still available.
Atari Lynx – Handy
Arcade (MAME 2010)
Nintendo - NES/Famicom (Nestopia UE)
Nintendo - SNES/SFC (Snes9x - Current)
Nintendo - Game Boy Advance (mGBA)
Nintendo - Game Boy Advance (VBA Next)
Sega - Dreamcast/NAOMI (Flycast)
Sega - MS/GG/MD/CD (Genesis Plus GX)
Sony - PlayStation (PCSX ReARMed)**
submitted by ShawnDex