Hi, guys!
Before I pose my question: I am really in awe of projects in the Open Source community style and this is soooooo good to see and experience (my other hobby is Sat TV "hacking" and so on... )!!!!!!!!!! :good: So, endless thanx and respect(!!!!) to all involved!!!!!!!!!!
Context: recently I managed to S-OFF my HTC Desire with 'Droid 2.2.2, then somehow I rooted it, 4EXT recovery/backup (if memory serves, the "touch" one) is in, in recovery mode I flashed the latest MIUI ROM (sorry if I misspelled it) with JB 4.1.2, improved the "radio" and so on... The one or two things that do not work - that I noticed - was no sending SMSs and poor video recording and reproduction. So, the search is continuing!
My question is - before I attempt the flashing of Paranoid Android ROM (how fitting, regarding my question! ) - is there a ROM that has kicked the living daylights out of Google corporate c*a#, please? As in, there is no stuff, in that would-be ROM, that constantly collects our data and sends it back to corporate and other commercial coders, please?
Because, as a matter of principle, we ought not to have to think of just how much data is going to corporation(s) and individuals coding apps etc. And from then on, to "authorities", of course. Not that I have anything to fear, in that respect - but it is the principle that is at stake here! Similar with Linux v. MacroHard and their "enlightened" attitude towards our privacy etc.
You know, we have a myriad of apps of all sorts, so I suppose we do not need Google's intrusion in all aspects of our interaction. I am perfectly happy, for instance, to use Firefox or Maxthon or Opera browser and get into my emails that way, not having to use the Google app for Gmail! I presume we could also have other apps to replace Google chat (presumably through Firefox in Gmail?) and so on and so forth. Really, I do not need Google's maps, when we have Open Street app and so on and on and on.
So, does this ROM exist, please? No Google/corporate/commercial stuff in it, that is...
And if not, has the time arrived?:angel: It is Linux, after all...
Would it be possible to make something like that?
Many thanx, again!
P.S. I recently bought a SuperPad tablet and I wonder if there are custom built ROMs/OSs for those, as well? Anyone knows, please?
Well of course any Rom without the Google apps.
Your principles on data collection went out the window when you first used the internet.
I disagree... respectfully, of course...
For instance, see BBC website for the "right to be forgotten" EU proposal on data collection/storage/handling... However, no such battle can ever be completely lost or won - they keep going on...
As a newby I have a problem with posting links but... let me try:
Code:
bbc co uk / news / technology-16677370
My Q was also re. full functionality without Google stuff - some ROM authors warn that their ROMs can't function properly unless we flash the Google stuff immediately after ROM itself... Any clarification, please?
goggysan said:
I disagree... respectfully, of course...
For instance, see BBC website for the "right to be forgotten" EU proposal on data collection/storage/handling... However, no such battle can ever be completely lost or won - they keep going on...
As a newby I have a problem with posting links but... let me try:
Code:
bbc co uk / news / technology-16677370
My Q was also re. full functionality without Google stuff - some ROM authors warn that their ROMs can't function properly unless we flash the Google stuff immediately after ROM itself... Any clarification, please?
Click to expand...
Click to collapse
its not to do with they cant function properly (they can) its just the fact that play store is "google" and u also need a gmail account. correct me if im wrong. Soo like dethrat says,.... its about gapps. (more or less).
It's not a matter of me thinking this is/you're wrong (on this one). I think/hope, that you are also hoping that I am right... Am I right?
You have a point, in a way, since it started in this manner with credit cards (easily done but also easily circumvented) and onwards but...
Look, ever tried Flipboard? I mean, if you are neglecting the examples I already wrote about... Check it and compare with Google Currents, please... Simply flipboard dot com... Need I say more?
On the level of principles: we do not need to be tethered/electronically tagged and under constant "surveillance" by Google or any other corporation or even the state, for that matter... Don't you think this is kinda worth at least trying? No offence intended to anyone(!) but I think this is the adult thing to do...:angel:
Well, this is what I am looking forward to nowadays... So, do you think that, for instance, a developer of Paranoid Android could make it all work with "alternative" apps, please? An effective "Ads Blocker" and kinda "No Script" apps included, of course. Maybe even - in this sense - "cleaned up" crucial apps, too... If "Anonymous" were really serious and competent (intellectually, professionally and morally), maybe they should get on it right away, eh? :angel:
I mean, if I ever requested anything from anyone on these boards, this would be it - an AIO OS without corporate [email protected]#. And I have a feeling that a fair few of us might keep trying this sort of thing out...:good:
Code:
bbc dot co dot uk / news / science-environment-21923360
Any more info on my question, please? Anyone with some experience?
Cheers!
So, the great WoH tells me that it is possible to use his ROM without the G-stuff, that is "Gapps" - and that everything should work just fine! And I am very grateful for this possibility! I only need to "skip the step with the gapps", he says.
Then, one proceeds with "3rd party app stores" like Amazon, GetJar, Fireplace and Yandex.Store. I presume there is an included browser in the ROM without the Gapps, so I start it and go to one of those sites, get their gadget and simply install from there, the free stuff... hopefully not having to log in with my Gmail account...
My problem, though, lies here in this thread - setting up PDroid. That's for seriously enhanced privacy/security! In the thread's "how to" there seem to be some discrepancies with the newer versions of PDroid... Really not sure how to do it, what exactly must be done, with which files... And I can't post in that section, to ask questions... Like "Where is the apk you mention in the top post?" and "What exactly are the steps?"
So, I must prepare by reading a lot, testing it and then redoing it, from scratch, i.e. flash the ROM again, as WoH described in his thread here: http://forum.xda-developers.com/showthread.php?t=2131790
My hope would be that he includes the PDroid patch/apps - if at all possible - in the next edition of his awesome ROM!
Also, I would dearly love to see and test a ROM with all the best alternative apps, links to a few of the best 3rd party apps stores, tools etc. - but no G-c#@p (or almost no G-c#@p)... at least as much as humanly possible...
Here is a sketch:
3rd party apps stores,
keyboard and speech apps,
a couple of browsers (Firefox/Opera, maybe),
a few tools to manage the phone and set it up properly (Advanced Task Killer, Android Manager and alike),
best audio-visually capable Gtalk app and Skype for chat,
some non-demanding but good protection (Avast suite?),
Flipboard for news,
Adobe Reader, Kindle and Aldiko for reading,
MX and Meridian players for multimedia stuff,
Flash,
camera and videocam apps(?),
audio, video and photo editing SW,
Sopcast (TV channels) and "1Channel for Google" for audio-video streaming from the net,
...and so on,,, everybody continuing to fill it up according to their preferences, of course... all freeware/gratis!!!
Perhaps call it an "Alternative apps pack"???
So, maybe: when apps2sd card tool has been installed, we flash the "Alternative apps pack"... and it all goes to an SD card?
I think this might be a very cool idea, for many of us...
Go WoH and co.!!!!!!!!!!!!!!!!!!! :good:
Hi,
the Replicant team made me aware of something.
Replicant is an Android fork ROM that emphasizes on security and privacy (e.g. they removed all Google services from Android).
This is their article I'm talking about:
http://replicant.us/2013/11/fairphone/
I think all the software is free now (correct me if it isn't). Links in benkxda's thread.
But what about the modem being embedded in the SoC? I guess that's the case?
That would mean the Fairphone is not completely secure.
So let's make ourselves heard that we would be happy to see the next device without a modem embedded on the SoC.
What the Fairphone has achieved in regard to openness and fairness so far is considerable and great! I'd like that to continue, so that's why I bring this up.
some security possible?
Unrelashade said:
That would mean the Fairphone is not completely secure.
Click to expand...
Click to collapse
Hi Unrelashade,
thank you for bringing this topic up. I think complete security is not possible - even the encrypted blackberry of cancellor Merkel was hacked.
But "some" security should be possible - and I think the main problem is me: The things I do wrong, the rights I give to apps and the way I do backup and data storage. So I kindly would like to aks you guys for some advice - How can I save my private data and also my companies data from data selling companies or a theft?
So I try a combination of:
* active sync of my data (e-mails, contacts, ...) with my own server (egroupware) - no sync with google or other free services
* encryption of phone storage with good password
* possibility to wipe my phone remotely in the case I loose it (not testet yet)
* Xposed & Xprivacy to limit data distribution by some apps
Now I have the feeling, that Xprivacy could kill the remote wipe - that would be very bad.
Furthermore, I am not familiar with the settings in egroupware - I did not find the remote wipe function yet or other active sync security features.
And I am missing a good backup methode - save and practical. Finally there may be a lot of things I do not know yet but I should take care of.
Could you help me to improve security in a reasonable way? Could you point me to a how-to with android and the egroupware ?
sidingFP said:
Hi Unrelashade,
thank you for bringing this topic up. I think complete security is not possible - even the encrypted blackberry of cancellor Merkel was hacked
Click to expand...
Click to collapse
You're right, secure is not the right word. What I mean is that most phones might be used as a remote spying device. There is a way to build them so that this is not possible and that's worth working towards as a goal, imo.
On security with Android in general there are probably a lot of good threads/ websites, e.g. see the posts of the xda portal (news) tagged with "say sayonara" (to google services):
http://www.xda-developers.com/tag/say-sayonara/
To me it sounds like the only step you need to take to protect your data is to uninstall/ not install Google Services. They're deeply embedded into Android but there are people who work for a Google free Android system, see my link from the OP to replicant or e.g. this thread by Marvin
http://forum.xda-developers.com/showthread.php?t=1715375
I'm not sure if the fairphone system that is downloadable is completely free of Google Services, you may want to check that.
The only thing left then is that the Fairphone is still a smartphone with the modem embedded on the SoC. That still makes it possible to be used as a remote spying device (see my OP) if I understand it correctly.
Many are aware of my recent concern about this app relying on Google proprietary GCM network and spying Google Services Framework.
Here is TextSecure 2.0.6 compiled by myself from source, but without GCM/Push/GSF/Googleplay/Google Account.. No Google services required to use it at all. All other features are preserved including the latest encryption protocols. This is pure SMS with no internet needed. I am sharing this app under GPL3 license.
INSTRUCTIONS: Unzip and install as a regular app. Keep in mind that you have to uninstall previous versions as they are signed with different signature. Just back up your app with Titanium backup and restore data only.
Source: https://github.com/WhisperSystems/TextSecure
Creidt to original developer Moxie Marlinspike.
You pretend like it's not possible to use the current version without GCM/GSF installed, which is plain wrong.
It works very well, there is simply a message that tells the user he/she won't be able to use push messages without GCM.
You are basically telling people to trust that you didn't mess with it, instead of trusting Moxie (an accomplished security expert) and Open Whisper Systems.
If you want people to use this, you should release the source code, which you are already required to do by the GPL (https://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic), add documentation how an identical build can be built and the hash of it.
It's also funny that your "pure SMS with no internet needed" version still requires full internet access in the permissions...
lindworm said:
You pretend like it's not possible to use the current version without GCM/GSF installed, which is plain wrong.
It works very well, there is simply a message that tells the user he/she won't be able to use push messages without GCM.
You are basically telling people to trust that you didn't mess with it, instead of trusting Moxie (an accomplished security expert) and Open Whisper Systems.
If you want people to use this, you should release the source code, which you are already required to do by the GPL (https://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic), add documentation how an identical build can be built and the hash of it.
It's also funny that your "pure SMS with no internet needed" version still requires full internet access in the permissions...
Click to expand...
Click to collapse
What a pure bull...
I am not telling people to trust me. All I did was remove Push and GCM ability. And all I need to say is what I said in the original post. That's it. Now, here, unlike Google blobs, the app could be decompiled and easily examined.
Now, with each your response, I am more and more convinced that the development is compromised...
Hi,
Stock ROMs aren't really trustworthy by default (e.g., phandroid.com/2014/11/06/carrier-iq-settlement).
Some manufacturers' devices aren't really trustworthy, even with stock ROMs removed (e.g., theepochtimes.com/n3/830922-chinas-xiaomi-smartphones-may-be-spying-on-you).
Cyanogenmod went donwhill:
We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where your product or device is used so that we can better understand customer behavior and improve our products, services, and advertising.
Click to expand...
Click to collapse
(from cyngn.com/legal/privacy-policy) They started on this path long ago, but I won’t go there now.
I would like to buy a new Android phone. I won’t have national secrets on it, but I still don't want any Google-style spying. Assuming I don't add GApps, is Paranoid Android a good choice for me? Does it respect the privacy of its users? Does it contain any components that would ever connect anywhere to trunsmit any information like GApps do. Obivously, I'm not talking about user initiated events.
One more thing, does it have a permission manager? Ideally, something that allows the user to choose for each permission for each apps whether real, fake or blank data is shared, but a bit cleaner than XPrivacy.
Thanks!
We don't track users or data in the ROM. The only thing that will initiate a connection is with the OTA app, when it connects to our API and asks for any updates. ( you can control this by just turning off the OTA app checks for updates within the app)
Pirateghost said:
We don't track users or data in the ROM. The only thing that will initiate a connection is with the OTA app, when it connects to our API and asks for any updates. ( you can control this by just turning off the OTA app checks for updates within the app)
Click to expand...
Click to collapse
Excellent. This is the exact response I was hoping for. Thank you.
(first time on XDA, let me know if this should be on a different thread, or if I should add any tags)
Hi!
Intro/Plea for Help:I have found partial and indirect answers to some of my questions, I'm hoping someone can help with my particular situation and answer all questions clearly, in one place. Maybe someone could answer these questions off the top of their head, whereas I would have to do lots of reading to figure it out. At a minimum, if someone is able to answer if this is a realistic goal or not, that would be great!
What I'm trying to do:I want to turn my smartphone into a dumbphone (with select additional apps). I think the best way to do that is by installing lineage OS and removing any apps or features I don't want. But I don't know what apps/features are safe to remove without breaking the functionality of the things that I want to keep. Ideal scenario is I could install Lineage OS with exactly these apps, nothing more and with no ability to add any apps. So its not entirely "dumb", but is limited in the sense that you would have to plug your phone into your computer in order to add an app (more context at the bottom, in case it helps)
Questions:
Big question: if there is a GApps package, could you build a package that removes some of those and adds the additional apps below and then install it the same way you would install GApps? If so, can someone either build it for me or show me how? I have friends who may want to do the same thing and I could help them do it if I knew how to.
Is there anything missing from the list below that would cause stuff on the list not to work properly?
If you're phone only had these apps and wasn't capable of installing any new apps, what other stuff doesn't work? (i.e. updates, maybe syncing calendar/messaging/contacts to the cloud? idk...)
If you want to have the below list of apps and make it nearly impossible to add any others, is this the best way to do it? What others steps could you take to make it really difficult to install apps? Do you know of other methods that would work better?
other questions may arise during the process but that's a start
Canvas StudentFile ManagerGoogle AssistantGoogle HomeGoogle/Android MessagesGoogle MapsGoogle CalendarGoogle DriveGoogle PhotosGoogle KeepGoogle Play BooksGPayGmailJoinNow MultiOSAmazon KindleOutlookNiagara LauncherOnedrivePhoneParkMobileGoogle StadiaUSBankSlackUltimate Guitar TabsUSAA SafePilotVenmoSpotifyTSheets
More Context:
I enjoy projects like this and a regular dumbphone doesn't meet the crucial intersection between what I need and what I'm trying to get rid of. I need some features on my phone to function day to day (navigation, apps for school and work, Google Home), but I really don't want other stuff on my phone (internet browser, play store, social media) because it is getting in the way of my values. This is a big part of my effort to develop healthier habits, maybe other people can sympathize with that. Simpler ways of blocking these things can be worked around too easily and I don't have the sheer self-control to just not use them (others may relate with these dilemma as well). The hope is that this will be annoying enough to make it not worth it, or to give me time to ask myself if its really what I want.