I've been looking into NFC card emulation on Android and have done some pretty thorough Googling.
As far as I understand, some modifications were made way back in Android 2.3 by another XDA member. Later on, a more complete framework for emulation was made by adding PCD tag types to Cyanogen 9.1+, enabling emulation in a semi-supported way for those running Cyanogen. With the latest versions of Android, it seems like Google has semi-official support for card emulation through the com.android.nfc_extras class.
My main questions: are there any useful apps out there that take advantage of this? Does this semiofficial API work with the Nexus 4 / GS4, which use a different NFC chip (non-NXP) from all other Android phones? Does this, perhaps, enable easy card emulation for assorted cards like Blackberry has had for a while?
Your not the only one trying to figure the problem of NFC emulation on Android devices,
From what I've been been able to conclude so far:
1) Stock versions of Android don't support smart card emulation
2) The NFC libraries that the Stock versions of Android do not contain smart card emulation libraries (as you mentioned the ISOPcdA and ISOPcdB classes)
3) Of the NFC chipsets out on the market right now, not all NFC chipsets have a Secure Element
4) There are only three (as far as I know) Android application that utilize the NFC Chipsets for contactless money transactions (Google Wallet, ISIS Mobile Wallet and Simply Tapp)
Some technical background stuff on the Secure Element
1) The Secure Element is not directly accessed from the Android Operating system, but an applications ability to access the secure element is dependent upon the proper keys (public/private keys), where the manufacturer holds the master key for access
2) When the proper key(s) is/are entered the application writes some code into the memory of the Secure Element. To prevent a brute force attack, after several incorrect password attempts, access to the Secure Element is permanently disabled
3) When the Application needs the Secure Element, what could be assumed as a vector is preformed within the Android operating system that requests the code stored on the Secure Element to execute
4) Early adopters of Google Wallet faced the possibility of borking the Secure Element if they did not deattach Wallet before preforming an Android System update (from what I've read AFAIK, Google has since moved to a cloud storage of the needed keys)
From the business perspective:
1) Only one Major US Cell Carrier, Sprint, officially supports Google Wallet
2) The other three carriers, AT&T, T-Mobile and Verizon refuses to allow Google Wallet to be installed on their devices, instead forcing users to use ISIS Mobile Wallet
3) Speculation is that these three carriers may have wanted a monetary kickback for transactions
Looking at the reviews for ISIS Mobile Wallet, majority of them are poor reviews with a handful easily citing the actions of these three as anti-competitive. There where also reports of a poor supporting backbone, inability of specialized SIM cards that contain a secure element (access to the NFC is done via a decitated wire or wire pair link), and non-compatibility even with the official hardware needed. Back in May Verizon was quoted as blocking Google Wallet due to needed access to the Secure Element, yet has no problem with ISIS accessing it (http://techcrunch.com/2013/05/16/google-wallet-rolls-out-to-more-devices-nope-still-no-love-for-verizon-att-or-t-mobile-owners/) From a good faith perspective of these action, I recently submitted a concern of anti-trust to the US Department of Justice.
You mentioned the NFC emulation in CM 9.1 + . To extend upon the post mentioned, other developers continued down that path to improve the code. As a good reference, this blog link does provide some technical info about the emulation (http://nelenkov.blogspot.com/2012/10/emulating-pki-smart-card-with-cm91.html). Doug Yeager, one who holds several patents in NFC technology ended up writing the ISOPcdA and ISOPcdB classes with official incorporation into CM 9.1 + (git link, https://github.com/CyanogenMod/android_frameworks_base/tree/ics/core/java/android/nfc/tech). Yeager and his business partner Ted Fifelski (coming from the Point of Sale sector), both wanting to create a more open NFC environment created Simply Tapp (http://www.simplytapp.com/about.html). Simply Tapp also stores the keys remotely. As of right now, there has been no reported cases of the cell carriers blocking Simply Tapps' data connection.
Because the frameworks of the manufacturers variants of the Android Operating system are closed source, difficulty has been encountered trying to add these classes. To try and remove this barrier, I ended up submitted an enhancement ticket to try and get Google to add this code (http://code.google.com/p/android/issues/detail?id=56509) with what appears to be a positive response.
Hopefully this information helps you out seeing the current situation with NFC emulation,
Joe
Thanks
This information is very useful it's a shame there is not a simple way or at least a better way to emulate any NFC Forum defined tag hopefully google will make aviable in it's Android SDK a way to emulate a NFC tag
luisrojito said:
This information is very useful it's a shame there is not a simple way or at least a better way to emulate any NFC Forum defined tag hopefully google will make aviable in it's Android SDK a way to emulate a NFC tag
Click to expand...
Click to collapse
The only viable way (I'm concluded) to get NFC to move beyond a novelty to a truly respectable standard is to adapt the technology to devices that are not subject to the polices of the cellular carriers ( I have a concept, but I don't want to disclose too much at this point in the brainstorming)
Sending an email to NXP semiconductor about the access to the secure element resulted in a reply directed me to their product page http://www.nxp.com/products/identification_and_security/reader_ics/nfc_contactless_reader_ics/ (link working as of 2013-08-07).
EDIT: In addition to the above the following links may also help us out:
http://www.nxp.com/products/identification_and_security/authentication/
Smart Card ICs (Integrated circuits not ice cream sandwich)
-Landing Page
http://www.nxp.com/products/identification_and_security/smart_card_ics/
-Fast Pay secure Contactless Payment
http://www.nxp.com/products/identification_and_security/smart_card_ics/fastpay_secure_contactless_payment/
-MIFARE Smart Card ICs
--Landing Page
http://www.nxp.com/products/identification_and_security/smart_card_ics/mifare_smart_card_ics/
--SmarteID
http://www.nxp.com/products/identification_and_security/smart_card_ics/smarteid/
--SmartMX contact interface controllers
http://www.nxp.com/products/identification_and_security/smart_card_ics/smartmx_contact_interface_controllers/
--SmartMX dual interface controllers
http://www.nxp.com/products/identification_and_security/smart_card_ics/smartmx_dual_interface_controllers/
--SmartMX2
http://www.nxp.com/products/identification_and_security/smart_card_ics/smartmx2/
Saw this yesterday on xda tv and found article at UK info site concerning Chainfire.
Apparently Chainfire has come up with a whole new different approach to rooting once marshmallow becomes the standard.
At this point in time we will wait and see after we get marshmallow.
http://www.ibtimes.co.uk/supersu-v2...-marshmallow-without-modifying-system-1526678
Pp.
I wonder if it'll mean we can avoid tripping knox.
From what I read it sounds like this method circumvents firmware and security protocols.
It could be a knoxless process.
Pp.
The latest scoop, Chainfire has gone to the dark side.
He has sold out to some big entity (no name mentioned) and is pouring his recourses into this entity.
This is one way to stop tampering with your product, hire the person with the smarts to hack your product and make him work for you.
Rooting is going to have to wait for the next root savant.
Pp.
PanchoPlanet said:
The latest scoop, Chainfire has gone to the dark side.
He has sold out to some big entity (no name mentioned) and is pouring his recourses into this entity.
This is one way to stop tampering with your product, hire the person with the smarts to hack your product and make him work for you.
Rooting is going to have to wait for the next root savant.
Pp.
Click to expand...
Click to collapse
Where'd you see this?
The Root said:
Where'd you see this?
Click to expand...
Click to collapse
Reading in the link I posted in op, followed some comments and links I came across what appeared to be a disgruntled modder.
Read for about 15min before I can across the post.
Edit***
It was in the Nexus 6 link taking you to xda.
Pp.
I do not see what you're talking about. Can you be more specific? Maybe supply the link?
njdevils28 said:
I do not see what you're talking about. Can you be more specific? Maybe supply the link?
Click to expand...
Click to collapse
Will find and post, it could have been a link to the Nexus 6 thread where I read it .
》》》 Edit 《《《
Here's something else I found, not the same article but it spells it out for you.
http://www.androidpolice.com/2015/0...n-involved-in-the-project-for-two-more-years/
Pp.
Here's a link and a copy of op where I found info on Chainfire defection.
WARNING: This is not a place for you to come to say how great you think Chainfire is. I'm not calling his character into question, only his methodologies and the character of the outfit he sold out to (and I don't question the act of selling out, that's business, pays the bills, and puts kids through college). The debates about what people prefer and why are as old as the first software. And of course, I will not tell you what to do, no matter how much I disagree with you. If you UNDERSTAND what I have to say, then THIS software is for you. If you don't, you are probably better off with binaries.
The root situation on Android 5.x left a lot to be desired. There was basically just one distributor of a functional substitute user command (su), and it was binary. Recently, ownership of that binary and all of its history has become the property of a previously unknown legal entity called "Coding Code Mobile Technology LLC". While it was presented as a positive thing that that entity has a great involvement with android root control, this is actually a VERY frightening development.
There are precisely two motives I can imagine for buying up all the root control software for Android;
1) monetizing it, which is contrary to the user's best interests,
2) something very frightening and dangerous involving the potential exploitation of everybody's devices.
You don't know the owners, and they are distributing a binary, so who the heck knows WHAT is going on.
Now a few important considerations with respect to your security and privacy;
1) Obfuscated binary cannot be sanely audited.
2) Function of this binary depends on the ability to manipulate selinux policies on the fly, including RELOADING the policy altogether and replacing it with something possibly completely different. Frankly, I've never heard a single reason why this should be necessary.
3) While a root control application may give you nice audits over other software that is using its service, it can *EASILY* lie about what it is doing itself. It can delete logs, it can share root with other applications that they have made deals with, it can directly sell you out to spammers, etc.
That is WAY too dangerous, and not worth the risk.
Frankly, you are safer if you disable selinux AND nosuid, and just run the old style of root where you set a copy of sh as 6755. And that is FRIGHTENINGLY dangerous.
So not satisfied with this state of root, and especially now with a new unknown entity trying to control the world, we bring you the rebirth of the ORIGINAL Superuser:
https://github.com/phhusson/Superuser
https://github.com/lbdroid/AOSP-SU-PATCH (this one is mine)
From the history of THAT Superuser:
http://www.koushikdutta.com/2008/11/fixing-su-security-hole-on-modified.html
Yes, look at the Superuser repo above and see whose space it was forked from.
Note: This is a work in progress, but working VERY well.
Use my patch against AOSP to generate a new boot.img, which includes the su binary.
Features:
1) selinux ENFORCING,
2) sepolicy can NOT be reloaded.
3) It is NOT necessary (or recommended) to modify your system partition. You can run this with dm-verity!
The source code is all open for you to audit. We have a lot of plans for this, and welcome suggestions, bug reports, and patches.
UPDATE NOVEMBER 19: We have a new github organization to... "organize" contributions to all of the related projects. It is available at https://github.com/seSuperuser
UPDATE2 NOVEMBER 19: We have relicensed the code. All future contributions will now be protected under GPLv3.
*** Regarding the license change; according to both the FSF and the Apache Foundation, GPLv3 (but not GPLv2) is forward compatible with the Apache License 2.0, which is the license we are coming from. http://www.apache.org/licenses/GPL-compatibility.html . What this means, is that it is *ILLEGAL* for anyone to take any portion of the code that is contributed from this point onward, and use it in a closed source project. We do this in order to guarantee that this VITAL piece of software will remain available for EVERYONE in perpetuity.
http://forum.xda-developers.com/showthread.php?p=63436951
Pp.
i want a 5.1.1 root without tripping knox.
ourfear said:
i want a 5.1.1 root without tripping knox.
Click to expand...
Click to collapse
Don't think it's possible after last update.
Back in the beginning with 502 and first 511 update it was possible but updates patched exploits in kernel , not now. You either windup with tripped Knox or brick.
I'm a diehard rooter but have learned to live /like factory stock on this super phone.
With over 20 disable junk apps I get fenomenal battery life and trouble free functions on my phone the way root would make it in the past.
And that's all I want from this device.
Pp.
Is the builtin app named "Storagemanager" a hidden system administrator in LineageOS 19.1?
I ask this because in LineageOS 14.1 Storagemanager is a systemadministrator app.
In LineageOS 14.1 under > settings > apps > special app access > deviceadministrators, nothing showed up by default, but then i pressed the three dots on the top right and selected "show system", then storage manager was shown as active system administrator app.
I had the option to disable it, which i did, as i dont want ANY app to be administrator as i consider myself as the device owner being the administrator in place, no need for an app to have any such administrative permissions.
Now in LineageOS 19.1 when you navigate to > settings > apps > special app access > deviceadministrators > the three dots on the top right corner to show system apps ARE GONE.
This makes me think storage manager is a secret/hidden system administrator that cannot be disabled in lineageOS 19.1 because the three dots at the top right have been removed in 19.1 basically making it IMPOSSIBLE to the device owner to remove unwanted systemadministrator apps.
If infact storagemanager is a secret systemadministrator app, why is that so, why was the option to disable this app from being a system administrator removed??
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Another question, in LineageOS 14.1 when i tried to open the calendar app, there was a prompt/popup saying "to use the calendar app you must add atleast one google account to your phone".
To be honest that scared me... considering that i use LineageOS purely for privacy and Google is the opposite of privacy.
That being said please keep in mind (this is very important), in LineageOS 14.1 when i opened the calendar app i was asked to add a Google account...
Here comes the things, in LineageOS 19.1 when i open the calendar app the prompt/popup says this: "before you can use the calendar app you must add atleast one calendar account".
That sounds very suspicious to me, because in 14.1 it was called google account and now in 19.1 its called callendar account, obviously my question is now... is the callendar account a google account just being called out in another way...?? If yes this is obviously a major manipulation because not naming google here will trick most likely any LineageOS user to creating a callendar account without even knowing that in reality what they just did was to create a goolge account on their privacy phone...... what sort of manipulative person would make such a nightmare come true? At this point i must ask if LineageOS even is a privacy option anymore... or has it been inflitrated by google already...
Another suspicous change i detected after switching from LineageOS 14.1 to 19.1 is that under > settings > apps > special app access > useage access, zero apps are listed, but once i pressed the three dots in the top right corner, bluetooth, media storage, nfc service, package installer, permissions controller, phone services, shell, storage manager, and systemui where ALL shown as "access to useage data = allowed". This really makes me woonder what is going on with LineageOS, what reason is there to grant all these apps access to useage data by default?? In LineageOS 14.1 there was not a single app even the system ones, that had useage data access set to allowed, infact in 14.1 all apps where set to be not allowed to access useage data. What is going on here and why??
Another change i noticed from LineageOS 14.1 to 19.1 is that under > settings > privacy, in 14.1 i was able to edit individual app permissions and enable or disable the privacy mode, in 19.1 there seems to be a new service so called "trust" which is responsible for privacy, im fine with that, however i am missing a very important privacy setting that was present in 14.1 but is not in 19.1 and that is "start on boot". On 14.1 i was able to select any specific app and deny or allow it's access to start itself on boot. Why is this important setting not present in 19.1?
In 19.1 under > settings > privacy > permissions manager, there is no option to deny apps to "start on boot".
My guess is, either 19.1 blocks all apps from starting on boot by default, or it allows it by default for all apps and there is simply no option to stop that which would be a major privacy downgrade compared to older versions...
thank you for posting this, my eyes have been opened.
Already 100+ views but only 1 comment, hmm...
Nobody knows anything?
I seriously want to get ansers to the above questions... these are real concerns to me.
My questions don't seem to get to much attention here, not even to mention a reply.
Does anyone know a forum or another place where i can ask what is written above?
I wan't answers, these are real privacy concerns!
Hmmm. I don't have answers to your specific questions. In another thread, you posted, generally, that most people don't care about your concerns. Very true. I wholeheartedly support you advocating your views; however encourage you to tread lightly if you want people to reply to you.
The only sure answer to your situation, and for me, also, is to grab the source of the rom which suits you, one without gapps, and then hire a dev to help go through the source to answer your questions. Then edit as needed and re-compile.
I am familiar enough with the process in general however don't have the skills to do it myself. LOS and its variants are probably a good place to start. I am using a vanilla build of RROS on A10 on a Oneplus8 pro. Since we have tools for A11 that is good but the tools generally aren't available for some time after a new Android release.
Your question might be asked of the Lineage devs, though I am sure they are busy and they are not forcing you to use their (free) product. There are also Linux phones available, although so far the hardware I have seen is not great.
What phone are you using? If you are serious about this, and are willing to support a dev project as above, we would have to settle on one or two similar OSes on the same Android version, and hire someone for a few days. This would be expensive. I, for one, would contribute. If we found 10 or 20 like minded people a crowdfunding page could be set up. If we did not reach the necessary amount then the money could be refunded.
To tell the truth, G keeps putting more obstacles in the way of modders and I am getting to the point where its not worth the trouble. Hopefully the hardware for Linux phones will improve.
Thoughts??
gregpilot said:
Hmmm. I don't have answers to your specific questions. In another thread, you posted, generally, that most people don't care about your concerns. Very true. I wholeheartedly support you advocating your views; however encourage you to tread lightly if you want people to reply to you.
The only sure answer to your situation, and for me, also, is to grab the source of the rom which suits you, one without gapps, and then hire a dev to help go through the source to answer your questions. Then edit as needed and re-compile.
I am familiar enough with the process in general however don't have the skills to do it myself. LOS and its variants are probably a good place to start. I am using a vanilla build of RROS on A10 on a Oneplus8 pro. Since we have tools for A11 that is good but the tools generally aren't available for some time after a new Android release.
Your question might be asked of the Lineage devs, though I am sure they are busy and they are not forcing you to use their (free) product. There are also Linux phones available, although so far the hardware I have seen is not great.
What phone are you using? If you are serious about this, and are willing to support a dev project as above, we would have to settle on one or two similar OSes on the same Android version, and hire someone for a few days. This would be expensive. I, for one, would contribute. If we found 10 or 20 like minded people a crowdfunding page could be set up. If we did not reach the necessary amount then the money could be refunded.
To tell the truth, G keeps putting more obstacles in the way of modders and I am getting to the point where its not worth the trouble. Hopefully the hardware for Linux phones will improve.
Thoughts??
Click to expand...
Click to collapse
My knownledge on programming is very limited, i would not be able to contribute to any meaningful software really. Indeed my language can quickly become not so nice when it comes to privacy, i don't like how the masses throw away their freedom.
Think about it, google chrome holds around 60% market share, then combine all chromium browsers and we are at around 90% while Firefox is at around 4%. Then think about how many people use Gmail and how many use privacy alternatives like Protonmail. Think about how many people use the standard google android os on their phone and how many have iphones and compare that to how many people use a linux phone or a custom os like lineage or graphene...
Anyone can protect their privacy, there are many great videos on youtube.
Here are some examples:
The Hated One
Creating deeply researched and well-sourced essays critiquing some of the most important issues of our time in a non-partisan, non-sectarian way. Mass surveillance is a backdoor into freedom of speech. Knowledge is power. And power corrupts. https://twitter.com/The_HatedOne_...
yewtu.be
Rob Braxman Tech
I'm the Internet Privacy Guy. I'm a public interest hacker and technologist. I use my extensive knowledge of cybersecurity and tech to serve the public good. I care about privacy. I warn you of digital manipulation, disinformation, mass surveillance. I also discuss alternative communication...
yewtu.be
Techlore
Techlore was built to prove privacy & security are not just achievable - but simple and accessible. We manage several projects, communities, and content to spread privacy & security to the masses. Visit our Website: https://techlore.tech
yewtu.be
Mental Outlaw
Only cool people visit https://based.win/
yewtu.be
Naomi Brockwell: NBTV
www.nbtv.media NBTV teaches people how to reclaim control of their lives in the digital age. We give people the tools they need to take back their data, money, and free online expression. - Your Money - Your Data - Your Life Empower Yourself. Created and hosted by Naomi Brockwell Our...
yewtu.be
Louis Rossmann
I discuss random things of interest to me. This is, and always will be, my personal variety show. I teach Macbook component level logic board repair from a common sense, everyman's perspective. I try to make it seem viable, and entertaining. I also go over business concepts & philosophy that...
yewtu.be
The Linux Experiment
Making Linux accessible: no techno lingo, no super technical content. Just Linux desktop news, simple tutorials, application spotlights, and opinion pieces trying to stay positive, without gatekeeping. 👏 SUPPORT THE CHANNEL: Get access to a weekly podcast, vote on the next topics I cover, and...
yewtu.be
I use yewtu.be over youtube.com to avoid google.
See, google chrome and google search know all of your browsing history, there is no privacy, they make a profile of everyone who uses any of their services. Even if you use google without an account chances are they can identify you and your device. Same with gmail... it reads (scans) all of your emails and sell the content to adverstisers. I don't know how people can be ****** enough to use these services when you can simply switch to alternatives that are working perfectly flawless and don't spy on you.
Privacy can be easy.
Instead of google chrome > Firefox or even better Librewolf
Instead of google search > brave search or duckduckgo
Instead of gmail > protonmail
Instead of google android > lineage or graphene
It's not that hard...
Nobody forced me to use lineageos obviously i installed it on my own, i don't like the changes from 14.1 to 19.1 as they seem very suspicious to me, but i will still preffer LOS at any time over the standard google crap.
Before using a google phone id rather not use a phone at all.
Speaking about phones, people who buy iphones have lost their mind, i mean it.
My phone is a samsung S7, as long as it is functional i will not buy a new phone, besides i don't have the money now... your suggestion sounds interesting but i'm not into that really.
In the mean time i will repeat what you said, we can only wait for linux phones to support modern hardware and get one of those in the future.
GrapheneOS seems like the best choice as of now but it's really ironic that it works only on google pixel phones...
Most people don't care that they are been spied on. They are after the they easy life. Want all the mod cons to make things easier. Unfortunately you can't change peoples habits. Have started seen a lot of custom rooms with suspicious files, that makes a person wonder if google is paying the devs to include their software.
ShaunSmit said:
Most people don't care that they are been spied on
Click to expand...
Click to collapse
Well, plenty of people do. For example, just see XDA's thread for FairEmail:
https://forum.xda-developers.com/t/...en-source-privacy-oriented-email-app.3824168/
Privacydroid said:
builtin app named "Storagemanager" a hidden system administrator in LineageOS 19.1?
Click to expand...
Click to collapse
Privacydroid said:
My questions don't seem to get to much attention here
Click to expand...
Click to collapse
Well, I am interested in and have subscribed to this topic... it's just that LOS19 is still not really a hot topic for me yet (still fighting with LOS18, lol).
SigmundDroid said:
Well, plenty of people do. For example, just see XDA's thread for FairEmail:
https://forum.xda-developers.com/t/...en-source-privacy-oriented-email-app.3824168/
Well, I am interested in and have subscribed to this topic... it's just that LOS19 is still not really a hot topic for me yet (still fighting with LOS18, lol).
Click to expand...
Click to collapse
My bet lineage 1.18 is also affected by what i described above.
there might be some privacy oriented custom roms. have you checked ?
e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data
your data is YOUR data
e.foundation
or
Purism– Librem 5
Introducing the – Librem 5 by Purism
puri.sm
Fytdyh said:
there might be some privacy oriented custom roms. have you checked ?
e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data
your data is YOUR data
e.foundation
or
Purism– Librem 5
Introducing the – Librem 5 by Purism
puri.sm
Click to expand...
Click to collapse
Never heared about https://e.foundation/ will have a look at that one.
The librem 5 has outdated hardware and is expensive, but that's not the problem... the shipping times are totally ******. Can take years for you to ever recive that phone.
Besides, that doesn't anser any of my above questions about LOS, guess that wasn't your intention anyways.
Privacydroid said:
Never heared about https://e.foundation/ will have a look at that one.
The librem 5 has outdated hardware and is expensive, but that's not the problem... the shipping times are totally ******. Can take years for you to ever recive that phone.
Besides, that doesn't anser any of my above questions about LOS, guess that wasn't your intention anyways.
Click to expand...
Click to collapse
about your privacy related inquiries, i recon that Lineage, while it used to stand for privacy in the first years, it started to be seen more as a way to get updates on no longer supported devices. and given that almost every user that uses lineage also had flashed gapps, makes sense for them to add gapps in their everyday custom rom as well. Google has its sets of downsides and upsides. Privacy is good, but functionality is more important. a lot of good apps rely on google implemented functionality. Say that i would need to drive around the country. Privacy is my preference, but i need a fully functional bugless waze. Waze without google play services is a mess, if you get it working. Android Auto without gapps isnt possible.
For my devices, at least, Lineage did not have gapps baked in. For me, a good thing. There are a few vanilla roms left out there. Even without gapps, there are still leaks to google (the captive portal connectivity check, for one) but the footprint is much smaller.
For me, I have found open source alternatives to ALL of googles bloat and spyware. Not as convienient, sure. Pain in the a** sometimes, yes. Wayze? Host your own cameras, use openstreetmap (osmand) instead. google has made it very convienient with their ecosystem. I, for one, do not wish to share my life with them.
Fytdyh said:
about your privacy related inquiries, i recon that Lineage, while it used to stand for privacy in the first years, it started to be seen more as a way to get updates on no longer supported devices. and given that almost every user that uses lineage also had flashed gapps, makes sense for them to add gapps in their everyday custom rom as well. Google has its sets of downsides and upsides. Privacy is good, but functionality is more important. a lot of good apps rely on google implemented functionality. Say that i would need to drive around the country. Privacy is my preference, but i need a fully functional bugless waze. Waze without google play services is a mess, if you get it working. Android Auto without gapps isnt possible.
Click to expand...
Click to collapse
No idea why people use gapps or microg, it's anti privacy so i do not ever use any of that.
I do not use any google services in my life and i don't miss them or need them for anything, i have alternatives.
I have to disagree on this phrase "Privacy is good, but functionality is more important".
If you are forced to give up privacy to use a service or product then the service or product is not worth being used.
Privacy is way more important than functionality, besides 90% of the time you can find perfectly working privacy friendly alternatives for almost anything.
Instead of google maps for example i use these:
Map at DuckDuckGo
DuckDuckGo. Privacy, Simplified.
duckduckgo.com
OpenStreetMap
OpenStreetMap is a map of the world, created by people like you and free to use under an open license.
www.openstreetmap.org
Not sure if that is helpful while driving, would be fine for me, never heared about waze.
I banned Google of my life and im happy with that, wasn't that hard after all.
gregpilot said:
For my devices, at least, Lineage did not have gapps baked in. For me, a good thing. There are a few vanilla roms left out there. Even without gapps, there are still leaks to google (the captive portal connectivity check, for one) but the footprint is much smaller.
For me, I have found open source alternatives to ALL of googles bloat and spyware. Not as convienient, sure. Pain in the a** sometimes, yes. Wayze? Host your own cameras, use openstreetmap (osmand) instead. google has made it very convienient with their ecosystem. I, for one, do not wish to share my life with them.
Click to expand...
Click to collapse
My lineage version also doesn't have gapps in it, atleast nothing that is visible or accessable to me..
Not sure about the calendar thing described above..
What do you mean by captive portal connectivity check, what's that?
I beleve LOS uses Googls SUPL Server's too.
Great to meet someone with the same mindset, way to many people throw away their privacy which is equal to freedom, for "convienience"... It's crazy.
What do you mean by captive portal connectivity check, what's that?
I beleve LOS uses Googls SUPL Server's too.
Click to expand...
Click to collapse
Every time your device makes a network connection (wifi or cellular) it pings "connectivitycheck.gstatic.com". Not really a ping, its a http request to check for internet connectivity. Successful completion will remove the "x" by the wifi and/or cell data icon. Although if the address is blocked on your router the "x" will remain, and your device will complain about not having internet access....but it does! (so long as your wifi router/cell net has access). But wifi calling won't work.
For more, go here:
https://forum.xda-developers.com/t/guide-how-to-avoid-the-captive-portal-checkin-to-google.3927561/
You can host your own check server, or....just disable the check.
I have confirmed this works on A9 and A10 AOSP roms. There are different variants of this command for different roms. You may have to try several of them.
From an adb shell: (needs root)
Code:
:/ # settings put global captive_portal_mode 0
***********THIS DISABLES GOOGLE CONN CHECK***** A9 and 10
To verify it is disabled:
Code:
:/ # settings list global | grep portal
Should return "captive_portal_mode=0"
If you do connect to a captive portal page (public wifi, open connection) where the owner wants a login cred then the side effect of this is that it won't work.
The issue is that everytime the check is run, google will get your IP address and browser/OS and can infer your coarse location even if location services are turned off. I have all google domains blocked on my wifi so to keep my wife happy I disable the check on her phone also so she does not get the "no internet" notification.
Another hole is the agps (assisted gps) database downloaded from google or your phone carrier regardless of enabled location. I believe you can edit the server which is contacted, again, will require root.
This post says you can edit the gps.conf file:
https://forum.xda-developers.com/t/a-gps-supl-protocol-and-privacy-breaching.3602863/
Anyone try that? What abour removing "supl" from the apn type?
But I'm not there, yet, I usually have location selected off. Rob Braxman has a good vid here, use freetube:
https://github.com/FreeTubeApp/FreeTube
https://www.youtube.com/watch?v=vbBkZ-MROEk?
Again as stated earlier the best fix is to find a AOSP source of a rom you like, edit (or hire a dev) to edit out all of the bloat and google tracking which may remain, and re-compile.
gregpilot said:
Every time your device makes a network connection (wifi or cellular) it pings "connectivitycheck.gstatic.com". Not really a ping, its a http request to check for internet connectivity. Successful completion will remove the "x" by the wifi and/or cell data icon. Although if the address is blocked on your router the "x" will remain, and your device will complain about not having internet access....but it does! (so long as your wifi router/cell net has access). But wifi calling won't work.
For more, go here:
https://forum.xda-developers.com/t/guide-how-to-avoid-the-captive-portal-checkin-to-google.3927561/
You can host your own check server, or....just disable the check.
I have confirmed this works on A9 and A10 AOSP roms. There are different variants of this command for different roms. You may have to try several of them.
From an adb shell: (needs root)
Code:
:/ # settings put global captive_portal_mode 0
***********THIS DISABLES GOOGLE CONN CHECK***** A9 and 10
To verify it is disabled:
Code:
:/ # settings list global | grep portal
Should return "captive_portal_mode=0"
If you do connect to a captive portal page (public wifi, open connection) where the owner wants a login cred then the side effect of this is that it won't work.
The issue is that everytime the check is run, google will get your IP address and browser/OS and can infer your coarse location even if location services are turned off. I have all google domains blocked on my wifi so to keep my wife happy I disable the check on her phone also so she does not get the "no internet" notification.
Another hole is the agps (assisted gps) database downloaded from google or your phone carrier regardless of enabled location. I believe you can edit the server which is contacted, again, will require root.
This post says you can edit the gps.conf file:
https://forum.xda-developers.com/t/a-gps-supl-protocol-and-privacy-breaching.3602863/
Anyone try that? What abour removing "supl" from the apn type?
But I'm not there, yet, I usually have location selected off. Rob Braxman has a good vid here, use freetube:
https://github.com/FreeTubeApp/FreeTube
https://www.youtube.com/watch?v=vbBkZ-MROEk?
Again as stated earlier the best fix is to find a AOSP source of a rom you like, edit (or hire a dev) to edit out all of the bloat and google tracking which may remain, and re-compile.
Click to expand...
Click to collapse
Thank you for this interesting reply, i will attempt to remove captive portal connectivity check / connectivitycheck.gstatic.com with adb by following your provided command
settings put global captive_portal_mode 0
settings list global | grep portal
However you mentioned this needs root, my device is not root so this basically wont work without root?
I could use magisk for rooting.
Rob Braxman is great, watching all of his content. But i couldn't find any instructions to disable googles SUPL.
I also don't think rob has a video for captive portal connectivity check, or does he?
From my experience with his videos he acts as if degoogled phones with lineage are 90% better than normal phones, so i guess the other 10% are things like SUPL and captive portal connectivity check which are not that easy to disable..? If google knows my locations on a degoogled device with lineageos by using captive portal connectivity check then hell, that#äs really disturbing i had no idea that they still know where my phone is / where i am, very scary...
However you mentioned this needs root, my device is not root so this basically wont work without root?
Click to expand...
Click to collapse
Yes, the command needs root. Also there are some differences based on your version of Android.
The following is old, but has some good stuff:
https://www.reddit.com/r/privacy/comments/cldrym
The biggest help for this is to not install google services, and use a vanilla rom without it.
As far as captive portal, that is fixable.
The DNS servers can be changed from googles, but it is less straightforward.
NLP is not present without gapps, from what I have read
The SUPL issue, for me, is a WIP. I will happily deal with slow GPS TTFF. What I don't know:
1. Editing (removing) the supl entry in the APN file, what affect, if any;
2. Editing /vendor/etc/gps.conf (newer roms have the file in /vendor) to show a non g server;
3. the big question, which GPS radio chips may or may not have SUPL on the hardware level and therefore, if so, we are unable to fix.
gregpilot said:
Yes, the command needs root. Also there are some differences based on your version of Android.
The following is old, but has some good stuff:
https://www.reddit.com/r/privacy/comments/cldrym
The biggest help for this is to not install google services, and use a vanilla rom without it.
As far as captive portal, that is fixable.
The DNS servers can be changed from googles, but it is less straightforward.
NLP is not present without gapps, from what I have read
The SUPL issue, for me, is a WIP. I will happily deal with slow GPS TTFF. What I don't know:
1. Editing (removing) the supl entry in the APN file, what affect, if any;
2. Editing /vendor/etc/gps.conf (newer roms have the file in /vendor) to show a non g server;
3. the big question, which GPS radio chips may or may not have SUPL on the hardware level and therefore, if so, we are unable to fix.
Click to expand...
Click to collapse
I just tried using your solution for the onnectivitycheck.gstatic.com issue by using the provided command
:/ # settings put global captive_portal_mode 0
Before i that i rooted the phone with magisk, the command did not work (i attempted executing the command on cmd in windows inside the adb/fastboot folder, usb drivers are also installed.
I was able to start the daemon by using adb devices but the command you provided didn't work.
The phone was booted normally during the test, maybe i should instead go to downloadmode or recovery mode? The link you send for more instructions says we should use a cmd app on the phone to exectue this command (a pc is not mentioned), however i don't find any cmd app on the phone (lineageos 19.1).
Privacydroid said:
I just tried using your solution for the onnectivitycheck.gstatic.com issue by using the provided command
:/ # settings put global captive_portal_mode 0
Before i that i rooted the phone with magisk, the command did not work (i attempted executing the command on cmd in windows inside the adb/fastboot folder, usb drivers are also installed.
I was able to start the daemon by using adb devices but the command you provided didn't work.
The phone was booted normally during the test, maybe i should instead go to downloadmode or recovery mode? The link you send for more instructions says we should use a cmd app on the phone to exectue this command (a pc is not mentioned), however i don't find any cmd app on the phone (lineageos 19.1).
Click to expand...
Click to collapse
No, the command is made from a root shell on the phone directly, or through an adb shell.
First:
open a cmd window on your pc, cd to your adb folder. Do you have "minimal adb and fastboot" installed on your pc? Its on the forums here.
Plug in your phone to USB, do not boot to recovery or download mode. Just the normal system.
From the open cmd window, issue "adb devices". What appears?
If "unauthorized", you have to enable adb debugging in developer options. You have that enabled, right? If you do you will get a prompt on the phone to allow adb debugging access when you connect over USB.
If you get "device XXXXX", I do not recall the number of characters, then you can proceed.
issue "adb shell"
you should get a shell prompt (your phone cmd shell)
Issue "su"
If you are rooted magisk may prompt you to allow root
issue "whoami", this has to return "root".
Then issue the command I gave you. " settings put global captive_portal_mode 0"
The second string "settings list global | grep portal" is only to verify the success of the first command.
You don't need adb for this, you can also enable the "local terminal" in developer options. Or use your favorite terminal. I like Termux.
Open the terminal from your app drawer
issue "su"
Again, you should get a magisk prompt requesting permissions, allow it
issue "whoami" , verify root
then issue the same two commands.
What version of Android are you on?