Guardian Rom by x942Thanks to:
The Guardian Project
Cyanogen Mod
Android Open Source Project
Open-Pdroid Project
Any one else I am missing
Click to expand...
Click to collapse
What is Guardian Rom?
Guardian ROM is a custom android ROM multiple devices. The ROM is completely Open Source and based off AOSP. It is Milestoneso please expect some bugs, & missing features (i.e updater).
What Features does Guardian Rom have?
Kernel is hardened with SecDroid Tweaks.
ROM is patched with and includes OpenPdoird for
permissions management.
Guardian Project apps are pre-installed – These include Orbot (Tor), Gibberbot (Secure IM),
and more.
CSSimple and OStel (https://guardianproject.info/wiki/Ostel) are included as replacements to the
built calling apps. providing encrypted communications.
If encryption is enabled and password is entered wrong 10 times the phone wipes user data.
Including support for Deniable Encryption (similar to Truecrypt hidden volumes).
Click to expand...
Click to collapse
Coming Soon:
Including GRSecurity for exploit mitigation and more secure phone.
Including SQLCipher to ensure all data is encrypted whenever possible
Including a customer “app store” for our repos.
Different lockscreen pin and Pre-Boot authentication password.
Auto-Prompt for encryption setup on first boot.
Click to expand...
Click to collapse
How to use:
Simply flash the flashable zip through your favorite custom recovery. (TWRP is recommended as it supports encrypted devices). Once flashed you should enable Full Disk Encryption by doing the following (may very depending on device):
Code:
Settings --> Security ---> Password [enter a strong 8-16 char password]
Than
Code:
Settings --> Security ---> Encryption --> Enable Encryption
Downloads:Downloads are over here.
Please verify the downloaded file with the attached GPG signature to ensure is is a legit copy.
GAPPS
Google Apps are NOT included and before you flash them you may want to read this article.
UPDATES:
Added Deniable Encryption using Mobiflage
Encryption is now AES-256bit-XTS instead of 128bit-CBC
.
I'll be keeping an eye on it. Good work.
While this looks like a very interesting project and could have very promising applications (particularly in the military/government sector), most users on this site will undoubtedly complain about the horrendously slow speeds this many layers of encryption will bring.
Best of luck to you, though.
Hungry Man said:
I'll be keeping an eye on it. Good work.
Click to expand...
Click to collapse
:good:
psyren said:
While this looks like a very interesting project and could have very promising applications (particularly in the military/government sector), most users on this site will undoubtedly complain about the horrendously slow speeds this many layers of encryption will bring.
Best of luck to you, though.
Click to expand...
Click to collapse
True. Speed is not the goal. Although there isn't to much slow down actually. But it is a sacrifice for security.
thanks. looking very interesting.
un.droid said:
thanks. looking very interesting.
Click to expand...
Click to collapse
Thanks! Milestone 1 is now up.
Brings Mobiflage (Deniable Encryption) and a easy installer. New base is AOSP.
Interesting
x942 said:
Thanks! Milestone 1 is now up.
Brings Mobiflage (Deniable Encryption) and a easy installer. New base is AOSP.
Click to expand...
Click to collapse
Are you working this still? This is an interesting concept. Has anyone out there been using this over time?
tt100b said:
Are you working this still? This is an interesting concept. Has anyone out there been using this over time?
Click to expand...
Click to collapse
Yup. Everything is moving quickly on twitter and my website. I only post here when new version are released. Stable version is underway just testing and fixing last Minute bugs. :good:
Main features coming:
PDroid is enabled now with GUI present
SuperUser works properly
Encryption GUI is present in some form or another*
Windows and Linux installers
*Encryption GUI will either be an APK that calls vdc on the device. OR will be baked into the Installer on Windows, Linux, and Mac OS X.
Hi,
Just saw this morning the announcement that microG GSMCore went alpha. According their own post:
microG GmsCore is a FLOSS (Free/Libre Open Source Software) framework to allow applications designed for Google Play Services to run on systems, where Play Services is not available. If you use your phone without GAPPS this might become a useful tool for you.
Said in different words; this allows you to use apps that normally would require proprietary closed source apps from Google. This could be a nice replacement for people that want more privacy. You would use a network location not relaying in Google, instead of Google Maps integrations you would see Openstreetmaps, etc.. Of course not all the frameworks are implemented right now but I expect to get better with some time. I'm looking forward to the 'cast' functionality (as I have a few Chromecasts at home).
I would love to give it a try on CM11 but it needs to add a patch to the code that allows package signature faking. I saw that the patch is on review for CM12.1 but I would need the developer @ggow to backport this to CM11 and include it in his next release. As I don't have permission to ask directly in the development sub-forum I'm posting here to see if there are more people interested on this.
The patch, for @ggog, is here: http://review.cyanogenmod.org/#/c/106162/ and the post for microG is here: http://forum.xda-developers.com/android/apps-games/app-microg-gmscore-floss-play-services-t3217616
.Xamar
You can use xposed to disable signature checking.
I didn't know there was a module for that, Thanks.
The developer for the CM11 Amazon FIre Phone though, told me in his next release he is going to include signature faking (he said he already merged it before I even asked)
So maybe I'll just wait until his next release to try this out.
krackers said:
You can use xposed to disable signature checking.
Click to expand...
Click to collapse
xamar said:
I didn't know there was a module for that, Thanks.
The developer for the CM11 Amazon FIre Phone though, told me in his next release he is going to include signature faking (he said he already merged it before I even asked)
So maybe I'll just wait until his next release to try this out.
Click to expand...
Click to collapse
- New release will be in either Monday or Tuesday.
ggow said:
- New release will be in either Monday or Tuesday.
Click to expand...
Click to collapse
Great! Looking forward to it! Thanks a lot
ggow said:
- New release will be in either Monday or Tuesday.
Click to expand...
Click to collapse
New release do mean CM 12?
cell2011 said:
New release do mean CM 12?
Click to expand...
Click to collapse
- No, not CM-12
- CM-12 will require amongst other things a new kernel (AKA fireos 5.0)
Hello
I am going to release unofficial builds of LineageOS 14.1 for Wileyfox Crackling. The builds will be updated every month after a new security patch level is reached.
The build I made can be flashed on top of Cyanogenmod 13 build (with wiping dalvik and cache). It should work without any problems; I do not experience any.
But I do not take any responsibility if your favorite app/setting/etc. is not working anymore.
If it makes problems, wipe data/dalvik/cache and install again.
Besides that the ROM has two extra features:
I patched signature spoofing support into the ROM. Now it is possible to install microG. This is a re-implementation of Google’s proprietary Android user space apps and libraries. So for many cases you do not have to install the proprietary GAPPS anymore.
Note: This feature is disabled by default and will not affect the ROM in any way. It has to be enabled in the according settings.
Also, there's an option available to record calls now. Please respect the privacy of others.
Android security patch level:
Code:
[URL="https://source.android.com/security/bulletin/2017-02-01.html"]February[/URL] | 2017-02-05 security patch level
Version/Filename:
Code:
lineage-14.1-20170227-UNOFFICIAL-crackling.zip
Download:
Code:
[B][SIZE="2"]Openload.co:[/SIZE][/B]
https://openload.co/f/DBKYItUGllA/lineage-14.1-20170227-UNOFFICIAL-crackling.zip
https://openload.co/f/grRwId0HJJE/lineage-14.1-20170227-UNOFFICIAL-crackling.zip.md5sum
Alternativ:
[B][SIZE="2"]Free.fr:[/SIZE][/B]
http://dl.free.fr/uqIBAf8dM
The kernel and device sources I used to build the ROM can be found here:
Code:
https://github.com/lineageos
thomson.aa said:
Hello
This is my first build of LineageOS for Wileyfox Crackling.
I flashed it on top of my Cyanogenmod 13 build (with only wiping dalvik and cache) and it so far works without any problems.
But I do not take any responsibility if your favorite app/setting/etc. is not working anymore.
This release has the root access option disabled because LineageOS disables root for apps by default. It has to be enabled before building the rom - I didn't know that so I will provide an updated rom with root access for apps available.
Besides that the rom has one extra feature:
I patched signature spoofing support into the rom. Now it is possbible to install microG. This is a re-implementation of Google’s proprietary Android user space apps and libraries. So for many cases you do not have to install the proprietary GAPPS anymore.
Note: This feature is disabled by default and has to be enabled in the according settings.
Android security patch level:
Code:
[URL="https://source.android.com/security/bulletin/2017-01-01.html"]January[/URL] | 2017-01-05 security patch level
Version/Filename:
Code:
lineage-14.1-20170117-UNOFFICIAL-crackling.zip
Download:
Code:
https://openload.co/f/WCt_JxGZ-UE/lineage-14.1-20170117-UNOFFICIAL-crackling.zip
Click to expand...
Click to collapse
Sorry thomson.aa sorry i do not have english my google translation. Work is very nice thanks one has a mistake sim card people do not see a way to solve it? I wish you continued success.
Where is the source ? You can't post this without kernel source
I dirty flashed this over crDroid and it seems to be working pretty well. Thanks.
All my app's (not many at the moment) were working fine.
Playstore thinks it's 'no carrier Wileyfox Wileyfox Swift'... but I guess that's better than 'Wileyfox Pixel XL' (crDroid).
On initial booting the status bar wouldn't pull down but works ok after a reboot.
Buttons were a bit messed up which only gave me a back button even though the usual defaults were all set. After deleting them and re-adding them they worked fine. I'm guessing this may be due to dirty flashing. Shame the button customisation is just as basic as cm13 especially after using crDroid.
Using Kernal Auditor Mod I see that the cpu only scales down to 800mhz and the gpu scales up to 400mhz. I don't know much about this but won't this make it a little power hungry?
Going through the settings, I'm thinking that LOS14 isn't quite as complete as the cm13 I was using a few weeks ago. Although I guess this is to be expected at this stage. And I'm used to the more versatile crDroid now so I'll be restoring that in a mo.
This MicroG project sounds great. It seems a bit complex to get it working as I'd like but I definitely be having a go when I get my head around it.
All in all, Great job. Keep up the good work... please. I'm already waiting for the next release.
Oh, and er... Surely you could find a better file host???
I tried to build the Image myself by using your other Thread's How-To and after flashing i had no WIFI.
Now i flashed this build and WIFI is also not working.
[Edit]
I've collected some Logs - perhaps they'll help.
[Edit2]
Now i tried another '14.1-ROM' and i've the same problem....
During all my Tests the shown MAC-Address during the 'inital install' was weird: 02:00:00:00:00:00.
Before the 14.1 Lineage i had the latest CMmod 13 running without any Problems :/
Ok - solved it....
I encrypted my Device during CM13 and always entered my Key during Boot/TWRP and Formatting/Installation of 14.1.
Now i *really* formated all the Data (and the former encryption), rebooted to Recovery and sideloaded the Image+Gapps.
Now WIFI is working.
How do I enable signature spoofing ? I can't find any relevant setting.
M.A.K said:
How do I enable signature spoofing ? I can't find any relevant setting.
Click to expand...
Click to collapse
Settings -> Apps -> Gear symbol -> App permissions -> Spoof package signature
No... it's not there for me.
M.A.K said:
No... it's not there for me.
Click to expand...
Click to collapse
Works like it is supposed to be. The setting/app permission is only available if you install an app that requires that permission.
So, if you install microG the setting for signature spoofing will become available.
fred0r said:
Now i *really* formated all the Data (and the former encryption)
Click to expand...
Click to collapse
Could you tell me how to do that? I remember trying to find a way to remove encryption back in the day on my Nexus 5 and wasn't able to do it. Thanks!
thomson.aa said:
Works like it is supposed to be. The setting/app permission is only available if you install an app that requires that permission.
So, if you install microG the setting for signature spoofing will become available.
Click to expand...
Click to collapse
Ah, yes... got it now, thanks.
jobedius said:
Could you tell me how to do that? I remember trying to find a way to remove encryption back in the day on my Nexus 5 and wasn't able to do it. Thanks!
Click to expand...
Click to collapse
I booted into the TWRP 3.0.3 and did not enter my Encryption-PW (cancel) and then clicked 'Wipe' and then 'Format Data'.
update to official build?
Is it possible to update (aka dirty flash) to the now released official build? I had some problems doing that, see https://forum.xda-developers.com/showpost.php?p=70829582&postcount=8
Cheers
Nope, its not
Mithodin said:
Is it possible to update (aka dirty flash) to the now released official build? I had some problems doing that, see https://forum.xda-developers.com/showpost.php?p=70829582&postcount=8
Cheers
Click to expand...
Click to collapse
Twrp shows error 7(the data is incompatible). You need to wipe data, cache partitions and the system partition. Then install the zip with arm64 android 7.1 g-apps.
Cheers:good:
fred0r said:
I booted into the TWRP 3.0.3 and did not enter my Encryption-PW (cancel) and then clicked 'Wipe' and then 'Format Data'.
Click to expand...
Click to collapse
Aahhh, that makes sense if you know it! Thanks!
Welcome to Jaguar Oreo 8.1. As some may know, the emphasis of the project is on Security and Performance. I have recently transitioned from Lenovo Zuk Z2 plus and previously from Sony Xperias, and the rom is still actively maintained for Zuk Z2. You are welcome to visit the thread for user feedback: https://forum.xda-developers.com/lenovo-zuk-z2/development/jaguar-oreo-8-1-official-t3734597
In addition to most, if not all, familiar Oreo features starting from multiple options in statusbar, navbar, QS, gestures etc. to alarm blocker, wakelock blocker, smart pixels and omni features (I am not going to list all of them), you will have the following:
1. Hardened/fortified bionic (over 150 commits) to prevent bad behavior by system and third party apps.
2. Many classes and resources are NOT pre-loaded or compiled during boot. Instead, they are compiled after the initial startup and put in ram and cache. So, after initial settling, you will have increased speed in almost everything: interface transitions, app startup time, etc. . In addition, it takes 4-5 seconds to fully boot, after Oneplus logo ends (initial boot after flashing will obviously take longer).
3. Most runtime permissions are limited to 'read only'.
4. FBE encryption is replaced with FDE, and it is not forced. Plus, you can have separate passwords, one longer for boot and another short one for screen lock. I, personally, don't like FBE. I think it is weaker than FDE. Also, I don't want my device to boot at all or be partially decrypted, unless I enter boot password.
5. Many additional security features are enabled in kernel. Kernel is based on DU for Oneplus 5 (the work on it just started).
6. Yama security to replace Selinux.
7. Wireguard support in kernel
8. DNS over TLS
9. Background WIFI scanning is hard-disabled
10. Type zero sms: phone's silent response 'received and processed' (without user noticing) eliminated. If you don't know what type zero sms is, Google it. Not class zero sms, which flashes on screen, but doesn't get saved, but rather type zero, which doesn't show at all, but nonetheless is silently acknowledged. Creepy.
11. MicroG support.
12. Builtin CPU power profiles, based on AKT profiles (heavily modified)
13. Sound control and KCAL are added in kernel
14. Fully working native recorder (in Dialer on active call)
INSTRUCTIONS:
1. Be on 5.1.4 firmware
2. If you are encrypted, you must do factory reset in TWRP (you will have to type 'YES' for factory reset). This will result in all data including internal SD erased. So, transfer the contents to your PC. If you are decrypted, you may skip this step. You may think you are decrypted, but make sure that it is in fact so: check in Settings/Security. If it says phone encrypted, you must do factory reset in TWRP.
3. After factory reset, reboot in TWRP and format system/dalvik-cache/data/internal SD again, as TWRP apparently leaves some remnants of encryption after factory reset.
4. Transfer the rom, Gapps, Magisk and whatever else you need to internal card; flash the rom; flash Gapps (optionally) and reboot
5. Go back to TWRP and flash Magisk (optionally). Why not flash Magisk right away? Because Gapps need to run once before Magisk to get appropriate permissions
ROM DOWNLOAD: https://androidfilehost.com/?fid=1322778262904007030
Subsequent releases (and I will continue to update until Android 9 becomes stable) will be in post #3.
WARNINGS: Usual XDA: Get ready to be burned and don't complain
CREDIT: AOSP, CopperheadOS, DU, Omni, Slim, Lineage, Benzo, Carbon, Xtended, AKT profiles team
Also, credit for a Jaguar bootanimation to @Ashish9 and @The.Night.King who made one of the header's icons
Kernel Source for October 8 release and on: https://github.com/AOSPME/android_kernel_oneplus_msm8998
Kernel Source: https://github.com/optimumpr/android_kernel_oneplus_msm8998
Bionic Source where most commits came from: https://github.com/CopperheadOS/platform_bionic
XDA:DevDB Information
JAGUAR OREO ONEPLUS 5, ROM for the OnePlus 5
Contributors
optimumpro, optimumpro
Source Code: https://github.com/optimumpr/android_kernel_oneplus_msm8998
ROM OS Version: 8.x Oreo
ROM Kernel: Linux 4.x
ROM Firmware Required: Unlocked bootloader and 5.1.4 firmware
Based On: AOSP, DU, Lineage, Omni, Xtended, Carbon, Benzo, Slim
Version Information
Status: Stable
Stable Release Date: 2018-09-16
Created 2018-09-16
Last Updated 2019-01-12
Instructions on FDE encryption
How to encrypt the phone:
The rom has FDE, instead of FBE, and it is not forced. So, you will be decrypted, unless you encrypt.
You can encrypt within Settings, but the preferred way is to do it via ADB. This way, you could have 2 separate passwords one longer for boot and another shorter for screen lock. YOU MUST HAVE MAGISK INSTALLED FOR ADB method to work.
1. DON'T set up screen lock pin/password/pattern yet
2. Enable ADB in Developer settings
3. Connect the phone to your PC. Open terminal (on PC) and type adb devices to make sure that the phone is listed
4. Type adb shell and press enter; type su and press enter - at this point, you should have Magisk prompt (on the phone) for root; grant it for at least 20 minutes - the prompt on terminal should change to root
Now the fun part:
5. type vdc cryptfs enablecrypto inplace password "your actual password" and press enter
WARNING: No quotation marks anywhere in terminal, and don't type the words 'your actual password', but rather your chosen password. There is no limit on the length of boot password.
The phone will reboot and start encrypting. In about 10-15 minutes, you will get a familiar prompt for boot password. After the first password input, the phone might not fully boot (it happened to me). In this case, just force-shutdown and reboot.
After encrypting, you will lose root. So, re-flash Magisk. Otherwise, you might have kernel panic, due to Magisk not being able to find your lockscreen pin..
6. After everything is done and Magisk is working, set up a short pin/pattern/password for screen. WHEN ASKED IF YOU WANT SECURE BOOT, SELECT NO, because you already have it. If you select 'yes, your long boot password will be overwritten, which you don't want.
P.S. You can also do the same on phone's Terminal. In this case, skip 'adb shell' and start with 'su'. But in my experience, if you make a slight mistake with the password, you won't be able to boot, and you will have to do factory reset in TWRP, which will result in the loss of all data. On PC, you can still see the password you set and boot the phone
Updates are in this post
January 12. New release
1. January security patches
2. Oreo release 60
3. New and hardened clang chain
4. Separate ringtones for Sim1/2
5. Updated kernel
1. If you are on a previous release, you may flash dirty. Just make sure to wipe dalvik/cache
2. Coming from another rom, read the OP about doing factory reset
Download rom January 12 release: https://androidfilehost.com/?fid=11410963190603897246
November 8. New release
November security patches
Instructions:
1. If you are on a previous release, you may flash dirty
2. Coming from another rom, read the OP about doing factory reset
Download rom release November 8: https://forum.xda-developers.com/devdb/project/dl/?id=30812
October 11. New release
1. Fully working native call recording
2. KCAL in kernel
3. Sound control in kernel
Instructions:
1. If you are on a previous release, you may flash dirty
2. Coming from another rom, read the OP about doing factory reset
Download rom, October 11 release: https://forum.xda-developers.com/devdb/project/dl/?id=30630
____________________________________________________________________________________________________________________
October 8. Major release
1. Different kernel. EAS thrown out, as providing no benefits, and actually slowing down the phone. Now you have one of the best governors, Interactive, back
2. CPU profiles built in. Based on AKT profiles, but heavily modified. Now, you have 16 working CPU profiles (must be on Interactive)
Instructions:
1. If you are on a previous release, you may flash dirty
2. Coming from another rom, read the OP about doing factory reset
Download rom October 8 release: https://forum.xda-developers.com/devdb/project/dl/?id=30586
_______________________________________________________________________________________________________________________
October 5. New release
1. October security patches, Google Oreo release 48
2. Kernel overclocked to 2035 and 2592
Download Rom, October5 release: https://forum.xda-developers.com/devdb/project/dl/?id=30551
Instructions
If you are on a previous release, you can flash dirty. If coming from another rom, clean flash. If force-encrypted, you need to do factory reset in TWRP, reboot in TWRP and manually format /system/data/dalvik/cache/internalSD. Why? Because Jaguar has FDE, as opposed to FBE encryption, and it is not forced.
________________________________________________________________________________________________________________________
September 26. New release
1. Alert slider is fixed - all options work
2. System update toggle removed
Instructions: if you are on a previous release (or the original one), dirty flash; otherwise - clean flash
Download rom September 26 release: https://forum.xda-developers.com/devdb/project/dl/?id=30488
September 20. Rom updated
1. DNS-over-TLS (in Development settings)
2. Wireguard support added
3. A bunch of other commits in kernel.
Download rom release September 20: https://forum.xda-developers.com/devdb/project/dl/?id=30444
If you are on a previous release, dirty flash is fine.
What's U/B? And does the ROM support signature spoofing?
d1n0x said:
What's U/B? And does the ROM support signature spoofing?
Click to expand...
Click to collapse
U/B is unlocked bootloader. Signature spoofing is missing. Next release will have it.
optimumpro said:
U/B is unlocked bootloader. Signature spoofing is missing. Next release will have it.
Click to expand...
Click to collapse
Well considering you need to have an unlocked bootloader to flash TWRP and consequently custom ROMs, it's kind of redundant info
Alright, gonna try out the next release with MicroG!
Nice to see you here, i used to use jaguar at my z2 plus, WELCOME!!!
Welcome @optimumpro ? your ROMs for the Xperia Z1 were legendary. Good to see you here.
d1n0x said:
Well considering you need to have an unlocked bootloader to flash TWRP and consequently custom ROMs, it's kind of redundant info
Alright, gonna try out the next release with MicroG!
Click to expand...
Click to collapse
Most devs stopped implementing Microg, because you have both Xposed and Magisk modules for that.
Security and performance, I see! What about battery life?
Im_Mattgame said:
Security and performance, I see! What about battery life?
Click to expand...
Click to collapse
That's superior too, but emphasis is on security & performance.
This is a ROM that's truly user customized, request a useful feature and watch it get added.
Keep it up OP.:good:
Does this have MAC randomizer?
Zocker1304 said:
Does this have MAC randomizer?
Click to expand...
Click to collapse
The rom has it, but I haven't implemented it in kernel yet.
@optimumpro keep it up .
And to others .
The JAGUAR ROM emphasise mainly on SECURITY & RAW PERFORMANCE. Since you have a SD 835 , this ROM will make sure to use everything it has to offer .
So if you are searching for a performance ROM this is it.
PS : Jaguar is best served GAAPS LESS so if you are a anti google guy this might be the ROM for you.
optimumpro said:
The rom has it, but I haven't implemented it in kernel yet.
Click to expand...
Click to collapse
Means when implemented it will randomize my Mac on every reconnect?
WOW!
thank you!
learned from this thread already and hope very much to see this project continue.
is the fact that this is a userdebug build, test keys, and a permissive kernel a security/ privacy concern? maybe some of this will change? maybe xposed is the reason?
I lost track of xposed stuff quite awile back, maybe it will returning to my life! lol
ROM is very feature rich already, and the randomizer post a few back really caught my attention. Know of the reasoning for, but never have had the oportunity to use anything of the like
concerning the type zero sms. After googling about it im still not exactly sure about it all, but a question about it if i may. Does it matter what sms app is used?
I have been a fan if Signal for some time. I understand how it is best utilized when both/all parties use it. Seems it hides your sms from other apps tho too. Opinions of it? recomendations for differs?
please excuse my ignorance on amy of this, so much has changed over the past couple of years reguarding tech, privacy/security and android OS, while at that same time my time in front of a PC has grown less and less. I havent kept up as well as i should. I am not a dev, but always managed to follow along to maximize user control. I can read! lol
scorch away! but i wont be posting like a lil school girl any more. will be watching tho! :cyclops:
Fellings about bromite browser? maybe it can be implemented as the default webview? or even default browser?
https://www.bromite.org/
opinions on dnscrypt magisk module? i use it in its default installed iptables config
:good::highfive::silly:
Vcolumn said:
thank you!
is the fact that this is a userdebug build, test keys, and a permissive kernel a security/ privacy concern? maybe some of this will change? maybe xposed is the reason?
ROM is very feature rich already, and the randomizer post a few back really caught my attention. Know of the reasoning for, but never have had the oportunity to use anything of the like
concerning the type zero sms. After googling about it im still not exactly sure about it all, but a question about it if i may. Does it matter what sms app is used?
I have been a fan if Signal for some time. I understand how it is best utilized when both/all parties use it. Seems it hides your sms from other apps tho too. Opinions of it? recomendations for differs?
Fellings about bromite browser? maybe it can be implemented as the default webview? or even default browser?
opinions on dnscrypt magisk module? i use it in its default installed iptables config
Click to expand...
Click to collapse
User debug builds are no less secure than user builds. Instead of Selinux, you have Yama security implemented in kernel. I don't like Selinux. Apart from questionable origins, it is a huge monster that is, in my view, an unnecessary overhead.
Test key, as opposed to development/release key is just a name. All my keys, including the test key, have been uniquely re-generated. So, they are not Google's outdated keys that are included by default in all custom builds.
I use Icecat browser. With regard to dnscrypt, I have a better idea: DNS over TLS, and it is already done (will be in the next release), see picture.
Signal: There are many problems with the app and the developer. It's a long discussion, and I have already posted about in on XDA. One I would mention: the dev used to be harassed by TSA in airports. Then all of a sudden, he obtained over a $13 million funding channeled to him through a known government hand for "development" purposes. Then again, all of a sudden, he got lucrative contracts to provide "security" for one of the widely known "bastions" of privacy What'sup/Facebook. You don't get that for nothing. Next, he removed encryption capabilities from SMS portion of the app, the ones that really were forcing adversaries to go through the pains of targeting individual phones through the air, which is expensive. To tell you more: as long, as you have Gapps installed, any encryption is useless, as Google can get your outgoing messages before they are encrypted, and incoming ones after they are decrypted. People may say "sand box", "permissions", but as long as you have Google Services Framework, which is the central part of Google apps, it can do with your device whatever it wants without you ever noticing. And Signal can't work without Google services.
I use Silence for SMS.
Zocker1304 said:
Means when implemented it will randomize my Mac on every reconnect?
Click to expand...
Click to collapse
Yes. Although, it is somewhat difficult, because Qualcomm has a proprietary (as opposed to open source) implementation of MAC.
@optimumpro
Mate, any snapshots, please? Also, will MicroG or Nano-Droid work?
Also, does the GPS work, cause, that is the only reason, I am not able to get out of GApps. I want to be free of Google's Slavery Programme.
Danke. Vishal
vdbhb59 said:
@optimumpro
Mate, any snapshots, please? Also, will MicroG or Nano-Droid work?
Also, does the GPS work, cause, that is the only reason, I am not able to get out of GApps. I want to be free of Google's Slavery Programme.
Danke. Vishal
Click to expand...
Click to collapse
Microg should work with either Xposed or Magisk module. Without Google services, GPS would work with most apps, but not with Google maps, which require Gapps.
optimumpro said:
User debug builds are no less secure than user builds. Instead of Selinux, you have Yama security implemented in kernel. I don't like Selinux. Apart from questionable origins, it is a huge monster that is, in my view, an unnecessary overhead.
Test key, as opposed to development/release key is just a name. All my keys, including the test key, have been uniquely re-generated. So, they are not Google's outdated keys that are included by default in all custom builds.
I use Icecat browser. With regard to dnscrypt, I have a better idea: DNS over TLS, and it is already done (will be in the next release), see picture.
Signal: There are many problems with the app and the developer. It's a long discussion, and I have already posted about in on XDA. One I would mention: the dev used to be harassed by TSA in airports. Then all of a sudden, he obtained over a $13 million funding channeled to him through a known government hand for "development" purposes. Then again, all of a sudden, he got lucrative contracts to provide "security" for one of the widely known "bastions" of privacy What'sup/Facebook. You don't get that for nothing. Next, he removed encryption capabilities from SMS portion of the app, the ones that really were forcing adversaries to go through the pains of targeting individual phones through the air, which is expensive. To tell you more: as long, as you have Gapps installed, any encryption is useless, as Google can get your outgoing messages before they are encrypted, and incoming ones after they are decrypted. People may say "sand box", "permissions", but as long as you have Google Services Framework, which is the central part of Google apps, it can do with your device whatever it wants without you ever noticing. And Signal can't work without Google services.
I use Silence for SMS.
Yes. Although, it is somewhat difficult, because Qualcomm has a proprietary (as opposed to open source) implementation of MAC.
Click to expand...
Click to collapse
Thank you for the detailed insight. Although I have to say that Signal does work without Google play services. However, it falls back to a legacy polling method (increasing battery drain a bit) and shows a persistent notification in the status bar.
Great to see some privacy-conscious people here, amidst all of the Google fanboys who share every part of their life with Google and in the process jeopardize other people's privacy for the sake of "convenience".
Hey Guys,
Hope you're doing great
For the people who wanted privacy based roms like CalyxOS or GrapheneOS
you have to
1. install vanilla version from ArrowOS or LineageOS
2. Flash Magisk
3. Then in Magisk go to Modules tab, click top button 'Install from storage' install LSPosed-(...)-zygisk-release.zip (has to be zygisk version)
4. then install FakeGapps.apk like an regular app
5. Reboot
6. Popup will came out that ask you to add shortcut icon to desktop for LSPosed, just add it and open it
7. Go to Modules and enable FakeGApps
8. Go to Magisk and install microG_Installer_Revived.zip as a Module
9. Reboot
10. Open microG Service Core and ensure all boxes are selected. The most important is signature spoofing - this is what LSPosed and FakeGapps is for.
For working push notifications go to microG Service Core app and enable Google devices registration and Cloud Messaging.
For working location at least two apps will be needed - MozillaNlpBackend and NominatimNlpBackend. After installing they need to be enabled in microG Service Core app (Location modules). Sometimes MozillaNlpBackend refuse to be enabled, then you just have to go to it's permissions and select "Allow all the time" for location permission.
For working SafetyNet additional Magisk module may be needed.
SMS and Location in background didn't work for me, reinstalled the microG installer module and it worked
Few Alternative apps that you can use:
* Aurora Store, fdroid for app downloads
* Briar for messaging
* Orbot for enhancing security
* Bromite, Tor Browser for secured browsing
How to unlock bootloader for Redmi K40s
try looking into this video also if you have created an new mi account you may have to wait for 1week for getting your bootloader unlocked using miunlocktool you can also download the tool from https://en.miui.com/unlock/download_en.html
Also sorry everyone I forgot the metion the alternative apps that you could have used,
* Aurora Store, fdroid for app downloads
* Briar for messaging
* Orbot for enhancing security
* Bromite, Tor Browser for secured browsing
SparkOS also has a vanilla version, with a lot more UI customisation options compared to ArrowOS.
However, Spark got signature spoofing built in so you'd only need Magisk or similar for CTS profile / safety net.
If you don't need that, just take Spark vanilla and install microG / F-Droid / Aurora...
UniNick said:
SparkOS also has a vanilla version, with a lot more UI customisation options compared to ArrowOS.
However, Spark got signature spoofing built in so you'd only need Magisk or similar for CTS profile / safety net.
If you don't need that, just take Spark vanilla and install microG / F-Droid / Aurora...
Click to expand...
Click to collapse
Thx a lot for mentioning, note: nevest version of spark is an erofs build so for the who didn't wanted erofs version can download previous versions of it
You can use this guide in every rom just make sure it's an vanilla build and it's has signature spoofing
The question is, if you focus on privacy, does it make sense to install magisk, lsposed and other modules, where you can't really be sure what data they track and use and what backdoors they open.
So if you take a vanilla ROM with signature spoofing and just install microg etc from their website (normal .apk files) you can avoid rooting with it's vulnerabilities.
The only problem remaining is that some banking apps don't work due to safety net / CTS profile mismatch.
UniNick said:
The question is, if you focus on privacy, does it make sense to install magisk, lsposed and other modules, where you can't really be sure what data they track and use and what backdoors they open.
So if you take a vanilla ROM with signature spoofing and just install microg etc from their website (normal .apk files) you can avoid rooting with it's vulnerabilities.
The only problem remaining is that some banking apps don't work due to safety net / CTS profile mismatching
Click to expand...
Click to collapse
We'll I'll try to get more info about it, if I get any fix for it I'll update the guide
Btw I'm also working on safe lineageos based rom in which microg is pre-installed and there's no need to root for it
If there's an official LineageOS available, the guys at lineage.microg.org do this already.
Have a look also at IodéOS, available for some other devices, they manage somehow that the banking apps work. I haven't found out yet how they do it, must be something with the devices keys.
UniNick said:
If there's an official LineageOS available, the guys at lineage.microg.org do this already.
Have a look also at IodéOS, available for some other devices, they manage somehow that the banking apps work. I haven't found out yet how they do it, must be something with the devices keys.
Click to expand...
Click to collapse
I know, as the official release is not available I'm doing it
Vinc3nt.exe said:
Btw I'm also working on safe lineageos based rom in which microg is pre-installed and there's no need to root for it
Click to expand...
Click to collapse
Cant wait for LineageOS for Munch. take your time, King.
Hello Guys
Hope you guys are great
this is to inform you that unfortunately i couldn't build the microg version of lineageOS but i have successfully builded it's vanilla version and it's avaliable on xda