Review of a privacy oriented user - Xiaomi Mi 10T Lite Guides, News, & Discussion

Well this is my review of the device. Haven't read a lot of bad stuff about it and was wondering about that. But if you think about buying this device, take the time to read through my review. It is by no means complete, some points that piss me off might be subjective.
I bought this device recently because I thought it was a cheap smartphone with decent hardware and support for custom ROMS (especially LineageOS).
At first boot I was shocked about what bloat and garbage the manufacturer and Google decided to preinstall, but I was expecting as much.
I don't have a Google account and neither do I want one. So naturally I skipped that part. I also skipped the part where I connected the device to the internet at first.
As soon as I connected it, I was greeted with at least eight new Google apps I never asked for. Also some cool games I really didn't give two ****s about. Thanks, more work required to get rid of all that bloat!
Lets try to get some order into the things I really didn't enjoy about the device, its manufacturer and the steps required to rid myself of the bloat.
> "Security": Obviously my device is regularly scanned by some snake oil (provided by Avast...) for malware, viruses and whatnot. I don't remember agreeing to that but at least it can be disabled. You just have to through the pile of garbage that is called "Settings" and its subitems.
> "Data Privacy": Seems like one automagically opts into a ton of data collection, analytics and telemetry. I bet it's buried somehwere in their privacy agreement but I also bet that not even a fraction of the end-users bother to read it. You can revoke your agreement to data collection for virtually every app which renders most of them unusable. Also for every app you revoke your agreement you have to wait ten seconds, because obviously you can't be sure this is truly what you want!
> "Automatic updates": I was given the option to disable those at first boot. That's for MIUI only. Google (or is it MIUI too?) will still download updates for apps you meant to get rid of the first time it actually gets a connection. As well as those great promotion apps, google apps, amazon apps, facebook apps..hell even eBay....
> "Unlocking": This is the absolute worst part of it all. Usually you get a phone, create an account at the manufacturers site, allow OEM unlock in Developer Options and can do it via Fastboot. Not with Xiaomi you can't! You have to create a Mi account. Took couple of hours to get a verification mail, no biggie. You have to connect that account to your smartphone. Now you need their supercool Mi unlock tool. I got a background in software development and if that was my work, I'd shoot myself...for this specific device you are linked to some ancient version of the unlock tool. Online you can find newer versions but you're never really sure you wanna use this, since the source is at least questionable. Someone hosted it on Android filehost or Google Drive...I totally wanna run that with privileges on my windows, which I just needed to install on some machine, because you can't possibly run the required commands over fastboot on any system...Oh and did I mention that one is required to connect a phone number to the account, in case you lose access to the account?...I never wanted the account in the first place and only put up with it because I wanted to unlock the phone.
The Mi unlock tool is just painful to use...some steps aren't working at all. Sometimes you have to sign in via entering your credentials, sometimes you have to use a QR code which you scan with your phone...both seem to fail an awful lot. I had to search for help for literally every point in the procedure to unlock and I am certain the fact that it worked at all is pure luck.
If you manage to go to the step of actually unlocking the phone and all the excitement gets built up, you end up at 99% and FAIL! For "security reasons" you have to wait a week (i have read there are even worse timeouts). But you should NOT be doing anything else with your Mi account as that might reset the countdown!!!...I have also read there is another 30 days timeout if you use the account to unlock another device. For, uhm, SECURITY reasons!
You finally get to unlock the phone after a week if everything goes well and are able to rid yourself of that bloat- and spyware. Well sucks that the drivers for the camera are proprietary and there isn't any attempt to release it, so have fun with your four cameras and almost a 100MP taking 8MP photos that look like ****.
> "Camera on Custom ROMs": Seriously...don't try to tell people you are taking awesome pictures with GCam and xyz's build of it, blablabla. The pics still look worse than the ones with the MIUI camera. They are decent at best.
> "Cleaner": It seems like the awesome "Cleaner"-App dislikes anything that was installed from an unknown source. It recommended me to remove F-Droid altogether, since it takes up a couple hundred megabytes of storage (you know, cache and apks residing there)
> "ROM Support": Seems like apart from LineageOS there isn't really anything else you could use. Pixel Experience seems to be discontinued, other custom ROMs as well...either get the bloated MIUI garbage or LineageOS. I take that on me. I should have checked out this forum before buying the device. I only saw LineageOS builds and thought it would be well supported...joke's on me :/
Shouldn't end it with that much negativity, right? Well. If you can accept a decent camera making mostly ****ty pictures, it works just great on LineageOS
If you disagree with any of the points, by all means contradict me on them. It is also possible that I'm missing something. If there is a MIUI ROM that removes most of the bloat and gives me at least some privacy that's worthy to be called privacy, feel free to point me to it.
Anyways, I just needed to vent about it. Perhaps something good will come out of this. This was my first and last Xiaomi smartphone.

well, i totally agree with you, xiaomi is not for those privacy inclined users, a total mess. but for those users who are not bothered by a lack of privacy, xiaomi delivers some awesome phones for their price.

I agree that with camera, Gram can not replace MIUI stock camera , but there is some improvement in development and I think that we will get MIUI camera magisk module,already have but not working on all ROM.

Related

Will I really have to use Marketplace?

Really? I liked downloading and keeping CABs.
Yes you have to use the marketplace. I think the market saves all of your downloads for you.
Yeah but it's not the same is it?
If something is no longer available for WinMo 6.x, but if you have an old CAB you're ok. This new model takes the power from us and gives it to the vendors. This isn't in my interest at all.
at45 said:
This isn't in my interest at all.
Click to expand...
Click to collapse
I don't agree, at least in my experience it has been much easier to get my applications back with the MS store than with CABs for several reasons. After I flash a new ROM (analogous to a new phone, etc.):
I simply log in to get my store applications - 1 button push to 'install all'
I get the latest version
I don't forget which CABs I have to install, and don't have to make sure they're all up to date.
It's a trade-off, but it is in your interest.
I guess that's ok if you trust the apps to remain available.
I don't have to do much work either though after a hard reset or new ROM. I just run Sashimi which configures every part of the phone exactly how I told it to. I know this is a mile from what MS is doing with WP7 and that's not a bad thing.
But I am hopeful that devs will find a way to let us install apps independently of Marketplace. It might be that someone writes a great app that MS doesn't allow onto the marketplace, mightn't it?
I too am not a fan of the fact that MS gets to dictates which software I can and cannot use. Whilst I consider them to be far more liberal than Apple how can I be sure that what is permitted today will be allowed tomorrow.
It is conceivable that something I download today is retrospectively deemed to be in violation of some hitherto non existent rule- this could be the result of a legal ruling or MS regime change.
Nor am I comfortable about the fact that one firm will have the low down on ALL of the software that I buy.
Whilst i can see some advantages to the market place, what happens if I need to hard reset in an area with no internet access? Or if I am abroad?
An advantage of the cab scenario is that I am only reliant on my sd card. I can carry my backups wherever I go and reinstall at no cost and virtually instantly.
Straying off topic, perhaps, the success of yet another o/s orientated market place might have very serious implications for the way that we source software for our main computers...
whilst that may be true that it is nice to have cabs you can install yourself, the reason for just 1 market place is the fact that you'll end up with experiences like android where multiple market places exist and carriers are changing the market place so you can't access another. and then it's up to the developer to make it available in all these variations of market places. where as at least with iOS/WP market places, it's a 1 place submission.
you also get stupid conditions as well such as amazon's (future?) android marketplace where no app can be released before them in an update. they must be released all at the same time. how hard is that to co-ordinate?
clean thread.
I believe the answer was given. closed Thread.

Warning about TextSecure App: Possible Compromised Development

Some of us use Textsecure as replacement for Stock SMS app. Textsecure provides encryption for your SMS. However, my recommendation is: stay away or at least don't update to 2.X... versions.
The developer has introduced Google Cloud Messaging, which means that even if your sms are secure, the fact you are using the app will be recorded in Google Centralized database. In addition, he removed the ability of the user to regenerate new identity key. In last couple of releases, he forced the user to allow the app to contact the internet (otherwise, the app would crash). That is even if you compile the app from sources, which I did a couple of hours ago. If you download the app from Store, you can't even use it without Google account and GSF, the latter will record your every keystroke including the password used to encrypt the messages. In further addition, the app is only available through Googleplay and the developer is actively resisting third party distribution. If that is not enough, you should know that Whisper systems is owned by Twitter, which is a red flag in of itself. The code is growing larger and is more difficult to examine for back door purposes.
My advice: stay away from this development, which in my view is compromised...
Edit. In January of this year, the developer left Twitter. Interestingly, he is still working on Textsecure and it is published under Whisper, which is Twitter. About the same time, all those things described above started to happen. Also interesting is that the developer was put on federal watch list and was continuously harrased by various agencies when flying. So, I wouldn't be surprised to learn that his new employer is the previous harraser...
All more reasons to stay away from this app.
optimumpro said:
Some of us use Textsecure as replacement for Stock SMS app. Textsecure provides encryption for your SMS. However, my recommendation is: stay away or at least don't update to 2.X... versions.
The developer has introduced Google Cloud Messaging, which means that even if your sms are secure, the fact you are using the app will be recorded in Google Centralized database. In addition, he removed the ability of the user to regenerate new identity key. In last couple of releases, he forced the user to allow the app to contact the internet (otherwise, the app would crash). That is even if you compile the app from sources, which I did a couple of hours ago. If you download the app from Store, you can't even use it without Google account and GSF, the latter will record your every keystroke including the password used to encrypt the messages. In further addition, the app is only available through Googleplay and the developer is actively resisting third party distribution. If that is not enough, you should know that Whisper systems is owned by Twitter, which is a red flag in of itself. The code is growing larger and is more difficult to examine for back door purposes.
My advice: stay away from this development, which in my view is compromised...
Edit. In January of this year, the developer left Twitter. Interestingly, he is still working on Textsecure and it is published under Whisper, which is Twitter. About the same time, all those things described above started to happen. Also interesting is that the developer was put on federal watch list and was continuously harrased by various agencies when flying. So, I wouldn't be surprised to learn that his new employer is the previous harraser...
All more reasons to stay away from this app.
Click to expand...
Click to collapse
And here is some more fresh evidence. Today I posted this info on Cyanogen site related to Textsecure Push for CM.
http://www.cyanogenmod.org/blog/whisperpush-secure-messaging-integration
The site says it is neither censored no monitored. Within 5 minutes, the post has disappeared... . So, stay away from this app as the development has been compromised. In my view, of course...
You have no clue what youre talking about.
Corndude said:
You have no clue what youre talking about.
Click to expand...
Click to collapse
Thanks, pal... for a very, very thorough, thoughtful and factual argument.
Edit: by the way, what does no gapps project have to do with textsecure being compromised?
Thanks for the heads up. Something is really amiss, and I won't want to directly experience it. I'm staying away from TextSecure for sure.
abdelazeez said:
Thanks for the heads up. Something is really amiss, and I won't want to directly experience it. I'm staying away from TextSecure for sure.
Click to expand...
Click to collapse
Most messenger apps today work with Google Push Notifications, seems to be no problem for people there. Funny that it is here. As for SMS, I would never use that through another app. Besides, the phone carrier companies save those probably too, whats so different with that you said ? Text Secure is a very nice app I think. Right now people on iOS don't have that app yet, which makes it hard to establish in mixed system userbases among people. But I hope that will change.
Besides, most people here probably use Twitter. Funny to complain about something that might be related to Twitter then, isn't it ?
Wolfseye
wpkwolfseye said:
Most messenger apps today work with Google Push Notifications, seems to be no problem for people there. Funny that it is here. As for SMS, I would never use that through another app. Besides, the phone carrier companies save those probably too, whats so different with that you said ? Text Secure is a very nice app I think. Right now people on iOS don't have that app yet, which makes it hard to establish in mixed system userbases among people. But I hope that will change.
Besides, most people here probably use Twitter. Funny to complain about something that might be related to Twitter then, isn't it ?
Wolfseye
Click to expand...
Click to collapse
The difference is that Textsecure/Whisperpush/CMpush tell you your SMS are encrypted. If they are indeed encrypted and there are no backdoors, your carrier (and others) can only get encrypted SMS (good luck to them trying to decipher). All other SMS apps are in plain text. In my view earlier versions of Textsecure are indeed secure. Starting from version 2.X, we no longer know that considering all the facts I mentioned in the OP.
You should really get your facts straight. Twitter bought Whisper Systems in 2011, mainly to get Moxie and the other Whisper Systems folks to work for them.
Moxie went on to lead Twitters security team. Twitter allowed them a month or so after they aquired Whisper Systems to open source their apps TextSecure and RedPhone. In January 2013 Moxie left Twitter and started Open Whisper Systems with a few others. They took the newly open sourced apps and developed them further.
This is also covered in their FAQ.
You can see all of their code on GitHub.
And if you don't have GAPPS installed, you will simply get a message that you won't be able to use push messages and that's it. Several friends of mine use it for SMS only, with Xprivacy restricting the internet access. It doesn't crash or anything.
If you experience this, you may either have a problem with your build or it's a bug specific to your device/Android version.
Moxie also wrote exactly why he doesn't want TextSecure to be released via F-Droid: for security reasons. They use central signing, which may very well compromise the update channel.
The whole discussion can be found in the most infamous thread in their GitHub: #127
lindworm said:
You should really get your facts straight. Twitter bought Whisper Systems in 2011, mainly to get Moxie and the other Whisper Systems folks to work for them.
Moxie went on to lead Twitters security team. Twitter allowed them a month or so after they aquired Whisper Systems to open source their apps TextSecure and RedPhone. In January 2013 Moxie left Twitter and started Open Whisper Systems with a few others. They took the newly open sourced apps and developed them further.
This is also covered ir FAQ.
You can see all of their code on GitHub.
And if you don't have GAPPS installed, you will simply get a message that you won't be able to use push messages and that's it. Several friends of mine use it for SMS only, with Xprivacy restricting the internet access. It doesn't crash or anything.
If you experience this, you may either have a problem with your build or it's a bug specific to your device/Android version.
Moxie also wrote exactly why he doesn't want TextSecure to be released via F-Droid: for security reasons. They use central signing, which may very well compromise the update channel.
The whole discussion can be found in the most infamous thread in their GitHub: #127
Click to expand...
Click to collapse
Which fact did I not get straight? You can't get the app anywhere other than from Googleplay and for Googleplay you need GSF, which records your every keystroke. And by the way, try to restrict getnetworkinfo in internet settings in Xprivacy and the app will crash as soon as you try to open a conversation (checked on several devices). And why was it necessary to prevent users from generating new identity key? Why not have an app available on Whisper's github, as many devs do. And by the way, I asked the same questions on github and f-droid threads and in response got a suggestion to build an equivalent of Google's GCM, so then Moxie would stop using Google.
optimumpro said:
Which fact did I not get straight? You can't get the app anywhere other than from Googleplay and for Googleplay you need GSF, which records your every keystroke. And by the way, try to restrict getnetworkinfo in internet settings in Xprivacy and the app will crash as soon as you try to open a conversation (checked on several devices). And why was it necessary to prevent users from generating new identity key? Why not have an app available on Whisper's github, as many devs do. And by the way, I asked the same questions on github and f-droid threads and in response got a suggestion to build an equivalent of Google's GCM, so then Moxie would stop using Google.
Click to expand...
Click to collapse
You are not even trying to learn/understand why things are done the way they are done, but instead chose to blast an open source project by a security expert who has spoken at defcon various times and who is on a national security list and gets severely hassled by the TSA every time he tries to travel because of his involvement with secure communication projects.
You don't show the slightest form of objectiveness either. The truth content of what you are writing varies between "flat out wrong" and "there is a reason for how they do it that way, which you either didn't care to research or willingly ignored".
1. You can sideload the apk either from http://apps.evozi.com/apk-downloader/ or any of the dozens of sites that mirror packages from the app store.
They do not provide apks because it is a security risk: there is no automated upgrade channel from where a user can get a new version which may fix serious security flaws.
Everybody who is able to compile from source however should understand the importance of updating regularly and can do so on his/her own.
Moxie stated all of that in the github ticket I linked to.
2. GSF doesn't record your keystrokes.
3. If you had bothered to look it up, getNetworkInfo returns if a certain interface (like wifi) is used for internet.
This leaks no interesting information whatsoever. And it especially doesn't mean that TextSecure doesn't work without internet, because this permission does not give an app internet access. Xprivacy actually expects this behaviour by apps, that's why those fields are by default not restricted even if you restrict internet access of an app.
The program crashes without this, because it expects to get a needed value returned, which you chose to block. This is not something they willingly built in, to stop you from using it without Google Play.
If you can't manage the complexity of the permissions, you should use a simple firewall like AFwall+ to restrict internet access.
4. This was probably removed because it doesn't add any significant security and adds clutter to the user interface, because average users have no idea what it's for. The identity keys you are talking about are long term identity keys. TextSecure uses different keys in every message and actually uses the most secure protocol I know of. It has excellent forward secrecy, future secrecy and deniability. More so than OTR, which it is derived from.
You can learn more about that in their blog:
https://whispersystems.org/blog/simplifying-otr-deniability/
https://whispersystems.org/blog/asynchronous-security/
https://whispersystems.org/blog/advanced-ratcheting/
5. You asked them to not use the only free world wide push network that has contracts with all major providers to not kill idle TCP connections.
Moxie always answered that they would love to use something else, but none exists. And that they don't have the resources to build a push network themselves.
This is all in the comments to https://whispersystems.org/blog/the-new-textsecure/ and on ycombinator:
https://pay.reddit.com/r/Android/co..._cyanogenmod_is_integrating/cdyfxhm?context=3
https://pay.reddit.com/r/Android/co..._cyanogenmod_is_integrating/cdyfrv0?context=3
They are however working on using emails as identifiers and websockets as an alternative to GCM. Websockets are already implemented on the server side and people are working on the client side.
Right now you can use encrypted SMS without GCM, no problem at all. If you want to use it over the internet, you can help to speed up the websocket development:
https://github.com/WhisperSystems/TextSecure/issues/1000
lindworm said:
You are not even trying to learn/understand why things are done the way they are done, but instead chose to blast an open source project by a security expert who has spoken at defcon various times and who is on a national security list and gets severely hassled by the TSA every time he tries to travel because of his involvement with secure communication projects.
You don't show the slightest form of objectiveness either. The truth content of what you are writing varies between "flat out wrong" and "there is a reason for how they do it that way, which you either didn't care to research or willingly ignored".
1. You can sideload the apk either from http://apps.evozi.com/apk-downloader/ or any of the dozens of sites that mirror packages from the app store.
They do not provide apks because it is a security risk: there is no automated upgrade channel from where a user can get a new version which may fix serious security flaws.
Everybody who is able to compile from source however should understand the importance of updating regularly and can do so on his/her own.
Moxie stated all of that in the github ticket I linked to.
2. GSF doesn't record your keystrokes.
3. If you had bothered to look it up, getNetworkInfo returns if a certain interface (like wifi) is used for internet.
This leaks no interesting information whatsoever. And it especially doesn't mean that TextSecure doesn't work without internet, because this permission does not give an app internet access. Xprivacy actually expects this behaviour by apps, that's why those fields are by default not restricted even if you restrict internet access of an app.
The program crashes without this, because it expects to get a needed value returned, which you chose to block. This is not something they willingly built in, to stop you from using it without Google Play.
If you can't manage the complexity of the permissions, you should use a simple firewall like AFwall+ to restrict internet access.
4. This was probably removed because it doesn't add any significant security and adds clutter to the user interface, because average users have no idea what it's for. The identity keys you are talking about are long term identity keys. TextSecure uses different keys in every message and actually uses the most secure protocol I know of. It has excellent forward secrecy, future secrecy and deniability. More so than OTR, which it is derived from.
You can learn more about that in their blog:
https://whispersystems.org/blog/simplifying-otr-deniability/
https://whispersystems.org/blog/asynchronous-security/
https://whispersystems.org/blog/advanced-ratcheting/
5. You asked them to not use the only free world wide push network that has contracts with all major providers to not kill idle TCP connections.
Moxie always answered that they would love to use something else, but none exists. And that they don't have the resources to build a push network themselves.
This is all in the comments to https://whispersystems.org/blog/the-new-textsecure/ and on ycombinator:
https://pay.reddit.com/r/Android/co..._cyanogenmod_is_integrating/cdyfxhm?context=3
https://pay.reddit.com/r/Android/co..._cyanogenmod_is_integrating/cdyfrv0?context=3
They are however working on using emails as identifiers and websockets as an alternative to GCM. Websockets are already implemented on the server side and people are working on the client side.
Right now you can use encrypted SMS without GCM, no problem at all. If you want to use it over the internet, you can help to speed up the websocket development:
https://github.com/WhisperSystems/TextSecure/issues/1000
Click to expand...
Click to collapse
Your original statement was that I got my facts wrong. Since you have not cited any instance where I came up with a wrong fact, I will address your opinions.
Number one: you say GSF does not record keystrokes. How do you know? Have you seen the source (which is closed)? If you did, you work for Google and then everything you say is propaganda that has zero factual value. If you don't, then you are just speculating. You pick whichever is worse. If you use Google proprietary blobs, your device is totally open and there is no security measure/app on earth that is effective against this. That GSF phones home at regular intervals and transmits data there is a known fact. You can use encryption from Mars and yet it won't work because raw data (before encryption) is open to Google. As another user noted, having GSF and other closed source apps is like having a lock installed on your house door and not knowing who has access to it besides you.
Number two: inability to generate new identity key: It was there for a reason, the same way PGP or GPG keys have the ability to be limited in time, revoked or regenerated. It is a good security standard and removing it represents weakening. Clutter? LOL. A regular user wouldn't even be able to find it. Certainly, it does not pop up anywhere, one has to find it.
Number three: Sideload or compiling: a regular user will do neither, he/she will simply download the app from the market, which means he has to have Google blobs. Or you are suggesting that users should download the app from the market and then remove GSF and other Googleapps? LOL again.
As I said earlier, Moxie's argument that allowing third party apps on your device is a greater security risk than having closed source blobs is wrong and grand BS (especially coming from someone who is considered a security expert). It is security through obscurity, which is no security at all. The value of his open source project is completely defeated by having closed source blobs by a known private branch of known three letter agencies.
Now, these are facts. Let's get to opinions. I think that this deliberate weakening of security (again coming from a security expert) is a strong indication that development and/or developer has been compromised. And that is why I recommend to stay away from this app. But that is just my opinion, which is nonetheless based on facts.
optimumpro said:
Your original statement was that I got my facts wrong. Since you have not cited any instance where I came up with a wrong fact, I will address your opinions.
Click to expand...
Click to collapse
Do you even read what I write?
If that is not enough, you should know that Whisper systems is owned by Twitter, which is a red flag in of itself.
Click to expand...
Click to collapse
As I explained he does now work there any more.
You seem to have noticed that too:
Edit. In January of this year, the developer left Twitter. Interestingly, he is still working on Textsecure and it is published under Whisper, which is Twitter.
Click to expand...
Click to collapse
Are you kidding me? How the flying **** did you get to this conclusion? The company that was bought by twitter was Whisper Systems.
They are publishing the new source under Open Whisper Systems. (none of those was ever called Whisper)
See the difference? They also state this here: http://support.whispersystems.org/customer/portal/articles/1474591-is-textsecure-owned-by-twitter-
And here is some more fresh evidence. Today I posted this info on Cyanogen site related to Textsecure Push for CM.
http://www.cyanogenmod.org/blog/whis...ng-integration
The site says it is neither censored no monitored. Within 5 minutes, the post has disappeared... . So, stay away from this app as the development has been compromised. In my view, of course...
Click to expand...
Click to collapse
So you are saying CyanogenMod is part of this grand conspiracy of yours? Come on...
GSF, which records your every keystroke.
Click to expand...
Click to collapse
Number one: you say GSF does not record keystrokes. How do you know? Have you seen the source (which is closed)? If you did, you work for Google and then everything you say is propaganda that has zero factual value. If you don't, then you are just speculating. You pick whichever is worse. If you use Google proprietary blobs, your device is totally open and there is no security measure/app on earth that is effective against this. That GSF phones home at regular intervals and transmits data there is a known fact. You can use encryption from Mars and yet it won't work because raw data (before encryption) is open to Google. As another user noted, having GSF and other closed source apps is like having a lock installed on your house door and not knowing who has access to it besides you.
Click to expand...
Click to collapse
It's a binary blob and it sends data to google, but you have no proof whatsoever if it records keystrokes. You can know if you want to tough. Decompile it and analyze it. I don't like binary blobs, but you can't just say they do something without having any proof. I may not be able to guarantee that they don't do something, because I have not personally decompiled and analyzed every bit of it, but until you have and have proof that it does do something you can't just claim it does.
Number two: inability to generate new identity key: It was there for a reason, the same way PGP or GPG keys have the ability to be limited in time, revoked or regenerated. It is a good security standard and removing it represents weakening. Clutter? LOL. A regular user wouldn't even be able to find it. Certainly, it does not pop up anywhere, one has to find it.
Click to expand...
Click to collapse
It is not something the average user should have access to, for several reasons. The TextSecure V2 protocol is NOT comparable with PGP/GPG because it has forward secrecy and deniability. The keys that are actually used to encrypt a message are not static as with PGP.
They are derived from the original keys and are changed with every message. No need to change them after X days/months/years.
Even if one key is intercepted, you would only be able to decrypt one message and not every message as it is the case with PGP.
If you get a new key, all your contacts get alerts that your key changed and that somebody may be listening in. That's not something the average user should be exposed to. If you think for whatever reason that you really want to do this, back up your conversations, uninstall TextSecure, install it again, import the backup and you have your new key.
Number three: Sideload or compiling: a regular user will do neither, he/she will simply download the app from the market, which means he has to have Google blobs. Or you are suggesting that users should download the app from the market and then remove GSF and other Googleapps? LOL again.
As I said earlier, Moxie's argument that allowing third party apps on your device is a greater security risk than having closed source blobs is wrong and grand BS (especially coming from someone who is considered a security expert). It is security through obscurity, which is no security at all. The value of his open source project is completely defeated by having closed source blobs by a known private branch of known three letter agencies.
Click to expand...
Click to collapse
Every average user has the google blobs, because they are preinstalled on nearly every phone and it's nearly unusable without them. This app is supposed to make encryption available to the masses.
Google may be undermined by your beloved three letter agencies, but it's not one of them. This is not to hide from them.
You have your threat model wrong.
No app alone can ever protect you from those agencies. They have hundreds of 0days for every platform and will simply own your Android, open source or not.
And this is not what TextSecure tries to do. They protect the content of every conversation with extremely strong encryption, no matter what the transport is. This does protect you from dragnet surveillance. But they can not protect you from someone who targets you and is willing to spend hundreds of thousands or millions to break into your operating systems.
If the NSA really wants you they get you, period. But TextSecure protects you from theives, cyber criminals and nearly everybody else who wants to read your messages.
You say you think the encrypted SMS mode was safe? With this your provider (and thus your government and every agency that wants it) has all the metadata. Who sent something to whom etc.
Google on the other hand has actually LESS meta data, because your phone sends the message to the TextSecure server, which relays the message to GCM. GCM then delivers the message. Because everything is encrypted none of the servers get contact data. But google only gets the receiver, not the sender. Your provider gets everything.
A global passive adversary may still do time corellation attacks, by listening who sends something when and who receives something at this time. After some sessions it's pretty clear who is talking to whom. It doesn't matter if Google is evil or not in this case. They get the metadata if they want to.
If you want protection against something like this take a look at pond, or meet i person: https://github.com/agl/pond
Now, these are facts. Let's get to opinions. I think that this deliberate weakening of security (again coming from a security expert) is a strong indication that development and/or developer has been compromised. And that is why I recommend to stay away from this app. But that is just my opinion, which is nonetheless based on facts.
Click to expand...
Click to collapse
As I explained there is no weakening whatsoever. Even if you consider google the adversary, they get less meta data than your SMS provider.
You can use this exactly as before without the google blobs if you want to.
They are actively working on a way to get away from the play store and GCM by building their own distribution method (which is finished, but not yet released, see #127 in their github) and implementing Websockets (server works, client is on the way).
Before you start slamming something you should really understand how it works, or ask if you understood it correctly.
lindworm said:
Do you even read what I write?
As I explained he does now work there any more.
You seem to have noticed that too:
Are you kidding me? How the flying **** did you get to this conclusion? The company that was bought by twitter was Whisper Systems.
They are publishing the new source under Open Whisper Systems. (none of those was ever called Whisper)
See the difference? They also state this here: http://support.whispersystems.org/customer/portal/articles/1474591-is-textsecure-owned-by-twitter-
So you are saying CyanogenMod is part of this grand conspiracy of yours? Come on...
It's a binary blob and it sends data to google, but you have no proof whatsoever if it records keystrokes. You can know if you want to tough. Decompile it and analyze it. I don't like binary blobs, but you can't just say they do something without having any proof. I may not be able to guarantee that they don't do something, because I have not personally decompiled and analyzed every bit of it, but until you have and have proof that it does do something you can't just claim it does.
It is not something the average user should have access to, for several reasons. The TextSecure V2 protocol is NOT comparable with PGP/GPG because it has forward secrecy and deniability. The keys that are actually used to encrypt a message are not static as with PGP.
They are derived from the original keys and are changed with every message. No need to change them after X days/months/years.
Even if one key is intercepted, you would only be able to decrypt one message and not every message as it is the case with PGP.
If you get a new key, all your contacts get alerts that your key changed and that somebody may be listening in. That's not something the average user should be exposed to. If you think for whatever reason that you really want to do this, back up your conversations, uninstall TextSecure, install it again, import the backup and you have your new key.
Every average user has the google blobs, because they are preinstalled on nearly every phone and it's nearly unusable without them. This app is supposed to make encryption available to the masses.
Google may be undermined by your beloved three letter agencies, but it's not one of them. This is not to hide from them.
You have your threat model wrong.
No app alone can ever protect you from those agencies. They have hundreds of 0days for every platform and will simply own your Android, open source or not.
And this is not what TextSecure tries to do. They protect the content of every conversation with extremely strong encryption, no matter what the transport is. This does protect you from dragnet surveillance. But they can not protect you from someone who targets you and is willing to spend hundreds of thousands or millions to break into your operating systems.
If the NSA really wants you they get you, period. But TextSecure protects you from theives, cyber criminals and nearly everybody else who wants to read your messages.
You say you think the encrypted SMS mode was safe? With this your provider (and thus your government and every agency that wants it) has all the metadata. Who sent something to whom etc.
Google on the other hand has actually LESS meta data, because your phone sends the message to the TextSecure server, which relays the message to GCM. GCM then delivers the message. Because everything is encrypted none of the servers get contact data. But google only gets the receiver, not the sender. Your provider gets everything.
A global passive adversary may still do time corellation attacks, by listening who sends something when and who receives something at this time. After some sessions it's pretty clear who is talking to whom. It doesn't matter if Google is evil or not in this case. They get the metadata if they want to.
If you want protection against something like this take a look at pond, or meet i person: https://github.com/agl/pond
As I explained there is no weakening whatsoever. Even if you consider google the adversary, they get less meta data than your SMS provider.
You can use this exactly as before without the google blobs if you want to.
They are actively working on a way to get away from the play store and GCM by building their own distribution method (which is finished, but not yet released, see #127 in their github) and implementing Websockets (server works, client is on the way).
Before you start slamming something you should really understand how it works, or ask if you understood it correctly.
Click to expand...
Click to collapse
"Decompile GSF"
You are kidding. Aren't you? If one can examine closed source the same way as open one, then all problems would be solved. And by the way, there would be no point in having proprietary software. Would it? Of course Java is easier to reverse engineer, but want to try Oracle's java?
"Google" Google has root access to your device: It can pull/install any application without you noticing it. They can install another version of TextSecure with backdoors. They can do whatever they want or told to. So, if you have Google, there is no point in any security at all. And when a developer forces users to have Google for his app to work, that's no security at all.
Cyanogenmode/Conspiracy? There is no conspiracy. The US has a law that requires providers to have back doors in their software/hardware for law enforcement, and there are wild claims (by those who know (and don't) what they are talking about) of TextSecure as "weapon" against this kind of surveillance. And that is pure bull. All that the app can provide is the false sense of security, while in reality making users more transparent to surveillance.
Phone service providers vs. internet: when you use Textsecure as a pure sms app, your provider gets gibberish, but they have no way of knowing what you are using. With GCM/GSF/Googleplay, they know exactly what you are doing, as you are marked as using this particular app. So, Moxie is making life of "survaillors" much easier.
Thanks for telling me to uninstall the app if I want to generate new key. So, if I do it this way, you think my contacts won't receive a message that my key has changed?
Here is how I began to suspect foul play: First I noticed the app wanted access to the internet, then I discovered that I can no longer generate a new key, then I went to read about F-droid/Whisper problems. Then I read that he wants the app be available through Google only, because he cares about security and does not want users to allow third party apps (BS). Then I read about feds harassment. You think the 3 letter agencies wouldn't like to have him?
In my view, Moxie's arguments no longer make sense. And by the way, when he is against the wall, he tells you to create a world wide push service - alternative to GCM. LOL.
For me that's enough to stay away from the app. Others will decide accordingly...
Does anybody work on an alternativ push service in order to replace hard requirement on Google services for TextSecure, Redphone and lots of other useful apps?
I understand that GAPPS are needed to run textsecure.
Is it possible/ has anyone succeed to get it to run with the no GAPPS apps such as the blank store etc or is the app relying too much on google infrastructure?
i can use textsecure sms without internet. besides registering with push is not mandatory at all so the crash you've experienced must be a bug in the version of textsecure you're using. also why compare it to pgp/gpg? textsecure uses otr with improvements to deniability and forward secrecy. also textsecure supports mms (which uses internet).
if you're really that paranoid, avoid android at all and stop spreading FUD claiming it to be fact. i don't find the statement factual at all. it lacks any evidence (show us the code with the backdoor first).
and also avoid openguardian project too as they conspire with textsecure since they are recommending it.
and by the way, whisper and openwhisper are different.
It really is ashamed when misinformed people comment on things they do not have enough information to intelligently speak about. Especially when it discourages people from using an application that is one of the only current means of communicating over SMS in a secure manner. Is it perfect? Certainly not... Security and encryption are never perfect, and there will always be flaws to be found, but to insist that someone such as Moxie Marlinspike is somehow working against the security researcher community in some undercover role as an agent of the government or some corrupt company is really insulting. If you have some absolute proof, or even a reasonable solid suspicion, please share it, but otherwise do not taint these incredible people with false accusations. Learn a bit about encryption, reverse engineering, and packet inspection, and then come back and give an intelligent analysis of your findings of the application you suspect to be playing some nefarious role. Until then, your accusations are completely unfounded and damaging to the community as a whole. There are many people who have worked hard to make this product a reality, and I believe they should be praised for their efforts. Obviously these are my own opinions, and you are free to dismiss them outright as you have done to others in previous posts. In addition, I realize I am not an active member of the xda community, but I am an active member of the security/reverse engineering community. My job and nearly all of my free time is spent reverse engineering software and I see no basis for your accusations.
Here is more update on Textsecure: there was a major vulnerability found last October-November. And Moxie's response (not surprisingly) - fixing "feels pretty cumbersome" and "I dunno."
Also, Open Whisper is now accepted into the family of such a bastion of privacy, as Facebook (kids love it, NSA approves). So, If you had any doubt about this app before, now you can sleep well at night (sarcasm).
https://moderncrypto.org/mail-archive/messaging/2014/001029.html
https://moderncrypto.org/mail-archive/messaging/2014/001030.html
To those who like to attack the messenger ( I call them Google thugs or pacifier babies). One says decompile GSF, the other - false accusations and absolute proof?! Wake up and get the pacifier out of your mouth. There is no such thing in real life. I give you the dots, you can't connect them with the pacifier in your mouth.
Here is some more damning evidence that Textsecure is a totally compromised project no longer to be trusted: during 2013-2014 Open Whisper Systems received over $1.3 mln from BBG, which is an arm of US Government and its 3-letter-agencies.
http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/
So, Moxie, it appears, has turned from someone who was harrased by TSA in airports (presumably for a failure to cooperate with the government) to a receipient of major funds from the same government. I am not even talking about him getting a once in a life-time project to work on "securing" Facebook's What's up application. Pitty and shame...
Replacement for Textsecure
Here is a pure sms app, which replaces compromised Textsecure, as well as stock messaging. There is no over the internet messaging, no google binaries and no Google Services Framewor all closed sourse. In addition, starting from version 2.7, textsecure no longer encrypts SMS. Pitty.
Here is the latest version: http://forum.xda-developers.com/android/apps-games/sms-secure-aes-256-t3065165

"Continue to Amazon Appstore" external market issue

Hi folks,
I've got a Fire Phone, with default Fire OS 4.6.1
I am not quite ready to get into rooting it and adding a new OS, as I don't have the time.
So in the interim I have the Google Play Store installed, along with a launcher that's more to my liking.
I have the issue that when I click on links in apps which, I assume, are intended to launch the Google Play Store, I get a message from Fire OS saying,
Continue to Amazon Appstore?
This app is trying to open a link with an external market that is not available on your device. Would you like to open this link with the Amazon Appstore instead?
[CANCEL] [CONTINUE]
Click to expand...
Click to collapse
If I click cancel, then the link does not open. If I click continue it goes to the Amazon Appstore and can't find what the link relates to (obviously).
I saw someone else posting something about this, and they were advised to edit some settings in the Manage Applications settings, and also External Market settings. Since updating to 4.6.1 I don't seem to be able to find any Manage Applications settings, no External Market settings (not even sure if those existed on the pre-4.6.1 OS that was on here when I received it).
Is there a way to set this thing to allow Google Play to launch when Play links are clicked?
Cheers,
J
On an unrooted device:
- Go to "settings" and look for "manage applications", select "all", to see every app installed...
- Disable the "Appstore"
As long as the Amazon appstore is disabled, Play Store will intercept the links.
It's not very comfortable, I know. On a rooted device, I used a shortcut to dis-/enable the Amazon Appstore to get the job done faster.
As of now, there is no official way to set the "Play Store" as your default store (of course not, why would Amazon be interested in that option ^^).
Bingo Bronson said:
On an unrooted device:
- Go to "settings" and look for "manage applications", select "all", to see every app installed...
- Disable the "Appstore"
As long as the Amazon appstore is disabled, Play Store will intercept the links.
It's not very comfortable, I know. On a rooted device, I used a shortcut to dis-/enable the Amazon Appstore to get the job done faster.
As of now, there is no official way to set the "Play Store" as your default store (of course not, why would Amazon be interested in that option ^^).
Click to expand...
Click to collapse
Hi Bingo,
Thanks for the help.
The thing is, since it updated to 4.6.1 (and I see that last night it updated itself to 4.6.3 on its own accord) the "Manage Applications" option that was there previously has gone. There is now just an "Applications" option. And that
Okay... at last I've figured out where "Manage Applications" went since 4.6.1 update. There is now just an "Applications" menu. Touching that expands it to show various options. One of those options is "Force quite or clear data for applications". This is now the way to access the "Manage Applications" screen. The first option on that expanded "Applications" menu is "Manage the settings for individual Amazon applications on your phone". The wording of this had me thinking that this had somehow replaced the Manage Applications option.
Cool. I've now disabled Amazon AppStore.
Thanks.
This Fixed My Issue
I fixed my issue by going to the Applications menu under Settings (little gear in dropdown menu) then going to Manage Applications, then selecting All Applications from the dropdown there. I found the Appstore, clicked on it, selected Force Stop and Clear Cache. That seemed to do the trick. I also have Allow 3rd Party Apps selected, which can also be found under Applications in settings.
I've been searching everywhere for this solution. Youtube and google, and yes finally someone who just needed google play apps to not be redirected to kindle appstore. It worked by disabling the appstore. <3 The ES File Explorer helped me to uninstall the updated version and now apps can be directed to google play. Thanks for saving me from having to root. I like the launcher option from google play. Don't have enough patience to root and then it possibly doesn't work. TOT! Ty for solution!
My 4.6.3 new phone seems to work well in this regard without any setting being made. Just disabled Amazon store auto update. At first I had that redirect to Amazon problem, but then some other Google store link just redirected to Google play app.
For me, clicking on Disable App Store doesn't seem to be doing anything. Unable to disable and blocking of external market link continues
Can someone please help, nothing in here worked.
I tried going to settings -> apps and games -> manage all applications -> All -> Appstore and pressed "clear cache", "clear data", and "force stop", and it didn't help.
I also tried going to settings -> Apps and Games -> Amazon Application Settings -> Appstore -> External Market Links -> Don't Open and now it says "External Market Links Disabled You can choose to open external market links with the bracketbracketAppstore_long_namebracketbracket. Update this option in the External Market Links section of the Appstore settings." (I had to type bracket instead of using [ because it said I was using BBcode and couldn't post)
I'm using a 5th generation fire running Fire OS 5.3.6.4
Fixed it
I just figured it out.
Settings, Applications & Parental Controls, Configure Amazon application settings, Appstore, External Market Links, Don’t Open
This will prevent the Appstore from trying to open links for external app markets. It doesn’t prevent the links from opening with the correct market, just makes that message stop popping up and click-jacking you into oblivion. So now when you click on a link, a little box will open with apps to choose from to open the link, like your browser or Google Play Store, for example.
I want to keep using this phone, because it’s potentially a good privacy phone, without all the tracking stuff installed. Sorry, that would mean no Google Apps...but I use some apps that apparently won’t get notifications unless GAPPS are installed. I heard MicroG can fix that but it doesn’t seem to work. Anyway if I could fix that and maybe upgrade the camera module to a better quality camera, it would be a better phone...almost perfect actually.
thanks for your helpful post
Ninja000 said:
I just figured it out.
......
Click to expand...
Click to collapse
Thanks so much for posting today!! So happy to see people still using this nice phone. I too want a simple "relatively" private phone, plus I actually preferred the Fire OS UI (which is much better version of Fire OS than we have on Fire tablets).
But I came here because I was fearful that Amazon has bricked my device. It suddenly became "de-registered" and the menus for registering to my Amazon account do not work -- I'm not able to register. And I'm not able to use ANY app that I got from the Amazon app store, and I lost ALL of my nice customizations (organizing my apps into folders, etc -- a huge amount of work because I have a ton of apps).
Probably I should start a new thread on this issue but I wanted to post here in gratitude that people still discuss this phone, plus it is an app store (and bigger...) issue, so it is not entirely unrelated. I will try some of the above advice because perhaps it allow me to launch apps without the Amazon App Store demanding log in.
dini77 said:
Thanks so much for posting today!! So happy to see people still using this nice phone. I too want a simple "relatively" private phone, plus I actually preferred the Fire OS UI (which is much better version of Fire OS than we have on Fire tablets).
But I came here because I was fearful that Amazon has bricked my device. It suddenly became "de-registered" and the menus for registering to my Amazon account do not work -- I'm not able to register. And I'm not able to use ANY app that I got from the Amazon app store, and I lost ALL of my nice customizations (organizing my apps into folders, etc -- a huge amount of work because I have a ton of apps).
Probably I should start a new thread on this issue but I wanted to post here in gratitude that people still discuss this phone, plus it is an app store (and bigger...) issue, so it is not entirely unrelated. I will try some of the above advice because perhaps it allow me to launch apps without the Amazon App Store demanding log in.
Click to expand...
Click to collapse
No problem! "Sharing is caring" :laugh:
Yeah I like it too! I wish it was still supported by Amazon, but the bad press killed it.
As for not being able to use your account...you might try a factory reset, BUT...
FIRST: backup your APKs and saved files via USB to PC (can use file browser in Windows)
or MAC (will need this --->android.com/filetransfer/<---), and make sure under Battery and Storage, USB Connection Type is listed as File Transfer.
This is important because once you regeister, it might restore your last cloud backup, which I assume is probably pretty old after reading your reply.
Next:
Perform the Factory Reset OR...
To reregister your phone go to Settings, My Accounts, either "Register your phone" if that is an option (mine says "Deregister"), or maybe Manage your Amazon account.
The later will probably redirect you to the Amazon website, because the Amazon Shopping App is no longer supported on this older OS.
*I haven't found a newer version of the Amazon Shopping App that works on the Android 4.4 based Fire OS 4.6.6.1.
The other thing is you might be able to do it via the Amazon website, you probably have it listed under your account still, just need to find it.
I'd contact Amazon help to learn about how to do it that way. They might not know off hand, since the phone is no longer technically supported,
but they will definitely still try to help you.
I would really love it if someone on this forum could pull the launcher and everything from this version of Fire OS to work on the newer Android Roms like Cyanogen Mod,
because then we could just replace the old unsupported apps with the new versions. That would be awesome! I realize 2gb Ram would be a little low for the latest Android,
but just having a little newer OS version that is still supported by Amazon would be great. I really enjoy the Kindle App on this, because it has text to speech and
that is really convenient.
BTW, do you have the Google APPS installed on yours? I have them installed on mine, and it drains the batter like crazy,
granted, it's the original battery from 2014, but still.
Side note: If anyone has an extra screw(s) for the bottom they're willing to part with, I'd be willing to buy one (or a handful).
Lost one in the carpet (I know *rolls eyes) when I had to replace the camera module due to some (I guess) scratches or something actually on the sensor itself.
Thanks for all of your advice!! Very much appreciated. I tried one of them right away, which is to check My Devices on the Amazon site, but the phone is no longer listed (it used to be). So that only lists registered devices. Once it is de-registered, it is not considered to be my device. But, you are correct that Amazon customer service may possibly help, because if you buy a device from Amazon, it usually automatically gets registered to you (unless you say it is a gift), and that automatic registration is probably done via some code on the device box probably its serial # (that is, they don't register it by messing with the actual device, I'm guessing). But to be honest I'm not too hopeful about this. But something to try.
Before you replied, I started a new thread on this, mostly to warn people not to de-register their devices, because I think it may not be possible to register again. And this could be a very recent development. Amazon usually sends an email warning when an older device will no longer work, but maybe this was not intentional. I never realized that so much of the function depended on the registration, as if it were an Echo device!
I do have a collection of APKs saved so at least I won't need to re-download, but because I have so many apps, it would still be a lot of work to set things up from scratch, especially since I don't think it will work. I don't think my system is corrupted. Just de-registered. A soft reset (long-press of power button) did not help. Again this just happened by itself -- I had not added anything new or did any updates. So it is not likely that my install got messed up.
I'm always confused when people mention "Google Apps" -- if that means the Play Store and its dependencies, then yes, I have that. But I did not install GMail or Docs or Drive, etc. I minimize using Google things on this phone.
About the screws, eBay may have them. eBay has almost everything.
Ninja000 said:
No problem! "Sharing is caring" :laugh:
Yeah I like it too! I wish it was still supported by Amazon, but the bad press killed it.
.
Click to expand...
Click to collapse
I think it is just extremely difficult for "alternative" phone systems to survive, which is soooo sad, because I like interesting variety. I also love Meego, and Windows 10 Mobile. Meego had just one model (it was from Nokia, not released in the U.S.; it was planned to be the Nokia successor for their older Symbian OS). Well, maybe FireOS is not truly "variety" because it is after all essentially Android, but much less messy or annoying, in my opinion. I really like how the Settings are organized. And I like the Carousel, especialy how nicely it works with the built-in apps like weather and email. Being basically Android, it actually had the best chance of survival out of the "Alternatives." It could use most of the same apps as a "real" Android.
The reason for quick death are probably multi-faceted but my guess is the problems with the earliest version of the OS were the most serious thing. And that led to the bad press, so you are correct, that is what did it. I got mine after the "fire sale" and by then the system was much nicer, with the most annoying or serious issues all fixed, so I only read about the early issues. I feel terrible for the (former) Amazon employees who put a huge amount of effort into this thing. (Like Meego, too!) And the hardware is still very nice, better than my Fire Tablet that is much newer. I really thought it would last me for years, for the sorts of things I used it for. (Another thing I liked to do is control my Squeezbox music streaming devices. And listen to podcasts. Things like that.) There are so many uses for an older device. And I enjoyed this one.
Since at the very minimum this device is a Kindle book reader and Amazon music player, Amazon loses by not providing some bare-minimum support for it. My first Kindle e-Reader from 2011 still works great. But my guess is, the number of people still using this phone is super low. Which is why I was happy to see your post!
dini77 said:
Thanks for all of your advice!! Very much appreciated. I tried one of them right away, which is to check My Devices on the Amazon site, but the phone is no longer listed (it used to be). So that only lists registered devices. Once it is de-registered, it is not considered to be my device. But, you are correct that Amazon customer service may possibly help, because if you buy a device from Amazon, it usually automatically gets registered to you (unless you say it is a gift), and that automatic registration is probably done via some code on the device box probably its serial # (that is, they don't register it by messing with the actual device, I'm guessing). But to be honest I'm not too hopeful about this. But something to try.
Before you replied, I started a new thread on this, mostly to warn people not to de-register their devices, because I think it may not be possible to register again. And this could be a very recent development. Amazon usually sends an email warning when an older device will no longer work, but maybe this was not intentional. I never realized that so much of the function depended on the registration, as if it were an Echo device!
I do have a collection of APKs saved so at least I won't need to re-download, but because I have so many apps, it would still be a lot of work to set things up from scratch, especially since I don't think it will work. I don't think my system is corrupted. Just de-registered. A soft reset (long-press of power button) did not help. Again this just happened by itself -- I had not added anything new or did any updates. So it is not likely that my install got messed up.
I'm always confused when people mention "Google Apps" -- if that means the Play Store and its dependencies, then yes, I have that. But I did not install GMail or Docs or Drive, etc. I minimize using Google things on this phone.
About the screws, eBay may have them. eBay has almost everything.
I think it is just extremely difficult for "alternative" phone systems to survive, which is soooo sad, because I like interesting variety. I also love Meego, and Windows 10 Mobile. Meego had just one model (it was from Nokia, not released in the U.S.; it was planned to be the Nokia successor for their older Symbian OS). Well, maybe FireOS is not truly "variety" because it is after all essentially Android, but much less messy or annoying, in my opinion. I really like how the Settings are organized. And I like the Carousel, especialy how nicely it works with the built-in apps like weather and email. Being basically Android, it actually had the best chance of survival out of the "Alternatives." It could use most of the same apps as a "real" Android.
The reason for quick death are probably multi-faceted but my guess is the problems with the earliest version of the OS were the most serious thing. And that led to the bad press, so you are correct, that is what did it. I got mine after the "fire sale" and by then the system was much nicer, with the most annoying or serious issues all fixed, so I only read about the early issues. I feel terrible for the (former) Amazon employees who put a huge amount of effort into this thing. (Like Meego, too!) And the hardware is still very nice, better than my Fire Tablet that is much newer. I really thought it would last me for years, for the sorts of things I used it for. (Another thing I liked to do is control my Squeezbox music streaming devices. And listen to podcasts. Things like that.) There are so many uses for an older device. And I enjoyed this one.
Since at the very minimum this device is a Kindle book reader and Amazon music player, Amazon loses by not providing some bare-minimum support for it. My first Kindle e-Reader from 2011 still works great. But my guess is, the number of people still using this phone is super low. Which is why I was happy to see your post!
Click to expand...
Click to collapse
Yeah I completely agree. I got mine for $199 and a year of Amazon Prime included made the phone basically $99. ? I happened to think of one more possibility. Maybe there is an Amazon Fire ?services app (like Google services) or account manager app that got automatically updated by your Google Play store, or even replaced by a version off the Play store that led to this issue, because like I mentioned mine is actually still working aside from the Amazon Shopping app, and some apps that require a newer google services to get notifications.
I actually had flashed several different Roms on this phone and yeah the stock (but updated) Fire OS 4.6.6.1 is definitely the best. --Amazon account registration is part of the initial setup BTW, so factory reset might work.
I made the jump over to iOS after experiencing the Android 7&8 difficulties on a few other devices and battery gate with Samsung phones. Now I am experiencing a crapy battery life issue with my iPhones. My Fire Phone is from 2014, original battery and still has better battery life than even my iPhone XS Max. Wow ? So yeah, there is something to Fire OS being so light that makes it probably just about the best OS for a phone. The last time I flashed back to stock I used a ROM from this website, but I don’t remember what thread that’s on. I think it’s in the Cyanogen 11 Rom thread for this device. Maybe try flashing that. And you could actually (if you don’t mind losing the storage space) create a backup Rom from your current one, then make a new slot in twrp or whatever it’s called and have the other Rom installed on there. Then check to see if it’s possible to register on that version. If it doesn’t work, no big deal you will still have your backup rom with all your data. If it does work, then you could transfer your stuff over via usb. That would save you quite a bit of time incase it decides not to work. You can do a root and install the other rom right from your fire phone these days. That’s a bonus.
What happens when you open Amazon Instant Video? Does it ask you for a loggin? That would be awesome. BTW My Kindle Fire HX 7 is still working great too, just starting to slow down a bit. I also have a 6" Fire HD. I really agree Fire OS is super clean and alot of modern OS's are not that great and way too heavy for what most people need, especially on mobile devices.
Thanks again for your advice, especially since I will almost certainly end up flashing this thing. I have done a lot of "phone hacking" in the past -- even back in flip phone days -- but it is very time consuming and I'm super busy now. But it is kind of fun. So, maybe later.
I did not have Google Play (or any app store, on any of my devices) to be set to automatically update apps. Tho I think the store itself and its dependencies may still update, even if my apps don't, and I can't control that. And sometimes my setting to not automatically update is "reset" when a google component is updated. So it is conceivable that something got automatically updated and that caused my issue. I did have to reset the "do not update" setting.
I'm curious to see if anyone else has this issue, because if no, then you are right, I should just re-flash. I downloaded the latest Fire OS a while ago -- I collect stuff like that because you never know when it will be no longer readily available. So the phone is definitely not dead -- and it is nice that I have options for how to set it up. I'm glad to have the community contributions for that -- I did read thru those hacking posts.
I bought a spare battery a little while ago because I was worried they would be hard to get once I need one. But my currently installed battery, the original, is very satisfactory. So definitely I'll keep using this nice phone for a while.
dini77 said:
Thanks again for your advice, especially since I will almost certainly end up flashing this thing. I have done a lot of "phone hacking" in the past -- even back in flip phone days -- but it is very time consuming and I'm super busy now. But it is kind of fun. So, maybe later.
I did not have Google Play (or any app store, on any of my devices) to be set to automatically update apps. Tho I think the store itself and its dependencies may still update, even if my apps don't, and I can't control that. And sometimes my setting to not automatically update is "reset" when a google component is updated. So it is conceivable that something got automatically updated and that caused my issue. I did have to reset the "do not update" setting.
I'm curious to see if anyone else has this issue, because if no, then you are right, I should just re-flash. I downloaded the latest Fire OS a while ago -- I collect stuff like that because you never know when it will be no longer readily available. So the phone is definitely not dead -- and it is nice that I have options for how to set it up. I'm glad to have the community contributions for that -- I did read thru those hacking posts.
I bought a spare battery a little while ago because I was worried they would be hard to get once I need one. But my currently installed battery, the original, is very satisfactory. So definitely I'll keep using this nice phone for a while.
Click to expand...
Click to collapse
Was just thinking of going back to this phone as my primary phone. My problem is trying to get Micro G or something to work, for spoofing google services, because I want to use some apps that require google services, else they won't receive notifications. I also found on app I use, it's Korean, Kakaotalk is not receiving notifications when closed anymore. I haven't figured out why yet. Saw another thread about notifications on 3rd party apps not working, but didn't see a solution. I would also like to see a camera upgrade (4k video) and maybe a speaker upgrade and storage would be nice, but obviously that would require some soldering that I'm not willing to do, but maybe if I had a few doner phones would try it.:laugh: happy thanksgiving by the way!
I just went back to a Nokia N9 as my primary, at least for voice and weather and such basics (MeeGo OS, and battery lasts for days, good quality voice, nice small size, does not crash, etc). But I have my iPad and iPhone SE (the older model) always turned on so that covers all my needs. So, it is perfectly fine to use an old phone as primary so long as you have another device to supplement what the primary lacks. The Fire Phone would also make a primary. Tho in my experience it is not as stable. The "mishap" in this thread was not my first serious hiccup. See also the thread on all apps crashing if they require the address book (including the phone). That one is serious and reoccurs. (I think it is caused by having a very large number of apps on the phone. Usually fixed when I delete one of the larger apps.) So in other words at least with the original OS, stability is an issue. Maybe the custom firmware on this board is more stable.
Have a great thanksgiving!

Finally dumped Apple for Galaxy Tab S - A few questions if I may....

Hi all, I have finally had enough of Apple (and planned obsolescence!). I have never used Android before, got myself a Galaxy Tab S and once I learn how to use it well, I will be dumping my faulty iPhone in favour of a Galaxy phone as well.
I bought a used Tab S with 4G in lovely condition. Just turned it on and it says Insert Sim. I skipped that and it said "Many features will not work without an active Sim".
Therefore the first question I have is how much to read into that message?! Do I believe it? I don\'t plan on using a data Sim, only want to use WiFi. Will the Tab S work just fine without a cellular SIM or is it going to give me constant errors and problems? If the latter I may have to sell it in favour of a non SIM version. Any advice appreciated. I quite like the idea of being ABLE to use a data SIM if I want to some time, hence why I bought it.
Second question is I DESPISE Google and all the tracking stuff. I use a VPN much of the time. A friend of mine has a Galaxy Tab and said I should "root" the device. Can anyone tell me the main benefits of doing so? I am trying to work out how necessary is it (as I am short of time so won't do it unless it will give me benefits). I intend to use VPN and try my best to prevent google tracking what I watch on youtube, what searches I do, and just about anything else I can. I also notice that for Earth and Maps to work, I obviously need to let it know my location (which I don't generally like doing but understand the trade off and will do it in this case). Is there a way (perhaps via rooting) to enable GPS location sharing without feeding GOOGLE my whereabouts (i.e. using other map software instead of Google's)?
I am blown away by the quality of this device. thanks for anyone who has time to offer their thoughts on the above. Thanks
Welcome to the real world, Neo!
SIM Card allows having such things like mobile data (this works just the same as the iPad LTE) and voice calls from a tablet (this feature is unique to Android - you can make voice calls just like it is a big phone, using either built-in mic and speakers or via Bluetooth headset). If the SIM is not inserted, there will be no problems - you can safely dismiss the warning.
Regarding the Google-free experience and rooting. Rooting is direct equivalent to iOS jailbreak. Both result in getting root shell (# or uid 0).
To root the Tab, you must flash the CF-Autoroot via Odin: https://www.theandroidsoul.com/root...10-5-lte-sm-t805-one-click-cf-auto-root-tool/ This is for 10.5 LTE aka SM-T805, for 8.4 LTE aka SM-T705 the instruction is similar: https://www.theandroidsoul.com/root...-8-4-lte-sm-t705-one-click-cf-auto-root-tool/
Also it is good to flash the TWRP recovery after you get root to get a rich recovery environment helping you to backup and restore your device, flash custom ROMs etc.nMore info here: https://twrp.me/FAQ/
Dont hesitate to ask questions once they arise.
---------- Post added at 02:28 PM ---------- Previous post was at 02:12 PM ----------
Ph, and forgot to mention Google free experience. Once you get root, you can debloat your stock ROM but I'd advise flashing a LineageOS ROM for newer Android version and latest security patches. Also, Google services are not present by default in LineageOs but can be flashed separately. However, I am already more than a year without Google services and apps.
For example, I use K-9 Mail + OpenKeychain from F-Droid open-source app market to use GMail with OpenPGP support.
F-Droid is the primary marketplace app having opensource applications. For closed-source apps available on Google Play, the open-source Google Play client app named Yalp Store offers the same functionality as play market but not requiring Google services.
Youtube client I use is Newpipe, opensource app available in F-Droid. There are other clients too, like SkyTube.
Google Maps can be replaced by OsmAnd+ - an opensource client for OpenStreetMap infrastructure, again available from F-Droid app store.
Office application suite I recommend is Hancom Office - it is free for Samsung devices, and it processes documents faster than Office365.
Also, I made it work on LineageOS and other custom ROMs.
I use Brave Browser as a primary Web browser, as it is opensource app based on Google Chromium code but heavily de-Googled and having some cool features like embedded ad-blocker.
Hope this helps you a bit.
gellmar said:
Welcome to the real world, Neo!
SIM Card allows having such things like mobile data (this works just the same as the iPad LTE) and voice calls from a tablet (this feature is unique to Android - you can make voice calls just like it is a big phone, using either built-in mic and speakers or via Bluetooth headset). If the SIM is not inserted, there will be no problems - you can safely dismiss the warning.
Regarding the Google-free experience and rooting. Rooting is direct equivalent to iOS jailbreak. Both result in getting root shell (# or uid 0).
To root the Tab, you must flash the CF-Autoroot via Odin: https://www.theandroidsoul.com/root...10-5-lte-sm-t805-one-click-cf-auto-root-tool/ This is for 10.5 LTE aka SM-T805, for 8.4 LTE aka SM-T705 the instruction is similar: https://www.theandroidsoul.com/root...-8-4-lte-sm-t705-one-click-cf-auto-root-tool/
Also it is good to flash the TWRP recovery after you get root to get a rich recovery environment helping you to backup and restore your device, flash custom ROMs etc.nMore info here: https://twrp.me/FAQ/
Dont hesitate to ask questions once they arise.
---------- Post added at 02:28 PM ---------- Previous post was at 02:12 PM ----------
Ph, and forgot to mention Google free experience. Once you get root, you can debloat your stock ROM but I'd advise flashing a LineageOS ROM for newer Android version and latest security patches. Also, Google services are not present by default in LineageOs but can be flashed separately. However, I am already more than a year without Google services and apps.
For example, I use K-9 Mail + OpenKeychain from F-Droid open-source app market to use GMail with OpenPGP support.
F-Droid is the primary marketplace app having opensource applications. For closed-source apps available on Google Play, the open-source Google Play client app named Yalp Store offers the same functionality as play market but not requiring Google services.
Youtube client I use is Newpipe, opensource app available in F-Droid. There are other clients too, like SkyTube.
Google Maps can be replaced by OsmAnd+ - an opensource client for OpenStreetMap infrastructure, again available from F-Droid app store.
Office application suite I recommend is Hancom Office - it is free for Samsung devices, and it processes documents faster than Office365.
Also, I made it work on LineageOS and other custom ROMs.
I use Brave Browser as a primary Web browser, as it is opensource app based on Google Chromium code but heavily de-Googled and having some cool features like embedded ad-blocker.
Hope this helps you a bit.
Click to expand...
Click to collapse
Crikey!! Can't thank you enough for the time and effort there, what a great welcome to the other side
I confess most of what you said went straight over my head, ROMS and such like, but I will learn as there are clearly some great tips in this post.
So - fine without SIM, cool thanks.
Flashing - gonna take some time to learn but I think the link you posted is what I need, I have the SM-T800
So Lineage is an OS, is that right? And it comes free of Google bloatware/spyware?
I can't believe there are ways to view youtube and maps etc without giving Google your retinal scan. JUST what I hope to do!
Brave Browser - not heard of that, was gonna look for Firefox or Waterfox and set it up myself with RTC discabled, Ublockorigin etc etc (if poss) but maybe don't need to now as Brave sounds built to do what I want already.
Thanks again, great post
marrteee said:
Crikey!! Can't thank you enough for the time and effort there, what a great welcome to the other side
I confess most of what you said went straight over my head, ROMS and such like, but I will learn as there are clearly some great tips in this post.
So - fine without SIM, cool thanks.
Flashing - gonna take some time to learn but I think the link you posted is what I need, I have the SM-T800
So Lineage is an OS, is that right? And it comes free of Google bloatware/spyware?
I can't believe there are ways to view youtube and maps etc without giving Google your retinal scan. JUST what I hope to do!
Brave Browser - not heard of that, was gonna look for Firefox or Waterfox and set it up myself with RTC discabled, Ublockorigin etc etc (if poss) but maybe don't need to now as Brave sounds built to do what I want already.
Thanks again, great post
Click to expand...
Click to collapse
Strange the T800 has no dedicated SIM slot, it is WiFi only. T805 does have a SIM card though. You can check it opening Settings - Phone info. Also you can use the dialer to enter a magic code *#1234# to get info about your firmware (pay attention to PDA and CSC values). Would be good if you provide these here before you start any flashing.
LineageOS is a community built distribution of Android OS (like Ubuntu or Debian are GNU/Linux distributions) with some additional tweaks like Privacy Guard (a framework giving you control about permissions application ask, like a consent or denial to read contacts, GPS location, phone number etc). Full disclosure: I am an official maintainer of LineageOS for SM-T805 and I belong to the team creating LineageOS for other devices on the same chipset, like SM-T800, SM-T705, SM-T700, SM-P600 etc. There are also ResurrectionRemix ROM based on LineageOS and also there are de-bloated stock ROMs based on latest available Android 6.0.1 official factory OS. The official LineageOS is based on Android 7.1.2, and there is a (not very stable) 8.1.0.
I was a long-term fan of Firefox on Android (and I still am on PC!), but Chromium engine is twice as fast on our tablet (90.08 for Brave vs 45.04 for Firefox in browser benchmark)
SORRY! The seller called it a T800 but I checked and yes it's a T805.
I am SO busy at the moment with work and family stuff, not sure when I can get round to this and it looks like I have a lot of learning to come which I am dreading a bit with my schedule as it is! Don't suppose there is any chance someone (if not yourself) on this forum offers any kind of service? By that I mean, I post the Tab with cash to cover the job, and someone roots it and does the things you have mentioned then post it back? Probably a bit too much wishful thinking, but if you don't ask.......
marrteee said:
SORRY! The seller called it a T800 but I checked and yes it's a T805.
I am SO busy at the moment with work and family stuff, not sure when I can get round to this and it looks like I have a lot of learning to come which I am dreading a bit with my schedule as it is! Don't suppose there is any chance someone (if not yourself) on this forum offers any kind of service? By that I mean, I post the Tab with cash to cover the job, and someone roots it and does the things you have mentioned then post it back? Probably a bit too much wishful thinking, but if you don't ask.......
Click to expand...
Click to collapse
This can be done remotely via TeamViewer - you can be around and follow my commands like press home button etc. The rest is done via ADB on PC side. But write me in PM next week - I have some things to do that I promised before.
That's too kind of you. Not sure if you mean Teamviewer with the actual device or another computer. I am in no hurry at all. My device is factory stock right now, been reset and I am not doing anything with it for now.
Thanks again
I don't suppose (given your knowledge of privacy issues etc) you know of a secure alternative to Skype? I am talking mainly about a desktop app. I have researched many times over the past year and it seems to me that every time something decent gets going, they get shut down or just close down without much explanation. Sure seems suspicious in some cases. Best I could find was ViPole, which is good although has some weaknesses. I can't believe nobody has made something that can do the basic stuff Skype can do! (text, video/voice, screenshare and file share). It's so simple by today's standards! Of course plenty of options until you get to P2P or encryption, then there seems to be nothing which actually works very well at all! Just in case you know of anything?
marrteee said:
I don't suppose (given your knowledge of privacy issues etc) you know of a secure alternative to Skype? I am talking mainly about a desktop app. I have researched many times over the past year and it seems to me that every time something decent gets going, they get shut down or just close down without much explanation. Sure seems suspicious in some cases. Best I could find was ViPole, which is good although has some weaknesses. I can't believe nobody has made something that can do the basic stuff Skype can do! (text, video/voice, screenshare and file share). It's so simple by today's standards! Of course plenty of options until you get to P2P or encryption, then there seems to be nothing which actually works very well at all! Just in case you know of anything?
Click to expand...
Click to collapse
Look for Signal and qTox.
Thanks. Tried and still use Signal, although it's got some flaws and not at all sure I trust the privacy side. I really need screenshare too which it doesn't have.
qtox and utox i have tried, tried all the tox chat programs. Completely buggy and unusable. Nice and secure though , which makes it a shame they can't make the software work properly! notifications dont work, cam, calls completely broken. unusable.
I looked at variuos others but it's all going over to apps for smartphones and tabs now, I want a desktop app. Maybe Skype through VPN would help a bit, but not ideal!
Thanks again
marrteee said:
Thanks. Tried and still use Signal, although it's got some flaws and not at all sure I trust the privacy side. I really need screenshare too which it doesn't have.
qtox and utox i have tried, tried all the tox chat programs. Completely buggy and unusable. Nice and secure though , which makes it a shame they can't make the software work properly! notifications dont work, cam, calls completely broken. unusable.
I looked at variuos others but it's all going over to apps for smartphones and tabs now, I want a desktop app. Maybe Skype through VPN would help a bit, but not ideal!
Thanks again
Click to expand...
Click to collapse
To accelerate the process of bringing up the quality of opensource projects, one must at least report the bugs timely. Have you filed a feature request? We all donate either our money, or our time to the community. Some of us donate both
Ha, yes I do make reports whenever I spot anything. I am talking to one of the developers about it but I don't see it getting fixed as the impetus seems to have gone and no way they will add screenshare I dont think. I will try though yes, least I can do in the hope that someone produces something useful but not "in bed" with the government!

Hidden Google Account + Hidden Systemadminapp in LineageOS | Privacy infiltrated?...

Is the builtin app named "Storagemanager" a hidden system administrator in LineageOS 19.1?
I ask this because in LineageOS 14.1 Storagemanager is a systemadministrator app.
In LineageOS 14.1 under > settings > apps > special app access > deviceadministrators, nothing showed up by default, but then i pressed the three dots on the top right and selected "show system", then storage manager was shown as active system administrator app.
I had the option to disable it, which i did, as i dont want ANY app to be administrator as i consider myself as the device owner being the administrator in place, no need for an app to have any such administrative permissions.
Now in LineageOS 19.1 when you navigate to > settings > apps > special app access > deviceadministrators > the three dots on the top right corner to show system apps ARE GONE.
This makes me think storage manager is a secret/hidden system administrator that cannot be disabled in lineageOS 19.1 because the three dots at the top right have been removed in 19.1 basically making it IMPOSSIBLE to the device owner to remove unwanted systemadministrator apps.
If infact storagemanager is a secret systemadministrator app, why is that so, why was the option to disable this app from being a system administrator removed??
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Another question, in LineageOS 14.1 when i tried to open the calendar app, there was a prompt/popup saying "to use the calendar app you must add atleast one google account to your phone".
To be honest that scared me... considering that i use LineageOS purely for privacy and Google is the opposite of privacy.
That being said please keep in mind (this is very important), in LineageOS 14.1 when i opened the calendar app i was asked to add a Google account...
Here comes the things, in LineageOS 19.1 when i open the calendar app the prompt/popup says this: "before you can use the calendar app you must add atleast one calendar account".
That sounds very suspicious to me, because in 14.1 it was called google account and now in 19.1 its called callendar account, obviously my question is now... is the callendar account a google account just being called out in another way...?? If yes this is obviously a major manipulation because not naming google here will trick most likely any LineageOS user to creating a callendar account without even knowing that in reality what they just did was to create a goolge account on their privacy phone...... what sort of manipulative person would make such a nightmare come true? At this point i must ask if LineageOS even is a privacy option anymore... or has it been inflitrated by google already...
Another suspicous change i detected after switching from LineageOS 14.1 to 19.1 is that under > settings > apps > special app access > useage access, zero apps are listed, but once i pressed the three dots in the top right corner, bluetooth, media storage, nfc service, package installer, permissions controller, phone services, shell, storage manager, and systemui where ALL shown as "access to useage data = allowed". This really makes me woonder what is going on with LineageOS, what reason is there to grant all these apps access to useage data by default?? In LineageOS 14.1 there was not a single app even the system ones, that had useage data access set to allowed, infact in 14.1 all apps where set to be not allowed to access useage data. What is going on here and why??
Another change i noticed from LineageOS 14.1 to 19.1 is that under > settings > privacy, in 14.1 i was able to edit individual app permissions and enable or disable the privacy mode, in 19.1 there seems to be a new service so called "trust" which is responsible for privacy, im fine with that, however i am missing a very important privacy setting that was present in 14.1 but is not in 19.1 and that is "start on boot". On 14.1 i was able to select any specific app and deny or allow it's access to start itself on boot. Why is this important setting not present in 19.1?
In 19.1 under > settings > privacy > permissions manager, there is no option to deny apps to "start on boot".
My guess is, either 19.1 blocks all apps from starting on boot by default, or it allows it by default for all apps and there is simply no option to stop that which would be a major privacy downgrade compared to older versions...
thank you for posting this, my eyes have been opened.
Already 100+ views but only 1 comment, hmm...
Nobody knows anything?
I seriously want to get ansers to the above questions... these are real concerns to me.
My questions don't seem to get to much attention here, not even to mention a reply.
Does anyone know a forum or another place where i can ask what is written above?
I wan't answers, these are real privacy concerns!
Hmmm. I don't have answers to your specific questions. In another thread, you posted, generally, that most people don't care about your concerns. Very true. I wholeheartedly support you advocating your views; however encourage you to tread lightly if you want people to reply to you.
The only sure answer to your situation, and for me, also, is to grab the source of the rom which suits you, one without gapps, and then hire a dev to help go through the source to answer your questions. Then edit as needed and re-compile.
I am familiar enough with the process in general however don't have the skills to do it myself. LOS and its variants are probably a good place to start. I am using a vanilla build of RROS on A10 on a Oneplus8 pro. Since we have tools for A11 that is good but the tools generally aren't available for some time after a new Android release.
Your question might be asked of the Lineage devs, though I am sure they are busy and they are not forcing you to use their (free) product. There are also Linux phones available, although so far the hardware I have seen is not great.
What phone are you using? If you are serious about this, and are willing to support a dev project as above, we would have to settle on one or two similar OSes on the same Android version, and hire someone for a few days. This would be expensive. I, for one, would contribute. If we found 10 or 20 like minded people a crowdfunding page could be set up. If we did not reach the necessary amount then the money could be refunded.
To tell the truth, G keeps putting more obstacles in the way of modders and I am getting to the point where its not worth the trouble. Hopefully the hardware for Linux phones will improve.
Thoughts??
gregpilot said:
Hmmm. I don't have answers to your specific questions. In another thread, you posted, generally, that most people don't care about your concerns. Very true. I wholeheartedly support you advocating your views; however encourage you to tread lightly if you want people to reply to you.
The only sure answer to your situation, and for me, also, is to grab the source of the rom which suits you, one without gapps, and then hire a dev to help go through the source to answer your questions. Then edit as needed and re-compile.
I am familiar enough with the process in general however don't have the skills to do it myself. LOS and its variants are probably a good place to start. I am using a vanilla build of RROS on A10 on a Oneplus8 pro. Since we have tools for A11 that is good but the tools generally aren't available for some time after a new Android release.
Your question might be asked of the Lineage devs, though I am sure they are busy and they are not forcing you to use their (free) product. There are also Linux phones available, although so far the hardware I have seen is not great.
What phone are you using? If you are serious about this, and are willing to support a dev project as above, we would have to settle on one or two similar OSes on the same Android version, and hire someone for a few days. This would be expensive. I, for one, would contribute. If we found 10 or 20 like minded people a crowdfunding page could be set up. If we did not reach the necessary amount then the money could be refunded.
To tell the truth, G keeps putting more obstacles in the way of modders and I am getting to the point where its not worth the trouble. Hopefully the hardware for Linux phones will improve.
Thoughts??
Click to expand...
Click to collapse
My knownledge on programming is very limited, i would not be able to contribute to any meaningful software really. Indeed my language can quickly become not so nice when it comes to privacy, i don't like how the masses throw away their freedom.
Think about it, google chrome holds around 60% market share, then combine all chromium browsers and we are at around 90% while Firefox is at around 4%. Then think about how many people use Gmail and how many use privacy alternatives like Protonmail. Think about how many people use the standard google android os on their phone and how many have iphones and compare that to how many people use a linux phone or a custom os like lineage or graphene...
Anyone can protect their privacy, there are many great videos on youtube.
Here are some examples:
The Hated One
Creating deeply researched and well-sourced essays critiquing some of the most important issues of our time in a non-partisan, non-sectarian way. Mass surveillance is a backdoor into freedom of speech. Knowledge is power. And power corrupts. https://twitter.com/The_HatedOne_...
yewtu.be
Rob Braxman Tech
I'm the Internet Privacy Guy. I'm a public interest hacker and technologist. I use my extensive knowledge of cybersecurity and tech to serve the public good. I care about privacy. I warn you of digital manipulation, disinformation, mass surveillance. I also discuss alternative communication...
yewtu.be
Techlore
Techlore was built to prove privacy & security are not just achievable - but simple and accessible. We manage several projects, communities, and content to spread privacy & security to the masses. Visit our Website: https://techlore.tech
yewtu.be
Mental Outlaw
Only cool people visit https://based.win/
yewtu.be
Naomi Brockwell: NBTV
www.nbtv.media NBTV teaches people how to reclaim control of their lives in the digital age. We give people the tools they need to take back their data, money, and free online expression. - Your Money - Your Data - Your Life Empower Yourself. Created and hosted by Naomi Brockwell Our...
yewtu.be
Louis Rossmann
I discuss random things of interest to me. This is, and always will be, my personal variety show. I teach Macbook component level logic board repair from a common sense, everyman's perspective. I try to make it seem viable, and entertaining. I also go over business concepts & philosophy that...
yewtu.be
The Linux Experiment
Making Linux accessible: no techno lingo, no super technical content. Just Linux desktop news, simple tutorials, application spotlights, and opinion pieces trying to stay positive, without gatekeeping. đź‘Ź SUPPORT THE CHANNEL: Get access to a weekly podcast, vote on the next topics I cover, and...
yewtu.be
I use yewtu.be over youtube.com to avoid google.
See, google chrome and google search know all of your browsing history, there is no privacy, they make a profile of everyone who uses any of their services. Even if you use google without an account chances are they can identify you and your device. Same with gmail... it reads (scans) all of your emails and sell the content to adverstisers. I don't know how people can be ****** enough to use these services when you can simply switch to alternatives that are working perfectly flawless and don't spy on you.
Privacy can be easy.
Instead of google chrome > Firefox or even better Librewolf
Instead of google search > brave search or duckduckgo
Instead of gmail > protonmail
Instead of google android > lineage or graphene
It's not that hard...
Nobody forced me to use lineageos obviously i installed it on my own, i don't like the changes from 14.1 to 19.1 as they seem very suspicious to me, but i will still preffer LOS at any time over the standard google crap.
Before using a google phone id rather not use a phone at all.
Speaking about phones, people who buy iphones have lost their mind, i mean it.
My phone is a samsung S7, as long as it is functional i will not buy a new phone, besides i don't have the money now... your suggestion sounds interesting but i'm not into that really.
In the mean time i will repeat what you said, we can only wait for linux phones to support modern hardware and get one of those in the future.
GrapheneOS seems like the best choice as of now but it's really ironic that it works only on google pixel phones...
Most people don't care that they are been spied on. They are after the they easy life. Want all the mod cons to make things easier. Unfortunately you can't change peoples habits. Have started seen a lot of custom rooms with suspicious files, that makes a person wonder if google is paying the devs to include their software.
ShaunSmit said:
Most people don't care that they are been spied on
Click to expand...
Click to collapse
Well, plenty of people do. For example, just see XDA's thread for FairEmail:
https://forum.xda-developers.com/t/...en-source-privacy-oriented-email-app.3824168/
Privacydroid said:
builtin app named "Storagemanager" a hidden system administrator in LineageOS 19.1?
Click to expand...
Click to collapse
Privacydroid said:
My questions don't seem to get to much attention here
Click to expand...
Click to collapse
Well, I am interested in and have subscribed to this topic... it's just that LOS19 is still not really a hot topic for me yet (still fighting with LOS18, lol).
SigmundDroid said:
Well, plenty of people do. For example, just see XDA's thread for FairEmail:
https://forum.xda-developers.com/t/...en-source-privacy-oriented-email-app.3824168/
Well, I am interested in and have subscribed to this topic... it's just that LOS19 is still not really a hot topic for me yet (still fighting with LOS18, lol).
Click to expand...
Click to collapse
My bet lineage 1.18 is also affected by what i described above.
there might be some privacy oriented custom roms. have you checked ?
e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data
your data is YOUR data
e.foundation
or
Purism– Librem 5
Introducing the – Librem 5 by Purism
puri.sm
Fytdyh said:
there might be some privacy oriented custom roms. have you checked ?
e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data
your data is YOUR data
e.foundation
or
Purism– Librem 5
Introducing the – Librem 5 by Purism
puri.sm
Click to expand...
Click to collapse
Never heared about https://e.foundation/ will have a look at that one.
The librem 5 has outdated hardware and is expensive, but that's not the problem... the shipping times are totally ******. Can take years for you to ever recive that phone.
Besides, that doesn't anser any of my above questions about LOS, guess that wasn't your intention anyways.
Privacydroid said:
Never heared about https://e.foundation/ will have a look at that one.
The librem 5 has outdated hardware and is expensive, but that's not the problem... the shipping times are totally ******. Can take years for you to ever recive that phone.
Besides, that doesn't anser any of my above questions about LOS, guess that wasn't your intention anyways.
Click to expand...
Click to collapse
about your privacy related inquiries, i recon that Lineage, while it used to stand for privacy in the first years, it started to be seen more as a way to get updates on no longer supported devices. and given that almost every user that uses lineage also had flashed gapps, makes sense for them to add gapps in their everyday custom rom as well. Google has its sets of downsides and upsides. Privacy is good, but functionality is more important. a lot of good apps rely on google implemented functionality. Say that i would need to drive around the country. Privacy is my preference, but i need a fully functional bugless waze. Waze without google play services is a mess, if you get it working. Android Auto without gapps isnt possible.
For my devices, at least, Lineage did not have gapps baked in. For me, a good thing. There are a few vanilla roms left out there. Even without gapps, there are still leaks to google (the captive portal connectivity check, for one) but the footprint is much smaller.
For me, I have found open source alternatives to ALL of googles bloat and spyware. Not as convienient, sure. Pain in the a** sometimes, yes. Wayze? Host your own cameras, use openstreetmap (osmand) instead. google has made it very convienient with their ecosystem. I, for one, do not wish to share my life with them.
Fytdyh said:
about your privacy related inquiries, i recon that Lineage, while it used to stand for privacy in the first years, it started to be seen more as a way to get updates on no longer supported devices. and given that almost every user that uses lineage also had flashed gapps, makes sense for them to add gapps in their everyday custom rom as well. Google has its sets of downsides and upsides. Privacy is good, but functionality is more important. a lot of good apps rely on google implemented functionality. Say that i would need to drive around the country. Privacy is my preference, but i need a fully functional bugless waze. Waze without google play services is a mess, if you get it working. Android Auto without gapps isnt possible.
Click to expand...
Click to collapse
No idea why people use gapps or microg, it's anti privacy so i do not ever use any of that.
I do not use any google services in my life and i don't miss them or need them for anything, i have alternatives.
I have to disagree on this phrase "Privacy is good, but functionality is more important".
If you are forced to give up privacy to use a service or product then the service or product is not worth being used.
Privacy is way more important than functionality, besides 90% of the time you can find perfectly working privacy friendly alternatives for almost anything.
Instead of google maps for example i use these:
Map at DuckDuckGo
DuckDuckGo. Privacy, Simplified.
duckduckgo.com
OpenStreetMap
OpenStreetMap is a map of the world, created by people like you and free to use under an open license.
www.openstreetmap.org
Not sure if that is helpful while driving, would be fine for me, never heared about waze.
I banned Google of my life and im happy with that, wasn't that hard after all.
gregpilot said:
For my devices, at least, Lineage did not have gapps baked in. For me, a good thing. There are a few vanilla roms left out there. Even without gapps, there are still leaks to google (the captive portal connectivity check, for one) but the footprint is much smaller.
For me, I have found open source alternatives to ALL of googles bloat and spyware. Not as convienient, sure. Pain in the a** sometimes, yes. Wayze? Host your own cameras, use openstreetmap (osmand) instead. google has made it very convienient with their ecosystem. I, for one, do not wish to share my life with them.
Click to expand...
Click to collapse
My lineage version also doesn't have gapps in it, atleast nothing that is visible or accessable to me..
Not sure about the calendar thing described above..
What do you mean by captive portal connectivity check, what's that?
I beleve LOS uses Googls SUPL Server's too.
Great to meet someone with the same mindset, way to many people throw away their privacy which is equal to freedom, for "convienience"... It's crazy.
What do you mean by captive portal connectivity check, what's that?
I beleve LOS uses Googls SUPL Server's too.
Click to expand...
Click to collapse
Every time your device makes a network connection (wifi or cellular) it pings "connectivitycheck.gstatic.com". Not really a ping, its a http request to check for internet connectivity. Successful completion will remove the "x" by the wifi and/or cell data icon. Although if the address is blocked on your router the "x" will remain, and your device will complain about not having internet access....but it does! (so long as your wifi router/cell net has access). But wifi calling won't work.
For more, go here:
https://forum.xda-developers.com/t/guide-how-to-avoid-the-captive-portal-checkin-to-google.3927561/
You can host your own check server, or....just disable the check.
I have confirmed this works on A9 and A10 AOSP roms. There are different variants of this command for different roms. You may have to try several of them.
From an adb shell: (needs root)
Code:
:/ # settings put global captive_portal_mode 0
***********THIS DISABLES GOOGLE CONN CHECK***** A9 and 10
To verify it is disabled:
Code:
:/ # settings list global | grep portal
Should return "captive_portal_mode=0"
If you do connect to a captive portal page (public wifi, open connection) where the owner wants a login cred then the side effect of this is that it won't work.
The issue is that everytime the check is run, google will get your IP address and browser/OS and can infer your coarse location even if location services are turned off. I have all google domains blocked on my wifi so to keep my wife happy I disable the check on her phone also so she does not get the "no internet" notification.
Another hole is the agps (assisted gps) database downloaded from google or your phone carrier regardless of enabled location. I believe you can edit the server which is contacted, again, will require root.
This post says you can edit the gps.conf file:
https://forum.xda-developers.com/t/a-gps-supl-protocol-and-privacy-breaching.3602863/
Anyone try that? What abour removing "supl" from the apn type?
But I'm not there, yet, I usually have location selected off. Rob Braxman has a good vid here, use freetube:
https://github.com/FreeTubeApp/FreeTube
https://www.youtube.com/watch?v=vbBkZ-MROEk?
Again as stated earlier the best fix is to find a AOSP source of a rom you like, edit (or hire a dev) to edit out all of the bloat and google tracking which may remain, and re-compile.
gregpilot said:
Every time your device makes a network connection (wifi or cellular) it pings "connectivitycheck.gstatic.com". Not really a ping, its a http request to check for internet connectivity. Successful completion will remove the "x" by the wifi and/or cell data icon. Although if the address is blocked on your router the "x" will remain, and your device will complain about not having internet access....but it does! (so long as your wifi router/cell net has access). But wifi calling won't work.
For more, go here:
https://forum.xda-developers.com/t/guide-how-to-avoid-the-captive-portal-checkin-to-google.3927561/
You can host your own check server, or....just disable the check.
I have confirmed this works on A9 and A10 AOSP roms. There are different variants of this command for different roms. You may have to try several of them.
From an adb shell: (needs root)
Code:
:/ # settings put global captive_portal_mode 0
***********THIS DISABLES GOOGLE CONN CHECK***** A9 and 10
To verify it is disabled:
Code:
:/ # settings list global | grep portal
Should return "captive_portal_mode=0"
If you do connect to a captive portal page (public wifi, open connection) where the owner wants a login cred then the side effect of this is that it won't work.
The issue is that everytime the check is run, google will get your IP address and browser/OS and can infer your coarse location even if location services are turned off. I have all google domains blocked on my wifi so to keep my wife happy I disable the check on her phone also so she does not get the "no internet" notification.
Another hole is the agps (assisted gps) database downloaded from google or your phone carrier regardless of enabled location. I believe you can edit the server which is contacted, again, will require root.
This post says you can edit the gps.conf file:
https://forum.xda-developers.com/t/a-gps-supl-protocol-and-privacy-breaching.3602863/
Anyone try that? What abour removing "supl" from the apn type?
But I'm not there, yet, I usually have location selected off. Rob Braxman has a good vid here, use freetube:
https://github.com/FreeTubeApp/FreeTube
https://www.youtube.com/watch?v=vbBkZ-MROEk?
Again as stated earlier the best fix is to find a AOSP source of a rom you like, edit (or hire a dev) to edit out all of the bloat and google tracking which may remain, and re-compile.
Click to expand...
Click to collapse
Thank you for this interesting reply, i will attempt to remove captive portal connectivity check / connectivitycheck.gstatic.com with adb by following your provided command
settings put global captive_portal_mode 0
settings list global | grep portal
However you mentioned this needs root, my device is not root so this basically wont work without root?
I could use magisk for rooting.
Rob Braxman is great, watching all of his content. But i couldn't find any instructions to disable googles SUPL.
I also don't think rob has a video for captive portal connectivity check, or does he?
From my experience with his videos he acts as if degoogled phones with lineage are 90% better than normal phones, so i guess the other 10% are things like SUPL and captive portal connectivity check which are not that easy to disable..? If google knows my locations on a degoogled device with lineageos by using captive portal connectivity check then hell, that#äs really disturbing i had no idea that they still know where my phone is / where i am, very scary...
However you mentioned this needs root, my device is not root so this basically wont work without root?
Click to expand...
Click to collapse
Yes, the command needs root. Also there are some differences based on your version of Android.
The following is old, but has some good stuff:
https://www.reddit.com/r/privacy/comments/cldrym
The biggest help for this is to not install google services, and use a vanilla rom without it.
As far as captive portal, that is fixable.
The DNS servers can be changed from googles, but it is less straightforward.
NLP is not present without gapps, from what I have read
The SUPL issue, for me, is a WIP. I will happily deal with slow GPS TTFF. What I don't know:
1. Editing (removing) the supl entry in the APN file, what affect, if any;
2. Editing /vendor/etc/gps.conf (newer roms have the file in /vendor) to show a non g server;
3. the big question, which GPS radio chips may or may not have SUPL on the hardware level and therefore, if so, we are unable to fix.
gregpilot said:
Yes, the command needs root. Also there are some differences based on your version of Android.
The following is old, but has some good stuff:
https://www.reddit.com/r/privacy/comments/cldrym
The biggest help for this is to not install google services, and use a vanilla rom without it.
As far as captive portal, that is fixable.
The DNS servers can be changed from googles, but it is less straightforward.
NLP is not present without gapps, from what I have read
The SUPL issue, for me, is a WIP. I will happily deal with slow GPS TTFF. What I don't know:
1. Editing (removing) the supl entry in the APN file, what affect, if any;
2. Editing /vendor/etc/gps.conf (newer roms have the file in /vendor) to show a non g server;
3. the big question, which GPS radio chips may or may not have SUPL on the hardware level and therefore, if so, we are unable to fix.
Click to expand...
Click to collapse
I just tried using your solution for the onnectivitycheck.gstatic.com issue by using the provided command
:/ # settings put global captive_portal_mode 0
Before i that i rooted the phone with magisk, the command did not work (i attempted executing the command on cmd in windows inside the adb/fastboot folder, usb drivers are also installed.
I was able to start the daemon by using adb devices but the command you provided didn't work.
The phone was booted normally during the test, maybe i should instead go to downloadmode or recovery mode? The link you send for more instructions says we should use a cmd app on the phone to exectue this command (a pc is not mentioned), however i don't find any cmd app on the phone (lineageos 19.1).
Privacydroid said:
I just tried using your solution for the onnectivitycheck.gstatic.com issue by using the provided command
:/ # settings put global captive_portal_mode 0
Before i that i rooted the phone with magisk, the command did not work (i attempted executing the command on cmd in windows inside the adb/fastboot folder, usb drivers are also installed.
I was able to start the daemon by using adb devices but the command you provided didn't work.
The phone was booted normally during the test, maybe i should instead go to downloadmode or recovery mode? The link you send for more instructions says we should use a cmd app on the phone to exectue this command (a pc is not mentioned), however i don't find any cmd app on the phone (lineageos 19.1).
Click to expand...
Click to collapse
No, the command is made from a root shell on the phone directly, or through an adb shell.
First:
open a cmd window on your pc, cd to your adb folder. Do you have "minimal adb and fastboot" installed on your pc? Its on the forums here.
Plug in your phone to USB, do not boot to recovery or download mode. Just the normal system.
From the open cmd window, issue "adb devices". What appears?
If "unauthorized", you have to enable adb debugging in developer options. You have that enabled, right? If you do you will get a prompt on the phone to allow adb debugging access when you connect over USB.
If you get "device XXXXX", I do not recall the number of characters, then you can proceed.
issue "adb shell"
you should get a shell prompt (your phone cmd shell)
Issue "su"
If you are rooted magisk may prompt you to allow root
issue "whoami", this has to return "root".
Then issue the command I gave you. " settings put global captive_portal_mode 0"
The second string "settings list global | grep portal" is only to verify the success of the first command.
You don't need adb for this, you can also enable the "local terminal" in developer options. Or use your favorite terminal. I like Termux.
Open the terminal from your app drawer
issue "su"
Again, you should get a magisk prompt requesting permissions, allow it
issue "whoami" , verify root
then issue the same two commands.
What version of Android are you on?

Categories

Resources