Researched a lot about privacy recently and I’ve learned about telemetry and phoning home and all that stuff. I’ve discovered that rooting your phone is the best way to absolutely control all permissions and outgoing/incoming internet traffic, however I’ve run into the problem that my S23 is NA, and I can’t unlock the bootloader and hence I can’t root it.
Is there any way I can harden this phone to the maximum without rooting it? I’ve already gone through UAD and removed some bloatware and privacy nightmare apps, but I wanna do more.
As for phone purchasing advice, next time which brand should I go for that’d allow me to have maximum deadlock privacy on my phone?
Rooting is not recommended as it breaks the security, and a lot of apps are starting to detect root and not run.
Use the available toggles in the system. Using adb or debloaters is not recommended for most users. You can also setup a pihole to block tracking at network DNS level.
First, what is “NA” and “maximum deadlock privacy” (from my understanding of Deadlocks from comp sci., it’s not a desirable state, that’s why I’m curious)
Regarding S23 or in general other samsung phones with Knox, rooting them is almost always a bad idea. Once you flash a custom ROM, you lose some key parts of their hardware security “forever”. If I recall correctly, there are tools which can control the internet access of all apps, system or otherwise, I’d suggest looking into those. You can always disable connection to samsung domains with some DNS modification.
Pixels are your best bet, if you want to keep hardware security along with privacy measures on Android. Although, word to the wise, before getting too much into videos/articles about privacy, I’d suggest reading about threat models and making your threat model, otherwise like a lot of people, burnout will set in.
Well for power users, I don’t think that makes sense. I know what I am doing, but I’m only blocked because I bought a phone in the US and not the EU or elsewhere. Yeah I get that most apps don’t work but you can bypass with playintegrityfix or hiding with magisk right?
iPhones with ADP usually are fine for most people.
Start with @water 's suggestion. Do a threat modelling. Should have been the first thing I should have recommended too. But I assumed you would have done it as you say you have been diving into privacy a while.
Not really an option because most of these custom roms suck with the camera. Like they can’t fully utilize the potential of the hardware. Plus I can’t even use a custom rom without having an unlocked bootloader right?
Threat model
My threat model needs me to be able to control all of the data that’s going out and coming into my device.
In general, I refuse to engage with people who use that copypasta from 4chan for a very basic reason: If you actually manage to search for all of these “highlighted” events in that 4chan post, you’d know that none of them are current. There are protections in place so that something like that never happens.
It’s true that Apple collects certain amount of data from your iPhone, but from what I read, that data is not associated with your Apple ID nor is it associated with your iPhone’s hardware fingerprint. It’s associated with a random identifier which gets reset frequently.
If your threat model involves “Because 4chan said so”, there is no scope of discussion left there, imho.
Where’s the proof that it is a random identifier and that it gets reset frequently?
I would go for pixel but idk how well some apps work on graphene, and then there’s the issue of third party roms not being able to fully utilize the hardware for the camera
I had to double take when I saw your pfp and username because I thought it was my own haha. Anyway,
As far as I’m aware, the only apps that don’t function well on GrapheneOS are NFC payment apps, and certain banking apps. Other than that I’ve heard no lasting problems, and the brief time I had with a pixel running GOS had no problems for anything I wanted to run either. Plus, with a project like GOS, performance can only get better with time.
As for the camera, you can use the stock camera app by installing from the play store on GOS, and it will take the same advantage of any hardware as on stock OS. Just block network permissions for the app and you have nothing to worry about really. Anything else like metadata removal can be done through other means.
At that pricepoint, why not just go with a fairphone? It seems like the more I go down the hardening route the more difficult it gets to do actually important stuff like banking and paying through the phone, so no matter my threat model, it is a must that I have a completely stock phone that I can use for that purpose.
Does it just boil down to owning an iphone and having a pixel with grapheneos combo then? ATM I can’t root or do anything with my samsung and I believe stock samsung is worse than iphone in terms of outgoing data…
@been you are probably better to ask on XDA forum, where they actually know those things. (AFAIK Most people here either have a Pixel or something else but haven’t installed a custom ROM for security reasons.)
It seems like the more I go down the hardening route the more difficult it gets to do actually important stuff like banking and paying through the phone
I mean, you do have to give up convenience for privacy at one point; that’s how it goes. I am on the fence about if I blame banking app developers for it; there are a shit tonne of scammers trying to trick the least suspecting and tech-illiterate users. I guess they have to keep “security” in mind by keeping their least informed user as the default standard, which means any tomfoolery with the devices we own and paid for threatens their security standpoint and would probably require them to invest more in their application development than rely on Google to take care of that.
Both devices currently cost €549 from the manufacturer, although the Pixel 8a is on sale for €429. The Pixel 8a is superior in almost every aspect and far exceeds the Fairphone 5 in terms of security.
While both devices will be ‘supported’ until 2031, the implications are quite different. Pixel devices receive full security patches monthly, while Fairphone has a history of delivering delayed security patches and even later OS updates. Many patches are never backported to previous Android versions, making upgrading to the next OS version the only option.
Additionally, the Pixel 8a ships with a fit-for-purpose SoC and Secure Element, which are top-class from a security perspective. The Fairphone 5, on the other hand, ships an already outdated SoC which lacks many modern security features and was never designed for phones.
GrapheneOS is definitely the best by far with iOS as a not-so-close second.
Stock Samsung isn’t great… You essentially have to deal with Google’s data collection plus Samsung’s own, arguably more invasive data collection on top of that. I would recommend avoiding a Samsung account and uninstalling as many of their apps as possible while enabling as many privacy settings as you can.
Thanks. The pixel 8a looks like a really good offer. And I’ve researched a bit more about grapheneos and it’s so good for tweaking telemetry related settings.
I’m just thinking if I should trade in my Samsung for the latest 16 pro max. Currently I’ve followed this guide and did all the tweaks mentioned. But the google account thing is a huge caveat, and idk if an iphone at stock is any better than my current samsung? Definitely would appreciate advice on this.
I recommend watching the video and reading this topic which compares the privacy of various OSes. It doesn’t specifically mention Samsung, but you’ll see that OEM Android is significantly worse than stock iOS and Android.
I do not like the guide you linked. It is not only extremely misinformed in its recommendations but is also spreading FUD.
Low-hanging fruit
False claims about iPhone and Pixel security despite being the two most secure phones available with no obvious winner (stock vs stock). Source.
Uninformed in recommending F-droid, read PG’s write-up here.
Recommends a stupid amount of apps that most reasonable people will never need, which is a significant security and to a lesser extent also a privacy threat (naturally depends on the specific apps).
In my opinion, you would be much better off with an iPhone than a Samsung device. As I was getting at in my previous post, iOS and GrapheneOS are really the two options most people recommend. It’s worth noting that the only phone Privacy Guides officially recommends is Pixel (for its security characteristic more so than its privacy).
