Further means to minimize tracking/Google on Android (e.g. via ADB)?

(Sorry for no clear formatting, I don’t know how yet.)

Hi there,

I was using a Pixel with GrapheneOS, which recently died, and a backup phone with LineageOS (no other options).

With the Pixel de-googling and de-tracking was obviously straightforward, but with the one on LineageOS it obviously isn’t.

The phone with (official) LineageOS is well maintained and pretty up to date, but besides not utilizing invasive apps, there are not many means to de-google further components LineageOS depends on.

Because of that, I use some ADB commands and additionally edit the build.prop and gps.conf (after each update due to the lack of personal ability to automate it ).

The commands I use are:

• settings put global captive_portal_http_url [desired URLs]

• settings put global
  captive_portal_https_url

• settings put global captive_portal_fallback_url

• settings put global captive_portal_other_fallback_urls
  (I use German security researcher Mike Kuketz’ server)

• settings put global ntp_server [URL]
  (I use my country’s official time signal NTP server)

(Verify with “settings GET global …”)
_

Add to build.prop (via ADB pull/push):
net.dns1=[Provider IPv4 addresses]
net.dns2=
net.rmnet0.dns1=
net.rmnet0.dns2=
net.wlan0.dns1=
net.wlan0.dns2=
(using a VPN this does at least not seem to leak/bypass DNS requests)
_

Edit gps.conf (again, ADB pull/push):
[#] PROXY_APP_PACKAGE_NAME=…
NTP_SERVER=[URL]
_

Some of that might not even do anything, but I rather try than don’t.
_

Anyway, this is what I apply each update.
In addition I usually use a VPN and usually a private DNS when not connected.
_

Is there anything else I can do in order to minimize tracking? Disable some packages?
I know specific DNS may increase fingerprinting, but my primary objective is covering system components first.
_

(On a side note, anyone able to write a post-update script, like Magisk’s recovery menu survival scripts?)

That is all unnecessary
it’s enough to just set a Private DNS, and if no Google is your objective then basically run Lineage without MicroG nor Google Play Services.

Hopefully you get your replacement device or something.

But if I just set a private DNS, it would still phone home to Google, would it not?
Even privacy oriented public DNS don’t filter Google domains, they couldn’t if they wanted with the omnipresence of Google service users.

So, maybe leaving out the DNS settings, the captive portal or connectivity check is hardcoded to Google in LineageOS.

Even if Google only receives the IP information, that alone is enough to associate data, I would argue.

So yeah, I think these settings should still apply for anyone on either a stock Android or something only mildly de-googled such as LineageOS.

Like I said, I would rather cut off any connection to Google I don’t actively choose.

Thank you for wishing me luck with a replacement, but Google’s recent advancements sour my desire getting another Pixel anytime soon, despite the lack of options…

Edit: Oh, and I don’t use neither GApps nor MicroG. It’s purely vanilla with the above modifications.

Anyone else?
Am I missing something that is somewhat fixable with ADB or root?

Not an expert in this type of debloating, but some stuff you can do to minimize tracking is to use RethinkDNS and add your VPN with WireGuard, if your VPN provider supports it. Then, download any DNS blocklists of your preference to block tracking domains.

Something else you can do (and a dangerous one) is to go further into debloating your device by removing or uninstalling any apps or packages that could be spying on you, but debloating is something I don’t quite recommend because you could softlock/brick your device if you disable any important packages without knowing.

But take in mind that you’ll not gonna get the same privacy features you had in GrapheneOS because well, LineageOS isn’t GrapheneOS and you may need to do your own research about what tweaks you want to do. And of course, be careful tweaking your device on root. :]

Thank you for the recommendations and elaborate response.

I will look into the DNS config for VPNs, but since that applies to any device, it will be the next step after securing LOS.

Regarding blocking trackers, I usually add Mullvad’s “Extended” DNS to block trackers as well as social networks. For these I use Libredirect and public instances of private frontends.

But yeah, I’m aware GrapheneOS provides much more security and privacy, at least the ADB commands above cover some of the network dependent ones.
My goal was to achieve parity between iodéOS, /e/OS or CalyxOS and LineageOS regarding servers contacted.
These systems have their benefit, but not for me and they also are not as available as LOS.

That is the thing. You will never reach parity with something like LOS, GOS, or CalyxOS. No matter how are you try, there will always be an app contacting servers you can’t remove without some kind of soft brick. Better just to save yourself the headache and get a new pixel.

You see, here’s the thing.
I have looked at two reputable system comparison tables, the things I “fixed” via ADB are sometimes the only differentiating factor. At least regarding contacting Google.

My information might be outdated by now, but for example iodé, which was supposed to be a further de-googled LOS with a local VPN based connection manager, no longer has any benefit for me.
For Calyx I’m not sure, but excluding apps, these connection settings may provide actual parity only looking at unwanted connections.

I still have to look at specific apps, but I think vanilla LOS can’t be that much more problematic, right?

Going back to the OP, the aforementioned Mike Kuketz has a series of comparing Android systems, in which he analyzed outgoing traffic.
I’m pretty sure these settings cover most if not all of these connection complaints.

In conclusion, I don’t see any more concrete disadvatages of LOS, excluding GOS from contention.

One of these comparison tables is this one BTW: