How Safe Can I make A Regular Android?

During my search for rooting instructions, I accidentally found privacy guides. As the least tech-savvy person here, I was relieved to find an article explaining the risks of rooting your phone. I recently purchased an S20+, but after realizing it doesn’t have a system update, I upgraded to an S21+, and my BF has an A54. I bought the phones in December, but they’re still not turned on. For now, I want to secure what I have to work with and replace native apps, if possible. I’ve found suggestions for almost everything but phone apps. In the near future, I plan to get whatever phone and os is recommended at that time. My BF won’t let me get 2 more new phones just yet. I need to bid my time. I have many more questions, and I hope to stick around and learn as much as I can. Either i don’t understand how a VPN works or mine doesn’t do what its supposed to do. Until I found pg. Thats all everyone said get a vpn I did my research with my limited knowledge and chose the one most people recommended. With everything I’ve been reading about taking back online control, I feel 2 decisions I made were not the right ones. I have ddg browser & search and NordVpn. I also have Bitwarden and Nordpass. All free versions except vpn 2 yr. deal. I also checked all permissions but thats pointless.?

1 Like

Welcome to the Privacy Guides forum!

Yes, the S20+ no longer receives updates, but the S21+ will only receive one more OS upgrade (Android 15 this year) and I think another year of security patches after that. Before the S24 which gets 7 years of updates, Samsung provided 4 years of OS upgrades and 5 years of security patches (and before that 3 years of OS upgrades). Although the only phones recommended are a Google Pixel and iPhone as they provide the best security. But they are more expensive than other Android phones so not everyone can purchase one. And you definitely shouldn’t root your Android or jailbreak an iPhone as that destroys the security model of those devices.

For Android, Brave Browser is recommended. The annoying cryptocurrency in it can be turned off and you can still use DuckDuckGo search in it if you want or something else like Brave’s own search engine.

Most people in this space would not recommend NordVPN, instead recommending IVPN, Mulled VPN and ProtonVPN. And for password managers, it would be Bitwarden or KeePassXC. All of these recommendations can be found here on the Privacy Guides website. Have you gone through the website much?

I will mention that a lot of VPNs are very shady and a majority of “review” websites and sponsors on YouTube should not be trusted. VPN companies are known to exaggerate the benefits of a VPN and pay for the top spots in those websites. And they really do push the “a VPN is all you need to protect your privacy, increase security, and stop hackers”. That’s not accurate at all. Privacy and security isn’t a toggle, it’s more like a spectrum where each person decides what works best for them and their threat model. Some people are fine with Google’s password manager or iCloud Keychain, while other’s want to secure their passwords in a vault locally using KeePassXC. Some avoid Big Tech, while others want to continue using their Apple, Google or Microsoft account but reduce the information those companies can collect and increase the security of those accounts.

Checking what permissions apps have is definitely not pointless. Most apps do not need to access your location 24/7, nor do they need to access your camera and microphone when you aren’t using the app. This is one reason why smartphones like Android and iOS are considered more secure than desktops like macOS, Windows and Linux (though they are getting better). A strict sandbox that forbids an app from accessing certain parts of a device without the user’s explicit consent.

A VPN will prevent your Internet Service Provider (ISP) from seeing the websites you visit and will also protect your Internet Protocol (IP) address from websites seeing it as it will be the VPN’s IP address instead. They are not an anonymity tool or a replacement for good security habits. Always make sure your connection to a website is encrypted (HTTPS; Hypertext Transfer Protocol Secure). Most browsers will have an option to force HTTPS and block HTTP connections. If you decide not to use a VPN (I personally don’t), you should switch your Domain Name System (DNS) provider on your Android phone and router (if possible) from your ISP’s to one of the recommendations here. I personally use Quad9 on all my devices.

The other recommendation I have would be to limit the amount of apps on your phone. Apps installed on your device do have more access to your phone’s information than if you just used a website (though I would recommend you use an app for your bank as that is more secure than visiting the website) and every app you install increases the attack surface of your device, giving an adversary more ways into your phone.


Covering The Basics:
Browser, Search, Password Manager, Authenticator App, Email, VPN.
Examples: Brave, Startpage, KeePass, Aegis, Proton, Proton.

Credit Freezes have the benefit of protecting your credit and preventing any of them from selling your data to brokers.

Chex systems Banks and CU accounts KYC for bad checks and closed accounts
Innovis Mass mailing data for pre-screened credit card offers

Of course. the data brokers already have all your info but one can follow the tips here to request they suppress/stop sharing it.
Data Removal Guide

But wait! There’s more!

Cars: A Privacy Nightmare on Wheels

Car makers fail at privacy because they believe their unsolicited, unregulated data collection is a feature not a bug.

Get a VIN Privacy Report

One advantage of using Proton Mail is they own the e-Mail Forwarding service SimpleLogin :wink:.
What’s this mean?

Forwarding services can reduce the impact of data breaches by identifying where the breach occurred.

Aliases help in determining where a leak/breach occurred. The immediacy of remediation differs if it’s a newsletter vs a bank.

Facilitate the immediate shut off of spam and phishing attempts by simply deleting the address.

Makes Credential stuffing much more difficult. This is a brute force tactic made easier when login credentials are thought of as two passwords. On sites where an email address is synonymous with your user ID a bad actor only has to figure out what the 2nd half of those credential are.

Make my info less valuable to data brokers and advertisers because they cant correlate & map all my activity and accounts.

If my email provider goes under I can easily redirect the aliases to the new provider by changing one field on the mail forwarder site rather than at Every. Single. Place. Its. Ever. Been. Used.

1 Like

Are you sure?

Oops! I came from a place where SSO was ubiquitous.

1 Like

I’ve been testing ProtonMail’s free version, but haven’t checked out its features yet. I’m glad you mentioned them. I’ve changed all my email logins because my practice was using the same username and password for all sites. Hey, don’t jusge me, lol. I didn’t know about password managers then. Now, I use Bitwarden and let them generate my passwords. I was using Duck Browser and their email alias service, but will switch to Brave for its better security features, plus I found out ddg lets google ads load and some others. How do I download Brave? The Brave website only offers Google Play Store and Apple Store download options. I’ll try to avoid signing in to google account on new devices, and if I must, I’ll create a new account with fake information.

Do you use the forwarding service for your main email account and aliases for everything else. Oh wait the forwarding service provides the aliases and because of that all aliases are scanned by your forwarding service and then they send it to your main email account…“Cars nightmare”, do you mean electric cars or the cars that can basically run themselves, lol. I’m old school I try to get an older model that parts are easy to get and the ones that are fairly easy to work on. Meaning you dont have to take apart A, B, & C just to get to D.

I sent you an email did you receive because I think i sent to you it didnt have your name so now I’m wondering, lol.

Not who you responded to, but I can answer this one. All cars are terrible for privacy. I’m not sure when they started being bad, but it isn’t anything recent. JibJab included a link to Mozilla’s *Privacy Not Included about cars. They say it is the worst product category they have ever reviewed for privacy.

Definitely did not receive any email other than the one I get from Privacy Guides when someone replies to me. My email for PG isn’t public either (not that it really matters as it’s an alias anyway), so not sure what you sent it to. If you want to send a message to me, you can by tapping on my name and tap “Message”.

Yes I got them both.

I only use my main PM address on Proton and SL.
My bank gets a PM alias.
Everything else gets an SL aleeas :wink: Have 40-50 of these so far.
Brave for windows here

Secure Your Social Security Account

Create an account with the SSA Social Security and secure it with ID.ME if you can. Accounts opened prior to 2021 cannot use ID.ME.

There can only be one account per SSN so doing this prevents anyone else from claiming yours.

You cannot do this while credit freezes are in place

Very optionally, lockdown online access with an “e-services block” and/or visit an office to add a direct deposit lock.
Start a application for benefits but do not submit it until ready. SSA will issue a 9-digit “Re-entry PIN”

Secure Your IRS Account

If you file electronically using tax software you should already have established a static 5 digit PIN with the IRS that you use to e-file every year this could also be last year’s AGI. This isn’t the same as the IRS identity protection PIN below.

The IP PIN program became active in Jan 2021. When you sign up, the IRS will issue you a 6-digit PIN. You put the PIN on your tax return. Any e-filed tax return without the correct PIN will be rejected. Any paper return without the correct PIN will be subject to extra scrutiny.

A specific PIN is valid for only one year. After you sign up once to participate in the program, you must log in to the IRS account each year to retrieve a new PIN before the tax season starts. You always use your most current PIN. You don’t need a PIN when you amend your previous tax returns.

  • Kiwi as a browser
  • RethinkDNS
  • Mailfence as an email service
  • Bitwarden for passwords
  • Fossify’s apps
  • Passing ADB through the mobile (with criteria)
  • Aurora Store as an app store
  • Common sense
1 Like

I installed Brave from here GitHub - brave/brave-browser: Brave browser for Android, iOS, Linux, macOS, Windows.
I use Obtainium to do the install and watch for updates GitHub - ImranR98/Obtainium: Get Android app updates straight from the source.

1 Like

Was the email to you? That’s why then. I thought it must have been me since the reply was to my comment.

Yes they were. No woories :grin:

1 Like

I guess I’m still learning how this works. I’ve never been in a forum before. I guess in my email it was letting me know you responded. At bottom of email it said “visit topic” or “reply to this email to respond”. I replied to email thursday assuming it was sent to you. I know one thing not sure where my response went but i sent it somewhere, lol. For now on I will come to site to respond. I’m not going to lie when I “sent” email I was a little happy it gave me a choice to respond publicly or what I thought privately through email, lol. It was rather long but I’ll go post my reply through this site

Right, I got it. You can reply to posts via email but it will be to the forum, not to a specific user. At least, I think that’s how it works as I’ve never used it. If you wanted to send me what you sent via email as a direct message on here, you can do that. Or just post it publicly on here.

I’m not going to lie github intimidates me. I’m not sure how I’m supposed to download from there. I guess maybe I should start by making an account,lol. I always go there when someone says it, but I take one look and run the other way.

1 Like

Please just use the Google Play Store. You can get Brave browser from there.

Google already has privelleged access over your device and has your unique hardware identifiers, etc. Making your life a lot harder just to avoid the Play Store is pointless, you can create a Google account with random information.

Here is a great guide: A place where I write down stuff · How to Create and Use a Google Account Anonymously on GrapheneOS