Mobile privacy


I have only android devices (tablets, phones), no laptop or PC (it is inconvenient for me).

So, can you please recommend the best must have solutions for better android privacy?

Orbot, Signal, SimpleLogin, Proton suite, degoogled OS (via ADB) is enough?

Or better use (for temporary use) and alias services? Both free and don’t require any registration. Also there is disposable email service that provides forwarding, but it is not convenient (but you can use something like “directory” feature in SL for free (example: =

1 Like

The number one thing you could do is switch to Google Pixel devices that support Graphene OS

For you that would be the Pixel 6 or better, preferably Pixel 8 for phone and the Pixel Tablet.


Depending on your needs the Pixel #a models are less expensive… I recommending getting a lot of storage if you plan to be a power user.

If you go down the Fdriod/FOSS rabbit hole, theres a lot of things you can do with grapheneOS that you cannot do with proprietary OSs.

It’s gonna suck installing GrapheneOS without a laptop or PC :joy:


No it wont.
Installing was a breeze on my Pixel 7 Pro.
Guess what I used?
Moto G100 :slight_smile:
Which is not a pc or laptop


I don’t trust google at all. Even if it is good device, I still not believe that they have no hardware tracking capability (yeah, I am paranoid a little bit)

Not Graphene, but Lineage OS. Through TWRP.

There is no evidence to support this.


While I disagree with your reasoning and strongly suggest you do some research I would never advocate for you to buy products you do not trust yourself.

While LineageOS maybe a nice OS to keep an EOL phone going it is not great for privacy or security.

Overall, LineageOS leaves neither a privacy-friendly nor really secure impression. This is mainly due to the following points:

  • Despite not using Google Play Services, LineageOS is closely linked to Google services
  • Delayed delivery of (security) updates
  • Older devices do not receive full security updates from proprietary components such as bootloaders or firmware
  • No Verified Boot support
  • The quality of LineageOS on a particular device is significantly influenced by the skills and dedication of the maintainer
1 Like

Agree, but as I said I am a little bit paranoid :sweat_smile:

It is cleaned with special patch (hosts mod to block all google domains)

Just wanted to add to the list that AdGuard recently launched their own disposable mail service.

Looks good. Will take a look :slight_smile:

1 Like

Pls focus on actual threats, not some hypothetical ones. Google Pixels are the most researched Android devices, because they are the reference and development devices for Android. All other mobile devices and the available OSes for them have partially serious security and privacy drawbacks, which are evident. Contrary to your conspiracy thinking about hardware tracking, which very likely would have been discovered by now and only used on super high-value targets and for sure not for mass tracking or on some privacy enthusiasts.


I know, but this company not trustworthy for me.

My solution is harden device via ADB (or flash Lineage OS) and avoid revealing real IMEI (not using any cellular data on phone).

Instead I am using Canta with Shizuku to remove all bloatware, This router. (OpenWRT powered) that supports SMS to register where I need number and this software to change unique information.

I like giving this adresses (they are nearly permanent, to avoid hajack use their alias feature and unique username) for people I don’t trust. I can reply from it, even forward to real address if something important

Yopmail have new domain every day, but if even that domains won’t work (AKA whitelist) you can use this (temp Gmail or Outlook addresses, no registration)

Also never reveal real email address (only alias) even for that things that I need constantly. I know that aliases can be blocked so in this situation user should contact alias provider support (they will contact website that blocking aliases and ask them to unblock). For SL here is official manual. This will help community not to have such issues in future.

So if short:
Use 4G mobile router to have cellular features with random data not to be traced, use only Singnal and Telegram (unfortunately many people use it and I can’t quit it), no voice calls, no SIM in phone

You can’t harden an OS via ADB in a meaningful way and LineageOS has quite a few security problems.

Most other smartphone hardware vendors are less trustworthy in terms of security practices, supply chain security and even privacy practices.


Since you’re not willing to get a Pixel, have you looked into DivestOS and any of their supported devices? DivestOS is significantly more private and secure than LineageOS or most other Android OSes out there, and supports more than just Pixels. Like others have pointed out, LineageOS is far from ideal in terms of privacy and security, and I do believe an OS like Divest would be a better fit.

I’m really cautious to recommend degoogling with ADB, as thanks to Project Mainline, a lot of system updates are now done through Google Play Services. Missing out on updates like this will reduce your security pretty heavily unfortunately. Like @sha123 said as well, debloating with ADB also just can’t magically harden an OS or fix all privacy and security issues of an OS.


I know but this and this articles (there are many more articles about that, but these are the most short ones) and this hosts file you are more safe than without it.

Just looked. Good one. I will dig into that.

What are they updating? I don’t use any google software.

Also there is Obtanium to make updates easier.

What is this nonsense?


What are they updating? I don’t use any google software.

You can read this for more info and details about Mainline, but it’s updating important system components. These are just taken care of by system updates on other OSes like Graphene, Divest, and Lineage, but on stock Android, they’re covered by Google Play. Not getting these updates can leave you pretty vulnerable.

Also there is Obtanium to make updates easier.

You can’t update them with Obtainium unfortunately, the only way to on Stock Android that I’m aware of is through Google Play.

1 Like

DOS is literally recommended by PG…

1 Like

It’s exactly that. None of the sources this user provided supported their argument.

Keep in mind also more of the Pixel is actually open source than on some other handsets

Trusty is being provided to its partners as a reliable and free open source alternative for their Trusted Execution Environment. Trusty offers a level of transparency that is just not possible with closed source systems.

So basically a threat model based on FUD okay.

Meanwhile you do nothing about other 99999 companies far worse than google. This is why the whole degoogle movement leads to a weirdo threat model that makes no sense whatsoever because of the hyperfocusing on a single company.

The question really is how far do you take it, originally degoogling literally referred to just getting rid of gmail and using an alternative search engine, that made sense as those things are primarily funded through adsense etc.

As usual we recommend people read the terms and conditions of the actual product they’re using regardless of where it comes from.

Lastly hosts.txt should not be used for blocking anything that is not, and was not it’s purpose.

Editing that file usually requires root, which means whatever you use to edit it, you need to be sure doesn’t have privilege escalation vulnerabilities that can be used to edit other files.

Also as Android is an immutable OS, this file is on your system partition ie in /system/etc/hosts which means it won’t be persistent if you’re doing dm-verity checks on boot. So in an effort to “degoogle” you’ve made the whole security model of your handset a fair bit weaker. Remember not gaining root, is a bit part of what keeps the SELinux policies intact and sandboxing your apps.

Google goes to a lot of effort to make sure things don’t run as root, unless absolutely necessary, in fact there is only about 6 processes that run as root.

  • Devices should run the minimum necessary code as root. Where possible, use a regular Android process rather than a root process. The ICS Galaxy Nexus has only six root processes: vold, inetd, zygote, tf_daemon, ueventd, and init. If a process must run as root on a device, document the process in an AOSP feature request so it can be publicly reviewed.