I have only android devices (tablets, phones), no laptop or PC (it is inconvenient for me).
So, can you please recommend the best must have solutions for better android privacy?
Orbot, Signal, SimpleLogin, Proton suite, degoogled OS (via ADB) is enough?
Or better use crapmail.org (for temporary use) and altmails.com alias services? Both free and don’t require any registration. Also there is dropmail.me disposable email service that provides forwarding, but it is not convenient (but you can use something like “directory” feature in SL for free (example: mail@dropmail.me = mail-anything@anything.dropmail.me))
I don’t trust google at all. Even if it is good device, I still not believe that they have no hardware tracking capability (yeah, I am paranoid a little bit)
While I disagree with your reasoning and strongly suggest you do some research I would never advocate for you to buy products you do not trust yourself.
Pls focus on actual threats, not some hypothetical ones. Google Pixels are the most researched Android devices, because they are the reference and development devices for Android. All other mobile devices and the available OSes for them have partially serious security and privacy drawbacks, which are evident. Contrary to your conspiracy thinking about hardware tracking, which very likely would have been discovered by now and only used on super high-value targets and for sure not for mass tracking or on some privacy enthusiasts.
My solution is harden device via ADB (or flash Lineage OS) and avoid revealing real IMEI (not using any cellular data on phone).
Instead I am using Canta with Shizuku to remove all bloatware, This router. (OpenWRT powered) that supports SMS to register where I need number and this software to change unique information.
I like giving this adresses (they are nearly permanent, to avoid hajack use their alias feature and unique username) for people I don’t trust. I can reply from it, even forward to real address if something important
Yopmail have new domain every day, but if even that domains won’t work (AKA whitelist) you can use this (temp Gmail or Outlook addresses, no registration)
Also never reveal real email address (only alias) even for that things that I need constantly. I know that aliases can be blocked so in this situation user should contact alias provider support (they will contact website that blocking aliases and ask them to unblock). For SL here is official manual. This will help community not to have such issues in future.
So if short:
Use 4G mobile router to have cellular features with random data not to be traced, use only Singnal and Telegram (unfortunately many people use it and I can’t quit it), no voice calls, no SIM in phone
Since you’re not willing to get a Pixel, have you looked into DivestOS and any of their supported devices? DivestOS is significantly more private and secure than LineageOS or most other Android OSes out there, and supports more than just Pixels. Like others have pointed out, LineageOS is far from ideal in terms of privacy and security, and I do believe an OS like Divest would be a better fit.
I’m really cautious to recommend degoogling with ADB, as thanks to Project Mainline, a lot of system updates are now done through Google Play Services. Missing out on updates like this will reduce your security pretty heavily unfortunately. Like @sha123 said as well, debloating with ADB also just can’t magically harden an OS or fix all privacy and security issues of an OS.
I know but this and this articles (there are many more articles about that, but these are the most short ones) and this hosts file you are more safe than without it.
Just looked. Good one. I will dig into that.
What are they updating? I don’t use any google software.
What are they updating? I don’t use any google software.
You can read this for more info and details about Mainline, but it’s updating important system components. These are just taken care of by system updates on other OSes like Graphene, Divest, and Lineage, but on stock Android, they’re covered by Google Play. Not getting these updates can leave you pretty vulnerable.
It’s exactly that. None of the sources this user provided supported their argument.
Keep in mind also more of the Pixel is actually open source than on some other handsets
Trusty is being provided to its partners as a reliable and free open source alternative for their Trusted Execution Environment. Trusty offers a level of transparency that is just not possible with closed source systems.
So basically a threat model based on FUD okay.
Meanwhile you do nothing about other 99999 companies far worse than google. This is why the whole degoogle movement leads to a weirdo threat model that makes no sense whatsoever because of the hyperfocusing on a single company.
The question really is how far do you take it, originally degoogling literally referred to just getting rid of gmail and using an alternative search engine, that made sense as those things are primarily funded through adsense etc.
As usual we recommend people read the terms and conditions of the actual product they’re using regardless of where it comes from.
Lastly hosts.txt should not be used for blocking anything that is not, and was not it’s purpose.
Editing that file usually requires root, which means whatever you use to edit it, you need to be sure doesn’t have privilege escalation vulnerabilities that can be used to edit other files.
Also as Android is an immutable OS, this file is on your system partition ie in /system/etc/hosts which means it won’t be persistent if you’re doing dm-verity checks on boot. So in an effort to “degoogle” you’ve made the whole security model of your handset a fair bit weaker. Remember not gaining root, is a bit part of what keeps the SELinux policies intact and sandboxing your apps.
Google goes to a lot of effort to make sure things don’t run as root, unless absolutely necessary, in fact there is only about 6 processes that run as root.
Devices should run the minimum necessary code as root. Where possible, use a regular Android process rather than a root process. The ICS Galaxy Nexus has only six root processes: vold, inetd, zygote, tf_daemon, ueventd, and init. If a process must run as root on a device, document the process in an AOSP feature request so it can be publicly reviewed.
