I am increasingly conscious of security and privacy. I don’t want my data or telemetry being sent to google or Facebook, and I want to make sure my device is encrypted and not readable by anyone other than me.
Is there a standard go-to guide on securing an android device with these types of goals in mind? Is true privacy possible without having to install Graphene?
“True” privacy is up to you and what you do with your phone. By default Android uses some Google services impossible to remove without changing ROM, like Google Play Services, SUPL and PSDS.
What you can do for other apps and services is what I’ve done with my old phone (not GrapheneOS compatible):
- Use TrackerControl to block apps’ network requests
- Use alternative to Google Apps and other not so privacy respecting apps
-
- Aurora Store and F-Droid instead of Google Play Store
-
- OsmAnd instead of Google Maps
-
- LibreTube instead of Youtube
-
- Always prefer foss apps to closed ones (see F-Droid)
- Try to uninstall pre-installed apps with ADB
- Lock down your web browser with privacy addons
LibreTube instead of Youtube
I prefer grayjay! It’s great and it has a good-ish desktop version
Is Android encrypted by default, or does it depend on the device vendor?
I remember reading time ago that Google enforces file-based encryption by default on Android which gets decrypted on first unlock when you boot your phone.
Try to look up in your settings for “encrypt”, then you should find the option “Encrypt Phone” with or without the label “Encrypted”.
Anyway this defends you only from an “hands-on” attack with physical access to the phone.
I run GrapheneOS its a 3rd party degoogled ROM with lots of great security features. Its also incredibly entertaining every time google or apole comes out with a new security update or patch to a critical security issue and the GrapheneOS devs go yeah we did that 2years ago.
Yeah I just don’t want to ditch my perfectly good Galaxy A54 until it’s actually broken
I’m running it on a Pixel 9 pro. It seems like I get updates every other day, which I’m not complaining about.
Yeah the devs are doing an excellent job. I would like to see it ship with fdroid tho.
AFAIK, there’s two types of “secure” when it comes to Android:
- Secure against your phone getting stolen
- Secure against Google’s data harvesting
(I guess a third “secure” would be 'Secure against exploits", but that’s outside the scope of my advice).
It’s not impossible to be both types of secure, but it is difficult. The main reason both is hard is because to achieve #2, you have to unlock the bootloader which leaves you open to #1 since re-locking it after installing a good custom ROM will prevent the device from working (or brick it at worst).
Achieving #2 is sufficient for me since I don’t keep a lot of sensitive data on it, and that sounds like what you’re asking.
On my phones that support it, I do unlock bootloader, install LineageOS without GApps, and make sure I have root available. I run few apps, but the ones I do all come from FDroid (or Aurora Store in a pinch).
On phones where I can’t unlock the bootloader, my options are much more limited. Typically I’ll disable all the Google and carrier services (including Play Services) and disable and replace all the stock apps with ones from F-Droid.
If my phone is physically compromised and the bootloader is unlocked, my hope is that storage encryption would make it a “non-issue”. Yes, they could wipe the device and delete my data then resell the phone, but at that point all they’ve stolen is a $300 phone with maybe $80 resale value and not my entire identity
