29 lines
No EOL
2.1 KiB
Markdown
Executable file
29 lines
No EOL
2.1 KiB
Markdown
Executable file
# Android
|
|
|
|
> If you want the most secure sticking to a tight security model, you should probably go with [GrapheneOS](https://grapheneos.org) as operating system on one of the supported devices. It already sets a lot of proper defaults and properly sandboxes Google Play Services.
|
|
|
|
## App Store
|
|
|
|
Not using the Google PlayStore as source for your apps is a huge step forward. Try to replace your apps with privacy-friendly apps from the [fdroid app store](https://f-droid.org/).
|
|
|
|
## Captive portal
|
|
|
|
Periodically and on connect/disconnect of any Internet connection, Android queries a server endpoint from Google to test if Internet connectivity is (still) available. Sometimes you might have already seen a small 'x' indicating you have no Internet access. This is the result of this query. Those queries are logged consistently by Google: the time when you accessed it, with which device you accessed it and the IP you had when you accessed it. Just for the connectivity check you're giving away so much information.
|
|
|
|
The `adb` cli tools provide a way to set a different captive portal not owned by Google which don't log data. You should change it. See `captiveportal.sh` for an example.
|
|
|
|
Using an OS like [CalyxOS](https://calyxos.org) or [GrapheneOS](https://grapheneos.org) allow to have a dedicated toggle to switch this off!
|
|
|
|
## DNS
|
|
|
|
By default Android will use Google DNS servers not secured with SSL. Starting from Android 8, Android provides means to overcome this by setting a _private DNS_ server in `Settings -> Network & internet -> Private DNS`. For example, set it to `fdns1.dismail.de`.
|
|
|
|
## Scanning
|
|
|
|
You're giving away information when you keep your WiFi on. Your device will automatically scan for nearby access points. Therefore you'll be uniquely identifiable across locations.
|
|
|
|
To overcome follow these instructions:
|
|
|
|
1. Disable WiFi and Bluetooth scanning because it's easily possible to create an accurate profile of your movement from it. In the settings, search for `Wi-Fi and Bluetooth scanning`.
|
|
|
|
2. When you leave a known WiFi access point switch off your WiFi adapter. There are apps for this: [WiFi Automatic](https://f-droid.org/en/packages/de.j4velin.wifiAutoOff/). |