privacy/android/README.md

2 KiB
Executable file

Android

Collection based on kuketz-blog.de.

App Store

Not using the Google PlayStore as source for your apps is a huge step forward. Try to replace your apps with privacy-friendly apps from the fdroid app store.

Captive portal

Periodically and on connect/disconnect of any Internet connection, Android queries a server endpoint from Google to test if Internet connectivity is (still) available. Sometimes you might have already seen a small 'x' indicating you have no Internet access. This is the result of this query. Those queries are logged consistently by Google: the time when you accessed it, with which device you accessed it and the IP you had when you accessed it. Just for the connectivity check you're giving away so much information.

The adb cli tools provide a way to set a different captive portal not owned by Google which don't log data. You should change it. See captiveportal.sh for an example.

Using an OS like CalyxOS or GrapheneOS allow to have a dedicated toggle to switch this off!

DNS

By default Android will use Google DNS servers not secured with SSL. Starting from Android 8, Android provides means to overcome this by setting a private DNS server in Settings -> Network & internet -> Private DNS. For example, set it to fdns1.dismail.de.

Scanning

You're giving away information when you keep your WiFi on. Your device will automatically scan for nearby access points. Therefore you'll be uniquely identifiable across locations.

To overcome follow these instructions:

  1. Disable WiFi and Bluetooth scanning because it's easily possible to create an accurate profile of your movement from it. In the settings, search for Wi-Fi and Bluetooth scanning.

  2. When you leave a known WiFi access point switch off your WiFi adapter. There are apps for this: WiFi Automatic.