On basic Android Security and Anonymity Part 2-The Apps

We are following the last article, which introduced us to the settings of our android phone and how to, with the limit of what is being provided to us as is, limit as much as possible our security and breach of anonymity risks without installing or uninstalling anything.

This was already a great step in the right direction, becoming aware of the inherent risks a smartphone presents. We are now ready to take a second step forward and toy with Apps. In this article, which I will segment in sections based on the purposes of the apps in question, I will propose you alternatives to the apps you are currently using, and give general counsel on what apps you should avoid like the plague. Without further ado, let us begin!

App Store

Let us begin by kicking down the open doors here. Our number one problem when it comes to apps is non-repudiation and breach of anonymity. This means we have to limit the apps we download from the Google Play Store as much as we humanly can. Why? Because of Google’s politics when it comes to publishing apps on their store. They encourage tracking and data sharing and even defavoritize app creators that don’t make sure as much data is being sent to the app. “anonymized data” of course (which if you paid attention so far means jack shit.) So what to do? Well, we do have an alternative to the Play Store.

F-Droid

F-Droid is an alternative application store that is FOSS, meaning Free and Open-Source, and a repository of other apps that are also FOSS. I will go on a rant about the details, caveats and beauty that is FOSS another time, but the short of it is that the codes for these apps is open to the entire world to review, meaning that any vulnerability has a much higher chance to be found out, and it assures transparency about what kind of data the app requires, and transparency from these apps is absolutely necessary when it comes to our anonymity and security as we want to extend as little trust to third parties as we humanly can. Remember, this is not about convenience, but about taking back control of our devices here.

You can find F-Droid at https://f-droid.org/en/ simply follow the instructions, and make sure to verify the download. You may have to get in the settings to allow the installation of non-Google approved apk. This is fine. Now, for all the other apps I will mention from there on out, try to install them as much as possible from f-droid, unless they can only be found on Google Play Store.

Applications Firewall

Our very next step is to get ourselves a firewall that will allow us to get a direct control of our various apps connection to our data services/wifi. Why is this important? Because a firewall lets us lock down data traffic on our device when we notice suspicious activities or if an app starts behaving dubiously. It is a good precaution to have even if one does not use general usage apps like games or social medias(more on those in Part 3). It is a great additional layer of protection. Of note, this takes the place of a vpn so if you were using one, time to get rid of it. If you absolutely must use a vpn (because you want access to region locked content) you’ll have to switch usage between said vpn and the firewall. But, what firewall shall we install?

Netguard

Netguard is the best firewall app I have toyed with. It is simple to use, has a “whitelisting” option, (namely, block all apps unless specifically allowed) and a single button to lock down all traffic.https://netguard.me/ for more information on it, Now, Netguard does have some paying options. We do not strictly need those, but for those of you that are more savvy to these things I would argue that this is actually a good investment. It’s about 12 bucks and it gives you a much more in detail view of what is going on with each apps. And there are options to pay with crypto on the website if you don’t wanna use your credit/paypal which is a plus in my book.

Compartmentalization

You probably have read or heard that term in your researches that led you to this guide, but let me expand on it a little bit. The principle of compartmentalization is to avoid putting all your proverbial eggs in the same basket. In essence, you want to compartmentalize your apps between profiles so that one cannot access the others, or if a compartment is compromised, the entirety of your phone won’t be. Android’s architecture is naturally fairly resilient against these things by itself, and with the addition of profiles on the OS itself, you can already compartmentalize your usage significantly.
But redundancy, while yes inconvenient, is still yet another line of defenses against anonymity breaches and an additional security you add to your phone.

Shelter

Shelter is a FOSS app that adds another profile layer on top of those inherent to Android’s. It lets you switch between a Main Profile and a Work profile, enable a redirected NFC if you positively need to use it(you don’t) on your work profile, freeze apps completely when not in use etc. Shelter is a good tool on the surface and a complete rabbit hole when you begin digging into it (like being able to shuttle files through the profiles via Documents UI, block contacts from accessing each other from one profile to the other etc.) and is overall a great defensive layer that will protect both anonymity and security of your device. You can find it on F-Droid and review the source code here https://gitea.angry.im/PeterCxy/Shelter

Yet another step done!

That was fairly simple wasn’t it? Now those will add a great layer of security on our phone that we can essentially enable and more or less forget about (unless actively using them like Shelter switching between profiles for example). We will discuss more mundane apps options in Part 3, but before leaving, I want to address a silent question that you are probably asking yourself this whole time: What about a VPN?

Now, while I do intend to go into details at a later point why VPNs are the devil, the tldr here is that you are taking your data information from your Internet Service Provider and giving it to the VPN instead. This is not dealing with the problem, it’s trusting someone else’s with the problem. And you shouldn’t.

So this is it for now! I am going to try and produce part 3 later this week, but real life is being hectic right now, so I make no promises.
Until then, it has been a pleasure,use these recommendations and try to toy with them, familiarize yourself with how they work and continue making your own researches. After all, I am just a dude on the internet.

We will be watching
The G.H05t

Filed under: Uncategorized - @ May 6, 2024 5:17 am

 
Clicky