Firewalls are a great way to tell if new apps are secrely installed
Btw what is the key verifier thing?
So glad I moved to GrapheneOS last month.
this post was submitted on 04 Mar 2025
328 points (98.5% liked)
Privacy
34903 readers
388 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Got myself a Pixel 9 pro just to go Graphene... Sold my s24 ultra
Yeah I'm super keen, but my lower-tier Samsung isn't supported. I really wish FairPhone would offer a cheaper option :(
I already have a pixel. Is it just as easy as installing Lineage OS on the phone?
Yes, perhaps even easier if you use a Chromium based browser with their WebUSB installer.
Even if it's not the case, I found the console installer to be surprisingly easy.
Absolutely the easiest phone OS installation I've ever done. Completely web-based and easy enough for anyone to use. Even easier than flashing LineageOS.
The big hurdle to GrapheneOS is can you do without Google Wallet and other apps that won't work. The flashing process isn't something to worry about IMO.
Does lichess work on graphene os? How is compatibility with classic stuff line firefox, signal, ...?
I play Lichess on my GrapheneOS Pixel6a, works well. Same with Signal, Firefox with several mobile browser extensions.
Bitwarden, NewPipe, Tailscale, Duolingo, Uber, Discord, Matrix Element, all the Proton mobile apps, Backblaze, etc etc.
Pretty much every app I try works flawlessly. On rare occasion I'll experience minor bugs, and twice I've had to use GOS's extra privilege mode to get an app to work.
Overall, Love GrapheneOS and I'll use them as long as they are around and making an awesome alternative to Google's garbage.
load more comments
(4 replies)
I had zero problems with either FF or Signal after the first weeks though I migrated over to Fennec and Molly as alternatives since then. Sorry, I can't help with lichess though I can say that my nonograms work fine. =P
I struggle finding good OSs with my Fairphone 5. For now I just removed all Gapps
It often feels like I am just a user of someone else's device.
Even from the stuff that is shown like "Your device has new features" and "Settings changed by carrier". And how Motorola tried forcing updates by using non-dismisable (they would re-appear immediately) full-screen notifications, and trying to disable the app led me to "Blocked by your IT admin" (I returned that phone).
Also when I connect any modern phone to Wi-Fi not manually set as metered it starts downloading a bunch of random shit automatically.
It keeps killing apps I want running (I had to use a cheap dumb phone as alarm clock with the past 2 smartphones), but keeps all Google services conveniently spending data and battery.
Also when I connect any modern phone to Wi-Fi not manually set as metered it starts downloading a bunch of random shit automatically.
That must be a carrier phone, right?
Usually, unlocked non-carrier phones would download stuff during setup, but after setup, they don't do that anymore (well, except the safetycore thing).
It keeps killing apps I want running (I had to use a cheap dumb phone as alarm clock with the past 2 smartphones)
For Samsung, you have to go to Settings --> Device Care --> Memory --> Excluded Apps --> Tap the + Symbol then find the apps to add it, and that should prevent it from being killed due to memory.
Then you need prevent it from ebign killed due to battery usage, so you have to set battery usage to "Unrestricted" (you can find this in the app's setting page). Then there's also another secret menu to disable battery optimization that you'll need an app called "Activity Launcher" to find (its available in Fdroid). Search "Power" in the app, then tap "Settings" --> "Optimize battery usage" --> launch it. Then tap "Apps not optimized" which shows a dropdown menu, then tap "All" then you find the apps and uncheck battery optimizations.
Its such a cumbersome process, most people would just give up.
Not a carrier phone. I don't know what specifically it is, Google Play... something. I disabled automatic updates in Play store, so probably something else. I usually just quickly pull down notification shade and click "Cancel".
Even disabling all available restriction settings often doesn't quite work. For clock app I set it to unrestricted and disabled optimization in DuraSpeed, still, it's a dice roll. The chances are lower when charging. (Ulefone Armor 24)
On previous phone Unrestricted setting and locking in recent apps also didn't quite work, but that phone had more issues. I'd often find that everything just randomly crashed overnight. (Poco X3 Pro)
But it also seems per-app. From experience, the most kill-resistant app is Termux (terminal emulator), but only if you disable child process restriction in developer settings. LibreTorrent also survives well, making the 2 only reliable large background download methods LibreTorrent and wget in Termux.
But anyway, my Alcatel 1066G dumb phone was just 10 bucks. A more reliable solution (and it supports animated GIF wallpapers π).
This shit is why I buy carrier agnostic, bootloader-unlockable phones with a healthy ROM dev scene. Rocking a Pixel 9 Pro XL, currently on stock ROM (rooted of course), but will be moving to Calyx or Graphene at some point.
Unfortunately, especially with lower budget, that often ends up being choice between hardware and software.
I didn't want to run custom ROM on the X3 Pro due to warranty. I had the motherboard replaced thrice, on average surviving for 9 months each... But there were theoretically options.
Armor 24 doesn't seem to have any custom ROMs available, as seems to be usual with MTK devices, but the hardware is quite unique. I already had numerous strangers ask me what that phone is, how often it needs to be charged, or "what can that thing do" and "I am not surprised it has such strong light anymore" (it's a massive 85.14Wh brick).
To be honest I like how it feels in hand compared to a fragile thin slab.
But the only ones making crazy devices like this seem to be brands like Ulefone, Oukitel and Unihertz (they even have a projector phone like Samsung did, but modern) which most likely won't see custom ROMs, and I am too dumb to try building and maintaining something myself. I don't even know how it works with device-specific drivers.
load more comments
(3 replies)
There are functional firewall apps for android? Is Rethink good?
Rethink is better than good. It's great.
Yes, it also let you change your DNS and block websites. There's also invizible pro which also adds tor and i2p but rethink have a better UI.
RethinkDNS allow you to use a Firewall, Use a VPN (via wireguard), set your DNS, and various other things I didn't mess with in the app. I don't even use RethinkDNS for the DNS, its just a great app.
Yeah, what is the key verifier thing? It's not like it's Windows and needs a purchased license key, right?
It's for E2E encryption in chat apps.
These are usually installed as core Google apps on Android, and most flavours have them hidden since they're really just background daemons/libraries.
Gf had the same happen on her Huawei P30 which clearly wasn't set up to have the apps hidden by default.
If youre degoogling obvs not what you wanna have on your device but technically they shouldn't be doing much on their own.
I uninstalled it on my Samsung last time and just checked but it hasn't reinstalled itself again (yet).
You can install this to prevent the official one from being installed automatically .https://github.com/daboynb/Safetycore-placeholder
Note: The "Key Verifier" one is supposed to be tied to E2EE on Google chat platforms or something on those lines, although you shouldn't be using those and go for a safer chat instead though
Bit out of the loop. What am I looking at?
Google is automatically installing an app on you phone that analyzes your media βto prevent you accidentally viewing nudesβ
Phew, I'm always terrified of that. It won't affect my gore folders, will it?
Videos of mass murders β οΈ
A tiny glimpse of a woman's breast βοΈ
Just as American Jesusβ’ would have wanted.
Google's secret app that scans your photos for CSAM, but my firewall is configured to autoblock newly installed apps from internet access, thus the notification alerting me an app is trying to access the internet.
Nothing about the app is secret, Google openly advertises it
Provides a single process that can be used by all message apps so that they don't need to implement backdoors into all of them?
Worried I'm getting a bit too paranoid, but...
Why backdoor the messaging apps when you can just monitor the entire OS?
Having control over the OS doesn't help if the OS doesn't understand the app's data.
If only there was an AI that monitors everything going on on the device which they could force onto everyone
... the OS doesn't understand the app's data.
I assume you are referring to End to End Encrypted (E2EE) messaging apps here. I'm no programmer/developer/software engineer and I'll be the first to admit that I don't know a ton about how most apps work on the backend. That being said, my understanding is that E2EE apps decrypt whatever is being transmitted to them when they get to your device (assuming phone here) (of course it would decrypt it, otherwise how would you make sense of the information?). Once the data is on your phone, it is decrypted. From what I understand, sandboxing apps is not all that robust on Android (at least on "mainstream" versions)
Therefore, the data that was Encrypted from End to End was decrypted at the End and therefore accessible by other applications and processes on your phone. Unless Android sandboxing has improved greatly in the last few weeks.
Applications like signal are encrypted at rest on your device as well - https://security.stackexchange.com/questions/277330/how-does-signal-protect-data-on-the-device-from-unauthorized-access
load more comments
(1 replies)
load more comments
(1 replies)
load more comments
(1 replies)
Which FW (Firewall) could be recommended?
LineageOS or /e/OS would be my picks. Graphene and Calyx are better, but likely don't support the device in question.
RIP DivestOS.
Lol, I think they asked for a firewall, not alternative OS
Oh, I thought they meant firmware.
FW? If you mean firewall, I use RethinkDNS because it's both a Firewall and a VPN (via wireguard).
I don't actually use the RethinkDNS for its DNS, I'm just using the app.
load more comments
(1 replies)
I'll he RethinkDNS for its firewall. It took me a while to work out how to use it (not very skillful at these things), but ever since, I've felt much safer. Rightly or wrongly
view more: next βΊ