Free Your Android

I think this whole exercise gives you a false sense of security. The thing is, there&#x27;s a closed-source firmware running on the baseband processor which can do rather nefarious things: <a href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor" rel="nofollow">https:&#x2F;&#x2F;www.fsf.org&#x2F;blogs&#x2F;community&#x2F;replicant-developers-fin...</a><p>So if you really want to be &#x27;free&#x27;, get rid of the cellphone.

<i>The good thing is that these parts are firmware, thus non-executable code.</i><p>What? Firmware is definitively executable, it just doesn&#x27;t run on the CPU.<p>And besides, if you look at the list of proprietary files being copied, there are plenty of normal libraries: <a href="https://github.com/CyanogenMod/android_device_semc_iyokan/blob/gingerbread/proprietary-files.txt#L23" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;CyanogenMod&#x2F;android_device_semc_iyokan&#x2F;bl...</a>

This is more of a rant, but still, mildly relevant.<p>I tried to free my Android. I did, I really, really did. I overcame the &quot;your version is not supported by Cyanogenmod&quot; message with a custom build that took forever to find. I overcame the &quot;download the Windows and Windows only installer&quot;. I managed to find the Windows-only instructions for unlocking the Bootloader. I managed to install custom drivers for the phone, despite the fact that Windows doesn&#x27;t really want you to do that anymore.<p>And then I got stuck, because my phone and Windows 7 are not in speaking terms, so the fastboot tool does nothing.<p>I spent a couple hours on the task, and yet I haven&#x27;t even managed to complete step 1. The dead links, the contradicting instructions, the forums full of unanswered questions, it just proved to be too much to me. I&#x27;m down to the magic advice now - advice in the lines of &quot;try a different USB port&quot;, &quot;change your USB cable&quot; or &quot;restart your computer&quot; (of course). Should I succeed in my task, I may or may not have access to Bluetooth, video and&#x2F;or tethering - there are contradictory accounts, so I won&#x27;t really know until I&#x27;m done.<p>&quot;Very detailed instructions&quot;? Yeah, right. How about useful instructions instead?

As a small &quot;experiment&quot;, I&#x27;ve been trying to use only free software for a while (firmware&#x2F;driver blobs excluded) on my Nexus 7 (2012).<p>I can say that it&#x27;s definitively doable, but it really depends on what one need. If what you need is a browser (Firefox), an email client (K9 &amp; the standard KitKat client) and a Terminal (ConnectBot, Hacker&#x27;s keyboard), then you won&#x27;t miss the Play store at all. There are also some good clients for social&#x2F;media consummation (Tinfoil for Facebook, Twidere, TT-RSS...).<p>If you need something more, then it&#x27;s an hit or miss. For maps, OsmAnd+ is nice, but not nearly as good&#x2F;user friendy as Google Maps. Forget about the latest&#x2F;cool apps. Forget games, unless you want to emulate some console (and also, running closed games on top of an open emulator is &quot;ethically right&quot;?).<p>It gets better if you&#x27;re a little more lenient. For example, I have some Humble Bundle games installed. Those come drm-free, and (usually) don&#x27;t depend on the Google services. One can also get applications from the Play Store, and install just the .apk for it (I can&#x27;t remember if one can buy applications with the web interface, or has to do it from the mobile store). In the end, the choice is &quot;I want to avoid Google&quot; or &quot;I don&#x27;t want proprietary applications on my phone&quot;. In the first case, there are many alternative stores (SlideMe, AndroidPit, Amazon...).<p>Another problem is that F-Droid is small, and doesn&#x27;t even have all the (F)OSS applications available for Android. For many, the only way to get them is either the Play Store or compile the source. I&#x27;m not blaming the F-Droid project, they&#x27;re doing a terrific work for their size, but it seems that there&#x27;s little interest in a completely open store, even from the developers.<p>That said, I&#x27;m still running this setup, but I&#x27;m considering just giving up and installing the Play Store&#x2F;Google services because after a while seeing new cool applications but not being able to try them is kinda painful.<p>On a side note, I haven&#x27;t noticed any increase in battery life&#x2F;speed of my device. So it seems that Google&#x27;s applications aren&#x27;t an huge battery&#x2F;resource hog.

&gt; &quot;...stops using Google&#x27;s DNS servers, that has a permanent log policy.&quot;<p>This is misleading. Google&#x27;s DNS privacy policy is very reasonable. The only permanent logs are at the city&#x2F;metro level. I trust their servers <i>far</i> more than I trust Comcast&#x27;s or Verizon&#x27;s. <a href="https://developers.google.com/speed/public-dns/privacy" rel="nofollow">https:&#x2F;&#x2F;developers.google.com&#x2F;speed&#x2F;public-dns&#x2F;privacy</a>

I just submitted a blogpost from the Tor Project (Mission Impossible: Hardening Android for Security and Privacy) which covers everything between removing the microphone (from a Nexus 7) and baseband software to recommended apps and configurations.<p>On HN: <a href="https://news.ycombinator.com/item?id=7715041" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=7715041</a><p>Original: <a href="https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy" rel="nofollow">https:&#x2F;&#x2F;blog.torproject.org&#x2F;blog&#x2F;mission-impossible-hardenin...</a>

I find it quite interesting that blog post about such topic uses Google API JavaScript which can track you, and link to your Google account that you are reading it and mark that you are interested in such stuff.

This is silly. There&#x27;s two types of people in the world: people who are not of interest to the NSA, and people who are.<p>FOR PEOPLE WHO AREN&#x27;T OF INTEREST TO THE NSA (THIS IS MOST PEOPLE): You&#x27;re putting massive amounts of effort into keeping the NSA from getting your data, which, let&#x27;s be honest, is just chaff they&#x27;re collecting so they can pick through it for wheat. You really want to do something against the NSA? Start sending your data directly to them so they have to waste time sifting through the logs of what cat photos your friends want you to look at.<p>IF YOU ACTUALLY ARE A TARGET OF INTEREST TO THE NSA: Everything in here is completely inadequate to secure you against the NSA. In fact, you are probably increasing your own inconvenience more than you are theirs.

&gt; Remove Google analytics from CyanogenMod by flashing freecygn.<p>&gt; Stop CyanogenMod from reporting tethering usage to your provider<p>I get why they are using Analytics, but why is a ROM like CyanogenMod reporting tethering usage to the carriers?<p>&gt; Change DNS settings so that CyanogenMod stops using Google&#x27;s DNS servers<p>This is probably something &quot;nice&quot; they thought to do for their users, but I&#x27;d rather not have that enabled by default in CM. If they&#x27;re still trying to be a &quot;privacy ROM&quot; and whatnot, they should be using an OpenNIC DNS or set up their own encrypted DNSChain (<a href="https://github.com/okTurtles/dnschain" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;okTurtles&#x2F;dnschain</a>).

The idea of freeing your phone is cute, however, there are some considerable dangers.<p>* The software that you give access to your phone (be it drivers or the recovery images themselves) isn&#x27;t signed by anyone. Some of the software isn&#x27;t even available via HTTPS. I think it&#x27;s a bad idea to trust some HTTP and unsigned executable more than Google, who are making all they can to ensure the integrity of anything that runs on your phone.<p>* Unlocking your bootloader is a bad idea. Google erases all your data whenever you unlock your phone[1]. They don&#x27;t hate you, they&#x27;ve just realized the security issues that come from having an unlocked phone. Take this for example: You&#x27;re at the airport and ready to leave. However, TSA stops you for a &quot;random&quot; check. They have your phone for about 5 minutes and there&#x27;s nothing you can do about it. Now, they could ask you for your passcode but then you&#x27;d know something&#x27;s wrong. Now, your bootloader is unlocked, which means they can see your device at firmware level and alter it to their liking it. Nothing can stop them from plating a backdoor in there or just making a copy of all your files and you wouldn&#x27;t know. That&#x27;s why Google does [1].<p>[1]: <a href="http://wiki.cyanogenmod.org/w/Install_CM_for_maguro#Unlocking_the_device" rel="nofollow">http:&#x2F;&#x2F;wiki.cyanogenmod.org&#x2F;w&#x2F;Install_CM_for_maguro#Unlockin...</a>

A good few steps for people looking for alternatives. You still have a proprietary radio chip in your phone though. That is where the bad stuff likely hides.<p>I guess you have to ask yourself - who are you competing with? Do you just not want to be used as an advertising product? Or are you hiding from the NSA?

Looking at the Replicant status, I&#x27;m surprised that they managed to get Telephony&#x2F;3G working without non-free firmware (presumably) but not WiFi&#x2F;Bluetooth&#x2F;GPS, since the telephony protocols from what I understand are far more &quot;closed&quot; than the rest.

This list of FOSS alternatives to popular proprietary Android apps is longer and more usable than a simple blog post: <a href="http://droid-break.info/" rel="nofollow">http:&#x2F;&#x2F;droid-break.info&#x2F;</a>.

What I would <i>really</i> like, is just to be able to install a bare-bones linux on my phone. Android (even Cyanogenmod) is just so limiting and &#x27;user friendly&#x27; (i.e. as few configuration options as possible so as not to confuse the masses). I feel like I&#x27;m being hand-held by my hand-held.

My approach is different. I still use a completely Google tied Moto G with everything turned on. Hiding in plain sight (the grey man principle) is a better tactic.<p>If privacy is required, I leave the handset at home and get on my bike. There is no hiding unless you turn it all off.

<p><pre><code> - Remove Google analytics from CyanogenMod by flashing freecygn. - Stop CyanogenMod from reporting tethering usage to your provider, by changing the &quot;tether dun required&quot; setting. </code></pre> How is that not default in Cyanogenmod ?

Nice read. I too highly encourage people to use CyanogenMod.<p>One thing that was worth being mentioned is one of the very best features of CyanogenMod: Privacy Guard.<p>It basically allows grained control over what permissions can an application have (read&#x2F;write contacts, phone logs, location, etc). It&#x27;s of course possible to allow an access all the time, or just when needs it.<p>Thanks to privacy guard, one can use applications that might compromise privacy, without compromising privacy.<p>When using the &quot;ask every time&quot;, I&#x27;ve been surprised how many applications try to access my info for no obvious reason, sometimes even when your phone&#x27;s idle.

Actually, Cyanogenmod is going in a not-so-free direction and the better option now is OmniROM.<p>Also, the best reference for all these issues is <a href="http://prism-break.org/" rel="nofollow">http:&#x2F;&#x2F;prism-break.org&#x2F;</a>

More than anything I would like to use open protocol for chatting. Personal communication is a mess. I currently have Hangouts, Facebook Messenger, Skype, Viber and Whatsapp on my phone. General folks use whatever is popular and XMPP is not really a choice. Moreover I looked into Jabber and the account sign-up page&#x27;s certificate has expired and account sign-up has been inactive for close to a year. It is hard to establish trust over such a network.

&quot; CyanogenMod is not perfect. It contains scripts that extract proprietary code necessary for some phone components (eg. camera) to work. The good thing is that these parts are firmware, thus non-executable code.&quot;<p>I&#x27;m either misunderstanding what is being said, or the author has no idea what they are talking about if they think firmware does not execute...

Well dude, that&#x27;s exactly what I&#x27;ve done on my phone some months ago, but you know what? after heartbleed i installed back gapps and some other non free (as in freedom) apps. Heartbleed has been a lightening to me. It statistically says a lot about software.

Please don&#x27;t consider F-Droid to be secure. See Moxie Marlinspike&#x27;s comments here: <a href="https://github.com/WhisperSystems/RedPhone/issues/143" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;WhisperSystems&#x2F;RedPhone&#x2F;issues&#x2F;143</a>

Cached version: <a href="http://webcache.googleusercontent.com/search?hl=en&amp;q=cache%3Awww.roussos.cc%2F2014%2F05%2F08%2Ffree-your-android%2F" rel="nofollow">http:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?hl=en&amp;q=cache%3...</a>

I don&#x27;t care about NSA or privacy. Is there still a reason for me to choose Replicate instead of CyanogenMod? I want my device to be fast.

&quot;So if you are using Iphone or Windows Phone, let me remind you that both of these companies are in the infamous NSA slides for giving access to users private data.&quot; I checked the link he refers to and it shows Google is also a Prism company, am I wrong? Oops, I see now he mentions this.

I think Android will never be a 100% real free system but Firefox OS is the true open source and free system :)

Cryptocat is nice for messaging: <a href="https://crypto.cat" rel="nofollow">https:&#x2F;&#x2F;crypto.cat</a>

It&#x27;s much too late for all of us. What&#x27;s done is done. You can&#x27;t reverse it.

How does the &#x27;freedom&#x27; of Android compare with iOS and Windows Phone?

Ditch Your Android.

I stopped skimming at &quot;Firefox&quot;.

Since when is privacy necessary for freedom? For all I know, privacy actually is what keeps us away from freedom.<p>When is this meme going to stop? When are people going to realize that there&#x27;s no point in glorifying and seeking privacy?<p>This article is a perfect example of everything you lose when you get into this craze. Why would anyone actively limit their opportunities and disconnect themselves from others? For an imaginary reward?<p>Privacy is not a trade-off. It&#x27;s plain loss.