Advice Request LineageOS: Thoughts on this Android security configuration?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

LukeLovesSecurity

Level 4
Thread author
Verified
Jul 28, 2017
185
Well, if you use Android, obviously Google will have access to almost everything you do, your number, your number of contacts, your email, what you search for, your location (where you live, places you visit), and other things, you can even avoid many things, but 100% privacy there is no friend.

Google can technically access my phone since I am running their operating system, but everything will be encrypted and there is no reason for them to single me out of their millions of users.

They do not have access to my number, my ISP does. I don't care if they see who I talk to, so long as they don't know what I talk about, and again, there is no reason for them to spy on me specifically.

They don't have control of my email or what I search for. I am not using their email service, search engine, browser, or DNS.

As far as location, I purposely allow them to see so that I can use the Find My Device app. I chose for that to be in Google's hands, but if I cared about hiding where I am, I could change that. Also note that I disabled the option for them to keep logs on my location, so by policy, they can not log where I am.

I agree with your last point. If I wanted 100% privacy, I would have to move into a cave with food rations and EMP's. Even then I can be spied on. But good privacy is a lot better than no privacy, and I am very aware of what Google is capable of since I would be using their operating system. But like I mentioned before, they have no reason to single me out, and as far as what they can log, I kept it limited to what I am comfortable with.
 

Faybert

Level 24
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
I agree with your last point. If I wanted 100% privacy, I would have to move into a cave with food rations and EMP's.
That's what I mean, there is no 100% privacy, you can even soften a little, no more than that, 100% is only in the offline world, privacy in the digital world is a luxury that we no longer have, unfortunately.
 

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,836
I don't think you understand what I am trying to do. I am trying to put the phone on lock down, so I will need a firewall.

And I don't see what would be considered bloat. The apps all have different necessary functions.
I understand what you're trying to do but still in my opinion it's waste of your time and smartphone's resources.
It's your choice whatever you're trying to achieve by rooting your device, changing it's original operating system and installing software from unverified sources - if you're asking for trouble you'll definitely find it and there is no software which can protect you from your own choices but there is a place where you can always ask for help later :LOL:
 
  • Like
Reactions: Faybert
F

ForgottenSeer 58943

Honestly, if you dont root your device and only download apps from the Play Store, an android antivirus is not necessary.
Save your RAM and battery.

Not true. Google Play Protect has been shown to be a failure in many cases.
 

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
Not true. Google Play Protect has been shown to be a failure in many cases.

I wouldn't call many cases to some very rare malicious apks (which sincerely look silly, who would download that?) which somehow pass through Play Protect and get removed in a couple hours then.
Of course there are no perfect solutions, but I maintain my opinion.
 
  • Like
Reactions: enaph
F

ForgottenSeer 58943

I wouldn't call many cases to some very rare malicious apks (which sincerely look silly, who would download that?) which somehow pass through Play Protect and get removed in a couple hours then.
Of course there are no perfect solutions, but I maintain my opinion.

Google Play Protect Fails Android Antivirus Tests
Overall, anything that improves Android security is a good thing. Many Android users don't have any antivirus software installed, so Google Play Protect serves as a backstop. But so far, it's not a very good backstop. Even the second-worst Android AV product that AV-TEST looked at — in this case, Droid-X 3, a Korean-language app made by NHSC — did much better than Google Play Protect, stopping 82.4 percent of new malware and 93.5 percent of old malware. Google Play Protect did so badly that AV-TEST gave it a zero out of 6 in malware protection.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,134
I've spent the past little while finding security and privacy focused alternatives for everything. I would switch to LineageOS, but certain apps like Netflix and banking apps won't work and to their credit, as they will scan to see if the device is rooted. I have put together a hypothetical security configuration to use on my Galaxy S7.

Main security: Bitdefender Antivirus Free, AdGuard For Android (paid), IMSI Catcher, Bitdefender USSD Protection, Find My Device

Temporary Security (Will be uninstalled after first scan): Norton Hault, Kaspersky Threat Scan, Bitdefender Carrier IQ, Trend Micro Shellshock Detector

Other but relevant apps: LessPass, FreeOTP, LastPass, OpenKeychain, SSE Universal Encryption

VPN (configured through AdGuard): NordVPN

DNS: NordVPN DNS

I wanted to have both a firewall and VPN without rooting, and with AdGuard, I can configure NordVPN within the app, while it acts as a firewall and content blocker. I chose to use NordVPN DNS to avoid DNS leakage, and it is pointless to use AdGuard DNS if I am already using the app. I got Bitdefender Free because it has arguably the best detection rate for android, and I don't care for the extra anti-theft features as they don't work since I am using Signal instead of the default SMS messenger. I am unsure if it has real-time protection, but if it doesn't, it won't matter as AdGuard will be used as a firewall and content blocker 24/7.

The reason I have both LessPass and LastPass is because I am in the process of changing all my passwords to LessPass, but eventually I will be able to get rid of LastPass.

UPDATE: Everyone is recommending I don't root my phone, and I never said I was, so I'm confused where that is from. :ROFLMAO:But it was also recommended I just install apps from the google play store. As I explained earlier, I am trying to move as far away from Google services as I can, so I won't be using the play store much. Just wanted to clear that up so I don't get more replies recommending something I am trying to avoid. :p

NordVPN comes with a true firewall or is that a Kill Switch? I know many VPNs call their firewall a Kill Switch (or vice versa) i.e. it's not a true firewall in that sense

There are true firewalls without rooting but it'll clash with your VPN for these firewalls also use a VPN. Android only allows ONE VPN to operate at one time

Read here

Using both a firewall and vpn on android

Rooting your android phone might help

:rolleyes:
 
Last edited:
  • Like
Reactions: d0ts

d0ts

Level 1
Verified
Nov 9, 2017
23
So many scanner there :D I must agree with ForgottenSeer 58943 opinions regarding Play Protect.
In case you want to root without being detected by Netflix and so on, give a try for Magisk.
As for DNS, Adguard has built-in DNSCrypt so no need of NordVPN, I guess?
 
  • Like
Reactions: LukeLovesSecurity

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,134
So many scanner there :D I must agree with ForgottenSeer 58943 opinions regarding Play Protect.
In case you want to root without being detected by Netflix and so on, give a try for Magisk.
As for DNS, Adguard has built-in DNSScrypt so no need of NordVPN, I guess?
Actually, in its DNS Filtering, you can choose a server in Adguard to have DNSCrypt + DNSSEC
 
  • Like
Reactions: d0ts

LukeLovesSecurity

Level 4
Thread author
Verified
Jul 28, 2017
185
NordVPN comes with a true firewall or is that a Kill Switch? I know many VPNs call their firewall a Kill Switch (or vice versa) i.e. it's not a true firewall in that sense

There are true firewalls without rooting but it'll clash with your VPN for these firewalls also use a VPN. Android only allows ONE VPN to operate at one time

Read here

Using both a firewall and vpn on android

Rooting your android phone might help

:rolleyes:

Not to my knowledge, besides, a kill switch isn't a firewall like you've explained.

I covered this in the first sentence of the paragraph explaining my choices. Thanks for the tips though!

"I wanted to have both a firewall and VPN without rooting, and with AdGuard, I can configure NordVPN within the app, while it acts as a firewall and content blocker."
 
Last edited:
  • Like
Reactions: HarborFront

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Looking at how this post is replied, I seriously wish I could go back in time where I still use my Nokia 3310 to bang other peoples head and still able to use my phone after doing it. lol...
 

LukeLovesSecurity

Level 4
Thread author
Verified
Jul 28, 2017
185
I understand what you're trying to do but still in my opinion it's waste of your time and smartphone's resources.
It's your choice whatever you're trying to achieve by rooting your device, changing it's original operating system and installing software from unverified sources - if you're asking for trouble you'll definitely find it and there is no software which can protect you from your own choices but there is a place where you can always ask for help later :LOL:

You clearly don't, because asking me to download from Google is not an option when I am trying to maintain privacy and not use services from that orwellian corporation. You just made up that I am rooting my device and changing the operating system, then you claim you can't protect Android from viruses.
 

LukeLovesSecurity

Level 4
Thread author
Verified
Jul 28, 2017
185
So many scanner there :D
There is only one scanner, not sure what you mean :p

I must agree with ForgottenSeer 58943 opinions regarding Play Protect.
I've explained in the update and in my replies to others that I am trying to move as far away from Google as possible. But even then, Play Protect isn't really effective unless I only install from the play store.

In case you want to root without being detected by Netflix and so on, give a try for Magisk.
Never heard of Magisk. I'll definitely look it up! :D

As for DNS, Adguard has built-in DNSCrypt so no need of NordVPN, I guess?
DNSCrypt is not an alternative to VPN. The two technologies are very different. I chose to use NordVPN DNS to prevent DNS leakage from the VPN.
 
  • Like
Reactions: HarborFront

LukeLovesSecurity

Level 4
Thread author
Verified
Jul 28, 2017
185
That's what I mean, there is no 100% privacy, you can even soften a little, no more than that, 100% is only in the offline world, privacy in the digital world is a luxury that we no longer have, unfortunately.

It is not like I won't have much privacy. I will have a lot of privacy, it just won't be perfect. And I am perfectly fine with that. Throwing out my phone is like cutting off my finger after it is scratched.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,134
Not to my knowledge, besides, a kill switch isn't a firewall like you've explained.

I covered this in the first sentence of the paragraph explaining my choices. Thanks for the tips though!

"I wanted to have both a firewall and VPN without rooting, and with AdGuard, I can configure NordVPN within the app, while it acts as a firewall and content blocker."
Ok, you are right about using NordVPN and Adguard's firewall. I missed the latter. Thanks
 
  • Like
Reactions: LukeLovesSecurity

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
Google Play Protect Fails Android Antivirus Tests
Overall, anything that improves Android security is a good thing. Many Android users don't have any antivirus software installed, so Google Play Protect serves as a backstop. But so far, it's not a very good backstop. Even the second-worst Android AV product that AV-TEST looked at — in this case, Droid-X 3, a Korean-language app made by NHSC — did much better than Google Play Protect, stopping 82.4 percent of new malware and 93.5 percent of old malware. Google Play Protect did so badly that AV-TEST gave it a zero out of 6 in malware protection.

Well, this test proves nothing. Most of this malware comes from unknown apks, which I excluded in the first place.
 

CoherentCrayon

Level 4
Verified
Jun 23, 2017
183
Hmm, I'd have to look into it. Besides, it is a big change to replace the OS, so I think I will stick with Android till Purism's phone comes out.
If I'm flashing ROMs (switching firmware) on my phones, I only do it if the warranty has expired and the stock firmware doesn't get updates anymore
 

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,836
asking me to download from Google is not an option when I am trying to maintain privacy and not use services from that orwellian corporation
So why you're using their system in first place then?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top