Basic Security Oldschool's Pixel 9a Configuration

[oldschool]

Many Nextdns users have reported Google VPN bypassing their custom DNS settings to use their own DNS Servers.

Well, that makes sense since they both use the Private DNS/VPN protocol, since I don't think they'd build parallel, duplicate features, and it would be one reason I probably wouldn't use it.

 

[ForgottenSeer 123526]

Well, that makes sense since they both use the Private DNS/VPN protocol, since I don't think they'd build parallel, duplicate features, and it would be one reason I probably wouldn't use it.

VPN by Google doesn't support custom DNS. You can't use external or local DNS lookups according to their own documentation. If you have your device's Private DNS set to NextDNS, and then you enable Google VPN, the VPN will generally bypass NextDNS and use its own DNS servers.

 

[rashmi]

Here's my initial setup for my new Pixel 9a. Getting acquainted with the Pixel UI and the whole Google experience before making the change to GrapheneOS. Should I be brave and take the plunge?

I may add Edge or Brave but I do very little browsing on the phone, so I added NextDNS protection for now.

I recently watched a video showcasing GrapheneOS on the Pixel phone. I liked GrapheneOS and would surely install it if I had a Pixel phone.

I have Brave and Vivaldi installed on iPads. I installed Brave for its YouTube Shorts filter, but it's annoying with messages about setting it as default, Rewards, Brave Search, etc. Now that I've found a YouTube Shorts filter for Vivaldi, I'll uninstall Brave. You should try Vivaldi; it has a neat interface, no bloat, an effective ad blocker, and a refreshing look (not a Chrome clone).

 

[oldschool]

How to turn off Google Assistant with just a few taps

If you don't use it, you can turn off Google Assistant on your smartphone in seconds. Here are step-by-step instructions on how to do it.

www.androidauthority.com

Unfortunately, it is impossible to disable Google Assistant or Gemini on the Pixel 9a. It is possible to make it less intrusive, however.

 

[oldschool]

I'm interested on how you go with GrapheneOS.
Been looking at playing around with this on an old work Android phone.

The big thing holding me back from making the switch to GOS is the lack of RCS text messaging. The default app uses SMS/MMS only. There are miles-long threads about hacks to get working G Messages, with results varying wildly, depending on country, carrier, phone model, etc. None of them look simple. There may be some possibility that RCS comes to GOS if the standards improve and make the change possible, but that is likely far off in the future.

I'm sticking with stock Pixel for now, even though there are annoyances I'm unable to be rid of.

 

[oldschool]

Added some configuration details.

 

[oldschool]

Here is Gemini's take on RCS in Android:

Prompt: what advances are needed to make RCS available to all android phones, including custom ROMs






Making RCS (Rich Communication Services) universally available on all Android phones, including those running custom ROMs, faces several challenges, primarily due to Google's current implementation and its reliance on device integrity checks. Here are the key advances needed:
1. Open and Standardized RCS APIs for Third-Party Apps:

• Current Situation: While RCS is a GSMA standard, Google's primary implementation in Google Messages uses its own "Jibe" hub. The APIs for other apps to integrate with Google's RCS service are not fully open or easily accessible. This means custom ROMs often have to rely on Google Messages or workarounds.
  
  
  
• Needed Advance: Google needs to provide a truly open and documented API that allows any messaging app (including open-source ones or those integrated into custom ROMs) to natively connect to the RCS network. This would decouple RCS functionality from specific Google apps and allow for broader adoption. This was a stated goal for Android 11, but it hasn't fully materialized in a way that benefits custom ROMs.

2. Decoupling RCS from Play Integrity API/SafetyNet:

• Current Situation: Google has been observed to silently block RCS on rooted Android phones and devices running custom ROMs. This is often linked to the Play Integrity API (formerly SafetyNet), which checks device integrity. If a device fails these checks (common with custom ROMs or rooted phones), RCS functionality in Google Messages can be disabled without clear error messages. Google states this is to prevent spam and abuse.
  
  
  
  
• Needed Advance:
  • More Granular Fraud Prevention: Instead of a blanket ban based on device integrity, Google needs more nuanced fraud and spam prevention methods that don't penalize legitimate users of custom ROMs. This could involve behavioral analysis or other indicators that don't rely on locking down the entire device.
  • Transparency and User Control: If RCS is blocked, users should receive clear notifications and reasons, rather than messages simply disappearing. Users should also have options to override these blocks if they understand the risks, similar to how they might choose to proceed with a less secure banking app on a rooted device.
  • Official Support for Custom ROMs: Google could work with popular custom ROM communities (like LineageOS) to ensure their builds pass necessary integrity checks for RCS, or provide official guidelines for ROM developers to implement RCS support without being flagged.

3. Carrier Neutrality and Infrastructure:

• Current Situation: While Google has largely bypassed carrier involvement for RCS activation through its Jibe platform, some legacy carrier implementations still exist, which can lead to fragmentation and issues.
• Needed Advance: Full global adoption of a standardized, carrier-agnostic RCS backbone is crucial. This would ensure that RCS works seamlessly across all networks, regardless of the user's carrier or device.

4. End-to-End Encryption as a Standard:

• Current Situation: While Google Messages offers end-to-end encryption for one-on-one RCS chats, it's not universally applied across all RCS implementations or for group chats. Apple's upcoming support for RCS will include E2EE for individual chats.
  
  
  
• Needed Advance: Making end-to-end encryption a mandatory part of the RCS Universal Profile, and easily implementable by all RCS clients, would increase user trust and privacy, fostering broader adoption. This is especially important for users who might be more security-conscious and drawn to custom ROMs.

5. Simplified Integration for Developers:

• Current Situation: Implementing RCS functionality can be complex, and many third-party app developers haven't adopted it due to the lack of clear, open APIs.
• Needed Advance: A comprehensive SDK and well-documented APIs would empower developers of alternative messaging apps and custom ROMs to integrate RCS features directly, fostering innovation and wider availability beyond Google Messages.

In essence, achieving universal RCS availability on all Android phones, especially those with custom ROMs, requires a shift from Google's current, somewhat walled-garden approach to a more open, transparent, and truly standardized ecosystem that prioritizes user choice and control while still addressing security concerns effectively.

At least Gemini appears to be up front on what's needed.

 

[oldschool]

And Brave Search AI response to the same prompt as above:

RCS Availability on Android​

Google has implemented measures that block RCS (Rich Communication Services) on rooted Android phones and custom ROMs, primarily through the use of the Play Integrity API and SafetyNet checks. These checks are designed to ensure device integrity, but they prevent certain devices from accessing RCS, even if the feature is enabled. To make RCS available to all Android phones, including those with custom ROMs, several advancements and changes would be necessary.

• Device Integrity Workarounds: Developers would need to create more robust solutions to bypass or modify the Play Integrity API and SafetyNet checks without compromising device security. This could involve developing modules like PlayIntegrityFix, which allows rooted devices to pass these checks.
• Google's Policy Changes: Google would need to reconsider its current policy of blocking RCS on rooted devices and custom ROMs. This could involve relaxing the restrictions or providing clearer guidelines for developers and users on how to enable RCS on such devices.
• Carrier and App Support: Carriers and app developers would need to ensure that their systems are compatible with custom ROMs and rooted devices. This could involve updating their infrastructure to support a wider range of devices and configurations.
• User Education: Users would need to be better informed about the steps they can take to enable RCS on their devices. This could include providing detailed guides and support resources for users of custom ROMs and rooted devices.

 

[Jonny Quest]

Then including Google AI search. For me personally, this is why I like doing the Brave search, then scrolling down the page for the Google AI search. Between those two, it makes more sense to me, and not information overload where a lot of you all would really like that depth and breadth of Gemini, and understand it more comprehensively

In order to make RCS universally available to all Android phones, including those running custom ROMs, several advances are needed.
1. Broader adoption and carrier support

• Global Carrier Rollout: While RCS has gained significant traction, especially with Google's Jibe backend providing it independently of carrier support in many regions, Getstream says RCS is only available on Android devices, truly universal access requires all carriers worldwide to fully embrace and implement the Universal Profile. This would eliminate situations where RCS functionality is limited based on location or specific carrier networks.
• Carrier Interoperability: Ensuring seamless communication between different carrier implementations is crucial for a unified RCS experience.

2. Play Integrity API considerations

• Addressing Root and Custom ROM Limitations: One of the main challenges for custom ROM users is that RCS might not work due to Google's Reddit says RCS will not work if your device is not passing Play Store Certification Play Integrity API checks. These checks are designed to prevent malicious activity, but they can unintentionally restrict access for users who choose to customize their devices.
• Developing a More Inclusive Approach: Google needs to find a way to maintain the security of RCS while not penalizing users who choose to install custom ROMs. This could involve alternative methods for verifying device integrity that don't solely rely on the Play Integrity API, YouTube mentions that passing the first two tests allows RCS to work as highlighted by discussions around ways to bypass these checks.

3. Open API and integration

• RCS API Integration in AOSP: To truly democratize RCS, it would be beneficial to have a more integrated RCS API directly within the Android Open Source Project (AOSP). This would allow custom ROM developers to more easily incorporate RCS into their builds, rather than relying on workarounds or proprietary Google implementations.
• Standardized RCS Clients: While Google Messages is the default RCS client, support for the RCS standard in other messaging apps could further expand its reach. This requires open APIs and clear documentation for developers to build compatible RCS clients.

4. End-to-end encryption enhancements

• Universal End-to-End Encryption: While Google Messages already offers end-to-end encryption for RCS chats, widespread adoption of the new MLS-based end-to-end encryption standard across all RCS implementations is crucial for ensuring privacy and security for all users.

By addressing these areas, RCS can move closer to becoming a truly ubiquitous and seamless communication standard for all Android users, regardless of their device or software choices.

 

[oldschool]

Then including Google AI search. For me personally, this is why I like doing the Brave search, then scrolling down the page for the Google AI search.

I couldn't find the G AI result in Brave Search. Are you using Brave browser?

BTW, and FYI, the Gemini search in above post was with user signed in. I got a shorter, less detailed answer when not signed in.

 

[SeriousHoax]

Then including Google AI search. For me personally, this is why I like doing the Brave search, then scrolling down the page for the Google AI search. Between those two, it makes more sense to me, and not information overload where a lot of you all would really like that depth and breadth of Gemini, and understand it more comprehensively

You can add things like, "short answer", "explain briefly", etc in your prompt to make it give a short answer. Gemini overall doesn't give too long answers. I often find its answer too short. Grok AI tends to over explain things which can be good sometimes as you said but not always, ChatGPT is a good balance but all of them can answer briefly/broadly if we ask.

 

[Jonny Quest]

I couldn't find the G AI result in Brave Search. Are you using Brave browser?

BTW, and FYI, the Gemini search in above post was with user signed in. I got a shorter, less detailed answer when not signed in.

Thanks, that's been mentioned here before, regarding the sign in compared to not signed in results. Thank you for reminding me
Yes, here's what it looks like when I use Brave, which is my default browser.

 

[Jonny Quest]

I couldn't find the G AI result in Brave Search. Are you using Brave browser?

BTW, and FYI, the Gemini search in above post was with user signed in. I got a shorter, less detailed answer when not signed in.

You can add things like, "short answer" "explain briefly", etc in your prompt to make it give a short answer. Gemini overall doesn't give too long answers. I often find its answer too short. Grok AI tends to over explain things which can be good sometimes as you said but not always, ChatGPT is a good balance but all of them can answer briefly/broadly if we ask.

This is why I "love" this forum, very helpful and insightful members and posts here on MT's. Thank you

 

[oldschool]

Yes, here's what it looks like when I use Brave, which is my default browser.

I suspect Brave Search is forcing me to use it with the Answer with AI toggle enabled, otherwise I keep getting an error message when using it on demand. They gently prod users to switch browsers with tactics like these. Of course, they are far from alone, as with Google RCS.

 

[[correlate]]

On GrapheneOS:

Go to Settings > Privacy & Security > Permissions Manager > Sensors.

And turn it off for apps that don't need it.

Then go to Privacy & Security > More Privacy & Security.

And toggle off "Allow Sensors permission to apps by default".

 

[oldschool]

On GrapheneOS:

The big thing holding me back from making the switch to GOS is the lack of RCS text messaging. The default app uses SMS/MMS only. There are miles-long threads about hacks to get working G Messages, with results varying wildly, depending on country, carrier, phone model, etc. None of them look simple. There may be some possibility that RCS comes to GOS if the standards improve and make the change possible, but that is likely far off in the future.

I'm sticking with stock Pixel for now, even though there are annoyances I'm unable to be rid of.

 

[oldschool]

Somehow, I got a Google search pinned to my homescreen unintentionally, probably removing and replacing my phone in my pocket while hiking. I hate it when this kind of crap happens on Pixel. It's because the G app can't be removed. I'm mad enough that I'm about to install GOS to be rid of this kind of thing, but I'll wait till I cool off before doing so.

 

[oldschool]

Updated to August Security patch.

 

[Marko :)]

Somehow, I got a Google search pinned to my homescreen unintentionally, probably removing and replacing my phone in my pocket while hiking. I hate it when this kind of crap happens on Pixel. It's because the G app can't be removed. I'm mad enough that I'm about to install GOS to be rid of this kind of thing, but I'll wait till I cool off before doing so.

These Google apps couldn't be removed on my Poco as well. So I did the next best thing: connected phone with USB to my laptop and uninstalled them through ADB.

I still can't figure out the point of Google app. Whatever you do in it, you always end up in your default web browser.

 

[oldschool]

I still can't figure out the point of Google app. Whatever you do in it, you always end up in your default web browser.

Exactly.

These Google apps couldn't be removed on my Poco as well. So I did the next best thing: connected phone with USB to my laptop and uninstalled them through ADB.

Yeah, I don't want to mess with my phone. I'd rather install GOS, but there are tradeoffs there as well.