Chris Wiegman

Limiting My Exposure to Surveillance on Android

/images/2020/08/limiting-my-exposure-to-surveillance-on-android.png

I’ve spent a lot of time working to transition to small, independent tech for our home and, as much as possible for my work. One area where this is really difficult today is with our phones. While Pinephone, GrapheneOS and others are showing promise, the fact is they’re simply not ready for daily use in my life. After trying GrapheneOS for a while on my Pixel 3XL I’ve gone back to stock Android for it but with a few twists. Just because I have accepted stock Android doesn’t mean I’ve accepted the default settings and apps that make privacy all too easy.

Usually when I start talking about privacy on my phone the first reply is “why not get an iPhone?” In my opinion, this is not the right question. For many who install Google, Facebook or a host of other apps on their iPhones their exposure to tracking technology is no better than that of many, if not most, Android phones. In addition, my opposition to big tech ecosystems goes beyond just privacy to other ethical issues. From right to repair to simply telling you how you should use your device the only advantage I see in iPhone is a very small privacy advantage that seems to be eroding as time goes on. So, for now, Android is the best option for me to combine my desire to use my phone in the way I deem best, the need to use apps and services that just aren’t there on smaller mobile operating systems and the desire to avoid tracking surveillance as much as possible.

All that said, privacy, as I’ve pointed out, is still a big issue for me. Here are the steps I’ve taken to use my Android phone while maintaining as much privacy on it as possible.

You don’t need your primary email address

One of the biggest downsides to using Android is that you still need a Google account. That said, if you have a Google account you need elsewhere, you don’t need to use that same account on your phone. The first thing I did was sign up for a Google account that I use for Play Store on the phone and nothing else. Yes, I’m fully aware data is connected in many other ways but keeping my phone segregated from any similar accounts I have, including my work account, is a step in making it harder to connect that data.

Another key here is not allowing this count to sync anything. From photos to contacts use alternative solutions where you can to keep your data out of Google.

Change your system settings

Once the phone is started it’s time to change the settings for better privacy. Here’s what I’ve changed on mine:

  1. Under Privacy turn off Personalize using app data.
  2. Under Arivacy -> Ads turn on Opt out of Ads Personalization. When I think of it, I also periodically click Reset advertising ID in here as well.
  3. Under Privacy –=> Autofill with Google I make sure all accounts are removed.
  4. Under Privacy -> Google location history I make sure my location history is paused
  5. Under Privacy -> Activity controls I ensure all activity controls are turned off.
  6. Under Privacy -> Usage & diagnostics I make sure diagnostic and usage sharing is turned off.
  7. Under Connected devices -> Connect preferences I turn off Bluetooth and NFC. Note, I do add a Bluetooth toggle to the toolbox so I can connect my headphones when I need them.
  8. Under Location -> Wi-Fi and Bluetooth scanning I turn off both Wi-Fi and Bluetooth scanning.
  9. Under Location -> Advanced I turn off all options.
  10. Under System I turn off Backup.
  11. Under Network & Internet -> Advanced -> Private DNS I set it to a custom host name from [https://nextdns.io].

While not perfect, this gives me a much better configuration than the default. That said, we’re not done yet. Lots of Google apps are unnecessary as well. Here’s how you can disable or replace many of the default items for more private alternatives.

Disabling and replacing default apps

While not all default apps have good alternatives, many do and, in some cases, I think you’ll find they’re even better than the original.

Apps, even those that aren’t listed in the App Drawer can be disabled by going to your Settings app, Clicking Apps & notifications and the See all apps. Click on an app listed below, click “Force stop” and then “Uninstall” or “Disable” (depending on what is present). Note you’ll probably want to install the replacements listed below first for apps that need it.

  1. Anything Google (Docs, Drive, Music, etc). Note I can’t list all of the ones I’ve removed for the simple fact that I don’t have them to list anymore.
  2. Android Auto
  3. Calendar -> Etar
  4. Chrome -> Firefox
  5. Data transfer tool
  6. Device Personalization Services
  7. Drive -> Nextcloud
  8. Gmail -> K-9 Mail
  9. Google
  10. Google Play Movies & TV
  11. Google Play Music -> Spotify
  12. Google VR Services
  13. Live Transcribe
  14. Maps -> OsmAnd+
  15. Messages -> Signal
  16. Photos -> Synology Moments*
  17. Pixel Stand
  18. Pixel Tips
  19. Playground
  20. YouTube

* Synology Moments will only work if you have a Synology NAS at home or elsewhere. That said, it is, by far, the most solid replacement I’ve found yet for Google Photos.

In addition to the above apps, I’ve also replaced the usage of a few Google apps even where I couldn’t disable their originals:

  1. AnySoftKeyboard as a replacement for GBoard
  2. Nova Launcher (and Nova Launcher Prime) as a replacement for Pixel Launcher
  3. DAVx5 as a replacement for syncing services such as Calendars, To-dos (using Open Tasks) and Contacts from Nextcloud.
  4. In order to decrypt my email I use OpenKeychain: Easy PGP along with my private key stored on my YubiKey to actually read my email. This is necessary as my email provider, mailbox.org automatically encrypts all messages stored in my account with my public key if they’re not already encrypted.

This setup, while not perfect (perfection, in my mind, is only possible when a viable alternative to Apple and Google’s duopoly exists), still allows me a reasonable level of privacy and access to the apps and services I use daily. If I really wanted to step up a level I could even replace most of my apps downloaded from the Play Store with equivalents from F-Droid but considering I still need Play Store apps anyway it doesn’t seem like the trade-off here would be all that beneficial.

In the end, while we can’t expect perfect privacy if we wish to use our phones in the manner that works best for us, I feel like this setup does a reasonable job of overcoming most of those shortcomings. If you have other options or ideas, please feel free to find me online for a discussion.