How to stay private when using Android

illustration of Android privacy

The smartphone is one of the most invasive devices ever invented. It’s easy to forget that, of course, because we are so familiar with them, and they are so useful. But while you might value your smartphone for the convenience it gives you, tech companies value it for an entirely different reason: it is collecting data on everything you do.

If you believe, like us, that privacy is a human right, Android is something of a nightmare. Most people who use Google services are aware the company is tracking their location, checking which websites they go to, recording their voice, and reading their emails. What a lot of people forget is that Android was developed by Google, and is one of the most important tools for this data collection.

It is possible, though, to use Android in a way that drastically limits the amount of data you are sharing with Google (and other companies who want your data). In this guide, we’ll show you how to do that.

In each step below, we’ll show you how to use the settings menu on your device to increase your security and privacy. Most of the menus we mention will be the same for most current Android devices, but since devices vary you might find these options in a slightly different location or named differently. With a little poking around in your device’s menu, you should be able to find the relevant option. 

The basic principle: Turn everything off

Before we begin with the specific steps necessary to make your Android device more private, let’s highlight a basic principle of using your phone: turn off all the connectivity you do not need.

This goes for whatever smartphone, and whichever operating system, you have. Don’t let your phone connect to unknown WiFi networks because they may be a source of malware. Don’t leave your Bluetooth on because there are plenty of Bluetooth security vulnerabilities. Don’t connect your phone to your computer (if you can avoid it), because smartphones can also act as a reservoir of malware, and your phone can be infected without you realizing it. 

In short: if you are not using a service right now, turn it off.

With that out of the way, let’s make your phone more secure. Here is a short(ish) list of how to do that.

1. Avoid Google Data Protection

First and foremost, you should be aware of Google’s fake commitment to privacy and limit the data the company collects from your phone. Android phones let you do this, but it is hidden. Go to your settings, and look for “activity controls.” Here, you can limit the data that Google is collecting via your phone. 

Going further, you can even use your Google device without signing into your Google account. Unfortunately, this really limits what you can do with your phone. 

2. Use a PIN

Another basic privacy step is to lock your phone with a personal identification number (PIN). Locking your phone prevents random strangers from being able to get into it and keeps your data private in the event that your phone is stolen or one of your friends “borrows” it.

When you set up a PIN on your device, some versions of Android will ask you if you want to encrypt the device as well. This is also a good idea, and we’ll come to that process shortly.

In 2019, it might seem a bit old-fashioned to use a PIN (or, even better, an alphanumeric password), but in terms of data privacy, a PIN is still king. That’s because if you are using the other locking methods that Android provides — your fingerprint or face recognition — you are consenting for this biometric information to be stored on your phone, and occasionally transmitted to Google

3. Encrypt your device

Encrypting your entire phone is pretty simple, but not many people do this. Encryption, though, is by far the best way to keep your data private, whether your phone is hacked or stolen.

Encrypting your phone can be done from the “security” menu in Android. You need to enter a PIN to do this, and the phone needs to be plugged in. Just don’t forget the PIN, because if you do all of the data on your phone may be lost forever.

4. Keep your software up-to-date

Everyone knows that keeping your software up-to-date is incredibly important, but even the most security-conscious people sometimes skip that annoying notification. If you don’t keep your phone updated, you are opening yourself up to vulnerabilities that can be exploited by hackers to steal your data.

In Android, you can update your software at any time by going to Settings > About Phone > System Update.

5. Be wary of unknown sources

By default, Android locks down the sources of software you can use by only allowing you to download apps from “approved sources” that have been vetted by Android developers. This is actually something that Android has inherited from Linux, which the OS is based on. However, sometimes your phone asks you to enable “unknown sources” for software, and if you’re in a rush you can accidentally turn this on. You should never trust software from these sources: some of it is malware, and some of it is merely riddled with security flaws.

To disable unknown software sources, go to Settings > Security > Unknown Sources, and uncheck the box. It’s probably not enabled anyway, but it doesn’t hurt to check.

6. Check app permissions

Yep. You know already that you should carefully check all of the permissions that an app asks for when you install it, but in a hurry you may not. There is no hard-and-fast rule when it comes to checking these permissions, but there is a good guiding principle: are the permissions an app is asking for appropriate for what it does? Does this silly game you’ve downloaded really need to access your camera, contacts, and microphone? Probably not.

The situation, when it comes to app permissions, has improved in recent years. In response to user concerns over privacy, Android apps now ask for (almost) all of the permissions they need. They will also ask for these selectively, so you can use an app without granting it all the permissions it asks for. An app will ask for Bluetooth permission, for instance, only when you try to use this functionality. 

On the other hand, there are some permissions that are so “basic” that they are not even counted as permissions by Android. The most striking example of this is access to your Internet connection. All apps are granted this permission by default, they will not ask you to confirm this, and you cannot disable it. This means that even your flashlight app can send and receive data.

You should check the permissions that an app asks for when you install it, but you should also audit your apps frequently to make sure that you have not granted them more permissions than they need. Building this kind of audit into your monthly schedule is a great way of staying on top of your cybersecurity, since you can easily spot extra permissions that you may have granted in a rush. To check these permissions, go to Settings > Apps > ⚙ icon > App permissions.

In general, if you think an app is asking for greater permissions than necessary, look for an alternative that takes your privacy more seriously.

7. Review your cloud sync

Plenty of apps request permission to sync data with the cloud, and sometimes you might want them to do this. There are many advantages of cloud storage for messaging apps and those that store important data. But, just like checking the permissions they ask for, you should also limit the number of apps you have syncing to the cloud. 

You can turn off cloud syncing for individual apps by going to Settings > Accounts, and then tapping on the app name. 

8. Hide notifications

An often overlooked way of making Android devices more private is simply to turn off notifications on the lock screen. That way, someone who picks up your phone won’t be able to see your contacts, message previews, reminders, and alerts.

Turning off these notifications is easy. Just go to Settings > Sound & Notifications.

9. Review default apps

Now we’re getting to some more technical measures. Android opens certain types of files with certain apps, and these are controlled by a list held in Settings > Apps > ⚙ icon > Default. Here, you can see which apps Android uses for each type of file. 

The key here is to make sure that Android is using the most secure apps available to open particular files. If you’ve installed ProtonMail, for example, make this your default app for email. The same goes for any other secure app you download because by default Android opens everything with the least privacy-focused apps available (i.e. the apps made by Google, which wants to spy on you).

10. Don’t share your location with apps

Many apps request that you share your location with them. For some apps, this is incredibly useful. In fact, some apps lose all functionality unless you give them your location data. 

On the other hand, plenty of apps that don’t need to know where you are ask for this information. This, in fact, has been one of the major security concerns of the 5G network, and why Huawei is banned from taking part in it. There was a fear that the Chinese tech giant was collecting location data by default for everyone who used their hardware, and that this could be used to identify individuals even when they had taken precautions against this.

To turn off location permissions for your apps, go to Settings > Apps > ⚙ icon > App permissions > Location.

A more general way of limiting access to your location data is to disable Google’s attempts to track your every move. You can do that by going to Settings > Location > Google Location History.

Limiting which apps have location permission is even more important now that Vice reported on Locate X, a service that aggregates and sells location data harvested by users’ apps. An internal Secret Service document confirms that the agency has purchased location data, information that it would normally need a warrant or court order to access, from Locate X. Other federal agencies, like Immigration and Customs Enforcement and the Internal Revenue Service, have engaged in similar practices.

11. Use a non-Google version of Android

If you take your privacy seriously, you could also consider using a version of Android that is not built by Google and won’t send them data.

Though most device manufacturers make their own “flavor” of Android, most of these variant systems are built around the core functionality that Google provides. As a result, almost all “mainstream” versions of Android will share your data with Google. 

There are some versions of Android, however, that do not do this. Installing them is a pretty major and complicated step, though, so you should carefully consider whether you want to wipe the existing OS from your phone. At the moment, the most developed (and stable) alternative Android OS is LineageOS. This is based on CyanogenMod, which limits access to your phone by third parties. Installing an alternative OS requires technical knowledge, though there are plenty of install guides to help you.

12. Don’t use Google for search

You might be wondering why this option is not higher up on this list. It should be easy to change your default search engine within Android, right? Well, yes and no. No surprise, Android doesn’t let you use any other search service from within its default browser. 

In order to use a more secure search engine, you need to download an alternative browser. These let you change the default search engine and avoid Google collecting data on your queries. 

13. Use a VPN

A virtual private network (VPN) encrypts all of the data passing between your phone (or computer, or tablet) and the wider Internet. 

There are plenty of VPN providers out there, but you should be careful about which one you choose. In general, VPN providers often are not transparent about who operates them or how they may or may not use your data. In addition, be wary of VPN providers that are based in the EU or (even worse) the US, because they may be required to share data with foreign intelligence agencies. With our own VPN service, we have gone to great lengths to demonstrate why we offer a VPN worthy of your trust

14. Use a secure email provider

Finally, you should use an email provider that doesn’t read your emails. It may sound pretty obvious. But you should remember that everything you do on Gmail is being read by Google. If you are uncomfortable with that, there are plenty of secure (and private) email providers out there. 

One of them is ProtonMail. We use PGP encryption to keep your emails private when they are in transit, and zero-access encryption to secure your data at rest. As a result, no one but you can access your messages, not even us. It’s also quite easy to transfer your data from Gmail using the ProtonMail Import-Export application (now in beta).

Learn more: why ProtonMail is trustworthy

Using Android privately

In closing, it’s also worth pointing out that, although Android is a risk to your privacy if you don’t lock it down correctly, smartphones per se are not evil.

In fact, if used correctly they can be extremely useful in securing other parts of your online life. The clearest example of this is two-factor authentication, in which a time-based code from a smartphone app is required in addition to your password to log in to your account. (Where possible, you should set up this kind of system for all of your online accounts.)

The trick to using a smartphone securely, as with any other device, is to take the time to find out how it actually works. That way, you can disable the data-collection and data-sharing “functions” that you don’t need. 

And just by reading this article, you’ve taken the first step on that road. 

Best Regards,
The ProtonMail Team

UPDATE August 17, 2020: This article was updated to incorporate Vice’s reporting on Locate X and the Secret Service purchasing user location data.

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

About the Author

Ludovic Rembert

Ludovic Rembert is a security analyst, researcher, and founder of PrivacyCanada.net. He spent his career (before semi-retirement) as a network security engineer working in both industry and academia, and more recently has begun freelance writing on a variety of technical topics.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

61 comments on “How to stay private when using Android

  • It would be great to see a ProtonMail app version on F-Droid, like tutanota is doing, so people could actually use LineageOS and PM.

    Reply
  • Wow. I fail the first step! There doesn’t seem to be an “activity controls” under settings for the Samsung S7 device. Alternate description?? What exactly should be changed?
    Thanks!

    Reply
    • Hi! I checked with one of my colleagues who has a Samsung S7. It seems there are a couple of places where you can update this.

      If you go to Settings -> Google, you can opt in or out of personalized ads. There’s also a hamburger menu in the upper right of the Google Settings which has a ‘Usage and diagnostics’ option, which where you can toggle whether you send data to Google to improve Android. And finally there’s a ‘manage your Google Account’ under your name, which has a Data and Personalization header. And under this there is Activity Controls. This is for the whole Google account, not just the phone (the same menu you can find on the web if you go into your Google Account settings). There you can turn off location tracking, personalized ads, etc., for your account.

      Hope that helps!

      Reply
  • May i ask an related question regarding ProtonMail Registration Human Verification? I don’t want to be identified. It seems to me that phone number or email address can only be used once to register ProtonMail account, how LONG do you store cryptographic hashes of contact information provided? Do they have timestamps? You said you only save a cryptographic hash of your email or phone number which is not permanently associated with the account that you create, and I assuming that each ProtonMail account has account creation timestamp down to seconds. would it be possible to figure out if ProtonMail account is somewhat linked to the cryptographic hash of number or email address by comparing these two variables?

    Reply
    • We do indeed periodically delete and clear the hashes. While it is not impossible to try to match a hash to a number, it is a very unlikely procedure because we use a slow hash that would require an extreme amount of computing power to do this.

      Reply
  • Could you expand on point number 11 ( Use a non-Google version of Android)? I easily see this when comparing older outaded devices no longer supported by google, or even devices that only get quarterly or yearly updates from their manufacturer. But what about devices, specifically Pixel & Essential PH-1 that get monthly updates? Also, who is verifying that the software is more secure from LineageOS? Thanks!

    Reply
  • Thank you so much for those helpful tips.
    I really appreciate you explaining them in simple and clear terms as I consider myself a techno-dummy.
    Best wishes
    Grace

    Reply
  • “Going further, you can even use your Google device without signing into your Google account. Unfortunately, this really limits what you can do with your phone. ”

    E.g. you cannot install ProtonMail 🙂

    Great article, thank you!

    Reply
  • Thank you for this information. Do you know if there is an app to perform a security check? I do use one which does some things but does not, for instance, check all the app permissions.

    Reply
  • You guys are the absolute BEST!!! I’ve been a fan for a few years now… And I have been so fortunate to have found you!!! Please don’t ever give up the fight… You guys are a dying breed, and a pillar of light and strength within our community! much love and respect ALWAYS!! The HaTTeR!

    Reply
  • Can I use the Proton VPN on my router, so that all traffic is going through the Proton VPN? Will I sacrifice speed by doing so?

    Reply
  • Mainly I wanted to write and say THANKS! It’s becoming increasingly difficult to find information on how to avoid the security vulnerabilities on cell phones and computers. You used to be able to find loads of information through forums and message boards. Unfortunately search engines are eliminating this ability, preventing the ability to search for independent data from individuals.

    I really wish you, or someone else, would create an alternative OS for android that would eliminate the spy ware that infects the majority of electronic devices. If nothing else it would be nice to be able to “crack” an OS to allow users to see when and who their devices are communicating with. I’m certain this is possible but don’t possess the knowledge of how to do it. Regardless, thank you Proton!

    Merry Christmas! Happy New Year! And all the other forbidden phrases 😉

    Reply
  • Very Interesting. I chose an Android phone because I didn’t like the way Apple try to control your life.
    Now I’m wondering if I made a mistake! Which is the lesser of the two evals, Apple or Android ?

    Reply
    • Sadly, there aren’t any perfect answers, and this is the problem Proton is on a mission to solve. In the meantime, it’s up to each of us to assess our threat model, learn as much as we can, and choose the products that make the most sense for us.

      Reply
  • Great article. The majority of people are clueless as to how much privacy they can loose by not knowing how to properly use their devices.

    Reply
  • Hi,
    Very interesting. Thank you for all theses information.
    Concerning the internet access, it is actually possible to control which app can access the internet with a special App called “no root firewall.”
    It would be really super-great if you could include this funtion inside you app “protonvpn”. For example, it should be an option because for some people it is too complicated to manage this. But once this option activated, each app trying to access internet trough the protonvpn will be blocked by default and the user must allow the app to access internet.
    With this function you will really increase the privacy off people, because as you said, many app doesn’t really need internet access to work. (Or only sometimes, so you can choose when you allow the app)
    Thank you very much

    Reply
  • Thanks for writing this. I feel that it is being written a little late but it’s still appreciated. I would like to see this post/topic updated in the future. I’m already doing 99% of the things listed, but it was still a fun reminder. I have to admit I didn’t know that “Android was developed by Google”.

    Reply
  • Thanks for this article. Maybe you could make a level2 version showing how one can use the F-Droid.org repository (an exception to #5) to replace Google apps by alternatives (AnySoft keyboard instead of Google’s one, Aurora Store and New Pipe or SkyTube as anonymous front-ends to PlayStore and YouTube, etc) and thus remove the Google account without losing functionnalities.

    Reply
  • Hi,
    There il another problem I think I discovered using Android:
    Keying a message using protonmail, I think the spelling is conncted to Google and some of my personnal jokes are proposed to me…
    By this way, all the messages are transmettted directly to Google with their corrections..?
    Am I right ?
    Is there any way to avoid that ?
    Thanks for your expertise and best regards

    Reply
  • Great article to read. Thank~You Ludovic Rembert & ProtonMail. I’m awakening to the fact of privacy on smartphones and coming across this article is a fortunate read. Appreciate the concern of are privacy. Wishing you all Success in your Endeavors & Great Adventures in the coming year of 2020 & the years to follow.

    Reply
  • Thank you for the article; it was informative and helped to find additional privacy settings on my phone that I didn’t know about.

    Reply
  • Hi Ludo,

    thanks for these guidelines, just took my free afternoon to go through these and set up my new phone.

    Bouncing on what you write about 2FA at the end of your article, has anyone @PM written guidelines on the good ways of setting up 2FA across multiple devices?

    Having it enabled on the same device as the app I want to connect to doesn’t sound very safe to me.
    Un avis éclairé serait le bienvenu.

    Cheers.

    Reply
  • Thanks for a great article on options available to make a smartphone more private. I have a few comments though …
    1. Your article mixes general privacy with locking out Big Brother Google which I think is the greatest threat, and hackers.
    2. Your Menu selection notes have not been updated for the latest Android V9. (though you warn about that)
    E.g Settings > Location > Google Location History no longer exists. The Settings – Apps – ⚙ icon has been replaced by the 3-dot menu icon

    You make no mention of Anti-virus apps for Android. Do you not recommend these?

    Thanks, Pieter

    Reply
  • Thanks, Ludovic, for a highly professional article.

    There is one point which to me is the biggest and most outrageous Google Greedy Grab invasion: Google forbids me from reading my own documents and notes without first demanding I surrender a copy to the Google Docs cloud. The message appears:

    “YOU’RE OFF LINE
    To save as Google Docs, you’ll have to go online. Try again when you’re connected.”

    Hijacked.

    There have been times when I found it impossible to view my own file without uploading it first.

    Likewise, I am forbidden from copying my own personal notes from my Huawei to my computer without first going through email or “the cloud”, there is no way to find or access my notes within Android.

    The masked burglars rummage through our writing desks with gleeful impunity. 🙂

    Reply
  • Writing about Non-Google android and not mentioning e OS is somewhat surprising.
    They have been working on this since their campaign and it is working fine for everyday use.
    Lineage gets often installed with GApps, which makes it google spyware.

    Reply
  • 1) you can install protonmail with no play store. it’s called Aurora store.
    2) just install netguard firewall and you discover what’s really send you phone.
    3) you can install lineage OS obly after you studied well point 1 e 2., if you install lineage with no study and you install playstore and all normal “mass app “you obtain at the end… the same spy-phone.
    4) proton vpn with a normal phone it’s only a waste of time.

    Reply
  • Many thanks for this article.
    In the same line of “How to stay private when using Android” I would like to read an article about privacy and security of communication applications (WhatsApp, Signal, Threema, Telegram, etc..).

    Which one to use, which one is more secure. How to make our exchanges more secure.

    We look forward to reading you on this subject.

    Emmanuel

    Reply
  • Good article and I agree fully. This is why I never will do Online Banking with my Smartphone.

    Some points have been raised already, e.g. how to get away from the Google Store and you already mentioned that you are working on it. One particular challenge I have is Two-Factor Authentication. I use it on my PC with the Authenticator app running on a local tablet which is essentially stationary. But to me it does not make sense to have both protected app and token generator on the same device as would be the necessary for the smartphone use case (another Online Banking sin). Is there any support for hardware tokens (e.g Yubikey or Solo) planned? Because if not, I either have forego Two-Factor Authentication in general or not use Protonmail on the smartphone (and with the calendar now coming as well, that would be a shame). Or am I missing something here?

    Reply
    • There is still a security benefit to using 2FA, even if it’s on the same device you’re using to log in to your Proton account. For example, someone trying to remotely access your account would not be able to do so.

      Reply
  • Do you know if Apple’s iOS is any safer? Also what 3rd party browsers are not owned by Google? Is Windows in danger of these same problems as well? Can you make a request for Google to delete any data or info they have of you stored even after you’ve deleted your account? I’ve been a naive Android/Google user for many yrs & never did I know these things about Google. It is upsetting & kinda starting to nag at my anxiety a bit. We deserve our privacy.

    Reply
  • Does Google also monitor my emails when I use a webmail service like GMX / Web via the browser or is this only the case when I use Gmail?

    Reply
  • Great article, but I’d like to add some advise:
    First thing I do after buying a new smartphone? No, wrong, I don’t insert the SIM-card. I’m driving home, connect the SM to my sceure desktop (which never has been on internet and uses the latest debian).
    Then the phone is switched on and booted directly into the download screen. Latest TWRP recovery, LineageOS and a superuser app (like Magisk) will be flashed to the phone (there are plenty of guides in the net, see f.e. xdadevelopers page). Then, the phone is allowed to boot. Encryption of the device is switched on. If TWRP, LineageOS et al. are working correctly (otherwise repeat the flashing, but this time via TWRP only) the SM is switched-off, the SIM-card is inserted and then we go …

    Next thing is installing FDroid to get access to AFWall and Blockada (for use outside of my own local LAN secured with my own DNS and extensive filterlists and no way to connect to it via VPN) and other useful security and privacy related apps.

    With privacy related add-ons in Firefox like PrivacyBadger and uMatrix I think I carefully can use the internet then.

    Reply
  • Another idea just came to me:
    I’m using ProtonVPN. There I have to use another DNS than my homebased one. That one has an adblocker.sh script running which uses many (selectable) filterlists to block ads, tracking and malwaredistribution sites.

    For me it would be a good idea if the ProtonVPN DNSs provide a (opt-in) solution for those DNS-Filtering.

    Reply
  • Thank you Mr. Ludivic Rembert!!!
    A million times over.
    I am so grateful to have stumbled upon this wonderful article.
    Everyone that I have cause to inform or influence, I intend to.
    This is the best article on security I’ve ever read. I can’t thank you enough.

    Reply
  • Thank you for the helpful Android security tips in light of Google’s intrusive & evil data collection practices. Excellent article.

    Reply
  • These are very important steps for our data privacy. Your article would be very helpful to all android users. I learned so many things from your blog. Keep sharing your ideas.

    Reply
  • Not using a google account does not limit what you can do with your phone if you use replacement apps. You can keep all of the functionality without a Google account and improve privacy with a little work and almost no compromises.

    Instead of Playstore, try Aurora Store (the version from the Aurora OSS web site is more up to date but the F-Droid version also works) to access the Playstore repository anonymously and have every Playstore feature available, the one exception being buying apps. Or, you can try a trustworthy web site to download apps from. If you download apps from a web site, i suggest using Sai (from F-Droid) to install them since it is a functional installer that can also install apkx files/split apks and with root access can do so without package installer in a manner that is easier than using a file browser to install apk files. If privacy is not your main concern you can ue Aptoide, Aptoide is an online store that flags apps that passed tests to ensure they are not malicious and allows users to flag them as viruses and fake apps if necessary. But, Aptoide is still highly invasive and sends your data to more businesses besides Google. There might be ways to reduce or eliminate this (see later in this comment).

    If you installed apps from a web site, use APKGrabber to check them for updates.

    Instead of Contacts, try Simple Contacts (if you can not create any without a Google account). Sure, you must use that app to access your contacts, but it is just one more icon on the screen. If you ant to keep your contacts where app are not looking for them, you can try Open Contacts.

    Instead of GBoard, try AnySoftKeyboard, it has a lot more features.

    Instead of Gmail, try any e-mail account.

    Use Firefox or better yet Fennec instead of Chrome, also use Bromite Systemless Webview for app sthat need it (if you have your phone rooted with Magisk and are willing to go through the complicated process of installing the Busybox, Riru Core and Edxposed modules through Magisk, installing Xposed Installer and using that to install and enable the Any Webview Is Good app)
    NOTE: Any firefox version is not privacy friendly by default but this tutorial helps with this problem: https://restoreprivacy.com/firefox-privacy/

    Speaking of Edxposed framework, the following apps can be useful with it installed:
    Location Injector (Spoof your location for selected apps only, also has a virtual analog control for moving the location)
    Network Speed Indicator (Shows data upload speed and download speed in real time, helps to detect rogue apps)

    Instead of Youtube, try Newpipe and you can not just watch but download your videos and also access Peertube.

    Instead of Google Maps, try Magic Earth, it is highly accurate and mainly uses offline maps you download at home. While you’re at it, if you feel that your map/navigation software needs more fgeatures, try using OSMAnd~ (the F-Droid version) alongside the map program because it focuses on adding as many features as possible.

    Instead of using Google Clock, you can use any other clock app. if you miss Spotify, try RadioDroid for access to many online radio channels and the ability to set a radio station as an alarm if you desire to do so.

    Instead of the default file manager, try Total Commander.

    Instead of your default SMS program try Signal (for sending encrypted SMS messages to others who use the app) or QKSMS (F-Droid version). If you are not using Signal and Telegram and want to send an encryoted message to a friend, try Oversec with any app it is compatible with to encrypt amd decrypt messages as tehy are sent and received.

    Instead of the calendar app try Etar. If you do not want your calendars stored where apps would look for them try Simple Calendar.

    Instead of your default camera app try Open Camera. Depending on the camera app on your phone this is either an upgrade or a downgrade.

    Instead of Google Play Protect try an anti malware program. AVL Sec is the only good antivirus program I could find that does not have Google tracking code and it checks apps when they are installed.

    To make turning off your wifi easier, try Wifi Widget. Or, try Wifi Auto Off if you keep forgetting to disable wifi.

    If you are doing any debloating or freexing apps (and if you are you better be ready to flash the system partition and factory reset to recover from bricking your phone) I recommend SD Maid. If you buy the pro license for this app it can also be like CCleaner for Android.

    Trying to find and disable spyware? Try App Warden (on the Aurora OSS web site). Not only will it detect spyware but it will also allow you to restrict apps in various ways. Also try Tracker Control and run apps while it is running to see if any of them contact any well known data collection companies. Extremely concerned about data transfers, Network Log (the app with that name and a white android icon) can show you which IP addresses are being ccessed and which apps are accessing them (well, outside of system apps that share the same ID which would all report the same activity, there are two or three groups of those).

    Instead of Private DNS, or if you are using an Android version earlier than Android 9, try Nebulo. It acts as a DNS proxy and blocks ads using hosts files while allowing you to choose beteen DDNS over HTTPS and DNS over TLS. The onmly donside is it uses Android’s VPN functionality which can increase battery usage slightly.

    Instead of a flashlight app, try Torchie. If your phone does not have a feature where you can turn the camera light on by pressing or holding a button Torchie can turn the light on and off hen you press the two volume keys at the same time. (Note: does not ork ith all phones)

    Instead of a spyware ridden live wallpaper from Playstore, try XScreensaver. It is privacy friendly and gives you many options for live wallpapers and daydreams.

    Chances are sooner or later you will have to use a spyware app that App Warden can not restrict enough to prevent from collecting data. Here are some options:
    Install Shelter to cdreate a work profile. A work profile can deny apps in it location access, freeze apps automatically when you close them, prevent apps from reading the contents of your internal storage outside of the work profile and allow you to disable all apps in it by turning off the work profile. This is good if you are using apps that are dependent on each other and do not trust them. Of course, keep in mind that the SD Micro card is accessible from a work profile.
    Or, install App Quarantine. You can add widgets from this app to the home screen that can freeze and unfreeze an app of your choosing. This is good if you want to only have an app running when you want it to run.

    If you want to really aim for privacy you must uninstall Google Services Framework. if you do that you must uninstall Google Play Services, Google Media Services, Google Playstore and Carrier services. NOTES: If you do not install all of these apps together before rebooting your device your device could be rendered inoperable and you would get a lot of notification spam but if they are all removed simultaneously there are no problems. If you leave carrier services installed and uninstall the rest of the system apps related to Google Services Framework SMS messaging will not work until Carrier Services is uninstalled. Also note that some Google apps like Google Dialer and other apps will no longer work in Android 9 if they have been updated so you may have to uninstall their updates, after that they will work. Note that I have not tried this on Android 10. If you want to ditch Google Dialer, sorry, tehre is no fully working privacy friendly app to replace it across most devices. Simple Dialer comes closest to doing so while still being privacy friendly but still has serious bugs that can be a little bit annoying, chances are a few months from now those bugs will be resolved.

    If you can not live without Google Play Services but want a measure of privacy, try installing MicroG in a work profile (make sure you disable the part of it that works outside the work profile). With MicroG installed you must also install Edxposed Framework (see above) and FakeGapps. At least in a work profile you can disable MicroG and revoking some of its permisions has less of a chance of triggering notification spam in apps.

    Reply
  • Is there a reason why Protonmail couldn’t make APKs of all their apps available on their website?

    Is there a strong argument against using APKMirror to download APKs? They do keep their site decently secure and up-to-date, and Proton APKs are available there. It seems like a decent option, if one is going to take the approach of not logging I to Google on their Android phone — but I’m assuming it’s not recommended, given some of the comments and responses here. Is that the case?

    Reply
  • This article makes no sense without Protonmail being on F-Droid or offering a downloadable apk.
    When will it be released?

    Reply
    • Hi Emerald, we’ve already released ProtonVPN on F-Droid, but doing so for ProtonMail is more complicated and we don’t currently have a timeline.

      Reply