this post was submitted on 23 Jun 2024
39 points (93.3% liked)

DeGoogle Yourself

8807 readers
40 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

  1. Be respectful even in disagreement

  2. No advertising unless it is very relevent and justified. Do not do this excessively.

  3. No low value posts / memes. We or you need to learn, or discuss something.

Related communities

[email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

founded 4 years ago
MODERATORS
 

I have OnePlus 7 Pro that I successfully flashed with LineageOS 21 with MicroG. Do you have some interesting apps or ideas to take advantage of it? I thought of some Magisk modules. Maybe someone is more experience than me! This is the spare smartphone, the main one is GrapheneOS, so I don't mind breaking stuff.

top 25 comments
sorted by: hot top controversial new old
[–] [email protected] 9 points 4 months ago (2 children)

Try passing the SafetyNet check

[–] [email protected] 3 points 4 months ago (2 children)

Someone suggested to me the other day that safetynet was now (or will soon be) deprecated. I'm not sure what the situation is with regards to attestation, though I sort of dread to think about what will replace it.

[–] [email protected] 7 points 4 months ago (1 children)

I think the new "safetynet" is "Play integrity". I think you need playstore installed and activated to pass the test though.

At least, it seems like many apps are ok with passing only safetynet though, so probably not a big issue yet.

[–] [email protected] 3 points 4 months ago

Google Play and their services are so tightly integrated with Android, no wonder GrapheneOS did their sandbox... However, I thought of doing the same with microG.

[–] [email protected] 1 points 4 months ago

Let's see how apps will adapt it.

[–] [email protected] 3 points 4 months ago

Any guidance on this?

[–] [email protected] 7 points 4 months ago (2 children)
  1. AFWall+ firewall to allow list apps to internet using your preferred method (e.g. VPN, wifi, data, etc)
  2. PcapDroid to help monitor and analyze packets, or to just confirm things aren't communicating unexpectedly
  3. AdAway if you're not using your own dedicated dns over a permanent VPN connection

If not all 3 of these, AFWall is probably the best to go with. Having a way to not only block Apps, but also define your own custom firewall rules is very powerful. For example, I redirect all DNS requests to my own DNS with a custom rule (for apps, like Termux, using hardcoded DNS lookups instead of what the phone is set to)

[–] [email protected] 4 points 4 months ago (1 children)

So you're suggesting more "network" control. I like it.

AFWall+

I use NetGuard, but I don't see any benefits from having root in it.

PcapDroid

Hmm, interesting, I think the closest thing that I use now is TrackerControl.

AdAway

I'm using my VPN "socket" with TrackerControl.

define your own custom firewall rules is very powerful

Yeah, and also easy to mess up connections so they no longer work properly. 😆

I redirect all DNS requests to my own DNS with a custom rule (for apps, like Termux, using hardcoded DNS lookups instead of what the phone is set to)

That seems cool. For now, I'm using Mullvad's public DNS service. See their dns-blocklists.

I also know App Manager, and I'm using it and with root it with ease blocks any necessary trackers and other things. Have you tried it?

[–] [email protected] 1 points 4 months ago

I'll have to check out TrackerControl, that's a new one to me!

I have seen app manager but currently use AppOps. I didn't recommend AppOps above because I'm not sure it's still supported or not, and it's also not really Foss. It's treated me well over the years, but I'm definitely interested in finding a better alternative. The last time I checked app manager, it wasn't as good... But maybe that's changed as it's been several years now so I think I might be due for looking at it again!

My wireguard connection on my phone connects to my home network to an pi hosting my internal VPN... But the network is completely covered by a mullvad VPN through opnsense. I've got pihole setup using the mullvad anti-trackkng private DNS. With this setup, the only real need I have for root on my phone is because I do some pretty low level automation on it through crond and some backups of core app data that I'd really hate to lose... And the complex firewall rules lol.

[–] [email protected] 1 points 4 months ago (1 children)

How do you make AFwall and vpn working together, when i tried it said one or the other.

[–] [email protected] 2 points 4 months ago

This is where rooting the phone is required. I use wireguard without root and have AFWall granted with root at bootup so it doesn't require acting as a VPN

[–] [email protected] 6 points 4 months ago (2 children)

Have you tried apatch as an alternative to magisk?

It ~combines rhe advantages of magisk and kernelsu

[–] [email protected] 5 points 4 months ago (2 children)

KernelSU is unsafe. Is apatch the same?

[–] [email protected] 4 points 4 months ago (1 children)

I think it may be based on ksu, but also uses superkeys with passwords or something. I don't know much about its security, you may want to check the issues tab on github or generally the project itself.

[–] [email protected] 3 points 4 months ago

From the security standpoint, I think rooting is always against the security. That's why DivestOS and GrapheneOS are against it, and it shouldn't be tried. However, I was interested in Shizuku that also is some another hole to patch up when exploited.

[–] [email protected] 3 points 4 months ago (1 children)

KernelSU is unsafe

Is any root safe though?

[–] [email protected] 3 points 4 months ago (1 children)

Not really but KSU is less safe than Magisk

[–] [email protected] 3 points 4 months ago (1 children)
[–] [email protected] 2 points 4 months ago

Read their own official documentation. They officially said they didn't have anyone responsible for security and it's not what they cared about. This combined with basically giving the whole system root permission is very bad for security

[–] [email protected] 4 points 4 months ago (1 children)

No, I have never heard of it. Thanks!

I don't even know what Kernelsu is. Magisk is already applied to the phone, never thought there are alternatives.

[–] [email protected] 1 points 4 months ago (1 children)

Oh oke oke. I had issues with magisk a few months before I switch. I think there were incompatibility issues between magisk and lsposed manager, so I did a full reset, I upgraded the rom (from a beta version from November 2021 of the rom xiaomi.eu miui 12.6/android 11, I went to xiaomi.eu hyperOS/android13) and installed apatch so that I dont have incompatibikity issues (plus, it hides root much better).

[–] [email protected] 3 points 4 months ago (1 children)

lsposed manager

I don't know what that is.

it hides root much better

To me, that's the funniest thing. I come from Linux and I want to have - let's say administrator (root) of my Android, which is also Linux as far I know. I know the Android is praised for its security, but come on, I wish to have control over my system as a working System Admin. That's the main purpose of my set-up. How come, any app can just check whether I have root or not? That's some bullshit.

  1. Custom ROM - LineageOS
  2. microG so I don't use proprietary Google Play Services
  3. and root so I can have full control over my smartphone
[–] [email protected] 5 points 4 months ago* (last edited 4 months ago) (1 children)

Those "root checks" are a joke. ~Nobody raises a brow if you are an admin user with root privilages on windows, (desktop) linux or macos. But it's such a huuuge deal when you manage to actually own and use your own mobile device the way you want by breaking free from what they impose on you, ugh...

Any app that doesnt work when you have root access ~shouldn't be used at first place..

Lsposed is a magisk/ksu module that has its own modules too. Like a manager insude a manager giving you even more options.

I would like to help you with various stuff and customizations but I just don't have enough time to explain them all.😅

I'm just gonna list stuff you may find useful:

Apatch (root and magisk/kernel modules manager)

Mrepo (magisk modules manager)

Shizuku

Color blender (to tweak metarial you colors)

Droidify (fdroid alternative)

Aurora store (play store alterantive)

Total commander (closed source root file manager)

Canta (used to uninstall system apps, I just use it to see the descriptions of various apps and disable them)

Florisboard beta (I have made a very good copy of gboard with that, I can send you the files if you want)

Smartpack manager (info about the phone and more)

Appmanager (various detailed info about apps)

Hidden settings (settings your rom may not show, closed source)

Island (for dual apps)

Neobackup (root backups, has issues with work profile)

Databackup (root backups, I use it to backup work profile apps)

Sai (installer)

Roundsync (uses rsync or rclone I think)

PrimitiveFTP (to send/recieve files with ftp connections)

DroidFS (to encrypt files)

DiskUsage (to visalise storage usage)

Db viewer (to view databases of apps, closed source)

Termux (temrinal for android, too advanced for me)

UsageDirect (logs app usage)

Motionamate (logs steps)

Neutrinote ce (notes)

Fossify apps (gallery, sms, calendar etc.)

Librera (pdf, epub etc viewer)

Moneywallet (expense/income tracker)

Magisk modules:

  • Adb and fastboot for android ndk

  • Advanced charging controller

  • Busybox for android ndk

  • Lsposed-mod (maintained version of lsposed manager, after the original went archived)

  • Zygisk mod

Lsposed modules/apps:

  • Lucky patcher (hacking apps if you want to)

  • Free notificiations to manage notifications

  • Matrix rain (fancy effect with matrix background in notification shade)

  • messengerEX (to disable adds in messenger app, in case you use it)

And many many more stuff

I was setting up my phone for about two weeks some months ago (the was a bug with xiaomi and work profile)😅

[–] [email protected] 1 points 4 months ago* (last edited 4 months ago) (1 children)

I'm pretty sure Shelter is better than Island, but I forgot the reason xD

Obtainium to grab apps and updates straight from the repositories.

GPS Logger is neat if you want to keep track of your movements now that Google won't track you anymore.

[–] [email protected] 3 points 4 months ago

Insular (the degoogled open source version of Island) has a page comparing Island, Shelter and Insular

https://secure-system.gitlab.io/Insular/faq.html

I don't know if its updated, but you can pick the ones that fits your needs.

I picked Island because I thought I may have issues with my notifications if I had chosen Insular. (Plus, there was this bug I was talking about and thought that it would fix it. Installing Island wasnt the solution, but I had already spent a lot of time/days setting up my phone multiple times and didnt want to try it again, with the possibility of problematic notifications.)