How I Secure and Use Android Devices

Here I am sharing a complete method I use to keep my Android devices secure. For starters I have to say that I am not a regular Android user, and you will not find many of the widespread apps on my devices. The question, why I do not use Facebook, WhatsApp and Google Apps makes it to a separate micro-topic here.

This is a long article going all the steps from a device bought on the market, to a highly customized Android full of open-source software, root access and a working firewall.

This article is still a work in progress...

The reasons for each step of the customization are presented here. This is why this article is one of the largest on this site. Brief list of measures for those who have experience with customizing Android in a single paragraph here.

Disclaimer On this web site you might read about or get access to various kinds of software and technology, including but not limited to libraries, operating systems, software for communications, mobile phones and tablets, Android software and Linux, even cars and motorcycles, security and penetration testing software, software used in security research and forensics, some samples of software which can be used (elsewhere) for malicious or illegal purposes. You will read about or be provided with the ways to change it, to operate it and to use it. You might find advice and recommendations, which are only an opinion, and not a legal advice or commercial recommendation..
Bear in mind, please, that everything you do, you do solely at your own risk and responsibility. In no way the author of this web site, information, graphics and other materials presented here or related to it can be made liable or anyhow else responsible for your own actions as well as actions of any third party and their direct or indirect results or consequences with or without the use of this information as well as the software, technology and systems mentioned and/or presented here, no matter if developed by the author or by any third party.
In no way it is guaranteed that you will meet any suitability for any particular purpose, safety, security, legality or even simply functioning of the software and systems described here. You have to make sure each time yourself, whether what you do, is really what you intend to do, and that you are ready to be yourself responsible for. All the recommendations and experiences described here are the opinions of corresponding authors and are to be taken with care and own full responsibility.
The software provided on or through this web site, linked to from this web site or anyhow else related to this web site is provided by the corresponding authors on their own terms. We provide all the software here as is without any guarantees to you. You are responsible for deciding whether it is suitable for you or not. You are also responsible for all direct or indirect consequences of using this software.
Other web sites linked to from the current one are out of the author's control, we can not guarantee anything about their content, its quality or even legality. We can not be liable for any use of the linked to web sites or of the information presented there.
We reasonably try to keep this website running smoothly and to deliver information to the best of our knowledge corresponding to the state of the art at the times when the information is composed, usually presented together with the information, and out of good intents. We can not however guarantee and can not be liable for this website being temporarily or permanently unavailable, presenting unreliable information or software, or any other similar or not malfunctioning or functioning not up to your expectations as well as any consequences which might result from this site's operation.

This article has been proof-read by two high-class software professionals and changed to be more precise and correct.

What you get when buying a phone: bloatware and locks

So you've bought a phone or a tablet with Android from Amazon or another shop, maybe your bought it from your carrier. Whose software have you got running?

The OS, firmware and bootloader are probably installed by the manufacturer. They could also install some more apps to add features or customize the UI. The carrier could also add features. This is problematic right upfront!

First, your updates depend on your manufacturer. If they are slow or ignoring your security completely, you will use an old and vulnerable operating system or software as soon as in a year already. Does the manufacturer, the shop, or the carrier you buy from guarantee you a certain support time during which your device will be serviced with updates? How about the speed of updates? Do they guarantee a known security problem to be fixed within a day or a week? No? - right..

Second, you’ve got a lot of apps you do not use ever. They are called bloatware as they bloat your phone taking up its free space for no good reason for you. They might also consume your mobile traffic and occupy a significant portion of RAM. The battery life goes down accordingly. Isn't it amazing, that you have just paid for those apps? Moreover, there is normally no good way to uninstall them.

As an amarena cherry on this piece of cake you might get a bunch of locks on your phone: a bootloader lock, not letting you re-install the OS and a SIM-card lock. A store-lock not letting you install another app-store or apps from the source you like is less typical on Android, but the root access to your phone would usually be disabled, it is also a lock. One more lock is the disabled tethering on your phone.

Usually you would know well about the SIM-card lock, it is a contract-based buy, you get your phone discounted and bind yourself to the carrier.

Not a lot is told however about the bootloader lock or a root lock. It is a limitation which the manufacturer must inform you about explicitly, in my opinion. "Warning, we control what OS and software you will use."

The disabled tethering is the most shameless lock, in my opinion. Stock Android let's make a Wi-Fi hotspot out of your Android phone. You can the share your mobile data connection with other devices. Manufacturers or carrier often disable this feature, which forces you to buy data SIM for your tablet separately, an LTE modem for your laptop separately and pay for them monthly.

This is how a responsible buyer shall go about locks, you should ask the seller:

• Do I have a SIM-card lock? How much less do I pay because of it?
• Do I have a bootloader lock? How much less do I pay? How long will my device be supported with new Android versions?
• Do I have a root on my phone? How much do I pay less, if no?
• Can I use my phone as a Wi-Fi hotspot? How much less do I pay, if this feature is cut away?
• Can I freely install any apps I want on my phone, or just from a given app store (like Amazon)? How much less do I pay?

And same about the bloatware indeed:

• Whose software does my phone run without my explicit permission? Manufacturer's? Carrier's?
• Who pays the mobile data used by those apps?
• Who pays the electricity consumed by those apps?
• Which data about me is being transferred to whom by those apps?
• How much of my phone's resources, like storage and RAM, are used by such apps?
• How much less to I pay for letting these apps on my device?

It is a really strange concept of owning. Who owns your device really? Who commands it which programs to run?

Root and personal firewall

Let’s start small regaining the administrative access to your phone. Once you have rooted your device you can install a personal firewall, which will give you the choice, which apps are allowed to talk to the Internet. Usually there will still be no way to uninstall or deactivate all of bloatware like this completely. But at least you will shut its mouth up.

Gives you:

• Control over apps using your Internet Connection
• Better battery life
• Lower mobile traffic consumption
• Administrative access to your device

Takes from you:

• Warranty in some cases

Almost always the way to root is device-specific, but there are plenty of apps which might help you doing it, xda-developers is there for you too.

Being root among others mean you can administer your device with all the privileges, for example you can delete, move or view any file on the device. Like this you could try deleting the bloatware, but it is possible to render your OS unusable easily this way. So we will not delete anything after root, but install a personal firewall.

This kind of firewall UI controls the Linux built-in firewall iptables in fact, writing rules to it. It needs root rights to configure iptables.

Let's start with a better practice to get open-source software too here. Allow unknown sources of software (known sources to us of-course, but not to your bloatware provider), and install F-Droid. Now you have a source of community-supported apps. These apps can go through audit being open-source mostly, and F-Droid will tell you, if they are free of unwanted features or not. It is very likely that these apps will not be just gone one day, as the source stays online.

Installing the same firewall from F-Droid is easy: just open this link with F-Droid, or find AFWall+ in F-Droid app.

On F-Droid you could have noticed that AFWall+ promotes non-free add-ons. This app will still do very well for us without such add-ons.

So we have a personal firewall. Now you can pick apps which shall have access to your Internet connection: separately to Wi-Fi, to your LAN and/or to your mobile network. This is good for two reasons at least.

First reason is that the apps which shall not phone home will stop. You’ll save your battery and traffic a lot! Expect a sensible growth of your battery life: up to 30% in my experience. Allow your email client and your browser, take time, see what else to allow: you’ll noticed what have stopped working, enable pop-ups on blocking in the AFWall.

Second, some poorly implemented apps allow connections to themselves from the Internet. In other words they open ports. You do not want that generally, proof.

Maybe now it is a point for you to stop fighting the ownership rights back? You have root access, you have control over your Internet connection. For me it was not enough. I want the bloatware and unreasonably locks to go away completely. I want a free Operating System too, getting Android updates under my control.

Free recovery and OS

We are going now for more freedom, and we need an unlocked bootloader for this. Some devices allow to perform it with standard tools like adb and fastboot. Google is famous for producing such devices. Other devices require whole a lot of hacking to get your freedom of choice, proof: https://forum.xda-developers.com/showpost.php?p=62050593&postcount=2 – a beautiful unlock for a rooted LG G Pad 8.3. Learn about your device, how you can unlock it. Do not buy one, if it is not allowing you, or look for discounts when selling your freedom.

Gives you:

• Freedom from bloatware
• More storage space
• More free RAM accessible to your apps
• Freedom from tethering lock
• Freedom to install any software you want (jail break in iOS-talk)
• Newest Android
• Manufacturer-independent updates
• Additional features of custom OS
• Additional features of custom recovery

Takes from you:

• Warranty in many cases
• Manufacturer-specific features (special drivers, cloud features, etc.)
• Sometimes parts of device features (if drivers are not there yet)
• Relative reliability of manufacturer-guaranteed software
• Careless life, if the next update ruins your OS (happens very rarely)
• I am just using my handy-and know nothing about it life style

Now, well, you’ve unlocked your bootloader. Simply speaking, bootloader can load a so-called recovery. It is a special boot module, which allows you to install and manipulate an operation system. Getting a free recovery is a good start, so you go for installing something like TWRP: https://twrp.me/ This thing let’s you backup your phone, install native packages (which are not apps, like parts of the bloatware you have before), and install a new OS.

We have TWRP now and we are going to install Lineage OS: https://lineageos.org . As a follower of CyanogenMod it cares of your privacy (privacy guard is the feature, you can allow or disallow many features to your apps), is lean and stable on most of the devices. If you want your root also on lineage, you’ll install a root plugin, it is called su: https://download.lineageos.org/extras for super user. Finally to have the Google Playstore and install WhatsApp and Co you will install Google Apps: https://wiki.lineageos.org/gapps.html , next to aforementioned F-Droid and AFWall.

Now you have a great OS, no carrier or manufacturer bloatware, a firewall, and nightly updates from Lineage OS. If you come up until the point, surely you have unlocked your SIM-card lock down the way, don’t you? So maybe it is the time for you to stop. But I have gone further.

Dropping Google Play Services

Let’s think a moment about Google apps. Why are they called apps, when we install them from an archive right into our OS? Why can’t we deactivate some of them? What are the binaries provided there? Let’s have a dig?

Gives you:

• Freedom from Google Play Services
• More storage space
• More free RAM accessible to your apps
• More control on your data
• Better security (attack surface is much smaller now)
• Better privacy awareness

Takes from you:

• Swipe gesture typing keyboard
• Google Play Store
• Google Apps (Maps, Gmail, Search, ...)
• Cloud Services and Backups (Contacts, Calendar, Device Backups)
• Some (poorly-written, imho) apps will not work anymore

We are going to this site: http://opengapps.org/?api=7.1&variant=nano and, as the URL tells, pick a nano version of gapps. Nano is fine, right? Doesn’t sound like a bloatware, does it?

So we look into the zip file next, but you could do even better looking on the “source” on the GitHub: https://github.com/opengapps/opengapps . I call it sources, because the gapps are pre-built indeed. We will not see sources like this. Hmm.. Something you just install in the heart of your system. Something from Google, the whole 150 Megabytes, closed-source.. What could possibly go wrong?

The look inside the ZIP gives us a number of files, among which there is a LICENSE. Part of it tells us: “The APKs found in this build are developed and owned by Google Inc. They are included only for your convenience, neither OpenGApps.org and The Open GApps Project have no ownership over them. The user self is responsible for obtaining the proper licenses for the APKs, e.g. via Google's Play Store. To use Google's applications you accept to Google's license agreement and further distribution of Google's application are subject of Google's terms and conditions, these can be found at http://www.google.com/policies/” Interesting, to say the least. The policies of Google explain us, that Google collects data to show you the relevant ads and never gives your data away. How about doxying case? Would you get some reimbursement if Google happens to loose your data? Let’s see which apps they use first. The zip, the zip, the zip further!

$ unzip open_gapps-arm-7.1-nano-20170519.zip 
Archive: open_gapps-arm-7.1-nano-20170519.zip
signed by SignApk
extracting: Core/configupdater-all.tar.lz 
extracting: Core/defaultetc-common.tar.lz 
extracting: Core/defaultframework-common.tar.lz 
extracting: Core/extservicesgoogle-all.tar.lz 
extracting: Core/extsharedgoogle-all.tar.lz 
extracting: Core/gmscore-arm.tar.lz 
extracting: Core/gmssetup-all.tar.lz 
extracting: Core/googlebackuptransport-all.tar.lz 
extracting: Core/googlecontactssync-all.tar.lz 
extracting: Core/googlefeedback-all.tar.lz 
extracting: Core/googleonetimeinitializer-all.tar.lz 
extracting: Core/googlepartnersetup-all.tar.lz 
extracting: Core/gsfcore-all.tar.lz 
extracting: Core/gsflogin-all.tar.lz 
extracting: Core/setupwizarddefault-all.tar.lz 
extracting: Core/setupwizardtablet-all.tar.lz 
extracting: Core/vending-all.tar.lz 
extracting: GApps/batteryusage-all.tar.lz 
extracting: GApps/calsync-all.tar.lz 
extracting: GApps/dialerframework-common.tar.lz 
extracting: GApps/facedetect-lib-arm.tar.lz 
extracting: GApps/faceunlock-all.tar.lz 
extracting: GApps/faceunlock-lib-arm.tar.lz 
extracting: GApps/googletts-arm.tar.lz 
extracting: GApps/hotword-all.tar.lz 
extracting: GApps/search-arm.tar.lz 
extracting: GApps/speech-common.tar.lz 
… some more non-app and non-service files.

Let’s try to get some understanding what these files are, but first let’s list them again with sizes:

$ ls -lah1 Core GApps
Core:
total 93M
drwxrwxr-x 2 zaur zaur 4,0K Mai 19 21:33 .
drwxrwxr-x 6 zaur zaur 4,0K Mai 19 21:33 ..
-rw-rw-r-- 1 zaur zaur 1,5M Jan 1 2009 configupdater-all.tar.lz
-rw-rw-r-- 1 zaur zaur 3,9K Jan 1 2009 defaultetc-common.tar.lz
-rw-rw-r-- 1 zaur zaur 207K Jan 1 2009 defaultframework-common.tar.lz
-rw-rw-r-- 1 zaur zaur 7,2K Jan 1 2009 extservicesgoogle-all.tar.lz
-rw-rw-r-- 1 zaur zaur 3,9K Jan 1 2009 extsharedgoogle-all.tar.lz
-rw-rw-r-- 1 zaur zaur 67M Jan 1 2009 gmscore-arm.tar.lz
-rw-rw-r-- 1 zaur zaur 2,4M Jan 1 2009 gmssetup-all.tar.lz
-rw-rw-r-- 1 zaur zaur 9,5K Jan 1 2009 googlebackuptransport-all.tar.lz
-rw-rw-r-- 1 zaur zaur 954K Jan 1 2009 googlecontactssync-all.tar.lz
-rw-rw-r-- 1 zaur zaur 272K Jan 1 2009 googlefeedback-all.tar.lz
-rw-rw-r-- 1 zaur zaur 43K Jan 1 2009 googleonetimeinitializer-all.tar.lz
-rw-rw-r-- 1 zaur zaur 718K Jan 1 2009 googlepartnersetup-all.tar.lz
-rw-rw-r-- 1 zaur zaur 1,8M Jan 1 2009 gsfcore-all.tar.lz
-rw-rw-r-- 1 zaur zaur 4,9M Jan 1 2009 gsflogin-all.tar.lz
-rw-rw-r-- 1 zaur zaur 3,3M Jan 1 2009 setupwizarddefault-all.tar.lz
-rw-rw-r-- 1 zaur zaur 2,1M Jan 1 2009 setupwizardtablet-all.tar.lz
-rw-rw-r-- 1 zaur zaur 8,2M Jan 1 2009 vending-all.tar.lz

GApps:
total 71M
drwxrwxr-x 2 zaur zaur 4,0K Mai 19 21:33 .
drwxrwxr-x 6 zaur zaur 4,0K Mai 19 21:33 ..
-rw-rw-r-- 1 zaur zaur 162K Jan 1 2009 batteryusage-all.tar.lz
-rw-rw-r-- 1 zaur zaur 1,1M Jan 1 2009 calsync-all.tar.lz
-rw-rw-r-- 1 zaur zaur 851 Jan 1 2009 dialerframework-common.tar.lz
-rw-rw-r-- 1 zaur zaur 256K Jan 1 2009 facedetect-lib-arm.tar.lz
-rw-rw-r-- 1 zaur zaur 6,4M Jan 1 2009 faceunlock-all.tar.lz
-rw-rw-r-- 1 zaur zaur 970K Jan 1 2009 faceunlock-lib-arm.tar.lz
-rw-rw-r-- 1 zaur zaur 12M Jan 1 2009 googletts-arm.tar.lz
-rw-rw-r-- 1 zaur zaur 536K Jan 1 2009 hotword-all.tar.lz
-rw-rw-r-- 1 zaur zaur 36M Jan 1 2009 search-arm.tar.lz
-rw-rw-r-- 1 zaur zaur 15M Jan 1 2009 speech-common.tar.lz```

About 160MB in total, impressive. All of it will go into your RAM. Still need more RAM on your new phone? Why suddenly?

I bet you can guess from the names, what these apps and services do. But let’s take one example. gmscore-arm.tar.lz - what is it?

Permissions of Google Play Services

There is a fat file, gmscore-arm.tar.lz, 67 MB in this package. It is the Google play services file. Here it is on the play store as well: link to playstore with 11.786.955 scores as of now and more than 1.000.000.000 installations!!! Interesting is to click on the permissions and see the details.

This software is allowed to really do everything on your device! Since it is installed as a zip package, you can’t set the permissions on it, it is practically administrating your device if it likes, including, and let me mark the creepy ones for you here with   - !!! :

Device & app history     - !!!
 retrieve system internal state
 retrieve running apps     - !!!
 read sensitive log data      - !!!

Identity 
 find accounts on the device
 add or remove accounts
 read your own contact card
 modify your own contact card 

Calendar 
 read calendar events plus confidential information      - !!!

Contacts 
 find accounts on the device
 read your contacts      - !!!
 modify your contacts 

Location 
 approximate location (network-based)
 precise location (GPS and network-based)      - !!!

SMS 
 read your text messages (SMS or MMS)      - !!!
 receive text messages (MMS)
 receive text messages (SMS)
 send SMS messages      - !!!

Phone 
 directly call phone numbers
 directly call any phone numbers     - !!!
 modify phone state
 reroute outgoing calls     - !!!
 read call log
 read phone status and identity
 write call log
 add voicemail      - !!!

Photos/Media/Files 
 read the contents of your USB storage      - !!!
 modify or delete the contents of your USB storage      - !!!

Storage 
 read the contents of your USB storage      - !!!
 modify or delete the contents of your USB storage      - !!!

Camera 
 take pictures and videos      - !!!

Microphone 
 record audio      - !!!

Wi-Fi connection information 
 view Wi-Fi connections      - !!!

Device ID & call information 
 read phone status and identity 

Body sensors 
 body sensors (like heart rate monitors)      - !!!      - !!!

Other 
 listen for observations on network conditions      - !!!
 control system backup and restore     - !!!
 allow Bluetooth pairing by Application
 Hotword detection
 capture audio output
 capture secure video output     - !!!     - !!!
 capture video output
 provide an in-call user experience
 download files without notification     - !!!     - !!!
 retrieve app ops statistics     - !!!
 interact across users
 manage activity stacks
 add or remove a device admin     - !!!     - !!!
 manage preferences and permissions for USB devices     - !!!     - !!!
 manage voice keyphrases
 Audio Routing
 modify network usage accounting
 update component usage statistics
 Provide a trust agent      - !!!
 read frame buffer
 read your social stream     - !!!
 retrieve running apps     - !!!
 Interact with update and recovery system     - !!!     - !!!
 score networks
 set time
 start a task from recents
 read subscribed feeds     - !!!
 write subscribed feeds     - !!!
 modify app ops statistics
 reset display timeout
 write to your social stream     - !!!
 Send broadcasts to Google Play     - !!!
 read voicemail     - !!!
 receive data from Internet
 Read Google settings
 Modify Google settings 
 view network connections     - !!!
 create accounts and set passwords     - !!!
 pair with Bluetooth devices
 access Bluetooth settings
 send sticky broadcast
 change network connectivity
 allow Wi-Fi Multicast reception     - !!!
 connect and disconnect from Wi-Fi
 disable your screen lock     - !!!     - !!!
 full network access     - !!!     - !!!
 control Near Field Communication     - !!!
 read sync settings
 run at startup
 set time zone
 draw over other apps     - !!!     - !!!
 use accounts on the device
 control vibration
 prevent device from sleeping
 modify system settings
 toggle sync on and off     - !!!
 install shortcuts
 read Google service configuration 

I mark with   - !!!   - !!! things which are beyond understanding for me. Using them wrongly the app with such permissions, or the attacker who have compromised your app, can do a real harm to the security of your device and information.

WOW! Now, don’t get me wrong. I know what Google play services give. They are a basis for a large infrastructure of android apps, and bring to us very cool features, but.. BUT! They productify us, I’m afraid. Look at this permissions set! They know more about you than your girlfriend!

Freedom, risks and Google Play Services

I have absolutely no doubts about Google’s integrity. Maybe they are even better than NSA, when it comes to own security. But.. Do you trust Google all of it? Do you believe that Google will be able to keep all this data, if it is collected, always safe? Could you imaging doxying in this case? A torrent hosted in some island countries with every-bloody-thing about you for the last year or two? Not saying this is happening, right.

Once again, this might be my imagination. Let’s put paranoia aside. But how about out freedom? Here are the things which I consider limitations on it which we are forced to accept when using Google play services:

• Where do I choose, which permissions I want to allow to the play services?
• Where do I choose intensity with which data collection might happen?
• Where do I see if this data collection is indeed happening, how the data might be stored, etc. etc.?
• How do I install my favorite apps without the play services?
• How do I use some of the apps, which rely on play services heavily?

This seems to be a dead situation now. For most of the normal people the only choice is to say, OK, some unreasonable explanation, like everybody does it, and then just leave it to be able to install even more bloatware and collectware, like WhatsApp and Facebook (ever seen the permissions of those)?

So maybe it is the time for you to stop, and keep it as it is, grim but working.

Enjoying the play services and the loss of freedom? You are a product, but let’s be fair, Google play services give a lot as well: the swipe gesture typing keyboard, great Google maps, all the apps of the play store, robust backup of your data, security updates.

A very good job, Google. You can install the play services and maybe shut them off completely, turning them on only time to time, breaking reliability of backups and updates.

I still do not install apps which require Google play services. And believe that security and privacy concerned people shall help motivate the Android community to be less dependent on Google.

Getting around Google Play Services

If you really need Google play services, there are some workarounds.

First, try installing it without Google play services, sometimes it will just work fine, like SoundCloud does: it complains, and then goes ahead and works!

Second, there are open-source alternative to Google play services: microg, lost, etc. Haven't tried them myself, but sounds like a good idea, to have at least open-source stubs.

Third, use the web version with the Firefox! It works with e.g. Google Maps or with SoundCloud just fine! Firefox is limiting the data collection for you, no bloating services – a really nice solution!

I choose more freedom: I do not use it at all. How do I survive then?

How I use my Androids

Here comes the part which is my sole personal preference. I do not recommend you to follow it, and you will not, most probably. You’ll think I am strange, but let me explain first, how I use my phone without the Google play services and even without Playstore and apps from it. Let this part be from now on my log, where I share, how I like to use my mobile devices. Personal preference, connected to the life style.

Gives me:

• More free time (no social networks and pointless communications)
• Better control over my data
• Strange looks and why questions (this article answers most of them)

Takes from me:

• Convenience of instant messages
• Understanding among teenagers
• Less free time (podcasts)

Have you already noticed, that I like bullet-points?

Here is what I use my phone or tablet for:

• Old-school phoning or phoning with VoIP
• Old-school SMS messages
• E-Mail
• Browsing the web
• Podcasts
• Contacts and calendar with my own server for synchronization
• Little utilities of lower importance, used infrequently
• No backups

What I do not use my phone for:

• Social networks
• Instant messages
• Games

Whatever else what is hip now, and is not on the list above It is your choice to think now that I am weird, but hey, it’s my life, and I have a point too. Let me explain myself briefly, maybe we will get some understanding.

How I do messaging

E-Mails come fast and can be used as instance messages. Some people tend to write no bullshit in the E-Mails, but rather a more decently written formatted text. I enjoy this careful writing more. SMS-es are like instant messages, but they introduce an infeasible cost barrier.. So, I do not get pointless “What’s up?” messages here to. I know, this might be arrogant, but boy, the messages you get after introducing these barriers are so much nicer. An E-Mail composed with feelings and sense. An SMS then, when somebody does really want to say something exactly to you. And for urgent and important cases, a phone call, without VoIP lags.

It enables one more thing: you meet people more often. The illusion of knowing what is happening to some one, when you follow his feed, is a bit dangerous, I believe. Meeting someone is better. You feel the contest, you see the person, it works better. It also has then more content, as you do not watch each-other on Facebook knowing already, who has bought what on which vacation. Not having Facebook, Twitter and WhatsApp, as well as even Threema, Signal and Telegram, saves whole a lot of time.

For more security, BTW, one could think of own XMPP server, and e.g. Xabber app, but… Emails, SMSes and phone just work better for me. Had it, uninstalled finally. And I know, I know, E-mails are not secureable. I have my own email server for this purpose, it gives at least a sense of control. Now, Games, well, I do not play them. I ride a motorcycle and dance instead. No, I am not a guy from sixties or fifties.

How I browse the Internet

Browsing the Web is great with my Firefox. In the almost-empty RAM without bloatware it flies! With all the plugins: uBlock Origin, some more if you like: Ghostery, Lastpass, NoScript, if you want it harder: more add-ons

Listening to Podcasts

I love them simply. This is where I waste time, I have to confess. But I do have the time to waste, I do not have Facebook, and have a car-drive to work :) Here is the app:AntennaPod

Here are some security podcasts:

• Brakeing security
• Security Now
• The SANS podcast - a sharp guy, funny German accent, and a bonus:
• 7 Minute Security - it is not always 7 minute, and not always security, but the author is smart and charming.

I also listen to some politics podcasts, but it has no place on my blog.

Emails simply

E-mails are done with K-9 mail agent. It is great, check it out.

Android includes a mail agent, and gapps come with GMail app. But I like the free solution better.

Customizing my adnroid devices summary

So here is how I configure my mobile OS:

• Unlock the bootloader
• Flash TWRP
• Install Lineage OS, with su, without gapps.

Then on the apps level:

• Install F-Droid
• Secure everything with personal firewall AFWall+
• Install Firefox and plug-ins
• Install other apps
• Allow them in the firewall, starting from allowing F-Droid itself
• Block apps on mobile network, unless you really want them to be there.

Keeping it secure:

• Install updates to Lineage OS periodically
• Install updates from F-Droid periodically, check that it has Internet access!
• Review your firewall rules time-to-time.

I bet, you’ll be better off like this than most of the mobile phone users, in the sense of privacy, security and awareness.

The apps I use and recommend

As a little bonus here, I’ll list some other great apps I have and appreciate.

Security and Privacy:

• AdAway, blocks bad domains in the hosts file: Link to F-Droid Add there some more sources of your choice, e.g. from here: Steven Black's hosts file. Then disable the app for a short time if something stopped working in your browser.

• APG, OpenPGP for Android: Link to F-Droid

• Orbot and Orfox, are the Tor tools from the Guardian Project: Guardian Project

Multimedia and Tools:

• A2DP Volume, remembers your Bluetooth devices, adjusts the volume right on the connect, maxing on the car dock, and making 35% to save your ears in the earphones, then it starts the podcast app. Genius app! Link to F-Droid

• OsmAnd, amazing off-line maps and navigation: Link to F-Droid This is a really really nice app, just check it out. It uses OpenStreetMaps and comes very close to professional expensive navigators. The level of details of the maps is often higher than you would expect!

• Red Moon, dims your screen and makes colors warm, nice for the night reading: Link to F-Droid

• The AnySoftKeyboard is a nice alternative to the default Android keyboard. Soon it might support swipe gesture typing feature as well! The SSH layout for it is a good tool for terminal work. Link to F-Droid

Money:

• Budget, let’s you keep track on your money, plan of expenditure, savings, etc. Is very flexible, letting you account as you wish. Link to F-Droid

• MoneyBalance, enter some event you pay commonly with your friends, enter your friends, enter who pays what, get a calculation distributing the expenses equally in the aftermath: Link to F-Droid

Life style and health:

• Loop Habit Tracker, reminds you to do good things regularly, pleasant interface, rewards you, is not annoying: Link to F-Droid

• HydroMemo, makes you drink enough water, doesn’t help in deserts: Link to F-Droid

• DroidWeight, keeps track of how lazy and fat you get as well your delusions about it: Link to F-Droid

Connectivity:

• Mobile VoIP, cheap calls, really nice service, link to APKs directly: Mobile VoIP APKs

• K-9 Mail, a great e-mail client: Link to F-Droid

Entertainment:

• The Amazon Underground app allows you to browse Amazon and also installs Amazon Prime Video app. The video app is of really high quality. It lets you download prime videos as watch them later as well. Having a good OS and a firewall you can make the data appetites of this apps moderate. The permissions are indeed Ok even by default. An amazing example, that a great content and value can be delivered also without a complete take over of your system, like the Fire tablets do, for example.

Finally, I recommend you to browse F-Droid for more. You’ll surely find some apps which will amaze you. The quality is often higher than one would expect from a free app. Almost everything is open-source, and is not going to be gone for no reason any time soon.

Instead of conclusion

We live now in an amazing era transformed by technologies. Mobile technologies play a very important role in it. Data gathering, privacy and security make it to the news almost daily.

In this time it is especially important to know, what you buy to care all the time in your pocket. We compare the amount of Mega-pixels in our phones now, but almost never talk about locks and bloatware, data-gathering in precise terms, mentioning the full list of recipients and dangers connected to the, we do not talk about software support, timely updates, security fixes, etc. etc. Everybody cries about S for security in IoT, but the privacy and security of bloated Androids is no better.

It is a task of modern computer enthusiasts, be it a computer scientist, a hacker or simply an aware person, to fight for clarity in this field, and to raise awareness among friends, colleagues and loved ones.

It should be easily possible for any "normal" or non-technology-aware and non-skilled person to make choice, what plays on their phone, which data these program gathers and what it does generally. There is no choice mostly, what you want to be pre-installed on the phone you buy.

Moreover, many people do not even understand that the problem exist! Surely knowing that bloatware and locks are there, and are not in our favour, people would take a stand against it. By at least asking for lower prices. But the awareness is not great, and manufacturers together with carriers might leverage this fact.

All the questions raised in this article to the carriers and manufacturers are partially not answered for them themselves yet. The rapidly evolving technology is often out of social control in this sense. We are extending and improving on technology, and it will swing there and back in its social implications, sometimes enabling us to do great leaps forward and sometimes locking us in unreasonable ways. We live in an amazing time, when digital awareness becomes a must. Having it, we should motivate the technological companies, and then they will surely do a right thing for society: letting us choose, what happens on our devices more.

Hope this write up was helpful for you. If you have questions or suggestions, leave me a comment below.