And that’s where living without Google is over!
That’s what I was thinking as I was writing it. But I have a huge ‘Watch later’ list, subscriptions and favourites I don’t want to drop. At least I am not accessing it on my device through a Google service!
I’d say that’s about it. Yes, installing on nas would be an option, if you don’t have a PC running 7/24 or maybe some webserver running with a provider
I know very well. And I find it very sad that Whatsapp is the most common means of communication. But that happens when people don’t want to pay for online services because people think online services are free
@sjjh @paulakreuzer @Roboe @TobiasF: Apart from the Google Apps and Services, I am aware of the following connections to Google which even happen with an AOSP (or FPOOS) version:
- The “captive portal check”.
- Connection to Google’s DNS servers.
There might be more I don’t know of. Both can be turned off with root access (without root acces, 2. can be turned off only for Wi-Fi, but not for mobile data - at least as far as I know). Edit: As @sjjh points out, 2. may actually not be used. See the next post. end of Edit
Note that I myself am relatively new to this as well and my main source for this was the great German blog Kuketz IT-security, but I’ll try to explain both as best as I can:
1) Captive Portal check
After connecting to a Wi-Fi network or after toggling on mobile data, Android connects to a Google server (which is especially set up for this purpose) to check whether the internet connection is really working fine:
This is particularly useful in Wi-Fi networks where some kind of login on a special first web page is needed (e.g. hotels), as Wikipedia explains:
The topic @freibadschwimmer’s post is from discusses this in quite some detail and I only give a short version how to turn this off with root access and the phone connected via adb. You then just need to execute the following commands in a terminal:
$ adb shell su -c "settings put global captive_portal_server 127.0.0.1" $ adb shell su -c "settings put global captive_portal_detection_enabled 0"
Note however that Wi-Fi networks with login pages (such as in e.g. hotels) won’t work anymore! Edit: You could also set another or an own server properly configured for pinging.
2) Google’s DNS servers
I’m aware of at least one Forum post mentioning this:
When entering a web site’s address (such as http://fairphone.com - I only link the http version here for the purpose of demonstration (it wouldn’t work that easy with the https version) - use https whenever possible!) into your browser, your PC (or smartphone or device XY) needs to know where to get the content of the website from, i.e. how to connect to the corresponding server (the Fairphone server in this case). For this purpose, any server has an assigned number uniquely identifying it on the internet (imagine a telephone number as an analogy), which is the so-called IP address. E.g, the Fairphone’s server IP address is 184.108.40.206. These numbers are suited very well for the technological communication and would actually be sufficient - you can even try this out by just entering the IP address 220.127.116.11 into your browser (address bar)! If you do this, by some magic (i.e. internet protocols and its infrastructure) you’ll get the Fairphone website as if you’d have put fairphone.com in there.
Though technically seen, you only need IP addresses for this to work, they are highly impractical, because they are hard to remember for humans and not very handy for every day usage. Hence, you’ve got a name (called domain name) for every website and in particular the domain name fairphone.com for the Fairphone site. However, only through it’s IP address 18.104.22.168 is the Fairphone server directly accessible via the internet “magic”. This direct access is not possible by it’s domain name fairphone.com - there an additional step is needed to get to know the IP address corresponding to this domain name in order to initialize a connection.
(Old school) telephones are a great analogy here: By dialing a telephone number (analogy: entering IP address), you’ll get connected to the person (analogy: server) you want to talk to by some telephone (analogy: internet) infrastructure magic. However, if you do not know the person’s telephone number (analogy: server’s IP address), but only the name (analogy: domain name), you’d have to take a look into a telephone book provided by someone, as the telephone in front of you wouldn’t know what to do with a name. In the internet world, the analogy of telephone books are DNS servers. DNS stands for “Domain name system”, which is only the system that I just explained (in a simplified way), i.e. it connects domain names to IP addresses. See the Wikipedia article for more information.
Whereas a telephone book normally is on your desk, the “telephone book” of the internet is not stored on your own PC, but also on public servers (for disk space reduction and other reasons, I guess). You need to connect to those servers to get the IP addresses. Google maintains it’s own DNS servers (as do ISPs, other organizations and companies). As far as I know (though I’m lacking a reliable source atm), Android is preconfigured to use the Google DNS servers for all internet traffic (Edit: this may be false as[@sjjh explained reasonably in the following post), which means that the Google DNS server could track all the web addresses you visit. In principle, the DNS server also has the ability to just block some sites for you, i.e. to censor some sites or parts of the internet (which for most people in Europe might not be a problem as big as in other countries of the world).
I’m also asking myself whether the DNS server will appear in the firewall. If someone with the default configuration might have a look for Google’s DNS server IPs
22.214.171.124 in the firewall’s protocol, we could confirm their usage. But this might be a false guess as I’m not sure whether AFWall+ shows the DNS server addresses in the logs …
Workaround: You can configure DNS servers by yourself. Note, however, that every DNS server you are using would in principle be able to track your browsing history. Hence, you need to choose DNS servers you trust carefully. The openNIC project claims to be open, democratic and neutral without censorship and has a list of such DNS servers. I’ve just recently discovered it and don’t know it very well, but at the first glance, it looks rather trustworthy and I maybe would trust them after getting deeper knowledge about it. Personally, I’d also put trust in the DNS servers of
- the German Hacker assocation Chaos Computer Club (CCC),
- the registered association Digitalcourage e.V.
- the Swiss Privacy foundation. However, they’ve switched off their DNS servers and now recommend the servers of xiala.net.
Of course, there are many, many others out there (thousands of DNS servers do exist) and you may choose one on your own. Anyway, if you have chosen a DNS server, get to know it’s IP address (i.e. 126.96.36.199 for the CCC’s one), you can change this for Wi-Fi connections only as follows (translated from German):
Settings --> Wi-Fi --> long tap on your Wi-Fi --> Change network --> Show advanced options --> choose “static” in IP settings --> scroll down to “DNS 1” and “DNS 2” and enter one DNS server’s IP address in every field (you might preventively choose two of them) (Google’s DNS servers 188.8.131.52 and 184.108.40.206
might even be preconfigured?! are suggested)
You need to do this for every Wi-Fi network you want to (e.g. every network you’re connecting to). For mobile data, it’s not that easy. If you are familiar with custom scripts of the firewall app AFWall+ (hence you need root), you can add the following lines to your custom scripts:
# Necessary at the beginning of each script! IP6TABLES=/system/bin/ip6tables IPTABLES=/system/bin/iptables ... # Fix DNS-Server $IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination <DNS SERVER>:53 $IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination <DNS SERVER>:53
<DNS SERVER> is a placeholder for the DNS server’s IP address, i.e. you need to replace it with this IP number (and yes, this time you should enter the same IP in both lines, i.e. you only configure one DNS server).
Well, Syncthing (Android app available in F-Droid) seems to be an open-source software solution without storing data on a cloud server. It seems as if you need to install some software on the end devices and data then gets synchronized through the app. The data will not be stored on a server, but only the sync process (i.e. the data transport) will be technically initiated and carried out by the servers. However, don’t take this for granted, I just read this in a blog post and only grasped at the website. Moreover, even if my description is correct, I still haven’t understood the process and protocol in detail and can therefore not say whether it’s secure and can be trusted. Please do your own research, if you want to know more.
Thanks for your lengthly post.
If I understand it correctly we could change googles IP address to any IP address we trust. The server would probably only need to return a positive reply if it gets pinged without any content. The server needs to be reachable, stable, and preferable fast. As the user base of FP is still rather small, maybe Fairphone could host such server or we could investigate if there are other “good” alternatives available.
Only talking about WiFi! I believe googles server are not used, as explained before by @TobiasF. Because by default the WiFi settings are set to DHCP, thus e.g. for your home network your router or it’s configured DNS server will normally be your DNS server (as @TobiasF said, otherwise you probably wouldn’t be able to access your local hosts by name anymore).
If you change settings to static IP, you obviously can manually enter whatever IP address you want, e.g. googles DNS server addresses as well (ad they are indeed suggested there – but not preconfigured).
For me the question remains open how the DNS works using mobile networks (e.g. 3G) and which DNS is then used. Edit: I have read that the DNS of your mobile network provider is used (which sounds sensible), but I haven’t confirmed that myself.
Thanks for the clarification concerning the DNS! I’ll add a remark to my post … (Btw: where has the thumbs up smiley gone? )
Well, yes seems like. But you need to configure it properly as described in the before mentioned topic or the corresponding xda forum post.
@paulakreuzer Yesterday i got my FP2 so i was using this day to follow your instructions for a Google free phone. Since i’m running Windows and am kinda afraid of bricking my new phone, i sticked with your description for Method 3 to limit Googles influence as much as possible. I didn’t insert a SIM, skipped all parts of the introduction that were Google related/unchecked all boxes referring to locations and improvement, set the time and date, allowed unknown sources and tried to disable the Google Services. As many others, i encountered the Play Services problem. The buttons for disabling and force quit are greyed out. Then i read about the order of disabling, enabled all the apps again, rebooted the phone trying to disable Play Services first, still greyed out. Then i tapped the 3 dots on the upper right corner to reset the App settings, rebooted the phone, still greyed out. Am i missing something? I still haven’t inserted am SIM or anything. Furthermore i connected it via USB to my PC. While the loading works, i can’t see it anywhere in the device manager so i’m not sure how to transfer F-Droid to the phone :-/
Did you try this order?
You should get a notification on your phone when connected to the PC. Slide from the top of the screen down to get to the notifications. Tap on the notification to choose USB connection options. I don’t know which one is the right one for Windows (but I believe it says that in braces anyway). If the first option doesn’t work try another and keep in mind that unticking all options is also an option.
Yes i tried that order. At first i was following your list of services which is mentioning the Play Services as the last item in the list.
After having disabled everything from Google Account Manager to Google Services Framework the disabling options at the Play Services were greyed out. Which made me understand what
meant. So i tried doing what @schept was doing. I enabled Google Play Store, Google Drive and Google Account Manager. Still, i couldn’t disable the Play Services. I also saw, that @Hooloovoo had the same problem:
So i enabled all the GAPPS again, rebooted the phone and tried disabling Play Services first (this trick is also mentioned on the website, that @schept posted). Still the buttons are greyed out
The last thing i tried was the tip that @Hooloovoo gave @OHarrra:
I did that as well, rebooted the phone but still the buttons to disable the Google Play Services are greyed out. Sorry for redundancy or going too much in detail but having an IT background i know it can be sometimes more useful to explain each step.
@paulakreuzer: Thank you for your work here in the forum and for your fast replies. Maybe you can help me with this one
I’d love to give you a step by step guide but what I did won’t help you much. I:
- disabled everything I could
- tried to disable Play Services
- tried again
- gave up
- went on with my life
- by chanze tapped on play services again and suddenly it wasn’t greyed out anymore.
I had the same problem. I’ve tried every single trick, but I was not able to disable Google Play Services.
BUT!! After hours of research I found the following tip and it finally worked:
- Click > Settings > Security > Device Administration and TAP the app you want to disable Device Admin
- The Device Administrator screen will appear > TAP > Deactivate – You will then be asked “Are you sure you want to deactivate Device Admin rights? TAP > OK
3.Click the BACK icon until you reach > Settings > TAP > Apps and scroll down to the app you disabled Device admin. “Force stop”; “Uninstall”; “Clear data”; “Clear cache” and “Clear defaults” should now be enabled.
@paulakreuzer THAT DID THE TRICK!!! Thank you @MMMM Nevertheless i can’t seem to connect to the PC Neither do i get a notification nor do i see a USB connection option when i slide from top to bottom to see the notifications. I already switched USB ports
If you don’t get the notification than your cable probably doesn’t work properly. But you can also get to the USB options by going to: Settings > Storage > Settings button (3 dots in top right corner).
When i press the 3 dots, i can see (in grey letters) “USB-connection (PC)”. Maybe i should add, that i haven’t inserted a Micro-SD card yet, since i thought, i could access the internal storage.
It doesn’t have to do anything with the lack of an SD. If you don’t get the notification and the USB connection button is greyed out than not only does your computer not recognize your phone, but also the phone doesn’t realize it’s connected to anything. So like I said I guess your cable doesn’t work properly.
I think that’s due to the fact tant the default usb setting is “mount SD card”. In order to access your internal storage, you have to do the following: When your phone is connected to your computer, swipe down the notification bar and of the left side you’ll find a notification to change USB options. Choose “MTP”. This will show your internal storage and your SD card on your computer.
@paulakreuzer @Irina_Spitznagel it was in fact a faulty USB cable. I couldn’t imagine that, since loading the phone worked really fine with the faulty cable. Nevertheless, i bought a new cable today and as predicted, as soon as i connected it to my PC, i got a notification on the PC and on the phone as well. I selected “MTP” (like @Irina_Spitznagel suggested) and i could access the internal storage. Next question, referring to @paulakreuzer 's post:
Now my file explorer shows me this folder structure of the internal storage:
I downloaded the “Fdroid.apk” from the project-website. Does it matter, where i save that file?
Kind regards and thank you again very much for your fast, friendly and competent support.
Not really. I always choose “Downloads”.
Once you saved the -apk file on your phone you’ll simply have to use Amaze to navigate to where you saved it and tap on the file to install the app. You’ll have to have “allow unknown Sources” enabled in Settings > Security.