Privacy on FP: How to encrypt apps, data & restrict permissions?

Hello everyone,

since I got my FP2 I am looking for a smart way to protect my personal data. In specific that means that I am looking for a way to encrypt all incoming emails which are saved offline, to encrypt my contacts, my SMS, my calender, etc. (like encrypting everhing what is not meant for other eyes or apps). A full disc encryption doesn’t work for me because I am flashing my FP occasionally and I don’t want to set up it every single time again.

Does anyone know how I can encrypt (not just lock) all data of a specific app? Most urgently I am looking for a solution for e-mail. I am planning to use K9. I know that it supports sending and receiving encrypted e-mails. But not all e-mails I get are encrypted to I would like to encrypt them myself.

Another part of privacy is surely restricting app permissions. I found the open-source-app “xPrivacy”. For that app I need to install the “xposed framework”. But I don’t know how to do it because I have to flash the .zip into the recovery TWRP and I have no clue how to access it (I somehow remember me reading that it is now included in FP OS, right?).

You see, there are a lot questions! If you just have an idea where I could find further information or you could just answer one aspect - it doesn’t matter. I am glad about any help!

Cheers, Goody

PS: Do you know any alternative contacts app, preferrably open-source and from f-droid?

I think device encryption actually is the feature you are looking for. Enabling it does not require you to reset your phone after an upgrade. It is true that device encryption can only be disabled by performing a factory reset, but OS upgrades do not require the data partition to be unencrypted.

But when I did rooting my phone, there has been a problem with accessing the storage while the phone was encrypted.

So you think that I could prevent anyone from abusing my Dara with an encryption, right? Maybe that might be effective in combination with an app lock (to prevent anyone who is just playing around with my phone from accessing to my very personal data) and a potent permission manager, which is restricting too curious apps from stalking me. Does anyone has any experience with xprivacy or do you recommend any other permission manager?

Okay, I’ll do some more research about a full disc encryption and it’s problems. You might be right. But anyways, if you have any further ideas please share

Cheers, Goody

Hi @goody!
I’d also say that disk encryption is the way to go for you.

Power off your phone and press and hold Volume Up + Power buttons.

No, TWRP is not included in the FPOS. It’s a custom recovery image replacing your stock recovery. You can find an installation guide for TWRP and XPosed in the topic Porting TWRP recovery. You can skip all the building stuff there and just scroll down to “Versions” and “Installation guide for the compiled recovery.img”. I repeat the installation steps here in short, just to demonstrate you that it’s not that complicated (please refer to the extensive guide when performing the installation):

1. Make sure you have fastboot installed on your PC.
2. Download the TWRP image from the above linked thread.
3. Boot your phone into fastboot mode (press and hold Vol Down + Power buttons) and execute the following commands in a command line:
   fastboot devices fastboot flash recovery <TWRP-image> fastboot reboot
   where you have to replace by the (path to the) image file you’ve downloaded.

If there’s stuff you don’t understand, feel free to ask about it, but please read through the linked post and search the forum and the web before.

Apart from cyanogenmod’s, or other custom ROM’s built-in permission manager (which you’d need the respective customROM for), I’d only recommend XPrivacy. There are other permission managers, but as far as I know, these are not open source. XPrivacy is and moreover, it’s stable, well-established, has worked for years now and it’s relatively easy to use after some time of familiarisation. There is a really short introduction topic on it and you’ll find more info in the forum and the web.

Consider Protonmail instead of K9.
Consider SnoopSnitch.
Remember that F-Droid packages are not signed by developers themselves (unlike Google Play) which has security impact.

Are you saying that that makes Play Apps more safe than F-Droid Apps?

According to Moxie Marlinspike, yes. This is why he refuses to distribute Signal out of the Google Play store. You can find the discussion in Signal discussion forums on Github. BTW, I’m sure someone’s gonna bring it up F-Droid is signed. Only the repositories themselves.

I also don’t see much harm in using the Google Play store. If we’re talking Google search engine or Gmail or Google Drive or a lot of other Google services I say: sure, this has severe privacy implications. You’re the product. But you decide whether you use those. You can use an Android phone today while using a minimum of Google applications and services.

Add do that that when you root the device you really need to know what you’re doing. Is it a good thing one has to root their device to get improved privacy via external apps but reduced security by using such a repository? Should such be suggested to the average user? Would you agree with me its tough to answer these questions accurately?

My take on it: not to sound arrogant but I consider myself well above average. Yet, I don’t root my devices for the reasons I mentioned above (and because I believe this reduces its value; even if I were merely giving my phone to my girlfriend, mother, or mother-in-law would I want her to use a rooted phone? Would I want to give her that burden? No!!!). I don’t use computers as root either. I usually use Firefox (my phone has Chrome disabled). I believe I’m doing a step in the right direction, but nowhere near perfect. The extremity of removing GApps though, is mutilating the OS too much IMO. Do I miss stuff from F-Droid? Of course I do. System-wide ad blocker for starters. I tried a method involving a Pi-Hole plus a VPN but it doesn’t work reliable so I resort to uBlock Origin + Firefox while reducing amount of apps with ads in them.

Hopefully I sparked some food for thought

In the text you are linking Moxie is making some good points, but IMO he is not stating that Google Play is saver than F-Droid.

It may be an unpopular opinion, but I think the two worst security moves that an average user [“newbee”] can make are rooting their device, or ticking the “allow 3rd party APKs” box in Android’s settings.

I agree, if you don’t know what you are doing you shouldn’t do either of those, especially not the combination of both. This could lead to you downloading malware that gains root access (although they can do that without you having root enabled too) and does serious damage.
That is why some custom ROMs make F-Droid a “known source”, so you don’t have to allow unknown sources to download F-Droid Apps. I’m hoping this will be possible with FP Open OS too some day.

We are reluctant to distribute raw APKs for a few additional reasons:

He’s not exactly talking about F-Droid here, but about apks to download/share anywhere.

1. No upgrade channel. Timely and automatic updates are perhaps the most effective security feature we could ask for, and not having them would be a real blow for the project.

Another good point and probably the reason why it’s not on F-Droid. F-Droid are checking every update of Apps from their repository to make sure the update doesn’t add malware, adware, spyware or anything like that to the app. This takes some time and if they have to build the app themselves every time (like they did with Fennec F-Droid) this costs much time, which they probably don’t have.

2. No app scanning. The nice thing about market is the server-side APK scanning and signature validation they do. If you start distributing APKs around the internet, it’s a reversion back to the PC security model and all of the malware problems that came with it.

I’m no expert, but I believe he’s just describing the difference between downloading from an app repository with signature checks (which F-Droid does too, right?) to downloading the apk from some website.

3. No crash reporting. We are able to react very quickly to crash bugs through exception reports.

I know from some apps I use that crash reports are working with apps from F-Droid. They just mention (automatic) crash reports as an anti-feature as they could include sensitive data and the user should have a choice whether he wants to send those or not.

4. No stats. We are largely dependent on Play for knowing how many users we have, what types of devices they’re running, and what version of Android they have. This allows us to make decisions about where to prioritize development and which platforms we should be supporting.

Or in other words: “We are using Google’s spying tools to find out how to make cash money. We are not a non profit after all.” Which is fine of course, but not a point for security.

5. Avoiding Play alone is not a privacy win. Many people seem to be under the impression that avoiding Play prevents their device from phoning home to Google, but that’s not the case. On 2.2+, if you have the GSF on your device, it will phone home whether you have a Play account registered or not.

That is so true, but avoiding all Google Spyware is a big big win for privacy.

That means, you have the version with Google-mobile-services running. Did you deactivate all of those apps? Have you rooted your device? Did you install AFWall+, to prevent unwanted network-traffic?

Spielmops

The discussion is old and he isn’t replying anymore to new points and arguments being made. Its a difficult decision for me because I don’t know all the technical backgrounds and I don’t verify the arguments being made.

He’s not talking directly about F-Droid indeed, but indirectly he is because F-Droid is nothing more than something akin to an APT repository.

I think F-Droid checking for malware/adware/spyware is new? Do you know when this was implemented?

From what I understand, Google Play verifies the signature of the signed APK and verifies its signed by that developer.

The crash reporting for Signal was added by a third party. If you read the discussion on the bottom you can see its forked by someone called JavaSomething (I forgot).

I very much disagree with what you wrote at #4; it is not the same. I do believe there must be opt out to such features. You should check the data gathering features of Mozilla Firefox. Its not just one on/off switch. IIRC there’s 4. Sure, I put them all off, but they are specifically meant for different specific data gathering features. I also think the default is close to sane.

I’m don’t think we can call Google’s software and services spyware. Spyware gives no benefit, and the data is being abused not according to our law. Google complies with law, and gives the user something back. We get a service for free, and we pay with our privacy. Lots of apps work that way as well, with trackers and all. Its a trade off. Either you pay with money or you pay with your privacy.

And one important aspect of paying for an app or service is the option of paying once in a lifetime for an app is not sustainable. At one point the market is saturated, everyone who wants the app has it. So you either get a new version called “App_Name_2” or its over or they switch model to subscription. Less apps is more in that sense. The user should carefully pick their apps and cherish the few he uses.

I don’t know the history of F-Droid, but I can’t imagine it was ever different.

I don’t have a link to elaborate a lot right now, but here is what it says under /about/terms etc:

Wherever possible, applications in the repository are built from source, and that source code is checked for potential security or privacy issues.

The reason I ask is: Reproducible Builds | F-Droid - Free and Open Source Android App Repository

This was being linked in the thread. I assume this was new at that point.

It seems to me the discussion is dead, but the premises being brought forward are not at all being dealt with. That’s frustrating because if they’re all valid that means a lot if not all reasons for not using F-Droid brought forward are moot.

I find this specific case (and discussion) important. If for a maximum privacy application such as Signal the arguments to use F-Droid aside of using Google Play are indeed valid, they’re equally valid for any application distributed as binary APK outside of Google Play, or avoiding such distribution.

Personally, I don’t see the Google Services beneficial, or at least not beneficial to an extend that I would be willing to pay for (neither by data nor money).
However, I would agree with @paulakreuzer that it is spyware, and it is its users who are collaborating with it. One of the big problems I have with these companies, such as Google, Facebook et al., is that also data is taken and used from people who are not their users and who have no agreement or contract with them. It is partly (or mainly) the fault of the users who thoughtlessly submit data from their friends and familiy (like pictures, phone numbers etc.) to some corporations, but it is also the unscrupulousness of these companies to utilize data from people who are in no legal relation with them.
It is one thing if some people are willing and agreeing to give their own data to these companies, but the data utilization of people who never agreed is something I personally find severely disturbing.