Can I degoogle a phone without root? (lemmy.ml)

submitted 1 year ago* (last edited 1 year ago) by GolfNovemberUniform@lemmy.ml to c/degoogle@lemmy.ml

45 comments fedilink hide all child comments

I am in need of a separate degoogled phone for some things that require high level of privacy (nothing illegal).

I have 2 phones that I can use. One of them is my business phone (it has my business number, apps, data and that sort of stuff) which is now running an OS with all the Google spyware because it's necessary for the apps to work. I can reinstall everything on the second phone and use the first one as the secure device since it supports everything I need. The problem is that it has some issues on vanilla ROMs that I don't really want to deal with and the reinstalling will take a lot of time.

The issue with the second phone is that it is rocking an old MTK chip and rooting instructions are let's say a bit beyond my ability to understand. I still want to use it without Google if possible though. So can I degoogle its stock ROM with ADB or something? And is it worth trying or there will still be some vulnerabilities?

EDIT: to clear some possible misunderstandings, the reason of why I need a separate secure phone is that I am forced to use a very invasive proprietary app that I'd prefer just keeping on a separate device instead of trying to limit its spyware abilities with firewalls and that kind of stuff. I don't trust the last solution much. Also I can't use it in a VM because I need it to always be accessible wherever I am and yk carrying a PC is not an option

all 46 comments

sorted by: hot top controversial new old

[-] lemmyreader@lemmy.ml 31 points 1 year ago

One thing you can do :

Install F-Droid app if you haven't do so.
Install NetGuard https://f-droid.org/en/packages/eu.faircode.netguard/
In the NetGuard settings block all apps including system apps.
Start allowing the apps you need to have WiFi and/or Mobile Data access
Consider donating to NetGuard or go Pro to support the developer https://netguard.me/

[-] Blaze 3 points 1 year ago

Interesting, I was using https://rethinkdns.com/ until now, I guess NetGuard is a more straightforward approach to blocking?

[-] lemmyreader@lemmy.ml 3 points 1 year ago

Up to you. Netguard does need a local VPN connection on the phone to work, so if you would need some VPN app to run there's a problem. Netguard blocks network access per app (with choice for enabling/disabling WiFi and/or Mobile Data per app) which I think is cool. And it is an open source app available via F-Droid.

[-] Blaze 4 points 1 year ago

Rethink is very similar: uses a VPN connection too, and allows blocking per app, is available on F-Droid

Anyway, the interface of Netguard seems a bit easier to use

[-] Openai@lemmy.world 2 points 1 year ago

You can use wireguard configuration with rethink DNS

[-] GolfNovemberUniform@lemmy.ml 3 points 1 year ago

I don't really trust such stuff. Once I tried disabling system apps via ADB (not deleting). They appeared as disabled but still could run in the background...

[-] MentalEdge@sopuli.xyz 19 points 1 year ago

The point isn't to stop them from running. It's to stop them from talking to the internet, which is a lot simpler to achieve.

[-] GolfNovemberUniform@lemmy.ml 2 points 1 year ago

What I meant is that if we can't disable them without root we probably can't disable the network access either. I don't have the knowledge and time to test outgoing packets and stuff like that

[-] MentalEdge@sopuli.xyz 15 points 1 year ago* (last edited 1 year ago)

Android has built in support for VPNs. If there was a way for the OS to leak traffic, that would be a massive security vulnerability that would have corporations dumping all android company phones within a week.

Non root ad blockers work by creating a vpn within the phone that all network activity goes through, which then doesn't allowed ad traffic.

[-] michael_palmer@lemmy.sdf.org 3 points 1 year ago

https://www.bleepingcomputer.com/news/google/android-leaks-some-traffic-even-when-always-on-vpn-is-enabled/

[-] MentalEdge@sopuli.xyz 3 points 1 year ago

But also benign. This isn't a system app sending telemetry to google outside the VPN connection while it's active. It's the device checking whether a wifi access point provides internet to begin with, which if it does, the VPN connection will need to work, too.

The article is pointing out that the device doesn't strictly need to do this, and that it is being done in a way the gives the wifi AP metadata. The device could instead just assume there is an internet connection on the wifi, and as such an option to disable this behaviour is warranted.

[-] Anamana@feddit.de 8 points 1 year ago* (last edited 1 year ago)

It's fairly secure that it works, because it's basically setting up a VPN connection that effectively blocks every network traffic outside of the tunnel.

But if you wanna be 100% sure you need to invest either the time or root your phone.

[-] Empricorn@feddit.nl 7 points 1 year ago

It's okay to admit you don't understand stuff, you don't need to push conspiracy theories. None of us is omniscient....

[-] GolfNovemberUniform@lemmy.ml 1 points 1 year ago

I don't push it and it's not a theory. It's just my assumption that I don't have time to prove or destroy

[-] Empricorn@feddit.nl 5 points 1 year ago

if we can't disable them without root we probably can't disable the network access either.

Complete bullshit and utter speculation.

[-] MinekPo1@lemmy.ml 5 points 1 year ago

to my knowledge disabled apps do not run so you must have misunderstood something

[-] BearOfaTime@lemm.ee 3 points 1 year ago

System apps can appear disabled but still run. Yea, it's fucked up.

[-] GolfNovemberUniform@lemmy.ml 2 points 1 year ago

Well it was on a Redmi phone. Everything is possible there. They have like 6 spyware apps installed by default

[-] merde@sh.itjust.works 3 points 1 year ago

try deleting, disabling is not enough

[-] GolfNovemberUniform@lemmy.ml 1 points 1 year ago

I know and I tried. Deleting works fine I guess

[-] merde@sh.itjust.works 2 points 1 year ago

it does :)

[-] impure9435@kbin.run 15 points 1 year ago* (last edited 1 year ago)

You can try uninstalling as much Google crap as possible using the Universal Android Debloater

Then perhaps use a firewall like NetGuard in whitelist mode, to only allow selected apps to access the internet

As an additional layer of security, you can use NextDNS with the No Google blocklist, and block all connections to Google servers in DNS. If you need to access specific things like YouTube, you can whitelist them.

[-] MinekPo1@lemmy.ml 2 points 1 year ago

just gonna say , rethink combines both a firewall and a DNS blocker .

[-] GolfNovemberUniform@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

Mister/miss, I have no idea how to use advanced DNS stuff and firewalls (like at all). It's faster to reinstall everything on a different phone than learning all of that. Still thank you for replying

[-] matron1049@lemmy.dbzer0.com 15 points 1 year ago

Time to start learning...

[-] GolfNovemberUniform@lemmy.ml 1 points 1 year ago

I don't want to share sensitive medical and other personal data. I'll just say I have reasons not to do it now

[-] impure9435@kbin.run 4 points 1 year ago

NextDNS is very easy to use, you can check out this video: https://youtu.be/WUG57ynLb8I

[-] PipedLinkBot@feddit.rocks 2 points 1 year ago

Here is an alternative Piped link(s):

https://piped.video/WUG57ynLb8I

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[-] Blaze 2 points 1 year ago

Interesting, I was using https://rethinkdns.com/ until now, I guess NetGuard is a more straightforward approach to blocking?

[-] MinekPo1@lemmy.ml 1 points 1 year ago

if I understand correctly the rethink app does also work as a firewall , so no . I've also found netguard to be less intuitive and to have a less readable UI .

if you are just using rethink as a DNS provider however then netguard (or the rethink app) can allow you to have more granular control over specific apps .

[-] Blaze 2 points 1 year ago

I see, thanks

[-] smeg@feddit.uk 7 points 1 year ago

You can degoogle some phones without root, assuming they have support from a good custom ROM (the classic example being GrapheneOS on a Pixel). You'll need to look up what ROMs are available for your particular phone, and if you're lucky then there'll be a good one which doesn't require too much hackery to install.

If you're unlucky and there's nothing for that device then you probably can't fully de-google it, but you can still improve the situation by avoiding any Google apps and services. This could be by using adb as you suggest, or by managing the network as the other comment suggests, or just by using alternatives.

It all really depends on your threat model and whether or not it's worth buying a new device just for this!

[-] GolfNovemberUniform@lemmy.ml 2 points 1 year ago

Installing a custom ROM on that phone is not much less hackery than rooting it + there are no trustworthy options because the model is really really rare and it has an MTK

Then I guess I should reinstall everything and use the first phone as the secure one

Nah buying a new device is a very big deal

[-] smeg@feddit.uk 3 points 1 year ago

Ah bad luck, yeah if the first phone has better support for custom ROMs then that does sound like the better option. Just make sure you can get everything critical works on the MTK phone before you start tinkering with the other one just in case it goes wrong!

It's a real shame phones (and ARM devices in general, I think) are so locked down that they just become ewaste if someone hasn't done the work to support custom ROMs.

[-] GolfNovemberUniform@lemmy.ml 2 points 1 year ago

Agreed. Fortunately the first phone has magnificent custom ROM support

[-] michael_palmer@lemmy.sdf.org 4 points 1 year ago

You can disable google apps with adb without root.

[-] GolfNovemberUniform@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

I guess it's true but idk. That phone doesn't even have recovery mode (yes there are such phones) so if I mess up just a bit, I hard brick it straight away

[-] michael_palmer@lemmy.sdf.org 2 points 1 year ago

I'm curious. What is the model of your phone?

[-] GolfNovemberUniform@lemmy.ml 1 points 1 year ago

Which one?

[-] michael_palmer@lemmy.sdf.org 2 points 1 year ago

The one that does not have a recovery mode

[-] alb_004@mstdn.party 4 points 1 year ago* (last edited 1 year ago)

@GolfNovemberUniform In redmi turn off miui optimization then you can use the app called disable manager from f-droid to disable most of the apps. After disabling turn on the miui optimization.

[-] GolfNovemberUniform@lemmy.ml 4 points 1 year ago

The second phone is not a Redmi. Ain't no way I'm using a Redmi without a custom ROM

[-] alb_004@mstdn.party 3 points 1 year ago* (last edited 1 year ago)

@GolfNovemberUniform 👍🏻 oh... am sorry, i just missunderstood.

this post was submitted on 27 Apr 2024

58 points (100.0% liked)

DeGoogle Yourself

11671 readers

42 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

Be respectful even in disagreement
No advertising unless it is very relevent and justified. Do not do this excessively.
No low value posts / memes. We or you need to learn, or discuss something.

Related communities

!privacyguides@lemmy.one !privacy@lemmy.ml !privatelife@lemmy.ml !linuxphones@lemmy.ml !fossdroid@social.fossware.space !fdroid@lemmy.ml

founded 5 years ago

MODERATORS

CrypticCoffee@lemm.ee

CrypticCoffee@lemmy.ml

Byereddithellolemmy@lemmy.world

chevy9294@monero.town