Firewalls are a great way to tell if new apps are secrely installed
Btw what is the key verifier thing?
So glad I moved to GrapheneOS last month.
this post was submitted on 04 Mar 2025
331 points (98.8% liked)
Privacy
37690 readers
1461 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Got myself a Pixel 9 pro just to go Graphene... Sold my s24 ultra
Yeah I'm super keen, but my lower-tier Samsung isn't supported. I really wish FairPhone would offer a cheaper option :(
I already have a pixel. Is it just as easy as installing Lineage OS on the phone?
Yes, perhaps even easier if you use a Chromium based browser with their WebUSB installer.
Even if it's not the case, I found the console installer to be surprisingly easy.
Absolutely the easiest phone OS installation I've ever done. Completely web-based and easy enough for anyone to use. Even easier than flashing LineageOS.
The big hurdle to GrapheneOS is can you do without Google Wallet and other apps that won't work. The flashing process isn't something to worry about IMO.
Does lichess work on graphene os? How is compatibility with classic stuff line firefox, signal, ...?
I play Lichess on my GrapheneOS Pixel6a, works well. Same with Signal, Firefox with several mobile browser extensions.
Bitwarden, NewPipe, Tailscale, Duolingo, Uber, Discord, Matrix Element, all the Proton mobile apps, Backblaze, etc etc.
Pretty much every app I try works flawlessly. On rare occasion I'll experience minor bugs, and twice I've had to use GOS's extra privilege mode to get an app to work.
Overall, Love GrapheneOS and I'll use them as long as they are around and making an awesome alternative to Google's garbage.
Thanks!
Is graphene available on Xiaomi phones?
Only on Google Pixel phones. You might want give LineageOS a shot.
Lineage is great, been using it for years
load more comments
(1 replies)
load more comments
(1 replies)
I struggle finding good OSs with my Fairphone 5. For now I just removed all Gapps
There are functional firewall apps for android? Is Rethink good?
Rethink is better than good. It's great.
Yes, it also let you change your DNS and block websites. There's also invizible pro which also adds tor and i2p but rethink have a better UI.
It often feels like I am just a user of someone else's device.
Even from the stuff that is shown like "Your device has new features" and "Settings changed by carrier". And how Motorola tried forcing updates by using non-dismisable (they would re-appear immediately) full-screen notifications, and trying to disable the app led me to "Blocked by your IT admin" (I returned that phone).
Also when I connect any modern phone to Wi-Fi not manually set as metered it starts downloading a bunch of random shit automatically.
It keeps killing apps I want running (I had to use a cheap dumb phone as alarm clock with the past 2 smartphones), but keeps all Google services conveniently spending data and battery.
This shit is why I buy carrier agnostic, bootloader-unlockable phones with a healthy ROM dev scene. Rocking a Pixel 9 Pro XL, currently on stock ROM (rooted of course), but will be moving to Calyx or Graphene at some point.
Unfortunately, especially with lower budget, that often ends up being choice between hardware and software.
I didn't want to run custom ROM on the X3 Pro due to warranty. I had the motherboard replaced thrice, on average surviving for 9 months each... But there were theoretically options.
Armor 24 doesn't seem to have any custom ROMs available, as seems to be usual with MTK devices, but the hardware is quite unique. I already had numerous strangers ask me what that phone is, how often it needs to be charged, or "what can that thing do" and "I am not surprised it has such strong light anymore" (it's a massive 85.14Wh brick).
To be honest I like how it feels in hand compared to a fragile thin slab.
But the only ones making crazy devices like this seem to be brands like Ulefone, Oukitel and Unihertz (they even have a projector phone like Samsung did, but modern) which most likely won't see custom ROMs, and I am too dumb to try building and maintaining something myself. I don't even know how it works with device-specific drivers.
load more comments
(3 replies)
I uninstalled it on my Samsung last time and just checked but it hasn't reinstalled itself again (yet).
You can install this to prevent the official one from being installed automatically .https://github.com/daboynb/Safetycore-placeholder
Yeah, what is the key verifier thing? It's not like it's Windows and needs a purchased license key, right?
It's for E2E encryption in chat apps.
Bit out of the loop. What am I looking at?
Google is automatically installing an app on you phone that analyzes your media βto prevent you accidentally viewing nudesβ
Phew, I'm always terrified of that. It won't affect my gore folders, will it?
Provides a single process that can be used by all message apps so that they don't need to implement backdoors into all of them?
Worried I'm getting a bit too paranoid, but...
Why backdoor the messaging apps when you can just monitor the entire OS?
Having control over the OS doesn't help if the OS doesn't understand the app's data.
If only there was an AI that monitors everything going on on the device which they could force onto everyone
... the OS doesn't understand the app's data.
I assume you are referring to End to End Encrypted (E2EE) messaging apps here. I'm no programmer/developer/software engineer and I'll be the first to admit that I don't know a ton about how most apps work on the backend. That being said, my understanding is that E2EE apps decrypt whatever is being transmitted to them when they get to your device (assuming phone here) (of course it would decrypt it, otherwise how would you make sense of the information?). Once the data is on your phone, it is decrypted. From what I understand, sandboxing apps is not all that robust on Android (at least on "mainstream" versions)
Therefore, the data that was Encrypted from End to End was decrypted at the End and therefore accessible by other applications and processes on your phone. Unless Android sandboxing has improved greatly in the last few weeks.
Applications like signal are encrypted at rest on your device as well - https://security.stackexchange.com/questions/277330/how-does-signal-protect-data-on-the-device-from-unauthorized-access
load more comments
(1 replies)
load more comments
(1 replies)
And with it unified, it's easier to tie multiple online identities back to which one single person they all are.
Which FW (Firewall) could be recommended?
LineageOS or /e/OS would be my picks. Graphene and Calyx are better, but likely don't support the device in question.
RIP DivestOS.
load more comments
(1 replies)
Note: The "Key Verifier" one is supposed to be tied to E2EE on Google chat platforms or something on those lines, although you shouldn't be using those and go for a safer chat instead though
These are usually installed as core Google apps on Android, and most flavours have them hidden since they're really just background daemons/libraries.
Gf had the same happen on her Huawei P30 which clearly wasn't set up to have the apps hidden by default.
If youre degoogling obvs not what you wanna have on your device but technically they shouldn't be doing much on their own.
I'll he RethinkDNS for its firewall. It took me a while to work out how to use it (not very skillful at these things), but ever since, I've felt much safer. Rightly or wrongly
view more: next βΊ