I have OnePlus 7 Pro that I successfully flashed with LineageOS 21 with MicroG. Do you have some interesting apps or ideas to take advantage of it? I thought of some Magisk modules. Maybe someone is more experience than me! This is the spare smartphone, the main one is GrapheneOS, so I don’t mind breaking stuff.

    • Vik@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      Someone suggested to me the other day that safetynet was now (or will soon be) deprecated. I’m not sure what the situation is with regards to attestation, though I sort of dread to think about what will replace it.

      • Blastboom Strice@mander.xyz
        link
        fedilink
        arrow-up
        7
        ·
        5 months ago

        I think the new “safetynet” is “Play integrity”. I think you need playstore installed and activated to pass the test though.

        At least, it seems like many apps are ok with passing only safetynet though, so probably not a big issue yet.

  • Mikelius
    link
    fedilink
    arrow-up
    7
    ·
    5 months ago
    1. AFWall+ firewall to allow list apps to internet using your preferred method (e.g. VPN, wifi, data, etc)
    2. PcapDroid to help monitor and analyze packets, or to just confirm things aren’t communicating unexpectedly
    3. AdAway if you’re not using your own dedicated dns over a permanent VPN connection

    If not all 3 of these, AFWall is probably the best to go with. Having a way to not only block Apps, but also define your own custom firewall rules is very powerful. For example, I redirect all DNS requests to my own DNS with a custom rule (for apps, like Termux, using hardcoded DNS lookups instead of what the phone is set to)

    • PsyhackologicalOP
      link
      fedilink
      arrow-up
      4
      ·
      5 months ago

      So you’re suggesting more “network” control. I like it.

      AFWall+

      I use NetGuard, but I don’t see any benefits from having root in it.

      PcapDroid

      Hmm, interesting, I think the closest thing that I use now is TrackerControl.

      AdAway

      I’m using my VPN “socket” with TrackerControl.

      define your own custom firewall rules is very powerful

      Yeah, and also easy to mess up connections so they no longer work properly. 😆

      I redirect all DNS requests to my own DNS with a custom rule (for apps, like Termux, using hardcoded DNS lookups instead of what the phone is set to)

      That seems cool. For now, I’m using Mullvad’s public DNS service. See their dns-blocklists.

      I also know App Manager, and I’m using it and with root it with ease blocks any necessary trackers and other things. Have you tried it?

      • Mikelius
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        I’ll have to check out TrackerControl, that’s a new one to me!

        I have seen app manager but currently use AppOps. I didn’t recommend AppOps above because I’m not sure it’s still supported or not, and it’s also not really Foss. It’s treated me well over the years, but I’m definitely interested in finding a better alternative. The last time I checked app manager, it wasn’t as good… But maybe that’s changed as it’s been several years now so I think I might be due for looking at it again!

        My wireguard connection on my phone connects to my home network to an pi hosting my internal VPN… But the network is completely covered by a mullvad VPN through opnsense. I’ve got pihole setup using the mullvad anti-trackkng private DNS. With this setup, the only real need I have for root on my phone is because I do some pretty low level automation on it through crond and some backups of core app data that I’d really hate to lose… And the complex firewall rules lol.

    • sunzu@kbin.run
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      How do you make AFwall and vpn working together, when i tried it said one or the other.

      • Mikelius
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        This is where rooting the phone is required. I use wireguard without root and have AFWall granted with root at bootup so it doesn’t require acting as a VPN

      • Blastboom Strice@mander.xyz
        link
        fedilink
        English
        arrow-up
        4
        ·
        5 months ago

        I think it may be based on ksu, but also uses superkeys with passwords or something. I don’t know much about its security, you may want to check the issues tab on github or generally the project itself.

        • PsyhackologicalOP
          link
          fedilink
          arrow-up
          3
          ·
          5 months ago

          From the security standpoint, I think rooting is always against the security. That’s why DivestOS and GrapheneOS are against it, and it shouldn’t be tried. However, I was interested in Shizuku that also is some another hole to patch up when exploited.

            • GolfNovemberUniform
              link
              fedilink
              arrow-up
              2
              ·
              5 months ago

              Read their own official documentation. They officially said they didn’t have anyone responsible for security and it’s not what they cared about. This combined with basically giving the whole system root permission is very bad for security

    • PsyhackologicalOP
      link
      fedilink
      arrow-up
      4
      ·
      5 months ago

      No, I have never heard of it. Thanks!

      I don’t even know what Kernelsu is. Magisk is already applied to the phone, never thought there are alternatives.

      • Blastboom Strice@mander.xyz
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        Oh oke oke. I had issues with magisk a few months before I switch. I think there were incompatibility issues between magisk and lsposed manager, so I did a full reset, I upgraded the rom (from a beta version from November 2021 of the rom xiaomi.eu miui 12.6/android 11, I went to xiaomi.eu hyperOS/android13) and installed apatch so that I dont have incompatibikity issues (plus, it hides root much better).

        • PsyhackologicalOP
          link
          fedilink
          arrow-up
          3
          ·
          5 months ago

          lsposed manager

          I don’t know what that is.

          it hides root much better

          To me, that’s the funniest thing. I come from Linux and I want to have - let’s say administrator (root) of my Android, which is also Linux as far I know. I know the Android is praised for its security, but come on, I wish to have control over my system as a working System Admin. That’s the main purpose of my set-up. How come, any app can just check whether I have root or not? That’s some bullshit.

          1. Custom ROM - LineageOS
          2. microG so I don’t use proprietary Google Play Services
          3. and root so I can have full control over my smartphone
          • Blastboom Strice@mander.xyz
            link
            fedilink
            arrow-up
            5
            ·
            edit-2
            5 months ago

            Those “root checks” are a joke. ~Nobody raises a brow if you are an admin user with root privilages on windows, (desktop) linux or macos. But it’s such a huuuge deal when you manage to actually own and use your own mobile device the way you want by breaking free from what they impose on you, ugh…

            Any app that doesnt work when you have root access ~shouldn’t be used at first place…

            Lsposed is a magisk/ksu module that has its own modules too. Like a manager insude a manager giving you even more options.

            I would like to help you with various stuff and customizations but I just don’t have enough time to explain them all.😅

            I’m just gonna list stuff you may find useful:

            Apatch (root and magisk/kernel modules manager)

            Mrepo (magisk modules manager)

            Shizuku

            Color blender (to tweak metarial you colors)

            Droidify (fdroid alternative)

            Aurora store (play store alterantive)

            Total commander (closed source root file manager)

            Canta (used to uninstall system apps, I just use it to see the descriptions of various apps and disable them)

            Florisboard beta (I have made a very good copy of gboard with that, I can send you the files if you want)

            Smartpack manager (info about the phone and more)

            Appmanager (various detailed info about apps)

            Hidden settings (settings your rom may not show, closed source)

            Island (for dual apps)

            Neobackup (root backups, has issues with work profile)

            Databackup (root backups, I use it to backup work profile apps)

            Sai (installer)

            Roundsync (uses rsync or rclone I think)

            PrimitiveFTP (to send/recieve files with ftp connections)

            DroidFS (to encrypt files)

            DiskUsage (to visalise storage usage)

            Db viewer (to view databases of apps, closed source)

            Termux (temrinal for android, too advanced for me)

            UsageDirect (logs app usage)

            Motionamate (logs steps)

            Neutrinote ce (notes)

            Fossify apps (gallery, sms, calendar etc.)

            Librera (pdf, epub etc viewer)

            Moneywallet (expense/income tracker)

            Magisk modules:

            • Adb and fastboot for android ndk

            • Advanced charging controller

            • Busybox for android ndk

            • Lsposed-mod (maintained version of lsposed manager, after the original went archived)

            • Zygisk mod

            Lsposed modules/apps:

            • Lucky patcher (hacking apps if you want to)

            • Free notificiations to manage notifications

            • Matrix rain (fancy effect with matrix background in notification shade)

            • messengerEX (to disable adds in messenger app, in case you use it)

            And many many more stuff

            I was setting up my phone for about two weeks some months ago (the was a bug with xiaomi and work profile)😅

            • dwindling7373@feddit.it
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              5 months ago

              I’m pretty sure Shelter is better than Island, but I forgot the reason xD

              Obtainium to grab apps and updates straight from the repositories.

              GPS Logger is neat if you want to keep track of your movements now that Google won’t track you anymore.

              • Blastboom Strice@mander.xyz
                link
                fedilink
                arrow-up
                3
                ·
                5 months ago

                Insular (the degoogled open source version of Island) has a page comparing Island, Shelter and Insular

                https://secure-system.gitlab.io/Insular/faq.html

                I don’t know if its updated, but you can pick the ones that fits your needs.

                I picked Island because I thought I may have issues with my notifications if I had chosen Insular. (Plus, there was this bug I was talking about and thought that it would fix it. Installing Island wasnt the solution, but I had already spent a lot of time/days setting up my phone multiple times and didnt want to try it again, with the possibility of problematic notifications.)