privacyguides/i18n
1
0
Fork 0
mirror of https://github.com/privacyguides/i18n.git synced 2025-11-10 18:37:52 +00:00
Code Activity

New Crowdin translations by GitHub Action

Browse Source
This commit is contained in:
Crowdin Bot
2024-07-21 16:36:34 +00:00
parent d808d93164
commit d8b362a03b
398 changed files with 16489 additions and 14577 deletions
Download Patch File Download Diff File Expand all files Collapse all files

451
i18n/zh-Hant/android.md
View File

@@ -1,451 +0,0 @@
---
meta_title: "Android 推薦: GrapheneOS 與 DivestOS - Privacy Guides"
title: "Android"
icon: 'simple/android'
description: Android 手機可考慮使用這些更為安全與尊重隱私的作業系統。
cover: android.webp
schema:
-
"@context": http://schema.org
"@type": 網頁
name: 私密 Android 作業系統
url: "./"
-
"@context": http://schema.org
"@type": CreativeWork
name: Android
image: /assets/img/android/android.svg
url: https://source.android.com/
sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-
"@context": http://schema.org
"@type": CreativeWork
name: GrapheneOS
image: /assets/img/android/grapheneos.svg
url: https://grapheneos.org/
sameAs: https://en.wikipedia.org/wiki/GrapheneOS
subjectOf:
"@context": http://schema.org
"@type": 網頁
url: "./"
-
"@context": http://schema.org
"@type": CreativeWork
name: Divest
image: /assets/img/android/divestos.svg
url: https://divestos.org/
sameAs: https://en.wikipedia.org/wiki/DivestOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": Product
name: Pixel
brand:
"@type": Brand
name: Google
image: /assets/img/android/google-pixel.png
sameAs: https://en.wikipedia.org/wiki/Google_Pixel
review:
"@type": Review
author:
"@type": Organization
name: Privacy Guides
-
"@context": http://schema.org
"@type": MobileApplication
name: Shelter
applicationCategory: Utilities
operatingSystem: Android
-
"@context": http://schema.org
"@type": MobileApplication
name: Auditor
applicationCategory: Utilities
operatingSystem: Android
-
"@context": http://schema.org
"@type": MobileApplication
name: Secure Camera
applicationCategory: Utilities
operatingSystem: Android
-
"@context": http://schema.org
"@type": MobileApplication
name: Secure PDF Viewer
applicationCategory: Utilities
operatingSystem: Android
---
![Android 圖標](assets/img/android/android.svg){ align=right }
**安卓開源項目** 是一個由谷歌領導的開源移動操作系統,為世界上大多數移動設備提供動力。 大多數 Android 系統的手機都經過修改,包括侵入性整合與應用程式,如 Google Play 服務,所以使用無這類侵入性功能的 Android 系統版本取代手機原本預設的安裝,可改善行動設備上的隱私。
[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
這些是我們推薦 Android 作業系統、設備和應用程式,最大程度地提高行動設備的安全和隱私。 了解更多 Android 資訊:
[安卓概况 :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
## AOSP 衍生品
根據設備與這些作業系統的兼容性,列出偏好順序以安裝我們推薦的某款定制 Android 作業系統。
<div class="admonition note" markdown>
<p class="admonition-title">Note "備註"</p>
由於 OEM 停止支持,壽命終止的設備(如 GrapheneOS 或CalyxOS 的 "延長支授 "設備)沒有完整的安全補丁(軔體更新)。 這些設備無論安裝何種軟體,都不能視為完全安全。
</div>
### GrapheneOS
<div class="admonition recommendation" markdown>
![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
**GrapheneOS** 是隱私與安全的最佳選擇。
GrapheneOS 提供額外的 [安全加固](https://en.wikipedia.org/wiki/Hardening_(computing)) 與隱私改善。 它有 [加固的記憶體分配器](https://github.com/GrapheneOS/hardened_malloc)、網路、感應許可與各類[安全功能](https://grapheneos.org/features). GrapheneOS 還帶有完整的軔體更新與已簽名的建置版本,因此完全支援 verified boot。
[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
</div>
GrapheneOS 支援 [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), 它可以像其它普通應用一樣在沙盒中執行[Google Play 服務](https://en.wikipedia.org/wiki/Google_Play_Services) 。 這意味可利用大多數 Google Play 服務,如 [推送通知](https://firebase.google.com/docs/cloud-messaging),完全控制其權限和訪問,同時將其包含所選的特定 [工作設定檔](os/android-overview.md#work-profile) 或 [用戶設定檔](os/android-overview.md#user-profiles)。
Google Pixel 手機是目前唯一符合 GrapheneOS [硬體安全要求](https://grapheneos.org/faq#future-devices)的設備。
[為何我們推薦 GrapheneOS 而非 CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
### DivestOS
<div class="admonition recommendation" markdown>
![DivestOS logo](assets/img/android/divestos.svg){ align=right }
**DivestOS** 是 [LineageOS](https://lineageos.org)的分支。
DivestOS 從 LineageOS 繼承了許多[支援的設備](https://divestos.org/index.php?page=devices&base=LineageOS)。 它具有簽名的建置,因此可在某些非 Pixel 設備上執行 [verified boot](https://source.android.com/security/verifiedboot)。
[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
</div>
DivestOS 有自動內核弱點 ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [補丁](https://gitlab.com/divested-mobile/cve_checker)、更少的商業專用 blobs 與自定的 [hosts](https://divested.dev/index.php?page=dnsbl) 檔案。 其強化 WebView[Mulch](https://gitlab.com/divested-mobile/mulch),支援 適用於所有架構的[CFI](https://en.wikipedia.org/wiki/Control - flow_integrity)和[網路狀態分割](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning),並接收外帶更新。 DivestOS 還包括來自GrapheneOS 內核補丁,並通過 [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758),開啟所有可用的內核安全功能。 3.4 版之後更新的內核都包括全頁[淨化](https://lwn.net/Articles/334747) ,所有 ~22 Clang 編譯的內核都啟用了 [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471)。
DivestOS 實現了一些最初為 GrapheneOS 開發的系統加固補丁。 DivestOS 16.0以上版本實現了 GrapheneOS [`網際網路`](https://developer.android.com/training/basics/network-ops/connecting) 和感應權限切換, [固化記憶體分配器](https://github.com/GrapheneOS/hardened_malloc) [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening) [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)),以及部分 [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) 固化補丁集。 17.1 及更新版本具有GrapheneOS 的各個網路完整[MAC 隨機化](https://en.wikipedia.org/wiki/MAC_address#Randomization)選項,[`ptrace_scope`](https:/ /kernel. org/doc/html/latest/admin-guide/LSM/Yama.html) 控制,以及自動重新啟動/Wi-Fi/藍牙[逾時選項](https:// /grapheneos.org/features)。
DivestOS 以 F-Droid 為預設的應用下載服務。 通常建議 [少用 F-Droid](#f-droid),然而這對 DivestOS 卻不可行,開發者透過 ([DivestOS 官方](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) 與 [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2))的 F-Droid 存取庫來更新他們的應用程式。 建議禁用官方 F-Droid 應用,並使用 [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic)**一併啟用DivestOS 存取庫**,以保持這些組件為最新。 至於其它應用,我們建議的獲取方式仍適用。
<div class="admonition warning" markdown>
<p class="admonition-title">警告</p>
DivestOS 軔體更新 [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS)和品管依所支援的設備不同而異。 雖取決於設備的兼容性,我们仍推薦 GrapheneOS。 對其它設備DivestOS 是不錯的選項。
並非所有支援設備都可 verified boot某些設備的表現較好。
</div>
## Android 設備
選購設備時,建議儘可能挑選較新的設備。 行動設備的軟體和軔體只支持時間有期限,因此購買新上市的設備可以盡可能地延長其支援壽命。
避免從電信行動營運商購置手機。 它們往往 **鎖定 bootloader** 也不支援 [OEM 解鎖](https://source.android.com/devices/bootloader/locking_unlocking)。 這類手機變體阻止安裝任何替代的 Android 發行版。
從網路市集購買二手手機必須要非常**小心**。 請檢查賣家的信譽 如果設備被盜,它有可能被輸入到 [IMEI 資料庫](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database)。 前一位持有者的活動發生關係也將有風險。
對於 Android 設備與作業系統相容有一些提示:
- 不要購買已經達到或接近其支援壽命的設備,額外的軔體更新必須由製造商提供。
- 不要購買預裝 LineageOS 或/e/OS 或是無適當 [Verified Boot](https://source.android.com/security/verifiedboot) 支持和軔體更新的 Android 手機。 這些設備沒辦檢查是否曾遭篡改。
- 簡而言之,如果這裏沒列出某設備或 Android 發行版,都是有原因的。 請造訪[論壇](https://discuss.privacyguides.net)以了解詳細資訊!
### Google Pixel
Google Pixel 是**唯一** 推薦的手機。 由於對第三方作業系統的適當AVB 支持和 Google 定制的 [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) 安全晶片為安全元件Pixel 硬體安全性比目前市場上其他 Android 設備強。
<div class="admonition recommendation" markdown>
![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
眾所周知,**Google Pixel** 設備具有良好安全性,支持 [Verified Boot](https://source.android.com/security/verifiedboot),即使安裝自定義作業系統時也是如此。
**Pixel 8**和 **8 Pro** 開始Pixel 設備至少有 7年的安全更新保證確保其使用壽命比其他競爭OEM 廠商 2-5年長得多。
[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
</div>
Titan M2 這類安全元件比大多數其他手機處理器的可信執行環境更為有限因為Titan M2 只用於秘密存儲、硬體證明和速率限制,而不是用於運行 "可信" 程式。 沒有安全元件的手機必須使用 TEE *執行所有這些功能* ,從而導致更大的攻擊面。
Google Pixel 手機使用名為Trusty 的 TEE 作業系統,它是 [開源](https://source.android.com/security/trusty#whyTrusty),與其他許多手機不同。
Pixel 手機很容易安裝 GrapheneOS 只需依其 [網頁安裝程式](https://grapheneos.org/install/web)即可。 如果不敢自行安裝願意多花一點錢,可以看看 [NitroPhone](https://shop.nitrokey.com/shop) ,它們預裝 GrapheneOS來自著名的 [Nitrokey](https://nitrokey.com/about) 公司。
購買 Google Pixel 的一些提醒:
- 如果想買便宜的 Pixel 設備,建議購買"**a**"型號,其為旗艦機發布後的預算款。 通常會有折扣,因為 Google 會出清庫存。
- 考慮在實體商店提供折扣與特價的商品。
- 找找國內線上折扣社區的網站。 這些可提醒有好的商品。
- Google 提供一份其設備 [支援週期](https://support.google.com/nexus/answer/4457705)的列表清單。 設備每天的價格可以計算如下: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>成本</mtext> <mrow> <mtext>產品終期 日期</mtext> <mo></mo> <mtext>當前日期</mtext> </mrow> </mfrac> </math> ,意味著設備的使用時間越長,每日成本就越低。
- 如果你的地區無法購得 Pixel [NitroPhone](https://shop.nitrokey.com/shop) 可提供全球配送。
## 一般應用
我們在網站上推薦了各種各樣的 Android 應用。 這裡列出的應用程式是 Android 專用、特別加強或取代重要系統功能。
### Shelter
<div class="admonition recommendation" markdown>
![Shelter logo](assets/img/android/shelter.svg){ align=right }
**Shelter** 有助於利用 Android 工作設定檔功能隔離或複制設備上的應用程式。.
Shelter 阻止聯繫人利用默認檔案管理器([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui))作跨設定檔搜尋與共享檔案 。
[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">警告</p>
推薦使用 Shelter 取代 [Insular](https://secure-system.gitlab.io/Insular)和 [Island](https://github.com/oasisfeng/island),因為 Shelter 支持[聯繫人搜索屏蔽](https://secure-system.gitlab.io/Insular/faq.html)。
當使用 Shelter 時將信任置於其開發者Shelter 作為[設備管理員](https://developer.android.com/guide/topics/admin/device-admin)來創建工作設定檔,它有大量權限訪問存儲在工作設定檔的資料。
</div>
### Secure Camera
<div class="admonition recommendation" markdown>
![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
**Secure Camera** 專注於隱私和安全的相機應用,可以捕捉圖像、影片和二維碼。 CameraX 供應商擴展肖像、HDR、夜視、面部修飾和自動也支持可用設備。
[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary>下載 Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
主要隱私功能包括:
- 自動移除 [Exif](https://en.wikipedia.org/wiki/Exif) 中繼資料 (設預啟用)
- 使用新的 [媒介](https://developer.android.com/training/data-storage/shared/media) API因此不需要 [儲存權限](https://developer.android.com/training/data-storage)。
- 除非需錄制聲音,否則無需麥克風權限。
<div class="admonition note" markdown>
<p class="admonition-title">Note "備註"</p>
目前影片沒有刪除中繼資料,未來計畫要刪除。
圖片方向的中繼資料未刪除。 如果 (Secure Camera) 開啟定位, 也 **不會** 被不會偵測到。 如果之後想刪除,必須使用外部應用如[ExifEraser](data-redaction.md#exiferaser-android)。
</div>
### Secure PDF Viewer
<div class="admonition recommendation" markdown>
![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
**Secure PDF Viewer** 是基於 [pdf.js](https://en.wikipedia.org/wiki/PDF.js)的PDF 瀏覽器,無需任何權限。 此 PDF 被送入 [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview)。 這意味著它不需要權限就能直接存取內容或檔案。
[內容安全政策](https://en.wikipedia.org/wiki/Content_Security_Policy)用來強制要求 WebView 內的JavaScript 和造型屬性需全為靜態內容。
[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary> 下載: Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
## 獲取應用程式
### Obtainium
<div class="admonition recommendation" markdown>
![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
**Obtainium** 應用管理器可以直接透過開發者自己的發佈頁來安裝與更新應用。(例如 GitHub, GitLab 等等.), 取代集中式的應用商店或代碼儲存庫。 在 Android 12 以上版本,可支援自動背景更新。
[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary>Downloads "下載"</summary>
- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
</details>
</div>
Obtainium 可以從不同來源下載 APK 安裝檔,由使用者自行判斷其來源與應用是否可靠合法。 例如使用 Obtainium 從 [Signal APK 登錄頁 ](https://signal.org/android/apk) 來下載安裝 Signal 應該沒問題,但如果透過第三方 APK 儲放庫如 Aptoide o 或 APKPure 則可能有其它風險。 安裝惡意*更新*的風險較低,因為 Android 自身會在安裝之前驗證所有應用程式更新是否由與手機上現有應用程式為相同開發人員所簽署。
### GrapheneOS App Store
GrapheneOS 應用商店可在 [GitHub](https://github.com/GrapheneOS/Apps/releases)找到。 它支持Android 12 以上版本,並且能夠自行更新。 應用程式商店擁有由 GrapheneOS 專案建立的獨立應用程序,例如 [Auditor](https://attestation.app)、[相機](https://github.com/GrapheneOS/Camera)和[PDF 檢視器](https://github.com/GrapheneOS/PdfViewer)。 如果正在尋找這些應用程式,強烈建議從 GrapheneOS 應用程式商店而不是 Google Play 商店獲得,因為 GrapheneOS 會對自家商店的應用程式簽署 Google 無法訪問的簽名。
### Aurora Store
Google Play商店需要登錄 Google 帳戶,這對隱私來說不是很好。 可以使用替代客戶端,如 Aurora Store 來解決這個問題。
<div class="admonition recommendation" markdown>
![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
**Aurora Store** 為 Google Play Store 客戶端,其無須 Google 帳戶 或 microG 即可下戴應用。
[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads "下載"</summary>
- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
</details>
</div>
Aurora Store不允許其匿名帳戶下載付費應用程式。 您可以選擇使用 Google 帳戶登錄 Aurora Store 來下載所購買的應用程式,這確實可以訪問您的 Google 安裝應用程式列表。 但仍可受益於裝置上不需要完整的 Google Play 用戶端和 Google Play 服務或 microG。
### 手動使用 RSS 通知
在GitHub和GitLab 等平台上發布的應用程式,也可在 [新聞聚合器](news-aggregators.md) 下添加 RSS 源,有助於追踪新版本消息。
![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
#### GitHub
在 GitHub以 [Secure Camera](#secure-camera) 為例,可以導航到它的 [發布頁](https://github.com/GrapheneOS/Camera/releases) 並在URL 最後加 `.atom`
`https://github.com/GrapheneOS/Camera/releases.atom`
#### GitLab
在GitLab ,以 [Aurora Store](#aurora-store) 為例,可以導航到其 [專案存取庫](https://gitlab.com/AuroraOSS/AuroraStore) 並在URL 最後加 `/-/tags?format=atom`
`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
#### 查驗 APK 指紋碼
如果想下載 APK 檔案進行手動安裝,可用 [`apksigner`](https://developer.android.com/studio/command-line/apksigner) 工具驗證其簽名,這是 Android [build-tools](https://developer.android.com/studio/releases/build-tools)的一部分。
1. 安裝 [Java JDK](https://oracle.com/java/technologies/downloads).
2. 下載 [Android Studio 命令列工具](https://developer.android.com/studio#command-tools).
3. 解壓縮下載的存檔:
```bash
unzip commandlinetools-*.zip
cd cmdline-tools
./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
```
4. 執行簽名驗證指令:
```bash
./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
```
5. 產生的雜湊結果可與另一個來源進行比對。 某些開發者例如 Signal 在會其官網顥示其[指紋碼](https://signal.org/android/apk)。
```bash
Signer #1 certificate DN: CN=GrapheneOS
Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
```
### F-Droid
![F-Droid 圖標](assets/img/android/f-droid.svg){ align=right width=120px }
==我們只建議用 F-Droid 來獲取無法在上述管道取得的應用程式。== F-Droid 經常被推薦為 Google Play 替代品,特別是隱私社區。 可添加第三方資源庫的選項與不被局限在 Google 圍牆花園,導致了它的流行。 F-Droid 另外還有 [可複制建構](https://f-droid.org/en/docs/Reproducible_Builds) ,用於一些應用程式,並致力於自由和開源軟體。 不過F-Droid 建置、簽署和交付包的方式存在一些安全缺失:
由於其構制應用程式的程序F-Droid 官方資源庫中的應用程式經常在更新上落後。 F-Droid 維護者在用自己的密鑰簽署應用程式時也會重複使用套件 ID此作法並不理想因為這給予 F-Droid 團隊終極信任。 此外,應用程式納入官方 F-Droid 儲存庫中的要求不如 Google Play 等其他應用程式商店嚴格,這意味著 F-Droid 往往會託管更多較舊、未維護或不符合[現代安全標準](https://developer.android.com/google/play/requirements/target-sdk)的應用程式。
其他流行的 F-Droid 第三方資源庫,如 [IzzyOnDroid](https://apt.izzysoft.de/fdroid) ,緩解一些擔憂。 IzzyOnDroid 存儲庫直接從 GitHub 拉取構建,是開發者自己存儲庫的下一個最好的東西。 然而,這不是我們所推薦的,當應用程式進入 F-droid 主倉庫時,通常 [就會從該倉庫刪除](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446)。 雖然可以理解(因為該特定倉庫的作用是應用程式在為 F-Droid 主倉庫接受之前託管工作),它可能會讓所安裝的應用程式不再收到更新。
也就是說, [F-droid](https://f-droid.org/en/packages) 和 [IzzyOnDroid](https://apt.izzysoft.de/fdroid) 存取庫有無數應用程式,所以它們成為搜索和發現開源應用程式的有用工具,然後通過 Play Store、Aurora Store 或直接從開發者獲得 APK 下載。 透過此方法尋找新應用程式時,應該做出最佳判斷,並密切注意應用程式的更新頻率。 過時的應用程式可能依賴不支援的程式庫,從而帶來潛在的安全風險。
<div class="admonition note" markdown>
<p class="admonition-title">F-Droid Basic</p>
在某些罕見情況下,應用程式開發者將只通過 F-droid 發布([Gadgetbridge](https://gadgetbridge.org)就是一例。) 如果真需要這樣的應用程式,建議使用 [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic/) ,而不是從官方的 F-droid 應用程式來獲得。 F-Droid Basic 可以進行無需特權或 root 的更新,且具降低的功能集(限制攻擊面)。
</div>
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
### 作業系統
- 必須是開源軟體。
- 必須支援 bootloader 鎖定與自定 AVB 密鑰支援。
- Android 主要系統發布後的 1個月內接受更新。
- 必须在发布后0-14天内收到安卓功能更新小版本
- 必須在發布後 5 天內收到定期安全補丁。
- 必須 **不可打破常規地** root 。
- 必須**不要**預設啟用 Google Play 服務。
- 必須 **不用** 系統調配以支援 Google Play 服務。
### 裝置
- 必須支援至少一個我們推薦的自訂作業系統。
- 必須是目前可在商店買到的新品。
- 至少可獲得 5年的安全更新。
- 必須有專用的安全元件硬體。
### 應用程式
- 此頁面上的應用程式不得適用於網站上的任何其他軟體類別。
- 一般應用程式應擴展或取代核心系統功能。
- 應用程式應定期更新和維護。

106
i18n/zh-Hant/android/distributions.md Normal file
View File

@@ -0,0 +1,106 @@
---
meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
title: Alternative Distributions
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
- "@context": http://schema.org
"@type": 網頁
name: Private Android Operating Systems
url: ./
- "@context": http://schema.org
"@type": CreativeWork
name: GrapheneOS
image: /assets/img/android/grapheneos.svg
url: https://grapheneos.org/
sameAs: https://en.wikipedia.org/wiki/GrapheneOS
subjectOf:
"@context": http://schema.org
"@type": 網頁
url: ./
- "@context": http://schema.org
"@type": CreativeWork
name: Divest
image: /assets/img/android/divestos.svg
url: https://divestos.org/
sameAs: https://en.wikipedia.org/wiki/DivestOS
subjectOf:
"@context": http://schema.org
"@type": 網頁
url: ./
---
A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
## AOSP Derivatives
### GrapheneOS
<div class="admonition recommendation" markdown>
![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
**GrapheneOS** is the best choice when it comes to privacy and security.
GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
</div>
GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
### DivestOS
<div class="admonition recommendation" markdown>
![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
</div>
DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
<div class="admonition warning" markdown>
<p class="admonition-title">警告</p>
DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
Not all of the supported devices have verified boot, and some perform it better than others.
</div>
## 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
- 必須是開源軟體。
- Must support bootloader locking with custom AVB key support.
- Must receive major Android updates within 0-1 months of release.
- Must receive Android feature updates (minor version) within 0-14 days of release.
- Must receive regular security patches within 0-5 days of release.
- Must **not** be "rooted" out of the box.
- Must **not** enable Google Play Services by default.
- Must **not** require system modification to support Google Play Services.

124
i18n/zh-Hant/android/general-apps.md Normal file
View File

@@ -0,0 +1,124 @@
---
title: General Apps
schema:
- "@context": http://schema.org
"@type": 網頁
name: General Android Apps
url: ./
- "@context": http://schema.org
"@type": MobileApplication
name: Shelter
applicationCategory: Utilities
operatingSystem: Android
- "@context": http://schema.org
"@type": MobileApplication
name: Secure Camera
applicationCategory: Utilities
operatingSystem: Android
- "@context": http://schema.org
"@type": MobileApplication
name: Secure PDF Viewer
applicationCategory: Utilities
operatingSystem: Android
---
We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
### Shelter
<div class="admonition recommendation" markdown>
![Shelter logo](../assets/img/android/shelter.svg){ align=right }
**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">警告</p>
Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
</div>
### Secure Camera
<div class="admonition recommendation" markdown>
![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary>下載</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Main privacy features include:
- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
- Microphone permission not required unless you want to record sound
<div class="admonition note" markdown>
<p class="admonition-title">備註</p>
Metadata is not currently deleted from video files but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
</div>
### Secure PDF Viewer
<div class="admonition recommendation" markdown>
![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary>下載</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
## 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
- Applications on this page must not be applicable to any other software category on the site.
- General applications should extend or replace core system functionality.
- Applications should receive regular updates and maintenance.

34
i18n/zh-Hant/android/index.md Normal file
View File

@@ -0,0 +1,34 @@
---
title: Android
icon: simple/android
cover: android.webp
schema:
- "@context": http://schema.org
"@type": 網頁
name: Android Recommendations
url: ./
- "@context": http://schema.org
"@type": CreativeWork
name: Android
image: /assets/img/android/android.svg
url: https://source.android.com/
sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
---
![Android logo](../assets/img/android/android.svg){ align=right }
The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
- [Alternative Distributions](distributions.md)
- [General Apps](general-apps.md)
- [Obtaining Applications](obtaining-apps.md)
To learn more about Android:
[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }

126
i18n/zh-Hant/android/obtaining-apps.md Normal file
View File

@@ -0,0 +1,126 @@
---
title: Obtaining Applications
---
There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
## Obtainium
<div class="admonition recommendation" markdown>
![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary>下載</summary>
- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
</details>
</div>
Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
## GrapheneOS App Store
GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
## Aurora Store
The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
<div class="admonition recommendation" markdown>
![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>下載</summary>
- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
</details>
</div>
Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
## Manually with RSS Notifications
For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
### GitHub
On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
`https://github.com/GrapheneOS/Camera/releases.atom`
### GitLab
On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
### Verifying APK Fingerprints
If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
3. Extract the downloaded archive:
```bash
unzip commandlinetools-*.zip
cd cmdline-tools
./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
```
4. Run the signature verification command:
```bash
./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
```
5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
```bash
Signer #1 certificate DN: CN=GrapheneOS
Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
```
## F-Droid
![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
<div class="admonition note" markdown>
<p class="admonition-title">F-Droid Basic</p>
In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
</div>

2
i18n/zh-Hant/basics/why-privacy-matters.md
View File

@@ -43,7 +43,7 @@ icon: 'material/shield-account'
對隱私運動常見一個反駁論點是,如果一個人**“沒有什麼可隱藏的”,就不需要隱私。**這是危險的誤解,讓人覺得要求隱私的人一定是越軌、犯罪或錯誤。
==不應該混淆隱私和祕密。== 人人都知道浴室裡發生了什麼,但你還是會關上門。 這是因為您想要隱私,而不是保密。 總有一些關於我們的事實——比如,個人健康資訊或性行為——不想讓全世界都知道,這沒關係。 需要隱私是合理合法的,它讓人之所以為人。 隱私是賦予權利來決定自己的資訊,而不是為了隱藏祕密。
==不應該混淆隱私和祕密。== 人人都知道浴室裡發生了什麼,但你還是會關上門。 That's because you want privacy, not secrecy. 總有一些關於我們的事實——比如,個人健康資訊或性行為——不想讓全世界都知道,這沒關係。 需要隱私是合理合法的,它讓人之所以為人。 隱私是賦予權利來決定自己的資訊,而不是為了隱藏祕密。
## 隱私關乎控制?

6
i18n/zh-Hant/device-integrity.md
View File

@@ -163,9 +163,9 @@ iMazing 會自動並以互動方式引導完成使用 [MVT](#mobile-verification
</div>
Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. 這為裝置本身提供了非常強大的完整性檢查,但不一定檢查裝置上執行的使用者級應用程式是否是惡意的。
Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. 這為裝置本身提供了非常強大的完整性檢查,但不一定檢查裝置上執行的使用者級應用程式是否是惡意的。
審核員使用**兩個**設備執行證明和入侵檢測即一個_被審核者_正在驗證的設備和一個_審核員_執行驗證的設備審核者可以是任何Android 10+ 裝置(或由[GrapheneOS](android.md#grapheneos) 運行的遠端Web 服務),而受審核者必須是專門的[支援的裝置](https://attestation.app /about #device-support)。 Auditor 適用於:
審核員使用**兩個**設備執行證明和入侵檢測即一個_被審核者_正在驗證的設備和一個_審核員_執行驗證的設備The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor 適用於:
- 在_審核員_和_被審核者_之間使用 [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) 模式,雙方在兩人在[硬體支援的金鑰庫](https://source.android.com/security/keystore/)the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/)中建立 _審計員_私鑰。
- _審核員_可以是審核員應用程式的另一個實例也可以是[遠端憑證服務](https://attestation.app)。
@@ -197,7 +197,7 @@ Auditor is not a scanning/analysis tool like some other tools on this page; rath
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
**Hypatia** 適用於 Android 的開源即時惡意軟體掃描程式,由 [DivestOS](android.md#divestos) 的人員開發。 It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }

91
i18n/zh-Hant/mobile-phones.md Normal file
View File

@@ -0,0 +1,91 @@
---
title: Mobile Phones
icon: material/cellphone-check
description: These mobile devices have proper Android Verified Boot support for custom operating systems.
cover: android.webp
schema:
- "@context": http://schema.org
"@type": 網頁
name: Mobile Phone Recommendations
url: ./
- "@context": http://schema.org
"@type": Product
name: Pixel
brand:
"@type": Brand
name: Google
image: /assets/img/android/google-pixel.png
sameAs: https://en.wikipedia.org/wiki/Google_Pixel
review:
"@type": Review
author:
"@type": Organization
name: Privacy Guides
---
Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
<div class="admonition warning" markdown>
<p class="admonition-title">警告</p>
End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
</div>
## Purchasing Advice
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
A few more tips regarding Android devices and operating system compatibility:
- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
## Google Pixel
Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
<div class="admonition recommendation" markdown>
![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
</div>
Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
A few more tips for purchasing a Google Pixel:
- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
- Consider price beating options and specials offered at physical stores.
- Look at online community bargain sites in your country. These can alert you to good sales.
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo></mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
## 標準
請注意,我們所推薦專案沒有任何瓜葛。 除[標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
- Must support at least one of our recommended custom operating systems.
- Must be currently sold new in stores.
- Must receive a minimum of 5 years of security updates.
- Must have dedicated secure element hardware.

4
i18n/zh-Hant/os/android-overview.md
View File

@@ -18,7 +18,7 @@ description: Android是一個開源作業系統具有強大的安全保護
理想情況下,在選擇客製 Android 發行版時應該確保它符合Android 安全模型。 至少該發行版應該具有生產構建支持AVB 回滾保護及時韌體和操作系統更新以及SELinux [開啟模式](https://source.android.com/security/selinux/concepts#enforcement_levels)。 我們推薦的 Android 發行版都符合這些標準。
[Android 系統建議 :material-arrow-right-drop-circle:](../android.md ""){.md-button}
[Android 系統建議 :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
### 避免 Root
@@ -132,7 +132,7 @@ Android 13:
[工作用設定檔](https://support.google.com/work/android/answer/6191949) 是另一個隔離個別應用的方法,也比單獨的用戶設定檔更為方便。
**設備控制器**應用例如 [Shelter](../android.md#shelter) 需要建立不用企業 行動裝置管理(MDM) 工作設定檔除非使用自定的Android 作業系統已包括。
A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
工作配置檔需靠裝置控制器才能運作。 控制器必須實現 *File Shuttle**Contact Search Blocking* 等功能或任何類型的隔離功能。 您還必須完全信任設備控制器應用程序,因為它可以完全訪問工作配置文件中的數據。

2
i18n/zh-Hant/os/index.md
View File

@@ -4,7 +4,7 @@ title: 作業系統
我們發布主要作業系統的配置指南,通常可以改善個人資料被收集的情況,特別是如使用[隱私工具](../tools.md),例如我們推薦的網路瀏覽器在適當的地方設置原生工具。 不過某些作業系統本質上會更加尊重隱私,而在其他選擇上要實現同等隱私則較不易。
如果是從零開始,強烈建議在桌面上使用 [Linux](../desktop.md),在行動裝置上使用 [Android](../android.md)。 如已經使用其他東西並且對轉換沒興趣,我們仍希望這些指南有所幫助。
If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. 如已經使用其他東西並且對轉換沒興趣,我們仍希望這些指南有所幫助。
## 移動作業系統

4
i18n/zh-Hant/os/ios-overview.md
View File

@@ -10,7 +10,7 @@ description: 蘋果公司使用 Unix 作業系統來開發macOS 支援自家的
iOS 設備因其強大的資料保護和對現代最佳作法的遵守而受到安全專家的讚揚。 然而Apple 生態系統的限制性——尤其是移動設備——仍然在很多方面阻礙了隱私。
我們認為,與任何製造商的庫存 Android 設備相比iOS 為大多數人提供了水平之上的隱私和安全保護。 不過,如希望或需要完全從 Apple 或 Google 雲獨立,您可以使用 GrapheneOS 等[自定義 Android 作業系統](../android.md#aosp-derivatives)來實現更高的隱私標準服務。
我們認為,與任何製造商的庫存 Android 設備相比iOS 為大多數人提供了水平之上的隱私和安全保護。 However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
### 激活鎖
@@ -63,7 +63,7 @@ Apple 產品的大多數隱私和安全問題與其雲服務有關,而不是
在「 **設定** 」應用程式的頂部,如果您已登入 Apple ID便會看到您的姓名和個人資料相片。 選取這項然後再選 **尋找**。 此處您可以選擇是否啟用或禁用“查找設備”功能。
### 設定
### Settings
許多其他與隱私相關的設置可以在**設置**應用中找到。

2
i18n/zh-Hant/os/windows/group-policies.md
View File

@@ -14,7 +14,7 @@ title: 群組原則設置
若要變更任何群組政策,請雙擊它,然後根據下面的建議在出現的視窗頂部選擇「啟用」或「停用」。 某些群組原則可以配置的其他設置,如果是這種情況,下面也會註明相應的設置。
### 系統
### System
#### Device Guard

39
i18n/zh-Hant/pastebins.md Normal file
View File

@@ -0,0 +1,39 @@
---
title: Pastebins
icon: material/content-paste
description: These tools allow you to have full control of any pasted data you share to other parties.
cover: pastebins.webp
---
[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
## PrivateBin
<div class="admonition recommendation" markdown>
![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. 資料在瀏覽器中使用 256位元AES 來加密/解密。 它是 ZeroBin 的改進版本。
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
</div>
## 標準
請注意,我們所推薦專案沒有任何瓜葛。 除[標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
### 最低合格要求
- 它必須是開源的。
- 必須落實"零信任"端對端加密。
- 必須支援密碼保護檔案。
### 最佳案例
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 應有來自聲譽良好、獨立的第三方公開審查報告。

33
i18n/zh-Hant/productivity.md
View File

@@ -154,39 +154,6 @@ cover: productivity.webp
- 必須支援編輯文件、電子表格和投影片製作投放。
- 必須將檔案匯出為標準文件格式。
## 網路黏貼服務
### PrivateBin
<div class="admonition recommendation" markdown>
![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
**PrivateBin** 是一個極簡主義的開源網路剪貼板 ,伺服器對黏貼的資料一無所知。 資料在瀏覽器中使用 256位元AES 來加密/解密。 它是 ZeroBin 的改進版本。
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
</div>
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
#### 最低合格要求
- 它必須是開源的。
- 必須落實"零信任"端對端加密。
- 必須支援密碼保護檔案。
#### 最佳案例
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 應有來自聲譽良好、獨立的第三方公開審查報告。
## 語言服務
### LanguageTool

50
i18n/zh-Hant/tools.md
View File

@@ -394,6 +394,16 @@ description: Privacy Guides 是最透明和可靠的網站,用於尋找保護
[了解更多 :material-arrow-right-drop-circle:](passwords.md)
### Pastebins
<div class="grid cards" markdown>
- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
</div>
[了解更多 :material-arrow-right-drop-circle:](pastebins.md)
### 工作效率工具
<div class="grid cards" markdown>
@@ -402,7 +412,6 @@ description: Privacy Guides 是最透明和可靠的網站,用於尋找保護
- ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
- ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
- ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
- ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
</div>
@@ -437,32 +446,53 @@ description: Privacy Guides 是最透明和可靠的網站,用於尋找保護
[了解更多 :material-arrow-right-drop-circle:](security-keys.md)
### Mobile Phones
<div class="grid cards" markdown>
- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
</div>
[了解更多 :material-arrow-right-drop-circle:](mobile-phones.md)
## 作業系統
### 行動
#### Custom Android Operating Systems
<div class="grid cards" markdown>
- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
</div>
[了解更多 :material-arrow-right-drop-circle:](android.md)
[了解更多 :material-arrow-right-drop-circle:](android/distributions.md)
#### Android 應用程式
<div class="grid cards" markdown>
- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
</div>
[了解更多 :material-arrow-right-drop-circle:](android.md#general-apps)
[了解更多 :material-arrow-right-drop-circle:](android/general-apps.md)
#### Ways to Obtain Android Apps
<div class="grid cards" markdown>
- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
</div>
[了解更多 :material-arrow-right-drop-circle:](android/obtaining-apps.md)
### 桌上型電腦