7.1 KiB
title, description, icon, cover, schema
| title | description | icon | cover | schema | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Android | Our advice for replacing privacy-invasive default Android features with private and secure alternatives. | simple/android | android.webp |
|
{ align=right }
The Android Open Source Project (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
General Android Overview :material-arrow-right-drop-circle:{ .md-button .md-button--primary }
Our Advice
Replace Google Services
There are many methods of obtaining apps on Android while avoiding Google Play. Whenever possible, try using one of these methods before getting your apps from non-private sources:
Obtaining Applications :material-arrow-right-drop-circle:{ .md-button }
There are also many private alternatives to the apps that come pre-installed on your phone, such as the camera app. Besides the Android apps we recommend throughout this site in general, we've created a list of system utilities specific to Android which you might find useful.
General App Recommendations :material-arrow-right-drop-circle:{ .md-button }
Install a Custom Distribution
When you buy an Android phone, the default operating system comes bundled with apps and functionality that are not part of the Android Open Source Project. Many of these apps—even apps like the dialer which provide basic system functionality—require invasive integrations with Google Play Services, which in turn asks for privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, and numerous other things on your device in order for those basic system apps and many other apps to function in the first place. Frameworks like Google Play Services increase the attack surface of your device and are the source of various privacy concerns with Android.
This problem could be solved by using an alternative Android distribution, commonly known as a custom ROM, that does not come with such invasive integration. 다만 안타깝게도, 대부분의 커스텀 Android 배포판은 AVB, 롤백 보호, 펌웨어 업데이트 등의 중요한 보안 기능을 지원하지 않음으로써 Android 보안 모델을 위반하는 경우가 많습니다. Some distributions also ship userdebug builds which expose root via ADB and require more permissive SELinux policies to accommodate debugging features, resulting in a further increased attack surface and weakened security model.
커스텀 Android 배포판을 선택할 때는 해당 배포판이 Android 보안 모델을 준수하는지 확인하는 것이 이상적입니다. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in enforcing mode. All of our recommended Android distributions satisfy these criteria:
Recommended Distributions :material-arrow-right-drop-circle:{ .md-button }
Avoid Root
Rooting Android phones can decrease security significantly as it weakens the complete Android security model. 보안 수준이 낮아져 취약점의 발생으로 이어질 경우 프라이버시 또한 저해됩니다. 루팅은 일반적으로 부팅 파티션을 직접 조작하는 방식으로 이루어지므로, 자체 검사 부팅을 제대로 수행할 수 없습니다. Apps that require root will also modify the system partition, meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the attack surface of your device and may assist in privilege escalation vulnerabilities and SELinux policy bypasses.
Content blockers which modify the hosts file (AdAway) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. 이러한 방식은 광고 차단기의 본래 목적 면에서도 적절한 방식이 아닙니다. For content blocking, we suggest encrypted DNS or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy enhancing services such as Orbot or a real VPN provider.
AFWall+ works based on the packet filtering approach and may be bypassable in some situations.
Privacy Guides는 이러한 앱들의 불확실한 프라이버시 보호 효과가 휴대폰을 루팅함으로써 발생하는 보안상의 희생을 감수할 만큼 중요하다고는 생각하지 않습니다.
Install Updates Regularly
It's important to not use an end-of-life version of Android. Newer versions of Android receive not only security updates for the operating system but also important privacy enhancing updates too.
For example, prior to Android 10 any apps with the READ_PHONE_STATE permission could access sensitive and unique serial numbers of your phone such as IMEI, MEID, or your SIM card's IMSI; whereas now they must be system apps to do so. 시스템 앱은 OEM이나 Android 배포판에서만 제공됩니다.
Use Built-in Sharing Features
You can avoid giving many apps permission to access your media with Android's built-in sharing features. 많은 애플리케이션은 '공유' 기능을 이용해 미디어를 업로드하는 기능을 지원합니다.
For example, if you want to post a picture to Discord you can open your file manager or gallery and share that picture with the Discord app, instead of granting Discord full access to your media and photos.