Android Tips

Android is a very secure and robust operating system out of the box. This post will be less of a “hardening guide”, but more of a non-exhaustive list of tips when it comes to buying and using Android phones. Android Devices Recommended Phones Google Pixel phones are the only devices I would recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google’s custom Titan security chips acting as the Secure Element....

July 22, 2022 · 18 min · 3701 words · Tommy

Android VPN Leakage with Secondary User Profiles

Update: This is no longer reproducible on Android 13 QPR1 and Android 14 Developer Preview 1. Before We Start… I have been aware of this issue for awhile now (since at least Android 11), though I have not done enough testing to see what actually causes the leak nor do I have any workaround at the moment. My guess is that applications which launch early when you log into a secondary profile can bypass the VPN killswitch....

October 10, 2022 · 2 min · 327 words · Tommy

Banking Applications Compatibility with GrapheneOS

Maintained Compatibility List for International Banking Apps This list includes banking apps that have been tested, submitted, reviewed, and verified as compatible. LIST | SUBMIT | UPDATE | POSSIBLE WORKAROUND SOLUTIONS Introduction Welcome to the crowd-sourced dataset for GrapheneOS users on currently supported devices. New visitors are encouraged to read the official usage guide on banking apps for comprehensive details about how these apps function on GrapheneOS. IMPORTANT Please read GrapheneOS’s important announcement, officially released on Dec 1, 2023:...

January 26, 2022 · 13 min · 2681 words · akc3n, Tommy, spring-onion

Choosing Your Android-Based Operating System

Android is a secure operating system that has strong app sandboxing, Verified Boot (AVB), and a robust permission control system. When you buy an Android phone, the device’s default operating system often comes with invasive integration with apps and services that are not part of the Android Open-Source Project. An example of such is Google Play Services, which has irrevocable privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, hardware identifiers, and so on....

July 18, 2022 · 9 min · 1724 words · Tommy

F-Droid Security Issues

F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider. Before we start, a few things to keep in mind: The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work....

January 2, 2022 · 27 min · 5672 words · PrivSec.dev Contributors

Installing Kali NetHunter Lite on DivestOS 20.0

This will turn your device into a purely penetration testing device, and it will be very insecure for any other purpose. Please do not do this on your daily driver. This procedure should work without modification on many devices using the standard Android bootloader (not Samsung). However, every device has unique quirks that may require special attention. Originally, I just needed a device to run packet capture on my other devices....

March 7, 2023 · 2 min · 407 words · Tommy