Thanks for watching everyone! This video is sponsored by Privacy.com. Protect your financial identity online using virtual cards and get $5 off your first purchase: privacy.com/techlore > *Resources:* Our Android Privacy & Security Guide: kzbin.info/www/bejne/mn66dqyjZbCDmaM How to properly threat model guide: kzbin.info/www/bejne/enm9g5uYpL-bnKs Fun Research to dig into (This is always expanding and not completed): github.com/henryistaken/privacyresources#mobile-1 How to 'degoogle' ROMs Guide (Keep in mind it's from 2019 and may be outdated! Proceed with caution!): www.reddit.com/r/degoogle/comments/cldohl/how_to_degoogle_lineageos_in_2019/

This channel is excellent in making high quality videos without over-producing. They don't use fancy intro, outro, extreme editing, etc. Even the video format is simple, the guy just talks to the camera mostly. Yet, in the information realm there's extreme thought and very good research and organization, which makes the end result amazing yet efficient to make. Good job you guys!

GCP Firebase is a toolkit from Google that let your web / mobile development so smooth. I'm surprised it was not mentioned in this video as it probably plays a HUGE role in their data collection schema

Hmm, I would've liked to see you talk much more about DNS, WebView, Captive Portal, SUPL etc. Even if its main purpose (like you said) is probably not to gather valuable user data. But still these are ways in which google receives user data (even from supposedly "degoogled" phones). From my understanding, "degoogling" means more than just flashing a custom ROM w/o GApps and changing the browser search. As I think there are quite some people in the privacy bubble, that may not even be aware of that. So if you have the chance, maybe interview a privacy researcher and do a follow up. Thank you!

Inspired by your channel, about 4 months ago I bought a pixel 4a and installed GraphenenOS. It's been a great experiene. The installation went fairly smoothly and daily use has been better! One thing that I really like is really a by-product. Some of my apps no longer give push notifications. At first it annoyed me. But now I love it. I realised that the majority of notifications I previously thought essential aren't. Less picking upand staring at a screen. FAR less non essential apps on my phone too. All the essential services I need are supported. Often using FOSS alternatives. Thanks for the inspiration. Forever de-googled and loving it. I'm eagerly awaiting your Nextcloud series. Great channel. .

With respect to hardware spying in minute 8:31. Anyone using GrapheneOS is using a Pixel by default these days. And many of us are not using Google Play Services. So, we are out there - don't know how many we are.

FYI, private DNS in network settings are set to default (Google: 8.8.8.8 / 8.8.4.4) on almost every custom ROM

It's funny that a lot of people are concerned about these privacy issues but then proceeds to posting on social media about what they're doing, installing dumb apps ( facebook, tiktok etc etc )

One trend I've noticed is Google (following Apple) are making it harder for 3rd party tracking. Why? Because limits on 3rd party tracking give an advantage to 1st party tracking. Granted Google is also trying to make 1st party tracking more private well continuing to advertise whether their plans to achieve that goal actually works or not is another story.

Great! very valuable your information here, I had a brief experience with LineageOs 19.1 in my POCO F1, and soon after seeing that GApps is a choice to analyze well, recently encouraged by the /e/Os Project and I couldn't help but invest a little I took the time to test it and I realized from the beginning the depth of the focus on security and privacy. But... I have to agree with you that even in the face of this focus, in order to achieve the maximum that all these projects suggest, it depends a lot on each user, because we are part of it, it is necessary to follow certain precautions that are the responsibility of each user. . Thank you very much for your cooperation and your brilliant clarifications.

Regarding the app store, a lot of people do just fine with Huawei's app galery, its not an insignificant number. Also, in China phones dont come with play services

Can't wait to get my Pixel in the mail and drop Calyx on it. Thank you for all the information you seek out and make easy for us to understand!

Not trying to plug but the latest releases of GrapheneOS has Sandboxed Google Play so you can actually use GApps including Play Store in a sandbox. This allows you to actually use Google minus the spying, which some people prefer over installing dubious third party services that try to emulate Google Store/Services but don't actually come close to the real thing.

One of the big things missing here are the phone makers (Hauwei springs to mind) that don't or can't use Google Play Services. I don't think this changes much - especially given that a lot of users are going to be installing/sideloading google apps anyway but I think these people probably make up the majority of people without Google Play Services, not people with custom ROMs and no Google Play Services.

Speaking of degoogled phones and MICRO G, element secure messenger (matrix client) notifications don't come through very reliably ): so I have to have fluffychat (matrix client) to get my notifications better ): suppose it just makes it nice matrix has multiple client apps

I learn so much from this channel. Super informative, clear and concise. Techlore is top tier quality content

7:24 what about when the Government (ik the video is focused on Google) has physical possession of your phone. Couldn't hardware backdoors become a real problem then?

Google will still track you using apps using some sort of Android development APIs, as well as those who have ads in them (mostly are Double Click which is a Google product)

Great video concept! This channel is sooooo valuable.

lol, the problem is Google is at the protocol level. Phones are network devices so is anti-private by definition. The device has to identify uniquely to the network to work. Minimal disclosure is the best that can be done.

What about via BLE - Amazon and Apple already using it

Great video thanks excellent points. Re: Reputation, I think we have reached a saturation point where the number of people who care enough to base a purchase of a product on privacy is so low. I.e. spying and collection of data is expected. That all Google would need do if "caught in the act" of collection of data via AOSP or any other means (outside Gservices) would easily be brushed aside by siting "improved user experience". Only those watching videos like this one care sadly. We are very few and do not have the power to stop them at this time in history.

The radio software is the most likely location of any backdoor.

This is interesting to me, consider that I will buy Google Pixel eventually and then flash custom ROMs.

Wait, so Android really ís fully open source? I was under the impression that there's a small piece that's not. Supposedly dealing with low level system stuff.

This was solid info. Thanks Henry.

Have you tried BraX2 privacy phone using BraxOS?

Best vid you've made that I've seen.

This is a very good and clear analysis. Thank You.

My Calyx OS no longer connects to wifi. Still trying to figure it out.

the problem that some companies making it hard to unlock the bootloader and root your phone to install custom rom

I havnt watched yet but I'm on calyxos on a pixel and it says google and "your device is running a custom ROM" so clearly they have some sort of presence

Well made points, thx a lot! Can u pls compare Graphene with the /e ROM?

My biggest concern about tracking is - if vendors like xiaomi, samsung etc can spy on me through blobs and other system resources like kernel. If I'm gonna build my own custom rom from aosp source code plus blobs and kernel gotten from my device, could it spying?

I got a cheap old 20 dollar smart fone. After watchin a bunch on here, first thing I did was disable google play store and FB. And youtube and a bunch others. Run duckduckgo search and browser, f-droid, newpipe, and session. I have Linux at home. Thumbs up as always.

Calyx os user here without Google. It's running just fine and with KZbin capability too because of signature spoofing and microg.

Thanks for the video!

Hey so would an iPhone or Android be more privacy friendly? I would say I’m quite techy so I can definitely do hardening.

What is the alternative for play services? does micro g works? isn't that open source? also, Loved the channel and subscribed❤️

Can make a video on Intel ME?

I am about to migrate my custom domain emails to protonmail, in part thanks to you!!

Halium runs reasonably well on my Pixel1. Debian and Manjaro have much better userlands than Android. Still, it sucks to be stuck with the ancient kernel.

Within Googles extensive database and AI integration can generally pinpoint you as an individual by your habits, hardware or profile building by the 3rd to 5th website visited. The best thing offered against google is Disinformation rather than no information or an alternative with better policies and practices.. Pardon my intrusion, but I thought it was one thing to not send data, but was another to prevent data collection. Even if an unknown machine, from the first web query, your profile begins.

can you explain what wickr shredder does?

I call them the G Men for well-founded reasons

great video!

Can't wait for virtual cards to be available in the EU. Good debunking!

Is using ORBOT TOR GOOD I'm using AOSP

He has never heard of Intels management engine on all x86 CPUs or ring negative 1.

Check if your "degoogled"Rom does not have a Backdoor/spyware...but if you wanna get rid off it install linux on your Smartphone...

What about the default Android System Webview from LineageOS?

You just answred my question about the new google chips . thanks

Just a comment to boost the video

15:29 or you just say "yeah, well, that's just like, your opinion man.

what is the other channel? I see you and Braxman mentioning the same stuff, however I can't find those people. Thank you as always for communicating such important topics! :)

I got one question, where is your mic for these videos, so no echo happens and so there's higher quality sound

too much echo in the audio. Great content though!

- 3:52 Chromium is also open-source and look what Google did to that. 🙄 Being open-source doesn't mean good, it can be open-source and still have lots of garbage in it. Open-source isn't a panacea, somebody still has to step up and fix it. - 5:40 Yeah, just look at all the placebo privacy settings in Windows 10. 😒 - 6:45 Ugh, I practically wrote a novella on why back-doors make no sense on a recent SomeOrdinaryGamers video. - 7:00 Analogy: China and North Korea have a lot "security" and zero privacy. In fact, not only are privacy and security not the same thing, even security doesn't mean security. I could lock you in a cell to secure myself from you, but that doesn't make you secure. "Security" in China and North Korea protect the government from the people, not the people from the government. - 7:20 That's another factor of all the telemetry from these selfish companies stealing your data uses bandwidth and if you have data caps, you end up wasting your bandwidth and possibly even paying overage fees. And don't think telemetry is minimal, check your phone and computer and you'll be surprised how much data it sends when it "phones home". An iPhone is _constantly_ phoning-home, all day long. A couple of weeks ago, Louis Rossmann did a video ("The fight for your car's data; is it yours or is it the auto manufacturer's?") about cars sending data to the manufacturer and they can apparently send *_25GB_* per month!!! 😲 WTAF‽ Don't forget that this is wireless data, so you have to pay for a wireless service with at least 25GB of data per month just for the car to send your data to the manufacturer for THEIR benefit and you get NOTHING! 😠 - 7:50 Sure, it would be a massive scandal. So what? 🤷 How many times have we seen big corporations get slammed with massive scandals and survive? How many actually went down? 🤨 Remember Cambridge-Analytica? Remember 533,000,000 users' data leaked? Yet Facebook still exists (unfortunately). Getting caught doing bad stuff means nothing anymore, at least not if you've reached critical-mass. These days, corporation (especially Big Tech) specifically budget for fines because the fines are always too low to make a dent. They can get hit with a $20,000,000 fine and make that back in minutes. They embrace the adage "better to ask for forgiveness than for permission". 😠 - 8:25 Sure, anyone can discover what they're doing and expose them. But again, _so what?_ What's anybody going to do about it? Nobody is going to stop using their stuff, especially when there's a monopoly. People won't even boycott or "vote with their wallets" on inane stuff like movies and video-games; they'll complain that something is awful before it comes out, pay for it, then complain again after. 🤦 Let alone stuff like phones and web services. They can do whatever bad stuff they want with absolute impunity. - 8:40 You're definitely committing some sort of fallacy by arguing that it doesn't (currently) make sense since there's too little benefit for them. Maybe by doing it like that, they're laying the foundation for something bigger and worse that affects more people later. Maybe they're grooming people to get used to having no privacy. Maybe they're targeting the few people who resist their invasion to remove any remaining resistance to an outright takeover. Maybe something I can't even think of. 🤷 You being unable to think of a reason is not proof that it can't be true. And it doesn't have to benefit them _now._ Why do you think Microsoft has been so pushy about TPM for the past 20 years? They say it's for "security", but it's really just for DRM to lock the system down to take away all control form the user and give it all to Microsoft. They even tried rolling out Windows S editions which couldn't run programs _only_ from the Windows Store, not third-party programs, trying to make a walled-garden like Apple, but it failed. Now, with Windows 11, they finally made TPMs mandatory, so don't be surprised if Windows 11 becomes dystopian. - 9:18 Conspiracy-theorists always ignore the fact that if their theory were true, it would require ALL of the countless people that are "in on it" to reliably keep the secrets and not one of them leak it for any reason, not for money, not for attention, not for revenge after being fired or whatever. That's an even bigger accomplishment that the thing itself. 🙄 - 9:28 Like the whole microchip in the shot thing. Even if it were possible to transplant an actually-usable microchip, to what end? Most people already carry around a phone that contains all their data and tracks their location to a disturbingly accurate level, so what would a microchip you'd have to get within an inch to read and have just an ID number be good for? 🤨 - 10:15 The KZbin app is useless. Just watch the videos in Brave (it's the only browser that's actually able to block ads, so ostensibly that means the other browsers that can't-even with an ad-blocker addon-are probably not very private or secure in other ways as well 🤔). - 15:25 I don't have any F's left to give, I already used them all up and am in F-debt at this point, I owe so many F's.

did you go to UH???

Doesn't Intel and amd spy on their chips already? Do they upload it?

Yes, if you install gapps Otherwise no

Do you now understand why I call it ironic to degoogle your phone and then use a Google account to login on a Google service? You end up with a phone that still collects data for Google. 😉

Uhm but a custom ROM with Gapps cant even be considered as degoogled

maybe they do it like like AMD and Intel

hardware spying not reasonable , but intel can do it (remote access anytime) ;) so if everybody can do wireshark analysis.. why didnt you do it?

The best way is to not use a phone 👍

What about the sim card? Not sure which video say that chip can do more functions. Like those SD card.

yes or no?

I'm not exactly sure what was the point you were trying to make however, the analysis was very superficial, quite naive I should add - sorry. Any Android system with an associated registered Google account, Google Play Services, Google Play Store, Maps, arguably even Android System WebView, is definitely privacy compromised. As for hardware, you haven't mentioned anything about BT BLE, WiFi scanning, nearby device scanning, WiFi multicast, WiFi triangulation, cell and GPS location tracking, camera and microphone - which could very easily be forced on without user's consent. I didn't even touch on Google's new chip proprietary architecture, which is another privacy mess in itself. Coming back to software, Google Play Services is undoubtedly the weakest link, the absolute privacy killer - hence the development of microG which is not a perfect solution, it has its own privacy holes since it needs to emulate the very gms and gsf services for a Google registered account to properly work. In other words, even custom ROMs have lots of privacy cracks, although admittedly far less than a regular Android system, which is no less than a sofisticated spying tool with a nice user's interface and a phone. You should probably also add that the newer the Android version, the system's security arguably gets better, BUT the user's privacy gets trampled to a point where it eventually becomes a thing of the past. With that being said, unless you're forced to use say, Android 11 or 12 because you just got a new phone, don't buy the "upgrading" hype just because it's trendy. Think twice before updating the OS because it's irreversible.

No mention of GrapheneOS? Unsubing TechLore. Adios...

I disagree on the hardware level. And the AOSP. Since you can put in easily exploits in opensource code. Don't tell me log4j was a acident. Also when it comes to the hardware level it can also be a prism thing in where the feds force the company to put in shit. Just like with AMD psp or Intel ME.

Censorship of risk of your affiliate. My comment keeps instantly disapearing! I'll try one more time..... Here goes: Dude, please inform us of the risks when you advertise! " We Share Personal Data Under Controlled Circumstances: With third parties, within the United States and in other countries, who may access data about you to perform functions on our behalf; With financial institutions, processors, payment card associations and other entities that are involved in the payment process; With *government and law enforcement where reasonably necessary to comply with applicable law, regulation, legal process, governmental request;* With others where reasonably necessary to protect the security or integrity of our Services or user safety; In Connection with, or *during the negotiation of, ANY merger, sale of company stock or assets, financing, acquisition, divestiture or dissolution of all or a portion of our business;* With your consent."

That's what a google employee would say

the hardware angle, impossible.. uhm low power bluetooth anyone??????

❤

You' re talking about degoogle android devices on a google platform such KZbin 😂

You are making the mistake of thinking managers only do what is best for the company. As a veteran of the tech industry for 45 years I can tell you this is false. Of course there are those who things to enrich themselve but I have also seen decisions made for political and religious reasons.

Lmao at this point, y'all should just get iPhones. Pretty damn simple solution.

Lol not surprised he didn't mentioned GrapheneOS Someone is clearly salty from the previous conflict.