E.g., I want them to be able to use Disney+, and I want to be able to install new apps from Google Play, but I don't want THEM to install new apps or use a web browser.
All my kids are under 10 years old. They can figure out basic settings, usually. I can just hide certain apps but they tend to find them while messing around.
Google allows you to create child accounts, which can be controlled by parent accounts. However, it doesn't seem possible to sign into a child account on a Fire (I seem to recall that this has always been a limitation).
Amazon provides some sort of kid account mode but it doesn't work with Google stuff.
I can just not give them the Wi-Fi password, but that's the nuclear option.
I might be able to install LineageOS and do something with that, but I'd prefer not to go to so much trouble. Using the Fire Toolbox is much less time-consuming.
My best bet at the moment seems to be NetGuard, which can disallow certain apps from accessing the internet. It seems to work pretty well, but there's no way to password guard it, so they'd probably eventually disable it by accident or while trying things out.
Any methods I haven't thought of?
Sadly the only way you could do this is install lineage os
MiskerHotck said:
E.g., I want them to be able to use Disney+, and I want to be able to install new apps from Google Play, but I don't want THEM to install new apps or use a web browser.
All my kids are under 10 years old. They can figure out basic settings, usually. I can just hide certain apps but they tend to find them while messing around.
Google allows you to create child accounts, which can be controlled by parent accounts. However, it doesn't seem possible to sign into a child account on a Fire (I seem to recall that this has always been a limitation).
Amazon provides some sort of kid account mode but it doesn't work with Google stuff.
I can just not give them the Wi-Fi password, but that's the nuclear option.
I might be able to install LineageOS and do something with that, but I'd prefer not to go to so much trouble. Using the Fire Toolbox is much less time-consuming.
My best bet at the moment seems to be NetGuard, which can disallow certain apps from accessing the internet. It seems to work pretty well, but there's no way to password guard it, so they'd probably eventually disable it by accident or while trying things out.
Any methods I haven't thought of?
Click to expand...
Click to collapse
What fire os version are you on? If you're below 6.3.x.x you don't have to open the device up
Related
Anyone playing with 4.2 yet?
Second and subsequent users seem to have to go through some kind of set up. Can they/do they need to use a Google Account they already have on another device? Is it a good idea for them to do so?
WibblyW said:
Anyone playing with 4.2 yet?
Second and subsequent users seem to have to go through some kind of set up. Can they/do they need to use a Google Account they already have on another device? Is it a good idea for them to do so?
Click to expand...
Click to collapse
was just playing around on mine yeah it seems it's set up as another user (inc google sync everything) what i was hoping for was like a guest account that could browse the web use some of the apps (according to a whitelist or something) say im with some friends and am streaming music and want to be able to let them use it without giving them access to my email and other stuff?
sadly not to be i fear unless someone can allay my fears?
Looks like you have to emulate a guest user by pre configuring them as a 'dummy' account, with dummy email etc.
Would be difficult to get them access your paid apps though. And what if you set up free apps under that account? Are re downloaded and take up space? That would be a bummer for big apps like games.
WibblyW said:
Looks like you have to emulate a guest user by pre configuring them as a 'dummy' account, with dummy email etc.
Would be difficult to get them access your paid apps though. And what if you set up free apps under that account? Are re downloaded and take up space? That would be a bummer for big apps like games.
Click to expand...
Click to collapse
exactly want to show the thing off but don't want to have to stand over them making sure they don't go rooting around
WibblyW said:
Looks like you have to emulate a guest user by pre configuring them as a 'dummy' account, with dummy email etc.
Would be difficult to get them access your paid apps though. And what if you set up free apps under that account? Are re downloaded and take up space? That would be a bummer for big apps like games.
Click to expand...
Click to collapse
How is this going to be managed then?
Good Point !
Wilks3y said:
How is this going to be managed then?
Good Point !
Click to expand...
Click to collapse
I've tried that out with my girlfriends account and it seems like if you download an app, which you already have on your device, it "installs" it almost immediately. There is no re-download of the file. However, if you start the app you'll see a new instance of it, without any data taken from your other account. Maybe there are some apps which keep their settings but those which I've testet so far seem to start naked. This will mean that the app itself will only stored once, the data like savegames etc. is stored per user.
What bugs me is that there seems no way (maybe with root) to access the internal storage area of the other user. As example, I have some movies stored on my device and I can only access them in the account which was active, when I copied the files to the device.
Edit:
BOOOM: Here we go. Tried to install the facebook app on two users and got the following message:
"You cannot install this app because another user has already installed an incompatible version on this device"
Seems like Google adding this feature is only one part of the story. I think there are quite a lot apps out there which will run into the same issue.
Edit2:
Looked a little bit deeper into this and found out, that this was NOT caused by an incompatibility issue from the facebook app itself. I've modified the apk (for testing purposes, don't use facebook much) with "AppGuard" and installed it outside of the google play store. As I tried to reinstall the facebook app from the play store I ran into the previous described error message.
So am I correct in thinking there will be no way to "make apps available" to all users? I thought this would be a great tool for my son, so i can basically say you can have access to these 10 games and that's it. but if i have to add my google account then "install" each game that's going to be a pain in the arse!
Is there no resource documentation on this? I looked I could not find anything on google that addressed apps really at all.
Each user appears to get a their own "home" directory created in /mnt/shell/emulated.
Default user dir is "0"
Second user dir is "10"
Each contain the standard dir's from 4.1 and earlier.
I took a CWM nandroid backup immediately after upgrading and the clockworkmod folder is in the same directory, so I'm guessing that any app that uses the old-style home path will need updating.
since adding the second user SuperSu has had issues - hangs & then crash, and the Settings app crashed - if I have time I'll revert to stock, upgrade again, and then add another account without rooting & installing supersu/busybox et al.
Hey Nexus 7 peeps!
Santa Claus brought my kids (7 & 8yrs old) N7 tablets for Christmas. I've been researching alternatives for locking them down, and haven't found anything (yet) that really meets the needs. For reference, I've setup the kids Windows 7 PC with Microsoft Family Safety & Security & about a thousand group policies. Given all that I have no worries right now leaving them with the PC with minimal supervision. They use chrome and I have it setup to use the Microsoft FSS site to do any websearches they do.
So.. I'd like to do something similar with their tablets. I have about 3 days before they come back from their grandparents house to get these things configured. I'm currently setup as the "owner" and my kids have their own users setup. For the moment, they are hooked up to my google account. I'm not adverse to changing that, but want to figure out what the options are first.
Heres my thoughts on what they should have:
Chrome, only if I can put some kind of filtering on. Not opposed to OpenDNS (router is setup with DD-WRT already). I'm not obsessed with allowing chrome (or web browser access) right now.
Play store hidden or disabled. I've required a pin for purchase & in-game purchase, which is fine for now but not ideal.
Google now/etc fine if some parental controls can be added.
Email available only to/from people on parent managed contact list, or disabled completely.
Prefer to have a launcher that has a subset of all available apps, and perhaps drawer restrictions/etc
I'm totally not opposed to rooting or whatever would help with this, or even installing CM10 or something if it would help.
I feel like I must be missing something. All of this seems so very basic to me, yet I've not yet found what I'm looking for. There must be other people who got N7s for kids, and want to have a little bit of parental control over whats going on here. I'm looking for recommendations on how to proceed.
Thanks in advance, appreciate any advice offered.
-Blu
http://www.wikihow.com/Block-Porn-on-Android
This is to get you started, I haven't done much other research.
check out this post of mine: http://forum.xda-developers.com/showpost.php?p=35197028&postcount=2
OP was asking whether create a separate account for her daughter or not.
And answers to your specific questions:
- Chrome doesn't support any plugins, there are system-wide apps that filter content (probably root required)
- disable it with link2sd or any app that handles apps, nova launcher (and many others) can hide apps from app drawer, its still there, just not in the drawer. (though with filtering, i dont know why you would disable play store, with no credit card its harmless)
- I don't really understand what you mean, but google search does have filtering.
- either remove gmail/email completely, or filter emails in gmail filter settings (sth like anything not from dad, mom, relatives, directly remove. Can be done with no problems, the same way you would handle labels in gmail)
- any aftermarket launcher pretty much. check nova, apex (those are built on stock ics/jb launchers) both enable to hide apps from drawer, but everything can be reset with some tinkering. Google for some kid launchers or sth, I'm sure there is stuff.
I think you're panicking too much to be honest. Its not a gsm device, it doesnt send txts, so you will not get a 100$ bill at the end of the month, apps in play store are safe with filtering (I'm pretty sure you can lock that too), and if they're not tech savvy they shouldn't find their way around your little tricks, but don't underestimate them, kids are very smart, and just may surpass you sooner then you know.
If you have to set so many restrictions on devices, you shouldn't have gotten them in the first place, rather get nintendo DS or PSP.
Awesome, thanks for the advice. I'm looking through your recommendations now. This is my first experience with "Real" jellybean.... I've been using a seriously hacked CM10 for my Droid X2. So this is the first time I've had the opportunity do deal with mutliple users. The cool thing I've found is that apps can be disabled per-user, which makes things a lot easier. Many of the apps that I dont really want them to have, I've just disabled and all seems to be well. I signed them both up with their own Gmail accounts, and I'll monitor that on my own.
My kids are definitely tech savvy, I'm an application developer & generally a white-hat hacker; some of that has rubbed off on them. I think everything is cool now, your point about the google store w/o credit card is totally valid, and I hadn't even considered that. Given that, I've setup restrictions on content from store, content in chrome, and content in youtube. I still want to do a little research on content control in Chrome (plus it will give me a valid excuse to root it, everydamnthing in my house needs to be hacked in some way :good
It may well be that I've panicked too much. Its just that the windows setup is so completely perfect, that I'd like it to be on par. I trust my kids, but only so far. My elder has a form of autism that complicates discussions about what to/not to do.
Appreciate your recommendations!
-Blu
Quite sure the play store got an update recently that requires the account password when attempting to buy any pay apps. It does on mine here anyway. just checked my sons stock tablet and it looks like Google have finally got their act together and are using server side authentication for purchases.
Oh and if you do get the tablets rooted this little program is a must
https://play.google.com/store/apps/details?id=com.fivehellions.android.muappshare
Allows you to share and control apps between user accounts on same tablet. I use it to let my son play my paid games whilst restricting him from using my account.
Cheers Danny
I know that go launcher allows you to hide apps, and you can use a password program to restrict access to the go launcher settings. Just my 2¢.
Sent from my Nexus 7 using Tapatalk HD
Thanks for the appshare. That is brilliant. Haven't used it yet, but I'm certain I will. Both are now rooted w/ CWM installed. For now I'm going to leave them with stock browser.... at 7 & 8 they're not yet actively searching for things they shouldnt be. I'll address that as it comes, but I'm way glad I rooted them now, as unlocking kills user data.
My wife is an Apple junkie (yes, yes, you can save the comments) but even she was impressed with the 4.2 ability to switch users, a feature starkly missing from iThings. I explained that it was a decision brought down by the Ghost Of Steve Jobs, and not an oversight.
End of the day... getting very close to having them configured properly, and none too soon. The kidlets return tomorrow afternoon from grandparents....
-Blu
toidimaet said:
Quite sure the play store got an update recently that requires the account password when attempting to buy any pay apps. It does on mine here anyway. just checked my sons stock tablet and it looks like Google have finally got their act together and are using server side authentication for purchases.
Oh and if you do get the tablets rooted this little program is a must
https://play.google.com/store/apps/details?id=com.fivehellions.android.muappshare
Allows you to share and control apps between user accounts on same tablet. I use it to let my son play my paid games whilst restricting him from using my account.
Cheers Danny
Click to expand...
Click to collapse
It only does that when I try to use my play credit. If I use a credit card, it doesn't prompt me
Sent from my Nexus 7 using xda app-developers app
XxSHaDoWxSLaYeRxX said:
It only does that when I try to use my play credit. If I use a credit card, it doesn't prompt me
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
Ah, I am using a debit card in the UK. It could be a card type thing or even a country thing.
Sorry it took me so long to post and you have set up the tablet, but here's what i did for my daughter's N7:
I set her up with her own Gmail account. Rooted and unlocked the N7 and set it up as hers.
I added her account to my N7 so i can see activity etc. Case, screen protector and stylus.
APPS:
Adfree of course
Avast! In case it is ever lost, & some nice anti virus etc
Smart App Protector - password protect any app....so although I got her her own email address, she can't read, or send email without password...you can lock down the browser too, which I did, because she has games with links that will open a browser. THIS app is awesome.
Parent Dashboard, because it has some fun videos and apps -
I toyed with this being her desktop for a bit but too restrictive - I do like the ability to send her video messages (shared custody).
Skype so we can video chat (only for contacts, natch).
I don't have a credit card attached to her account, but if she wants to buy, I can do a couple things...add it on my N7, buy add to her wishlist them she can d/l on her. Our i can add cc and buy on hers and remove cc.
I think that's about everything and let her go to town.
Sent from my Nexus 7 using xda app-developers app
Hello,
I currently work for a market research company using Nexus 7 tablets to conduct surveys and questionnaires. We have a DP team which develop the apps for surveys which we put out on Google Play or can add manually. We currently have over 60 Nexus 7 tablets (2012 model) running Android 4.4.2. The current workaround securing the tablet is using Go Launcher, App Lock and WiFi Manager using a restricted account with Encryption on each device. This set up fine... however the two accounts setup is a hassle for the end users who are not technically proficient or use tablets or smartphones on a daily basis, so we need to down it one account. Also secondly, when we have new surveys and push them out, it does download to the main admin account of the tablet, but the hassle of, making it active for the restricted account is what the issue is because giving the end user access the main account defeats the whole purpose of what we are trying to do.
So I have managed to get hold of 2 tablets for testing, unlocked and rooted them both using the handy Nexus Root Toolkit. On one device, I created a main account, with Nova Launcher (instead of go launcher), App Lock and WiFi Manager. I have not put any encryption yet that will come after. I then created a nandroid backup of the tablet in which I restored it to the other device. The restore was perfect and at this point I thought that it's managed what we needed to do. However, on the two devices, we have two separate Google accounts, we have done this to spread out the devices across different accounts due to the amount of tablets we have. Upon pushing out an app to one device from Google Play, it would for some strange reason try to download on the other device and throw up an error message saying "could not download", even though the tablets have two separate google play accounts.
I made another nandroid back up, but this time without any google play/account information stored on the tablet but this to no avail did help. I even tried changing the device ID from Titanium Backup on both devices and still did not work and Google Play seems to think both devices are the same.
So my question is, what do I need to do in order to remove any Google Play info from the devices so google play doesn't recognize them both as the same device.
Everything else works perfectly fine so far and still are testing this out.
Thank you in advance
Irfan
Any one got a solution for this?
I just purchased the Amazon Moto G4 edition for my son who is 8yrs old, and I understand he's a little young for a phone. However, a few of his buddies have phones and I thought it was a great way to help him read and type better through texting. I'm also not planning on paying for Cell service but rather use Wifi for SMS and Calls through hangout. And maybe get him freedom pop for in an emergency.
Now, with that said I created a gmail account that I control (my password, my recovery email/phone #, etc.) and then used this to setup the Play store. I set up all the restrictions in the play store to what I believe is appropriate and of course I locked it by setting up my own PIN code so he couldn't change them.
I also setup his own google voice number and tied it to google hangouts/dialer but I can also monitor what he is doing on my phone periodically if I wanted. I'm not interested in him using Snapchat, WhatsApp, or any other kind of social network.
I've also setup OpenDNS on the wifi account he uses at home. So I think I have things pretty much locked down with the exception of installing from Unknown sources. And although he probably isn't computer savvy enough yet, at some point he will be.
So, with that said is there anyway I can build a rom that disables installing from Unknown Sources? Also, any other recommendations and tips from others are welcome.
Thanks.
He can get rid of everything you did if he could factory reset
seth.dean02 said:
He can get rid of everything you did if he could factory reset
Click to expand...
Click to collapse
Of course he could, but he's 8! He's probably not savvy enough to circumvent my efforts yet and when he is I'll change my approach.
pabdaddy1995 said:
Of course he could, but he's 8! He's probably not savvy enough to circumvent my efforts yet and when he is I'll change my approach.
Click to expand...
Click to collapse
Try one of the apps that allows you to lock apps. One is Applock and you may be able to lock down settings. That would prevent him from changing anything. You've probably thought of it already but some type of tracking app is a necessary safety measure for a child's phone. LOL, when he becomes a teenager you'll need the tracking for many more reasons.
I'll try to make it as simple as I can.
Here is what I want:
CyanogenMod with root privileges
Full control over which app, service or system component can access my data and the Internet.
(at the moment for instance I can't alter the "network access" privileges of my apps)
Safe to use speech recognition software
Safe to use, sophisticated navigation software
My questions:
Is that even achievable without a ton of work?
Is there a simple way to flash CyanogenMod without pre-installed bloatware? (e.g. Google apps, Skype, Cortana, ...)
Which tools should I use to make sure that apps can only access what I want them to?
Is there speech recognition software for Android that doesn't require Internet access?
Is there a navigation app that is capable of using the offline maps of Google Maps without requiring an Internet connection?
(e.g. Google Maps makes itself useless if you don't update from their servers every 30 days)
From your experience, do apps refuse to work when you deny certain privileges?
ferivon said:
I'll try to make it as simple as I can.
Here is what I want:
CyanogenMod with root privileges
Full control over which app, service or system component can access my data and the Internet.
(at the moment for instance I can't alter the "network access" privileges of my apps)
Safe to use speech recognition software
Safe to use, sophisticated navigation software
My questions:
Is that even achievable without a ton of work?
Is there a simple way to flash CyanogenMod without pre-installed bloatware? (e.g. Google apps, Skype, Cortana, ...)
Which tools should I use to make sure that apps can only access what I want them to?
Is there speech recognition software for Android that doesn't require Internet access?
Is there a navigation app that is capable of using the offline maps of Google Maps without requiring an Internet connection?
(e.g. Google Maps makes itself useless if you don't update from their servers every 30 days)
From your experience, do apps refuse to work when you deny certain privileges?
Click to expand...
Click to collapse
Dude- You should start developing your own rom in this case.
But consfused here and at this point i think you dont know.
CyanogenMod & Cyanogen OS
Assuming- when you said, cortana etc etc--- i think you are on cyanogen OS.. Which is the original OS for 1+1.
1- To achieve, you need to work.
2- Some optimized COS builds in XDA one android dev section- try a search. but not latest 13.1.2-ZNH2KAS3P0. Root using SuperSU. and use system app uninstaller to remove apps you dont need. Some debloater zips also lurking around in XDA. If you install CyanogenMod, then no need of gapps flashing if you dont use google account.
3. you can stop background data for the apps you dont want. Settings in most roms.
4. Speech recognition can be used offline after u download all languages of your choice. Not 100% and dont use it.
5. Try Maps.me. i didnt know google map needed to be force updated every 30 days unless some one restructures the entire landscape and routes.
6. Certain apps refuse to work if you dont grant permission. yes. its like telling some 1 without hands to eat from hand,.
:good:
Thank you so much for your reply. I indeed did not know that there is a difference between Cyanogen OS and CyanogenMod. But if I understood you correctly, CyanogenMod comes without gapps. (I hope it also comes without Google Play Services?)
The offline speech recognition you linked to seems to be from Google. I bet it will require Google Play Services and an Internet connection after some time, just like Google Maps does and I'm really afraid of that.
I might give Maps.me a try, but I think Google Maps still has by far the best most detailed and correct maps especially when it comes to POIs.
I would consider using official Google Maps, if there was a 100% safe way to wipe all the data the app collects before I allow it to update the maps. Alternatively, maybe I could download the apps from a second device and just copy the map data over to my main device every once in a while.
An even more crazy approach might be to spoof the time/date data for Google Maps so that it thinks the 30 days haven't been reached yet.
But I would still be very concerned about Google Play Services. Would microG be sufficient for my purposes to replace Google Play Services?
edit:
Okay, I have a rooted CyanogenMod without gapps now on my OPO.
edit2:
I have Xposed with modules "Xprivacy" and "Per App Hacking" installed now.
Xprivacy is an app permission manager and "Per App Hacking" can be used to spoof the system time an app will see. Hopefully I'll be able to fool Google Maps with it.
edit3:
I have microG installed now. Hopefully this will be enough to run Google Maps.
I really need to make sure I understand Xprivacy before that though.
My recommendations:
1. I recommend full device encryption with long and secure boot password and easy to use pin lock screen password. Here's more info: http://forum.xda-developers.com/general/security/guide-separate-passwords-encrypted-t3048072
2. Get an email address from a provider that respects user privacy i.e. Riseup. https://riseup.net/
This is one the most important things to do if you don't want google / yahoo / microsoft scanning your email for surveillance / marketing purposes.
3. Use apps from F-Droid. It's an app "store" for open source apps.
4. Always use Afwall+ to have control over which apps have access to internet. Even better if you use Afwall with combination of Orbot. This way you can route some apps through tor (need a custom script though). Orwall does the same thing more easily.
5. Instead of closed source Supersu, use open source superuser http://forum.xda-developers.com/android/software-hacking/wip-selinux-capable-superuser-t3216394
6. For maps I recommend openstreetmap. Download Osmand from F-Droid. It has navigation too.
7. For cellbased location provider, use unified location provider found from F-droid. It's connected to microg projects.
8. For encrypted SMS use Silence from F-droid (recipient needs the same app if you use encryption).
9. For encrypted instant messaging use Conversations (XMPP client) from F-DROID. Or Riot (which will soon have strong encryption).
Hey tofu thanks for your answer, I appreciate it!
I'm only really concerned about my phones software spying on me.
About the email thing: I'm running my own email server for that.
But I'm still looking for a way to anonymously creating a google account without providing my phone number.
I'm using F-Droid already and it's great.
I'll never go back to the play store that's for sure.
And for anyone else reading this, please don't touch the amazon app store, it's pure poison.
I'm also using AFWall+ already, but I'm not satisfied at all. The creator doesn't really seem to care about ensuring that no data gets leaked ever. I read a lot of reports that data was being leaked every once in a while, especially during system boots.
This is really scary to me... I'd really like to have a safer firewall.
Blocking Internet/networking permissions directly just causes apps and the system to become extremely unstable. I soft-bricked my phone like 5 times while playing around with it the last few days.
I was not aware supersu was closed source. I'll switch to the open source alternative soon.
I just installed OsmAnd~ and I'm not very satisfied. Navigation was ok, the tts voice was absolutely terrible and I wasn't able to find a single POI, I wouldn't even be surprised if it would fail to find the next McDonald's to my place. Google Maps just seems completely unmatched to me.
And about that: I was actually able to get Google Maps running without Google Play Services installed and I was able to successfully use it offline, spoofing the system time for that app, so that my maps would never become outdated. I notices a few downsides though, for example it only works for car navigation (bicycle mode etc are not available). After completing the installation of all the microG components I wasn't able to get it to work anymore though (I couldn't download the offline maps, because I couldn't enter my google account data anymore...).
But I'll figure out how I did it and go with Google Maps then.
To complete the microG installation I installed unifiedNlp with GSMLocationNlpBackend.
For encrypted messaging I'll probably be forced to stay with WhatsApp, as I can't possibly convince all of my friends to switch. But hey at least WhatsApp claims that your messages are end-to-end encrypted.
But obviously WhatsApp will always know who I know... that problem seems pretty much unfixable to me though...
I have btw also tried to get Google Now (speech recognition) to work offline. But I was unsuccessful. I have read reports of others getting it to work for literal voice to text applications... it won't take voice commands though. So that's not very useful... unless there was a way to define your own voice commands somehow.
But my biggest worry at the moment really is the firewall. I feel like there is nothing that you can really trust to work reliably.
And also the fact that Xprivacy can't restrict file access to certain folders... it's either all or nothing.
The worst of all might actually be IPC though (inter process communication) which a lot of apps require permissions for. And from what I understand any app with that permission could use another app as a sort of proxy to access the Internet.
I'm using a Google-free device with maximum privacy, so maybe I can not answer all your questions but I can give you an idea. First of all - disclaimer: I'm here because my girlfriend has an Oneplus One (OPO), but I do not have one. I use her old Nexus 5 (N5), but you will get the general idea. You already noticed there is a difference between CyanogenOS (COS) and CyanogenMod (CM). It also took me a while to figure out that difference. If you still have a stock Android in your OPO, it should be a COS 13.1 which is based on Android 6.0.1 and comes with alot of bloatware from Google and Microsoft.
1. First step is to find a suitable ROM for your needs. If you are used to COS and have not much experience in chosing custom ROMs, you should give CM a try. Here is the official wiki which includes Download links and installation instructions: https://wiki.cyanogenmod.org/w/Bacon_Info
2. The 2nd step after installing CM is the full device encryption, can be found in Settings > Security. If you do it on a clean phone without any apps and data it only takes a couple of minutes and chances of breaking stuff are low at this step.
3. Now I usually root it (with SuperSU) and install some magic which is called XPOSED framework. It's something which allows you to install modules on your phone on system level, not like an Appstore, but rather like a Tweakstore. There are a lot if chances you break stuff and most of the modules do not work with CM, however, one module to beat them all is the XPRIVACY module. It gives you back full control on everything. You can manage App permissions, you can fake permissions or if apps do not want to run with your set of permissions, you can even feed fake data (like wrong GPS signals, etc.). Read more here. http://repo.xposed.info/module/biz.bokhorst.xprivacy
4. F-Droid, yeah, the one open-source repository for your new apps. I'll install it at this point.
5. Now, that the device is flashed with CM, probably rooted and with a custom recovery, you have to flash a stock recovery again and lock the bootloader. Stock recovery because it does not allow any malicious party (hacker with physical access, police, intelligence services, etc.) to deploy any code to your phone which compromises your privacy. Locked bootloader is important to disallow any malicious party to boot anything they want which also compromises your privacy.
And this is pretty much what you need to get started, a rock solid environment free from Google. Make sure you have a strong PIN, I also use randomized screen locker, so people can not "observe" the way you enter your PIN.
For encrypted calls and SMS there is Signal, but that does not work without Google services and LibreSignal, the Websockets version, was discontinued just recently. For encrypted IM use ChatSecure rather than Conversations. Both are XMPP clients, but Conversations does not allow you to import or export OTR keys, which is very annoying for an Jabber client. For not so sensitive chats, I use telegram.
Finally, not having Google Play and Google Services available, makes the experience a totally different for the android device. Apps like Snapchat which do not require Google, but still do for some unknown reasons checks for Google, wont run. Also, a lot of apps work without Google, but you can't install them without downloading suspicious APKs from dubious websites. Be very carefull from where you download and install software if you can not find what you need in F-Droid.
I hope that helps you for your considerations.
---
Edit, one more final note. I also use OsmAnd and have to say it never let me down on any occasion (except when I forgot to download the maps before going somewhere remote without internet). The geodata quality is excellent in most urban areas, but the interace and usability are a mess. If you find your way around in the interface, the navigation works out pretty well. I sometimes have issues calculating very long routes, but you start to live with that.
Thanks for your input 5chdn! Most of the stuff you mentioned it already on my phone.
I made some progress yesterday and I'd like to share my current configuration:
All the apps I mention in this post are (at the time of writing) available in F-Droid, unless stated otherwise.
Everything I mention in this post is free and open source, unless stated otherwise.
Recovery Image: TWRP
ROM: CyanogenMod
'Apps' that have to be flashed:
SuperUser (this roots your phone which means you can grant root access to apps)
Xposed (provides a lot of important privacy tools)
Apps:
F-Droid (app store that provides free open source apps)
AFWall+ (manage which app can access the Internet)
Autostarts (manage triggers that apps can use to start themselves)
AdAway (can remove ads from apps)
Xposed Modules:
BootManager (manage which apps can start on boot)
Xprivacy (manage/spoof app permissions for privacy)
Safely using Google Maps offline permanently:
Please note: Google Maps is not open source.
Install microG (open source alternative to Google Play Services)
The installation complete installation consists of:
'microG Services Core' (aka 'GsmCore') (app)
At the time of writing this app is NOT available in F-Droid. This app also automatically installs 'µg unifiedNlp (NO GAPPS)' for you.
'microG Services Framework Proxy' (aka 'GsfProxy') (app)
'FakeGapps' (Xposed module)
'FakeStore' (app)
'XposedGmsCoreUnifiedNlp' (Xposed module)
'LocalGsmNlpBackend' (app)
'NominatimNlpBackend' (app)
'µg unifiedNlp (NO GAPPS)' (app) (will be installed automatically!)
Install 'Per App Hacking' (Xposed module)
Use this module to spoof the system time/date that Google Maps sees e.g. to '2016-10-14 10:00' so that offline maps don't become outdated. The feature to spoof the time is called 'time machine'.
I would really like to improve what I got so far and share it with the community.
If you know of anything that could help improve privacy please tell me.
I do not mention things like device encryption, passwords, lock screens etc, as these are a separate issue.