I have just received a Samsung galaxy fold5 through the post, however I imagine it’s full of bloatware and I’m inexperienced with this type of device. What is the first things that you would do to secure it? Thank you 😊
Edit: I mean to be more privacy focused
I think you confuse security and privacy. Samsung are pretty secure from what I saw. They are not private at all however. You can debloat it with adb and maybe tools such as Universal Android Debloater.
There is a couple of guide such as this one: https://linustechtips.com/topic/1402380-ultimate-samsung-oneui-debloat-privacy-customization-guide/
Hey that’s me!
One thing I noticed is I never updated the app icon customization section. You don’t need Asapticons/Icon mixer. Themepark has an option to add custom icons now!
I can also post my De-Bloater config (root only)/list of apps (that can be used to disable them via ADB) I’ve removed when I update the post in a bit.
I’m still on Fold3/OneUI 5.1 but apps should be similar.
I use FOSS applications as much as I can and try to avoid all samsung and google apps. In addition to that I’m always on pi-hole network to block background network requests by Samsung/Google
Some apps I use:
- k9-mail
- Zulip
- Nextcloud/Talk/Notes
- tasks.org
- Signal
- F-Droid
- Magic Earth
- NewPipe
- Keepass2Android
- Brave
- Collabora Office
Don’t think I’d actually recommend Brave to anyone, it’s definitely not as privacy focused as they claim.
Problems with Brave
I pasted here the post by u/foamed [https://libreddit.oxymagnesium.com/u/foamed] at https://www.reddit.com/r/FoamList/comments/q4z5js/brave_browser_controversies/ [https://www.reddit.com/r/FoamList/comments/q4z5js/brave_browser_controversies/]
Some information about the co-founder & CEO of Brave, Brandon Eich [https://en.wikipedia.org/wiki/Brendan_Eich].
Controversial past and opinions:
- https://blog.mozilla.org/en/mozilla/brendan-eich-steps-down-as-mozilla-ceo/ [https://blog.mozilla.org/en/mozilla/brendan-eich-steps-down-as-mozilla-ceo/]
- https://www.theverge.com/2014/4/3/5579516/outfoxed-how-protests-forced-mozillas-ceo-to-resign-in-11-days [https://www.theverge.com/2014/4/3/5579516/outfoxed-how-protests-forced-mozillas-ceo-to-resign-in-11-days]
- https://www.bbc.com/news/technology-26868536 [https://www.bbc.com/news/technology-26868536]
- https://www.standard.co.uk/tech/mozilla-boss-brendan-eich-quits-in-row-over-his-opposition-to-gay-marriage-9237701.html [https://www.standard.co.uk/tech/mozilla-boss-brendan-eich-quits-in-row-over-his-opposition-to-gay-marriage-9237701.html]
- https://www.theguardian.com/technology/2014/apr/02/controversial-mozilla-ceo-made-donations-right-wing-candidates-brendan-eich [https://www.theguardian.com/technology/2014/apr/02/controversial-mozilla-ceo-made-donations-right-wing-candidates-brendan-eich]
Anti-vaxxer:
- https://www.nytimes.com/2020/12/22/business/brave-brendan-eich-covid-19.html [https://www.nytimes.com/2020/12/22/business/brave-brendan-eich-covid-19.html]
- @BrendanEich: “Fauci lies a lot.” - Dec 11, 2020 [https://twitter.com/BrendanEich/status/1337496169690230784]
- https://www.reddit.com/r/BATProject/comments/khmbvl/do_you_feel_that_brendan_should_step_back_from/ [https://www.reddit.com/r/BATProject/comments/khmbvl/do_you_feel_that_brendan_should_step_back_from/]
Eich pushed an anti-vaxx conspiracy on Twitter: https://twitter.com/BrendanEich/status/1538253982845399040 [https://twitter.com/BrendanEich/status/1538253982845399040] - If you look at the “source” it’s from a nutritionist who’s also a conspiracy nut. There are no verifiable and trusted sources.
Here are some controversies surrounding Brave and their browser over the past couple of years:
Privacy related:
- https://www.lifewire.com/brave-browser-falls-short-of-its-promises-of-privacy-5206799 [https://www.lifewire.com/brave-browser-falls-short-of-its-promises-of-privacy-5206799]
Brave automatically redirected searches to affiliate version of URL’s which Brave profits from:
- https://decrypt.co/31522/crypto-brave-browser-redirect [https://decrypt.co/31522/crypto-brave-browser-redirect]
- https://www.zdnet.com/article/privacy-browser-brave-busted-for-autocompleting-urls-to-versions-it-profits-from/ [https://www.zdnet.com/article/privacy-browser-brave-busted-for-autocompleting-urls-to-versions-it-profits-from/]
- https://www.theverge.com/2020/6/8/21283769/brave-browser-affiliate-links-crypto-privacy-ceo-apology [https://www.theverge.com/2020/6/8/21283769/brave-browser-affiliate-links-crypto-privacy-ceo-apology]
Brave collected donations on content creators behalf without consent:
- https://bitcoinist.com/brave-browser-donations-not-optional/ [https://bitcoinist.com/brave-browser-donations-not-optional/]
- https://www.theblockcrypto.com/daily/5839/brave-browser-is-collecting-donations-on-your-behalf-did-you-know [https://www.theblockcrypto.com/daily/5839/brave-browser-is-collecting-donations-on-your-behalf-did-you-know]
- https://davidgerard.co.uk/blockchain/2019/01/13/brave-web-browser-no-longer-claims-to-fundraise-on-behalf-of-others-so-thats-nice/ [https://davidgerard.co.uk/blockchain/2019/01/13/brave-web-browser-no-longer-claims-to-fundraise-on-behalf-of-others-so-thats-nice/]
Brave leaked Tor/Onion service requests through DNS:
- https://www.reddit.com/r/netsec/comments/lndfms/more_in_comments_brave_browser_leaks_your_tor/ [https://www.reddit.com/r/netsec/comments/lndfms/more_in_comments_brave_browser_leaks_your_tor/]
- https://github.com/brave/brave-browser/issues/13527 [https://github.com/brave/brave-browser/issues/13527]
- https://www.ghacks.net/2021/02/25/latest-brave-browser-update-fixes-tor-onion-dns-leak/ [https://www.ghacks.net/2021/02/25/latest-brave-browser-update-fixes-tor-onion-dns-leak/]
And this to some degree where they temporarily whitelisted certain Facebook and Twitter trackers without telling their users:
Sending unsolicited marketing mail to users, though Brave claim its all anonymous:
- https://twitter.com/sebmck/status/1531740563900448769 [https://twitter.com/sebmck/status/1531740563900448769]
- https://www.reddit.com/r/brave_browser/comments/t4gzuw/update_on_braves_ongoing_direct_mail_marketing/ [https://www.reddit.com/r/brave_browser/comments/t4gzuw/update_on_braves_ongoing_direct_mail_marketing/]
And if you want more, here’s some more. https://www.reddit.com/r/privacy/comments/v44vut/brave_browser_sending_unsolicited_marketing_mail/ [https://www.reddit.com/r/privacy/comments/v44vut/brave_browser_sending_unsolicited_marketing_mail/] that links this Twitter interaction: https://nitter.net/sebmck/status/1531740563900448769 [https://nitter.net/sebmck/status/1531740563900448769]
…if you really have trouble finding stuff on how Brave is terrible for privacy, I’m gonna go out on a limb and say you have trouble reading. It’s known by most people that it’s a scam. They sold private user data to machine learning companies, they are predominantly a crypto company who has a browser, they are chromium based, etc
Google play services constantly send information to google, the only functional and degoogled rom Ive found is Grapheneos.
Samsung locks their bootloader, so flashing is neigh impossible on them as of late.
The real downside of brave is the cryptocrap. It is still optional. However the fact that it support the chromium monopoly is also a bad point.
I can’t even find a custom or stock rom for it :/ You might not have picked the best phone for privacy my dude.
NetGuard is a good app to block internet access to apps you dont want connected to the web.
Use ADB to remove Google and Samsung bloatware and tracking. Ask around for help.
You should be able to use Heimdall to unlock the bootloader, but there isn’t currently a build of LineageOS or DivestOS for this phone, so unfortunately you cannot yet flash a custom ROM (AFAIK). However, rooting should work if you need this (although it can hurt your security a bit).
I’d recommend removing Google Play Services and replacing it with microG, although this may be complicated.
The best solution, however, is probably to exchange the phone for a more versatile model, such as a Google Pixel or a Fairphone.
