1. UK Passport Holder's Avatar
    Hi all! I kept my Passport as long as I could, but in light of its increasingly erratic behaviour, I decided to take the plunge for an Android phone. I am new to Android so please go easy on me...

    I wanted a secure phone so I knew using an Android would entail risks, but having had faith in Blackberry's ability to make a secure enough phone, I bought BBF100-8 when I touched down in Japan. I had this for less than a week but so far, it is working marvellously with the dual sim etc.

    I remain realistic in that I would not be able to protect my privacy against state-actors; fortunately I am a nobody. I am concerned though, by the way Google home-brewed apps appears to be integrated in a manner that allows extraction of data. My question therefore is how best to thwart it. Where there is a similar functioning app that is provided by Blackberry, my instinct would be to rely on the BB app and turn off as much of the permissions granted to Google app.

    To give you an idea of my usage style, I will be using my Key2 primarily to keep RT access to mails/SMSs, calls, taking occasional photos and sound recordings, and internet surfing when needed. I have installed VPN and secure mail apps. I won't be doing SNS or games.

    So for example,

    (1) Carrier Services - I guess I cannot disable this but what permissions are essential (I am guessing microphone and phone)?

    (2) Drive - I don't do clouds, and having seen so can I disable it completely?

    (3) Google Play services - is this Google equivalent of Apple App Store? I switched off all permissions - will this create a problem and if so what permissions are essential?

    (4) Location permissions - I only gave DTEK a permission to access location details. Does BB Hub+ Services or Support Centre (I am assuming this is BB, not Google, app) need access too to function properly?

    (5) BB Launcher - I have so far only gave permission to access phone, but seems to be working ok. Does this app need any permissions at all?

    (6) Productivity tab - is this Google app or BB app?

    (7) Gmail - I use Gmail but if I am accessing this using BB Hub+, do I need Gmail app at all or can I delete this?

    The list goes on for longer, but I won't elaborate it further here. Please feel free to direct me to a thread if one already exists elsewhere that explains each of these apps installed onto Key2 by default.

    Thanks in advance,
    rarsen likes this.
    04-22-19 03:08 AM
  2. chetmanley's Avatar
    @UK Passport Holder

    Hello,

    I can point you towards a number of threads on the topic and I'll put the links below but I'll provide a quick summary of what I recommend in order to make a BB Android, or any android for that matter, more private.

    My #1 recommendation is to simply disable all Google Services on the device. I realize not everyone will be comfortable with this based on varying degrees of reliance of Google products, but if you want a private device, it's the only way.

    "De-googling a keyone"
    https://forums.crackberry.com/blackb...esome-1114355/

    Simply turning off the permissions will not stop Google collection.

    If you want to reduce it as much as possible, then in addition to the permissions, you need to go into your Google Account settings and turn off every single switch you can find - the big ones being Web Activity and Location History.

    Now I'll address each of your bullets one by one.

    1) Carrier Services - you can disable this one if you don't use RCS messaging.
    https://www.droid-life.com/2017/03/1...vices-android/

    2) Drive - Safe to disable. If you go ahead and completely disable Google Play Services, then this app won't work anyway.

    3) Google Play Services - This can be safely disabled. Doing so will also prevent Google Play Store, Google App, Music, Videos, and Drive from working, at which point all of those can be disabled also.

    For a replacement for the Google Play App Store, look into Yalp.
    https://github.com/yeriomin/YalpStore/releases

    This app will allow you access to the Google Play Store without the need for a Gmail account and Google Play Services.

    4) Go into device settings, Security, then Location. Turn off Wifi and Bluetooth Scanning. Set your device to use GPS only (not the Hi accuracy option or the WIFI/BT fuction).

    The location permission in DTEK is safe to turn off. All it does it show you where your device was when an event was detected. With Google Play Services disabled, location will no longer work in DTEK.

    5) With BB Apps, if that particular app needs a Permission, it will tell you. It's safe to turn off the permissions, but if the app comes across a scenario where it actually needs it, then it will tell you.

    6) Productivity Tab is a BB Ltd app.

    7) You can delete the Gmail app.

    If you want to go even further, there is a way to disable even the "non-disableable" system apps. Using this method you can stop background telemetry being sent to BB and Qualcomm.

    "Disabling System Apps - XDA Method"
    https://forums.crackberry.com/blackb...ethod-1168996/

    I also recommend you use a Firewall application like Netguard www.netguard.me

    Unfortunately, this app requires the VPN service to function, which means your traditional VPN won't work at the same time.

    In order to get around this, I recommend you use Tor. There is a way to Socks5 proxy the firewall connections to Tor via an app called Orbot.

    This way your device's connections are routed via Tor, while still being able to control and monitor them with a firewall.
    The only downside is Netguard can't filter DNS requests through Socks5 to Tor. But you can set your DNS server to any you choose (ie Not your ISP).

    "How-To: Netguard+Orbot"
    https://forums.crackberry.com/blackb...orbot-1134676/

    Cheers
    Last edited by chetmanley; 04-22-19 at 09:24 AM.
    elfabio80, RCJ28 and thegioman like this.
    04-22-19 08:44 AM
  3. UK Passport Holder's Avatar
    Hi Chetmanley, thanks so much for your swift and detailed reply! This is extremely helpful - I will disable the Google apps and once I get more comfortable with the device I will try to disable the non-disableable system apps.
    04-22-19 12:31 PM
  4. joergbrandt's Avatar
    @UK Passport Holder

    Hello,

    I can point you towards a number of threads on the topic and I'll put the links below but I'll provide a quick summary of what I recommend in order to make a BB Android, or any android for that matter, more private.

    My #1 recommendation is to simply disable all Google Services on the device. I realize not everyone will be comfortable with this based on varying degrees of reliance of Google products, but if you want a private device, it's the only way.

    "De-googling a keyone"
    https://forums.crackberry.com/blackb...esome-1114355/

    Simply turning off the permissions will not stop Google collection.

    If you want to reduce it as much as possible, then in addition to the permissions, you need to go into your Google Account settings and turn off every single switch you can find - the big ones being Web Activity and Location History.

    Now I'll address each of your bullets one by one.

    1) Carrier Services - you can disable this one if you don't use RCS messaging.
    https://www.droid-life.com/2017/03/1...vices-android/

    2) Drive - Safe to disable. If you go ahead and completely disable Google Play Services, then this app won't work anyway.

    3) Google Play Services - This can be safely disabled. Doing so will also prevent Google Play Store, Google App, Music, Videos, and Drive from working, at which point all of those can be disabled also.

    For a replacement for the Google Play App Store, look into Yalp.
    https://github.com/yeriomin/YalpStore/releases

    This app will allow you access to the Google Play Store without the need for a Gmail account and Google Play Services.

    4) Go into device settings, Security, then Location. Turn off Wifi and Bluetooth Scanning. Set your device to use GPS only (not the Hi accuracy option or the WIFI/BT fuction).

    The location permission in DTEK is safe to turn off. All it does it show you where your device was when an event was detected. With Google Play Services disabled, location will no longer work in DTEK.

    5) With BB Apps, if that particular app needs a Permission, it will tell you. It's safe to turn off the permissions, but if the app comes across a scenario where it actually needs it, then it will tell you.

    6) Productivity Tab is a BB Ltd app.

    7) You can delete the Gmail app.

    If you want to go even further, there is a way to disable even the "non-disableable" system apps. Using this method you can stop background telemetry being sent to BB and Qualcomm.

    "Disabling System Apps - XDA Method"
    https://forums.crackberry.com/blackb...ethod-1168996/

    I also recommend you use a Firewall application like Netguard www.netguard.me

    Unfortunately, this app requires the VPN service to function, which means your traditional VPN won't work at the same time.

    In order to get around this, I recommend you use Tor. There is a way to Socks5 proxy the firewall connections to Tor via an app called Orbot.

    This way your device's connections are routed via Tor, while still being able to control and monitor them with a firewall.
    The only downside is Netguard can't filter DNS requests through Socks5 to Tor. But you can set your DNS server to any you choose (ie Not your ISP).

    "How-To: Netguard+Orbot"
    https://forums.crackberry.com/blackb...orbot-1134676/

    Cheers
    And you will increase your battery life as well.
    04-22-19 12:54 PM
  5. mikeath's Avatar
    +1 on disabling carrier services. This means apps do not update automatically and you can do them when you choose to (or remember to), saving data and battery life).

    Definitely review your google account and disable as much as possible including assistant. The downside is that some personalised recommendations will be missed (sometimes they actually get it right on some apps lik youtube), but personally I'd rather they know as little about me as possible which includes changing personal info to be at least a little off.

    I encrypt my device and sd card, and have enabled remote wipe function.

    Depending on just how tin foil hatty you are I cover the front facing camera and have somewhere to keep the phone which is RFID blocking as well. ironic really as I have nothing worth looking at! But it's the principle dammit lol
    04-22-19 02:38 PM
  6. chetmanley's Avatar
    Hi Chetmanley, thanks so much for your swift and detailed reply! This is extremely helpful - I will disable the Google apps and once I get more comfortable with the device I will try to disable the non-disableable system apps.
    Np,

    I forgot to mention - it's important to stop using Chrome.

    And just to add on - for anyone who plans to go all in and disable all Google Services - then it's worth considering just deleting your Gmail account all together. Google scans your inbox to target ads.

    There are many paid email providers with privacy in mind:
    www.privacytools.io has a number of recommendations.
    04-23-19 06:15 PM
  7. StJohnSmythe's Avatar
    Np,

    I forgot to mention - it's important to stop using Chrome.

    And just to add on - for anyone who plans to go all in and disable all Google Services - then it's worth considering just deleting your Gmail account all together. Google scans your inbox to target ads.

    There are many paid email providers with privacy in mind:
    www.privacytools.io has a number of recommendations.
    Do you think these actions would make a blackberry secured android device sufficiently robust to guard against an unlawful search at a border check? Assume phone is switched off and you forgot the PIN
    05-03-19 12:50 PM
  8. mikeath's Avatar
    one thing I've found with disabling everything is it disables youtube as well which I actually use quite a bit.
    05-03-19 01:48 PM
  9. chetmanley's Avatar
    Do you think these actions would make a blackberry secured android device sufficiently robust to guard against an unlawful search at a border check? Assume phone is switched off and you forgot the PIN
    No, these actions won't change the system level security of the device. That is all on BB Ltd.

    Based on open source documents, BB10 and BB Android have not been compromised by companies like Cellebrite yet, which would be the threat faced when crossing the border.

    Set a strong device password/phrase (use all 16 characters) Don't use pin or pattern lock and remove fingerprint unlock before crossing the border.
    05-03-19 05:24 PM
  10. chetmanley's Avatar
    one thing I've found with disabling everything is it disables youtube as well which I actually use quite a bit.
    I just watch it in the browser. Desktop mode will allow for multitasking with the video playing in the background or the screen off.
    05-03-19 05:24 PM
  11. scubafan's Avatar
    Hi all! I kept my Passport as long as I could, but in light of its increasingly erratic behaviour, I decided to take the plunge for an Android phone. I am new to Android so please go easy on me...

    I wanted a secure phone so I knew using an Android would entail risks, but having had faith in Blackberry's ability to make a secure enough phone, I bought BBF100-8 when I touched down in Japan. I had this for less than a week but so far, it is working marvellously with the dual sim etc.

    I remain realistic in that I would not be able to protect my privacy against state-actors; fortunately I am a nobody. I am concerned though, by the way Google home-brewed apps appears to be integrated in a manner that allows extraction of data. My question therefore is how best to thwart it. Where there is a similar functioning app that is provided by Blackberry, my instinct would be to rely on the BB app and turn off as much of the permissions granted to Google app.

    To give you an idea of my usage style, I will be using my Key2 primarily to keep RT access to mails/SMSs, calls, taking occasional photos and sound recordings, and internet surfing when needed. I have installed VPN and secure mail apps. I won't be doing SNS or games.

    So for example,

    (1) Carrier Services - I guess I cannot disable this but what permissions are essential (I am guessing microphone and phone)?

    (2) Drive - I don't do clouds, and having seen so can I disable it completely?

    (3) Google Play services - is this Google equivalent of Apple App Store? I switched off all permissions - will this create a problem and if so what permissions are essential?

    (4) Location permissions - I only gave DTEK a permission to access location details. Does BB Hub+ Services or Support Centre (I am assuming this is BB, not Google, app) need access too to function properly?

    (5) BB Launcher - I have so far only gave permission to access phone, but seems to be working ok. Does this app need any permissions at all?

    (6) Productivity tab - is this Google app or BB app?

    (7) Gmail - I use Gmail but if I am accessing this using BB Hub+, do I need Gmail app at all or can I delete this?

    The list goes on for longer, but I won't elaborate it further here. Please feel free to direct me to a thread if one already exists elsewhere that explains each of these apps installed onto Key2 by default.

    Thanks in advance,
    I was reading your post & planned to ask you what kind of secure email exists that can work on an android device? But then you said you use Gmail, which is the LEAST secure in terms of privacy, since scroogle is very up front about how they data mine everything including attachments... I personally pay $40 per year for email with HIPAA level security from Hushmail.com but I only access it from my PC. Did I miss something?

    Just my $.02, YMMV ! ;-) sent via my Q10
    05-07-19 05:01 AM
  12. scubafan's Avatar
    +1 on disabling carrier services. This means apps do not update automatically and you can do them when you choose to (or remember to), saving data and battery life).

    Definitely review your google account and disable as much as possible including assistant. The downside is that some personalised recommendations will be missed (sometimes they actually get it right on some apps lik youtube), but personally I'd rather they know as little about me as possible which includes changing personal info to be at least a little off.

    I encrypt my device and sd card, and have enabled remote wipe function.

    Depending on just how tin foil hatty you are I cover the front facing camera and have somewhere to keep the phone which is RFID blocking as well. ironic really as I have nothing worth looking at! But it's the principle dammit lol
    If I had zero interest in using ANY Google products is it workable to avoid giving them Any factual data? Also, is there anything like the BlackBerry Link that would let me keep my calendar, contacts, SMS etc only on MY PC without giving google any access to them? I'm toying with getting a Key to supplement my primary device (Q10) but if I put my AT&T SIM card into it I didn't know if they'll automatically be given my actual name, address etc.

    Because it isn't worth the privacy tradeoff to give them a single byte of personal information.

    Just my $.02, YMMV ! ;-) sent via my Q10
    05-07-19 05:12 AM
  13. chetmanley's Avatar
    If I had zero interest in using ANY Google products is it workable to avoid giving them Any factual data?
    Yes, especially if you use a firewall and Tor.

    Also, is there anything like the BlackBerry Link that would let me keep my calendar, contacts, SMS etc only on MY PC without giving google any access to them?
    By "them", do you mean google, or the "link" provider?

    Personally, I use a paid email provider that has encrypted storage of contacts/calendar and emails. I'm sure there is a 3rd party service that provides a "link" like solution, but personally I wouldn't be too comfortable sending my data through a 3rd party's servers.

    I'm toying with getting a Key to supplement my primary device (Q10) but if I put my AT&T SIM card into it I didn't know if they'll automatically be given my actual name, address etc.

    Because it isn't worth the privacy tradeoff to give them a single byte of personal information.

    Just my $.02, YMMV ! ;-) sent via my Q10
    AT&T is heavily involved with the NSA and like other carriers, probably does their own tracking of your internet usage and location. But besides that, putting your sim card into your device shouldn't automatically send your name and address to Google. Google gets that information other ways through normal use of your phone if Google Play Services are installed with a Gmail account linked to a credit card.

    If you want to be sure, disable Google Play Services and apps before putting the sim card it.

    Sadly, since Android 7 or 8, Google requires an internet connection to boot the phone for the very first time. Android 6 doesn't, so it's possible to boot with all connections off and disable Google Play before it can start sending data to them.

    With 7 and 8, it requires a connection. And of course the location services are on by default also. One thing worth trying is to connect to a router which is VPN'd. As soon as you can get past the connection screen, pull the plug on the router. This is hit and miss but if it's timed right, it will allow us past the connection screen hopefully without sending too much data.
    05-07-19 09:42 PM
  14. scubafan's Avatar
    I was hoping that the Key2 could connect via USB cable to my PC so I can sync it with my PC based Office (not 365) like I have been doing with my Q10.

    I already have a paid email provider but I don't think it is capable of being used for contacts & calendar like Office.

    On the setup points, I never planned to GIVE any kind of payment information since the very few apps I would use it for are free. AFAIK the consumer reports app doesn't require any excess permissions and I plan to use either App Ops or Ghost Commander to avoid giving apps access to GPS, contacts or calendar etc.

    With that in mind, how much privacy can I get as far to avoiding giving GOOGLE my personal data? It's a question of being unwilling to give them data that makes them money while reducing my privacy. Trading info for something in return is the (stupidly) common business model but since I use NO google products I get nothing in return. I really don't WANT to use an android device but it & apple are now the only phone options available. The iPhones are extremely expensive for what you get & you can't get one with a micro SD card slot. I was even thinking about NOT putting in a SIM card & just using it with WiFi by making my Q10 a hotspot as I currently do with a cheap nook tablet.

    Just my $.02, YMMV ! ;-) sent via my Q10
    05-08-19 10:48 PM
  15. chetmanley's Avatar
    I was hoping that the Key2 could connect via USB cable to my PC so I can sync it with my PC based Office (not 365) like I have been doing with my Q10.

    I already have a paid email provider but I don't think it is capable of being used for contacts & calendar like Office.
    If your provider can do CalDAV and CardDAV then they will work with BB Calendar and Contacts.

    On the setup points, I never planned to GIVE any kind of payment information since the very few apps I would use it for are free. AFAIK the consumer reports app doesn't require any excess permissions and I plan to use either App Ops or Ghost Commander to avoid giving apps access to GPS, contacts or calendar etc.
    App permissions are just the tip of the iceberg. For example, you can deny a google app every permission it asks for, but it will still collect data.

    There are 3 ways to deal with this:
    1) Delete/Disable the app
    2) Use a firewall to monitor and block the tracker connections if you still need the app
    3) Use a program like Lucky Patcher to completely remove the internet permission from the app (this may break the app).

    See post # 2 above ^

    With that in mind, how much privacy can I get as far to avoiding giving GOOGLE my personal data?
    In my opinion, a lot. Just disable Google Services, use a firewall and route your phone's connections through Tor. Don't walk around with your wifi on and bluetooth on for no reason, keep location services off until you actually need them.

    If you do these things, your Android device will be more private than your Q10 which can't route connections through Tor, nor run a firewall.
    05-09-19 08:42 AM
  16. scubafan's Avatar
    If your provider can do CalDAV and CardDAV then they will work with BB Calendar and Contacts.

    I actually don't bother with email on my cell since I get 40-100 emails each day so I'd be constantly checking my cell! I know you can set up rules for what goes into each inbox but I constantly find important ones in the spam folder and I just sent Hushmail a complaint over items I keep deleting as spam in the inbox while a receipt for an Amazon purchase was sent to spam! So all I need is to sync with Office to keep my contacts & calendar up to date. Also, my email inbox doesn't have any info on people I don't send email to.

    App permissions are just the tip of the iceberg. For example, you can deny a google app every permission it asks for, but it will still collect data.

    There are 3 ways to deal with this:
    1) Delete/Disable the app
    2) Use a firewall to monitor and block the tracker connections if you still need the app
    What ARE good firewall apps for android? I use one on my PC but didn't know they exist in android.

    3) Use a program like Lucky Patcher to completely remove the internet permission from the app (this may break the app).

    See post # 2 above ^



    In my opinion, a lot. Just disable Google Services, use a firewall and route your phone's connections through Tor.
    You mean the browser or everything?

    Don't walk around with your wifi on and bluetooth on for no reason, keep location services off until you actually need them.

    I keep it on not discoverable, but I NEED BT on so I can use my Plantronics Legend headset. Besides being the most convenient it's the law in our state. I always leave WiFi off.

    If you do these things, your Android device will be more private than your Q10 which can't route connections through Tor, nor run a firewall.
    See above points, I asked at the end of each item I don't know about.

    Thanks to any & all!


    Just my $.02, YMMV ! ;-) sent via my Q10
    05-17-19 03:17 PM
  17. Resilience's Avatar
    get off gmail
    05-17-19 03:25 PM
  18. chetmanley's Avatar
    See above points, I asked at the end of each item I don't know about.

    Thanks to any & all!


    Just my $.02, YMMV ! ;-) sent via my Q10
    On Android there are 2 I'd recommend, but only one works on BlackBerry android.

    The two are AFwall+ and Netguard. Netguard is the one you want because it doesnt require root.

    Www.netguard.me

    I recommend running the entire phone on tor through netguard
    05-17-19 10:35 PM
  19. scubafan's Avatar
    get off gmail
    Resilience, I'm guessing that was to everyone but in case you meant it for me, I don't use ANY google products, even their search engine. (duckduckgo doesn't track you) I've never had a Gmail account since the TOS flat out tells users that every possible scrap of data is harvested. That's why I haven't had ANY interest in owning an android phone at all. I'm trying to prepare for when I can't get my Q10 to work at all. Prior to that point it's still my daily driver and only phone.

    Just my $.02, YMMV ! ;-) sent via my Q10
    05-18-19 07:13 AM
  20. StJohnSmythe's Avatar
    No, these actions won't change the system level security of the device. That is all on BB Ltd.


    Based on open source documents, BB10 and BB Android have not been compromised by companies like Cellebrite yet, which would be the threat faced when crossing the border.

    Set a strong device password/phrase (use all 16 characters) Don't use pin or pattern lock and remove fingerprint unlock before crossing the border.
    Let me ask in a different way - using 16 digit alphanumeric code, would BB Android device be more robust than iPhone against unlawful seizure?
    05-21-19 08:11 AM
  21. chetmanley's Avatar
    Let me ask in a different way - using 16 digit alphanumeric code, would BB Android device be more robust than iPhone against unlawful seizure?
    BB10 and iOS allows for up to 32 character passwords. Against a pure brute force scenario, this will be better than just 16.

    That said, every single iOS up to 12 has been compromised. The way Apple solved this for 12 was to put a USB access time lock on the device which defaults to 1 hour since the last login.

    So in the scenario where by an iOS user is crossing a border and recently used the device, that could leave time following seizure for the border agents to try and apply standard iOS cracking techniques (Cellebrite/Grey key)

    On the other hand, BlackBerry hasnt been publically compromised and I would argue is more secure, even with 16 v 32 character passphrase due to the workarounds inherent in iOS.
    05-22-19 07:43 PM

Similar Threads

  1. When was the last time you saw a BlackBerry device in the wild?
    By RCJ28 in forum General BlackBerry Discussion
    Replies: 59
    Last Post: 05-25-19, 09:59 PM
  2. How to remote desktop Windows 10 Home on BlackBerry 10?
    By lucarossisp in forum BlackBerry 10 OS
    Replies: 2
    Last Post: 05-08-19, 01:34 PM
  3. Replies: 2
    Last Post: 05-08-19, 01:23 PM
  4. Boost mode not working in key2
    By Dharm Patadia in forum BlackBerry KEYone
    Replies: 4
    Last Post: 05-08-19, 12:55 PM
  5. Any Wireless charging for North American KEY2 red edition?
    By smoochypooch in forum BlackBerry KEY2
    Replies: 1
    Last Post: 05-07-19, 10:42 PM
LINK TO POST COPIED TO CLIPBOARD