Cleanse

Day Twenty: Fix your Phone

A hand holding a smartphone against a green background.
This little device knows all your secrets. (Credit: Andri Koolme, Flickr)

You are walking around everyday with a massive tracking device that is hemmorhaging data all over the place, in your pocket.

I'm talking about your cell phone, of course.  This is the last major, significant task you must take on. It will not be easy -- because the whole point is they don't make it easy. But if you went through the entire Cybercleanse and we just left it here, without addressing your phone, it would all be for nothing.

Table of Contents

What's not to love about cell phones?

Let me first repeat the cardinal law of data privacy, which is that you should never take your cell phone to a rally, a protest march, or a political event. If this is the kind of thing you plan to do more of in the future, you should read everything on the Electronic Frontier Foundations' Surveillance Self Defense website-- https://ssd.eff.org/ -- especially this.

Your cell phone, however, is being digitally traced in many ways. There's the service provider who tracks every call and text message you make (making Signal a wise choice). They also have the ability to track your phone based on its unique ID (IMEI) and which cell towers it checks in with. Unless your phone goes dark, it's being tracked.

Then there's the operating system. There are now two major mobile OS providers, Google and Apple. For both, you have to log in using either your Google ID or your Apple ID. Those ID's are attached to every app you download and most of what you do on the phone.  If location tracking is turned on, say to make it easier to find a cool restaurant or get directions or just "find my phone", then they know where you are -- apart from your service provider who already knows where you are because of the above.

Finally, there's individual apps. When you download them, you give them certain permissions to access different parts of your phone: your contacts, your location, and many other parameters besides.  Sometimes apps can sneak a peek at what other apps or parts of your phone are doing. They can transmit this data to their corporate mothership, with no cookies or beacons or trackers involved.

Many apps are not standalone programs at all, but mini websites being run through a browser that just looks like an app. They do this so that they can bypass all your browser controls, like do-not-track beacons or cookie rejections.

Finally, we think of our devices and data traces as personal, but they link us to many, many different people. Even if you think you have nothing to hide, your traces can always be used to incriminate others, especially when there is a shift in the political environment. 

Suffice to say that cell phones are a privacy nightmare. And today, on the penultimate day of the cleanse, you are going to address those problems as much as humanly possible while retaining your phone of choice: an iOS Apple device or an Android phone.

For Apple devices, this requires doing some heavy surgery on the settings; and for Android, this will require de-Googling your entire operating system. Wipe the phone, and reinstall your apps using a different flavor of an Android OS. If you want to leave both ecosystems entirely, I have some options for you too.

Some caveats

First, as someone who owns a smartphone that is neither an Android nor an iPhone, I have limited experience with those operating systems and I have not done most of the below myself personally. That makes this post rather unlike prior ones where I can speak from direct experience. Instead, I will rely here on more third party links and provided information.

That said, I am an expert in flashing cell phones as I have been experimenting with alternative mobile operating systems to enhance my data sovereignty for over a decade. I don't own an iPhone or an Android precisely because I know a lot about mobile data privacy --or the utter lack thereof -- and I have flashed over many, many an Android device to put something else on it. And flashing from data-privacy-nightmare-Android to own-your-data Android is no different.

So I am certainly speaking from expertise when I tell you that it is absolutely imperative that you do as much of this as you feel you possibly can.

A final caveat: what if you do not control your own device? For instance, I have a work-issued iPad and computer. My workplace has installed tools that make them the owners of my device. You probably have a similar situation if your workplace issued you a phone or a tablet.

If that's the case, do as many of the data privacy recommendations on the EFF lists below as possible, and Render to Caesar the heck out of that device. It should only be used for work purposes. That includes all apps and any data traces on it.

Buy a second one that you control for complete control over your device. Yes, they're expensive, but you have options to buy second hand, say on eBay. Definitely "buyer beware" but this will knock the prices down considerably.

How to Fix your Apple Device

First, you will take a moment to read through the entirety of Apple's webpage about user privacy controls. Some of these are really about security -- two factor authentication, face ID, etc -- but many of them are actually about your apps, your settings, and what happens to your data.  

Go into your iPhone while you read, and find these settings and pages. That is, follow along with your own phone at the same time. You need to know where these settings are. You need to feel comfortable accessing and changing them.

Apple has some privacy settings at the level of the operating system, and then other controls for what the apps you have installed can access about you. Scroll down to those app controls and go through each app, one at a time, until you can basically limit the heck out of what those apps can and do know. Any app requesting to read other data, to steal your contacts, to log your passive interactions with the service -- delete it, you can do better.

Next, the Electronic Frontier Foundation has a brilliant iPhone privacy and security settings page, located HERE. It literally tells you everything you absolutely need to do, and takes it in tiers based on your comfort level. I can't do any better than this! And indeed, it tells you everything I would tell you myself.

So after reading the Apple Privacy page, your next job is to work through the EFF's steps for securing your iPhone to get credit in the #cybercleanse. 

This should give you a basic level of data privacy, as well as the knowledge base to make your own decisions going forward.

De-Googling your Android Phone

Android is a little trickier. It's a Google-built operating system and you have to log into Google to use it. All of it. Regardless of your handset manufacturer (and there are many, like Samsung, Samsung, Samsung, and ... ;) you have to log into Google and they get to record everything you do on your mobile.

There is an equivalent EFF guide on how to manage your privacy settings on Android. You could do this, but I'll be honest, this is like rearranging the deck chairs on the Titanic or like putting lipstick on a pig. Choose your preferred metaphor, but hopefully you get the idea.

I can't sugar coat this: the only way to get some modicum of privacy on an Android is to install a different operating system. Fortunately, several technical communities have been inspired by Android's open source roots and have rescripted Android to remove Google entirely.

You are going to choose one of these operating systems and install it on your phone.

Note that this means you will wipe your phone of all data. It's a good thing you've downloaded your Gmail, photos, contacts and calendars! If you've used Google's Takeout feature, you already have all that info locally, stored on your external hard drive.

Wiping your phone also includes apps. Take a minute to write down all the apps you have on your phone that you feel you can't live without. Once you've de-Googled your phone, you'll go find them again and download them (or something more private) from somewhere that is not the Google Play Store. I'll walk you through some of those options too. This is also a good time to be sure your apps have the same level of password/login security as your other online accounts.

The four most user friendly and fully functional options for De-Googled Android are:

  • "e", which is run by The e-Foundation. Like Signal and Mozilla, the Foundation is gives some formal organizational and non-profit financial support without a financialization model common to the corporation. "e" comes with a cloud option which replaces Google's cloud. It's available for many different devices.
  • LineageOS can be installed on many different devices too. This is one of the oldest versions of de-Googled Android (the inheritor of an old system called Cyanogen) so it has been through the most development and supports a long list of device options. 
  • GrapheneOS. This option is limited to Google Pixel phones and offers good functionality.
  • CalyxOS. This option is limited to Google Pixel phones and comes with pre-installed Signal, Tor, and alternative app stores.

Note that these are all open source, community driven projects. That means that not all the bugs are ironed out yet for all users. It also means that if you encounter a bug, they'll want to hear about it as they can fix it. And you can also contribute and participate as a community member if you choose. More on this later.

Phone companies don't want you to change your OS. They spend some time augmenting their version of Android, adding their own apps and tracking stuff to get in on the action.  So you will find this a more involved project than just tweaking a few settings. At this point in your opt out journey, though, I have confidence that you're ready!

To install a new operating system, you are going to first download all your data from the phone. You will then read the instructions extremely carefully, and repeatedly. It will take you about 90 minutes to do this, start to finish, if you've never done it before (far less time if you're an old hand).

Here are some instructions for LineageOS that go throught the basic steps. Essentially, no matter which operating system you choose, you will have to go through the following stages:

  • Back up your phone.
  • Hook the phone up to your computer using the appropriate (data not charging) cable
  • Use the terminal on your computer to download tools from Google ("ADB") to re-script your phone.
  • Unlock your phone by opening the Bootloader. There will be instructions on how to do this from the phone provider. For instance, Sony has an open handset program and regularly provides the bootloader codes for changing your operating system at will.
  • Use the terminal on your computer to run those tools and install the new operating system on your phone.
  • Reinstall apps and data you want on the device.

Because your device is now de-Googled, the Play Store isn't built in, so you will have to install your apps from another source. Fortunately, Android apps are just a type of file, with the extension *.APK, and they are posted all over the web. Some of the websites that distribute them are shady, others are a hair more trustworthy (maybe only a hair though). Places like Aptoid also offer an app of their own to monitor what you've installed and check for updates. You can also access APK files that other people have written and put on a free and open source software "store" called F-Droid.

You've got this!

Aren't there alternatives to iOS and Android?

Yes there are! I have been playing around with alternative mobile operating systems since about 2014 and I have used a whole slew of them.

My favourite, and my personal daily driver for many years, is an operating system called Sailfish made by Jolla, a.k.a. The People Formerly Known As Nokia. If you haven't heard of it, it's a system called Sailfish and it's a fully operational Linux phone. I have instructions linked on my site to install yourself. It only installs on a few Sony Xperia devices, which you can pick up on eBay, although the list of other devices that are supported is growing.

You could also check out some other cool examples of alternative phones built around a specific philosophy, like Puri.sm about total data ownership or Fairphone about sustainability.

The most fun thing about these alternatives is you will join a community of like-minded people all dedicated to a new future of technology. Enjoy!