Hidden Google Account + Hidden Systemadminapp in LineageOS | Privacy infiltrated?...

[Privacydroid]

Is the builtin app named "Storagemanager" a hidden system administrator in LineageOS 19.1?
I ask this because in LineageOS 14.1 Storagemanager is a systemadministrator app.
In LineageOS 14.1 under > settings > apps > special app access > deviceadministrators, nothing showed up by default, but then i pressed the three dots on the top right and selected "show system", then storage manager was shown as active system administrator app.
I had the option to disable it, which i did, as i dont want ANY app to be administrator as i consider myself as the device owner being the administrator in place, no need for an app to have any such administrative permissions.
Now in LineageOS 19.1 when you navigate to > settings > apps > special app access > deviceadministrators > the three dots on the top right corner to show system apps ARE GONE.
This makes me think storage manager is a secret/hidden system administrator that cannot be disabled in lineageOS 19.1 because the three dots at the top right have been removed in 19.1 basically making it IMPOSSIBLE to the device owner to remove unwanted systemadministrator apps.
If infact storagemanager is a secret systemadministrator app, why is that so, why was the option to disable this app from being a system administrator removed??

Another question, in LineageOS 14.1 when i tried to open the calendar app, there was a prompt/popup saying "to use the calendar app you must add atleast one google account to your phone".
To be honest that scared me... considering that i use LineageOS purely for privacy and Google is the opposite of privacy.
That being said please keep in mind (this is very important), in LineageOS 14.1 when i opened the calendar app i was asked to add a Google account...
Here comes the things, in LineageOS 19.1 when i open the calendar app the prompt/popup says this: "before you can use the calendar app you must add atleast one calendar account".
That sounds very suspicious to me, because in 14.1 it was called google account and now in 19.1 its called callendar account, obviously my question is now... is the callendar account a google account just being called out in another way...?? If yes this is obviously a major manipulation because not naming google here will trick most likely any LineageOS user to creating a callendar account without even knowing that in reality what they just did was to create a goolge account on their privacy phone...... what sort of manipulative person would make such a nightmare come true? At this point i must ask if LineageOS even is a privacy option anymore... or has it been inflitrated by google already...

Another suspicous change i detected after switching from LineageOS 14.1 to 19.1 is that under > settings > apps > special app access > useage access, zero apps are listed, but once i pressed the three dots in the top right corner, bluetooth, media storage, nfc service, package installer, permissions controller, phone services, shell, storage manager, and systemui where ALL shown as "access to useage data = allowed". This really makes me woonder what is going on with LineageOS, what reason is there to grant all these apps access to useage data by default?? In LineageOS 14.1 there was not a single app even the system ones, that had useage data access set to allowed, infact in 14.1 all apps where set to be not allowed to access useage data. What is going on here and why??

Another change i noticed from LineageOS 14.1 to 19.1 is that under > settings > privacy, in 14.1 i was able to edit individual app permissions and enable or disable the privacy mode, in 19.1 there seems to be a new service so called "trust" which is responsible for privacy, im fine with that, however i am missing a very important privacy setting that was present in 14.1 but is not in 19.1 and that is "start on boot". On 14.1 i was able to select any specific app and deny or allow it's access to start itself on boot. Why is this important setting not present in 19.1?
In 19.1 under > settings > privacy > permissions manager, there is no option to deny apps to "start on boot".

My guess is, either 19.1 blocks all apps from starting on boot by default, or it allows it by default for all apps and there is simply no option to stop that which would be a major privacy downgrade compared to older versions...

 

[ga77a]

thank you for posting this, my eyes have been opened.

 

[Privacydroid]

Already 100+ views but only 1 comment, hmm...
Nobody knows anything?
I seriously want to get ansers to the above questions... these are real concerns to me.

 

[Privacydroid]

My questions don't seem to get to much attention here, not even to mention a reply.
Does anyone know a forum or another place where i can ask what is written above?
I wan't answers, these are real privacy concerns!

 

[gregpilot]

Hmmm. I don't have answers to your specific questions. In another thread, you posted, generally, that most people don't care about your concerns. Very true. I wholeheartedly support you advocating your views; however encourage you to tread lightly if you want people to reply to you.

The only sure answer to your situation, and for me, also, is to grab the source of the rom which suits you, one without gapps, and then hire a dev to help go through the source to answer your questions. Then edit as needed and re-compile.

I am familiar enough with the process in general however don't have the skills to do it myself. LOS and its variants are probably a good place to start. I am using a vanilla build of RROS on A10 on a Oneplus8 pro. Since we have tools for A11 that is good but the tools generally aren't available for some time after a new Android release.

Your question might be asked of the Lineage devs, though I am sure they are busy and they are not forcing you to use their (free) product. There are also Linux phones available, although so far the hardware I have seen is not great.

What phone are you using? If you are serious about this, and are willing to support a dev project as above, we would have to settle on one or two similar OSes on the same Android version, and hire someone for a few days. This would be expensive. I, for one, would contribute. If we found 10 or 20 like minded people a crowdfunding page could be set up. If we did not reach the necessary amount then the money could be refunded.

To tell the truth, G keeps putting more obstacles in the way of modders and I am getting to the point where its not worth the trouble. Hopefully the hardware for Linux phones will improve.

Thoughts??

 

[Privacydroid]

Hmmm. I don't have answers to your specific questions. In another thread, you posted, generally, that most people don't care about your concerns. Very true. I wholeheartedly support you advocating your views; however encourage you to tread lightly if you want people to reply to you.

The only sure answer to your situation, and for me, also, is to grab the source of the rom which suits you, one without gapps, and then hire a dev to help go through the source to answer your questions. Then edit as needed and re-compile.

I am familiar enough with the process in general however don't have the skills to do it myself. LOS and its variants are probably a good place to start. I am using a vanilla build of RROS on A10 on a Oneplus8 pro. Since we have tools for A11 that is good but the tools generally aren't available for some time after a new Android release.

Your question might be asked of the Lineage devs, though I am sure they are busy and they are not forcing you to use their (free) product. There are also Linux phones available, although so far the hardware I have seen is not great.

What phone are you using? If you are serious about this, and are willing to support a dev project as above, we would have to settle on one or two similar OSes on the same Android version, and hire someone for a few days. This would be expensive. I, for one, would contribute. If we found 10 or 20 like minded people a crowdfunding page could be set up. If we did not reach the necessary amount then the money could be refunded.

To tell the truth, G keeps putting more obstacles in the way of modders and I am getting to the point where its not worth the trouble. Hopefully the hardware for Linux phones will improve.

Thoughts??

My knownledge on programming is very limited, i would not be able to contribute to any meaningful software really. Indeed my language can quickly become not so nice when it comes to privacy, i don't like how the masses throw away their freedom.
Think about it, google chrome holds around 60% market share, then combine all chromium browsers and we are at around 90% while Firefox is at around 4%. Then think about how many people use Gmail and how many use privacy alternatives like Protonmail. Think about how many people use the standard google android os on their phone and how many have iphones and compare that to how many people use a linux phone or a custom os like lineage or graphene...

Anyone can protect their privacy, there are many great videos on youtube.
Here are some examples:

The Hated One

Creating deeply researched and well-sourced essays critiquing some of the most important issues of our time in a non-partisan, non-sectarian way. Mass surveillance is a backdoor into freedom of speech. Knowledge is power. And power corrupts. https://twitter.com/The_HatedOne_...

yewtu.be

Rob Braxman Tech

Alt-Tech. The Internet Privacy Guy. Public interest hacker and technologist. I use my extensive knowledge of cybersecurity and tech to serve the public good. I care about privacy. I warn you of digital manipulation, disinformation, mass surveillance. I also discuss alternative communication...

yewtu.be

Techlore

Techlore - spreading privacy and security to the masses. We manage several projects, communities, and content to prove privacy & security are not just achievable - but simple and accessible.

yewtu.be

Mental Outlaw

Only cool people visit https://based.win/

yewtu.be

NBTV (Naomi Brockwell TV)

Learn how to reclaim control of your life in the digital age. All the tools you need to take back your data, money, and free online expression. www.nbtv.media - Your Money - Your Data - Your Life Empower Yourself. Created and hosted by Naomi Brockwell Our channel is funded by community...

yewtu.be

Louis Rossmann

4Y1IC54hpe60aqaLCgjn7zlcSMH/IPxh5/cLnX6RKp0= I use this channel to post repair videos from *Rossmann Repair Group Inc* I also discuss random things of interest to me. This is, and always will be, my personal variety show. I teach Macbook component level logic board repair from a common...

yewtu.be

The Linux Experiment

Making Linux accessible: no techno babble, no super technical content. Just Linux desktop news, simple tutorials, application spotlights, and opinion pieces trying to stay positive, without gatekeeping. 👏 SUPPORT THE CHANNEL: Get access to a weekly podcast, vote on the next topics I cover, and...

yewtu.be

I use yewtu.be over youtube.com to avoid google.

See, google chrome and google search know all of your browsing history, there is no privacy, they make a profile of everyone who uses any of their services. Even if you use google without an account chances are they can identify you and your device. Same with gmail... it reads (scans) all of your emails and sell the content to adverstisers. I don't know how people can be ****** enough to use these services when you can simply switch to alternatives that are working perfectly flawless and don't spy on you.

Privacy can be easy.
Instead of google chrome > Firefox or even better Librewolf
Instead of google search > brave search or duckduckgo
Instead of gmail > protonmail
Instead of google android > lineage or graphene
It's not that hard...

Nobody forced me to use lineageos obviously i installed it on my own, i don't like the changes from 14.1 to 19.1 as they seem very suspicious to me, but i will still preffer LOS at any time over the standard google crap.
Before using a google phone id rather not use a phone at all.
Speaking about phones, people who buy iphones have lost their mind, i mean it.


My phone is a samsung S7, as long as it is functional i will not buy a new phone, besides i don't have the money now... your suggestion sounds interesting but i'm not into that really.
In the mean time i will repeat what you said, we can only wait for linux phones to support modern hardware and get one of those in the future.
GrapheneOS seems like the best choice as of now but it's really ironic that it works only on google pixel phones...

 

[ShaunSmit]

Most people don't care that they are been spied on. They are after the they easy life. Want all the mod cons to make things easier. Unfortunately you can't change peoples habits. Have started seen a lot of custom rooms with suspicious files, that makes a person wonder if google is paying the devs to include their software.

 

[SigmundDroid]

Most people don't care that they are been spied on

Well, plenty of people do. For example, just see XDA's thread for FairEmail:
https://xdaforums.com/t/app-5-0-fai...en-source-privacy-oriented-email-app.3824168/

builtin app named "Storagemanager" a hidden system administrator in LineageOS 19.1?

My questions don't seem to get to much attention here

Well, I am interested in and have subscribed to this topic... it's just that LOS19 is still not really a hot topic for me yet (still fighting with LOS18, lol).

 

[Privacydroid]

Well, plenty of people do. For example, just see XDA's thread for FairEmail:
https://xdaforums.com/t/app-5-0-fai...en-source-privacy-oriented-email-app.3824168/




Well, I am interested in and have subscribed to this topic... it's just that LOS19 is still not really a hot topic for me yet (still fighting with LOS18, lol).

My bet lineage 1.18 is also affected by what i described above.

 

[Fytdyh]

there might be some privacy oriented custom roms. have you checked ?

e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data

your data is YOUR data

e.foundation

or

Purism– Librem 5

Introducing the – Librem 5 by Purism

puri.sm

 

[Privacydroid]

there might be some privacy oriented custom roms. have you checked ?

e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data

your data is YOUR data

e.foundation

or

Purism– Librem 5

Introducing the – Librem 5 by Purism

puri.sm

Never heared about https://e.foundation/ will have a look at that one.

The librem 5 has outdated hardware and is expensive, but that's not the problem... the shipping times are totally ******. Can take years for you to ever recive that phone.

Besides, that doesn't anser any of my above questions about LOS, guess that wasn't your intention anyways.

 

[Fytdyh]

Never heared about https://e.foundation/ will have a look at that one.

The librem 5 has outdated hardware and is expensive, but that's not the problem... the shipping times are totally ******. Can take years for you to ever recive that phone.

Besides, that doesn't anser any of my above questions about LOS, guess that wasn't your intention anyways.

about your privacy related inquiries, i recon that Lineage, while it used to stand for privacy in the first years, it started to be seen more as a way to get updates on no longer supported devices. and given that almost every user that uses lineage also had flashed gapps, makes sense for them to add gapps in their everyday custom rom as well. Google has its sets of downsides and upsides. Privacy is good, but functionality is more important. a lot of good apps rely on google implemented functionality. Say that i would need to drive around the country. Privacy is my preference, but i need a fully functional bugless waze. Waze without google play services is a mess, if you get it working. Android Auto without gapps isnt possible.

 

[gregpilot]

For my devices, at least, Lineage did not have gapps baked in. For me, a good thing. There are a few vanilla roms left out there. Even without gapps, there are still leaks to google (the captive portal connectivity check, for one) but the footprint is much smaller.

For me, I have found open source alternatives to ALL of googles bloat and spyware. Not as convienient, sure. Pain in the a** sometimes, yes. Wayze? Host your own cameras, use openstreetmap (osmand) instead. google has made it very convienient with their ecosystem. I, for one, do not wish to share my life with them.

 

[Privacydroid]

about your privacy related inquiries, i recon that Lineage, while it used to stand for privacy in the first years, it started to be seen more as a way to get updates on no longer supported devices. and given that almost every user that uses lineage also had flashed gapps, makes sense for them to add gapps in their everyday custom rom as well. Google has its sets of downsides and upsides. Privacy is good, but functionality is more important. a lot of good apps rely on google implemented functionality. Say that i would need to drive around the country. Privacy is my preference, but i need a fully functional bugless waze. Waze without google play services is a mess, if you get it working. Android Auto without gapps isnt possible.

No idea why people use gapps or microg, it's anti privacy so i do not ever use any of that.
I do not use any google services in my life and i don't miss them or need them for anything, i have alternatives.
I have to disagree on this phrase "Privacy is good, but functionality is more important".
If you are forced to give up privacy to use a service or product then the service or product is not worth being used.
Privacy is way more important than functionality, besides 90% of the time you can find perfectly working privacy friendly alternatives for almost anything.
Instead of google maps for example i use these:

Map at DuckDuckGo

DuckDuckGo. Privacy, Simplified.

duckduckgo.com

OpenStreetMap

OpenStreetMap is a map of the world, created by people like you and free to use under an open license.

www.openstreetmap.org

Not sure if that is helpful while driving, would be fine for me, never heared about waze.
I banned Google of my life and im happy with that, wasn't that hard after all.

 

[Privacydroid]

For my devices, at least, Lineage did not have gapps baked in. For me, a good thing. There are a few vanilla roms left out there. Even without gapps, there are still leaks to google (the captive portal connectivity check, for one) but the footprint is much smaller.

For me, I have found open source alternatives to ALL of googles bloat and spyware. Not as convienient, sure. Pain in the a** sometimes, yes. Wayze? Host your own cameras, use openstreetmap (osmand) instead. google has made it very convienient with their ecosystem. I, for one, do not wish to share my life with them.

My lineage version also doesn't have gapps in it, atleast nothing that is visible or accessable to me..
Not sure about the calendar thing described above..

What do you mean by captive portal connectivity check, what's that?
I beleve LOS uses Googls SUPL Server's too.

Great to meet someone with the same mindset, way to many people throw away their privacy which is equal to freedom, for "convienience"... It's crazy.

 

[gregpilot]

What do you mean by captive portal connectivity check, what's that?
I beleve LOS uses Googls SUPL Server's too.

Every time your device makes a network connection (wifi or cellular) it pings "connectivitycheck.gstatic.com". Not really a ping, its a http request to check for internet connectivity. Successful completion will remove the "x" by the wifi and/or cell data icon. Although if the address is blocked on your router the "x" will remain, and your device will complain about not having internet access....but it does! (so long as your wifi router/cell net has access). But wifi calling won't work.

For more, go here:

https://xdaforums.com/t/guide-how-to-avoid-the-captive-portal-checkin-to-google.3927561/

You can host your own check server, or....just disable the check.

I have confirmed this works on A9 and A10 AOSP roms. There are different variants of this command for different roms. You may have to try several of them.

From an adb shell: (needs root)

:/ # settings put global captive_portal_mode 0

***********THIS DISABLES GOOGLE CONN CHECK***** A9 and 10

To verify it is disabled:

:/ # settings list global | grep portal

Should return "captive_portal_mode=0"

If you do connect to a captive portal page (public wifi, open connection) where the owner wants a login cred then the side effect of this is that it won't work.

The issue is that everytime the check is run, google will get your IP address and browser/OS and can infer your coarse location even if location services are turned off. I have all google domains blocked on my wifi so to keep my wife happy I disable the check on her phone also so she does not get the "no internet" notification.

Another hole is the agps (assisted gps) database downloaded from google or your phone carrier regardless of enabled location. I believe you can edit the server which is contacted, again, will require root.

This post says you can edit the gps.conf file:

https://xdaforums.com/t/a-gps-supl-protocol-and-privacy-breaching.3602863/

Anyone try that? What abour removing "supl" from the apn type?

But I'm not there, yet, I usually have location selected off. Rob Braxman has a good vid here, use freetube:

https://github.com/FreeTubeApp/FreeTube

https://www.youtube.com/watch?v=vbBkZ-MROEk?

Again as stated earlier the best fix is to find a AOSP source of a rom you like, edit (or hire a dev) to edit out all of the bloat and google tracking which may remain, and re-compile.

 

[Privacydroid]

Every time your device makes a network connection (wifi or cellular) it pings "connectivitycheck.gstatic.com". Not really a ping, its a http request to check for internet connectivity. Successful completion will remove the "x" by the wifi and/or cell data icon. Although if the address is blocked on your router the "x" will remain, and your device will complain about not having internet access....but it does! (so long as your wifi router/cell net has access). But wifi calling won't work.

For more, go here:

https://xdaforums.com/t/guide-how-to-avoid-the-captive-portal-checkin-to-google.3927561/

You can host your own check server, or....just disable the check.

I have confirmed this works on A9 and A10 AOSP roms. There are different variants of this command for different roms. You may have to try several of them.

From an adb shell: (needs root)

:/ # settings put global captive_portal_mode 0

***********THIS DISABLES GOOGLE CONN CHECK***** A9 and 10

To verify it is disabled:

:/ # settings list global | grep portal

Should return "captive_portal_mode=0"

If you do connect to a captive portal page (public wifi, open connection) where the owner wants a login cred then the side effect of this is that it won't work.

The issue is that everytime the check is run, google will get your IP address and browser/OS and can infer your coarse location even if location services are turned off. I have all google domains blocked on my wifi so to keep my wife happy I disable the check on her phone also so she does not get the "no internet" notification.

Another hole is the agps (assisted gps) database downloaded from google or your phone carrier regardless of enabled location. I believe you can edit the server which is contacted, again, will require root.

This post says you can edit the gps.conf file:

https://xdaforums.com/t/a-gps-supl-protocol-and-privacy-breaching.3602863/

Anyone try that? What abour removing "supl" from the apn type?

But I'm not there, yet, I usually have location selected off. Rob Braxman has a good vid here, use freetube:

https://github.com/FreeTubeApp/FreeTube

https://www.youtube.com/watch?v=vbBkZ-MROEk?

Again as stated earlier the best fix is to find a AOSP source of a rom you like, edit (or hire a dev) to edit out all of the bloat and google tracking which may remain, and re-compile.

Thank you for this interesting reply, i will attempt to remove captive portal connectivity check / connectivitycheck.gstatic.com with adb by following your provided command
settings put global captive_portal_mode 0
settings list global | grep portal

However you mentioned this needs root, my device is not root so this basically wont work without root?
I could use magisk for rooting.

Rob Braxman is great, watching all of his content. But i couldn't find any instructions to disable googles SUPL.
I also don't think rob has a video for captive portal connectivity check, or does he?
From my experience with his videos he acts as if degoogled phones with lineage are 90% better than normal phones, so i guess the other 10% are things like SUPL and captive portal connectivity check which are not that easy to disable..? If google knows my locations on a degoogled device with lineageos by using captive portal connectivity check then hell, that#äs really disturbing i had no idea that they still know where my phone is / where i am, very scary...

 

[gregpilot]

However you mentioned this needs root, my device is not root so this basically wont work without root?

Yes, the command needs root. Also there are some differences based on your version of Android.

The following is old, but has some good stuff:

https://www.reddit.com/r/privacy/comments/cldrym
The biggest help for this is to not install google services, and use a vanilla rom without it.

As far as captive portal, that is fixable.

The DNS servers can be changed from googles, but it is less straightforward.

NLP is not present without gapps, from what I have read

The SUPL issue, for me, is a WIP. I will happily deal with slow GPS TTFF. What I don't know:

1. Editing (removing) the supl entry in the APN file, what affect, if any;
2. Editing /vendor/etc/gps.conf (newer roms have the file in /vendor) to show a non g server;
3. the big question, which GPS radio chips may or may not have SUPL on the hardware level and therefore, if so, we are unable to fix.

 

[Privacydroid]

Yes, the command needs root. Also there are some differences based on your version of Android.

The following is old, but has some good stuff:

https://www.reddit.com/r/privacy/comments/cldrym
The biggest help for this is to not install google services, and use a vanilla rom without it.

As far as captive portal, that is fixable.

The DNS servers can be changed from googles, but it is less straightforward.

NLP is not present without gapps, from what I have read

The SUPL issue, for me, is a WIP. I will happily deal with slow GPS TTFF. What I don't know:

1. Editing (removing) the supl entry in the APN file, what affect, if any;
2. Editing /vendor/etc/gps.conf (newer roms have the file in /vendor) to show a non g server;
3. the big question, which GPS radio chips may or may not have SUPL on the hardware level and therefore, if so, we are unable to fix.

I just tried using your solution for the onnectivitycheck.gstatic.com issue by using the provided command
:/ # settings put global captive_portal_mode 0
Before i that i rooted the phone with magisk, the command did not work (i attempted executing the command on cmd in windows inside the adb/fastboot folder, usb drivers are also installed.
I was able to start the daemon by using adb devices but the command you provided didn't work.

The phone was booted normally during the test, maybe i should instead go to downloadmode or recovery mode? The link you send for more instructions says we should use a cmd app on the phone to exectue this command (a pc is not mentioned), however i don't find any cmd app on the phone (lineageos 19.1).

 

[gregpilot]

I just tried using your solution for the onnectivitycheck.gstatic.com issue by using the provided command
:/ # settings put global captive_portal_mode 0
Before i that i rooted the phone with magisk, the command did not work (i attempted executing the command on cmd in windows inside the adb/fastboot folder, usb drivers are also installed.
I was able to start the daemon by using adb devices but the command you provided didn't work.

The phone was booted normally during the test, maybe i should instead go to downloadmode or recovery mode? The link you send for more instructions says we should use a cmd app on the phone to exectue this command (a pc is not mentioned), however i don't find any cmd app on the phone (lineageos 19.1).

No, the command is made from a root shell on the phone directly, or through an adb shell.

First:

open a cmd window on your pc, cd to your adb folder. Do you have "minimal adb and fastboot" installed on your pc? Its on the forums here.

Plug in your phone to USB, do not boot to recovery or download mode. Just the normal system.

From the open cmd window, issue "adb devices". What appears?

If "unauthorized", you have to enable adb debugging in developer options. You have that enabled, right? If you do you will get a prompt on the phone to allow adb debugging access when you connect over USB.

If you get "device XXXXX", I do not recall the number of characters, then you can proceed.

issue "adb shell"

you should get a shell prompt (your phone cmd shell)

Issue "su"

If you are rooted magisk may prompt you to allow root

issue "whoami", this has to return "root".

Then issue the command I gave you. " settings put global captive_portal_mode 0"

The second string "settings list global | grep portal" is only to verify the success of the first command.

You don't need adb for this, you can also enable the "local terminal" in developer options. Or use your favorite terminal. I like Termux.

Open the terminal from your app drawer
issue "su"
Again, you should get a magisk prompt requesting permissions, allow it
issue "whoami" , verify root

then issue the same two commands.

What version of Android are you on?