LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Mobile
User Name
Password
Linux - Mobile This forum is for the discussion of all topics relating to Mobile Linux. This includes Android, Tizen, Firefox OS, Sailfish OS, Maemo, MeeGo, Ubuntu Mobile, WebOS, Open Mobile Alliance and other similar projects and products.
A reminder that LQ now has a dedicated Android sister site: AndroidQuestions.org

Notices


Reply
  Search this Thread
Old 10-26-2019, 11:05 AM   #1
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 10,669

Rep: Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185
Mobile browser Security.


I'm wondering what browser security addons work for Firefox on my S7 Edge phone & Nexus Tablet. For a while, I got one phone text per month (I suspect through my provider) with a link to some dodgy site on http://bit.ly/. On the PC, it looked dodgy; On the mobile it was a whole different experience - a draw, or a game; say yes once and you got a malware download. On Tor, it just didn't want to know. I couldn't read it on lynx.

I tried noscript, but I couldn't even get slashdot.org up, and didn't see a way to disable it on certain sites.

What are folks using?
 
Old 10-27-2019, 06:40 AM   #2
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 12,871
Blog Entries: 9

Rep: Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507
Firefox on Android has nothing to do with phone text messages.
I did not understand what you are trying to achieve.
Generally speaking, all addons should at least be installable, most of them should work.
 
Old 10-28-2019, 05:52 AM   #3
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 10,669

Original Poster
Rep: Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185
Quote:
Originally Posted by ondoho View Post
Firefox on Android has nothing to do with phone text messages.
I did not understand what you are trying to achieve.
Generally speaking, all addons should at least be installable, most of them should work.
Yes firefox has nothing to do with texts. Did I say that? I mentioned the texts as traps, but I don't think firefox opens them.

I'm generally wondering what I can do to make phone browsing safer - something that would stop tripping over such a link as I used to receive from my last phone provider.
 
Old 10-28-2019, 08:17 PM   #4
teckk
Senior Member
 
Registered: Oct 2004
Distribution: FreeBSD Arch
Posts: 2,409

Rep: Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565
Quote:
I'm generally wondering what I can do to make phone browsing safer
I use naked browser pro. It allows turning scripts and images on-off as easy as tapping an icon. So, I have it set to default off off. The non pro version of naked browser allows scripts/images off too, but you have to go into the preferences every time. It's about the best lightest functional browser I know of for droid.(matter of opinion)

I do not have google play store installed on any android device. I use fdroid or yalp store. Look that up on fdroid. It allows software to be downloaded/installed from the play store without a google account.

I don't hook up to public wifi, I have roaming turned off, I mostly use it as a phone.

So to answer your question, I leave scripts and images off in the web browser, I don't answer calls or texts from numbers I do not know. If you want to call me you will have to tell me your number before hand so I can put it into the address book. I don't get any weird texts. I think that maybe I got one. I do get calls from the spammers. It goes in spurts. They will call, spoofing their number, for 2 or 3 days, then it will stop for a while.

As far as mail, I get it browser based. I don't use an app for anything if I don't have to. I don't trust google, I don't trust android. For anything important I sit down at the pc.

Edit:
https://f-droid.org/en/packages/com....min.yalpstore/

https://f-droid.org/en/packages/com....kin.yalpstore/

https://play.google.com/store/apps/d...owser&hl=en_US

Last edited by teckk; 10-28-2019 at 08:46 PM.
 
Old 10-28-2019, 11:23 PM   #5
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,612
Blog Entries: 26

Rep: Reputation: 4555Reputation: 4555Reputation: 4555Reputation: 4555Reputation: 4555Reputation: 4555Reputation: 4555Reputation: 4555Reputation: 4555Reputation: 4555Reputation: 4555
Comodo offers an Android security suite. We are using it on one of our devices and it seems to work nicely.
 
Old 10-29-2019, 06:18 AM   #6
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 10,669

Original Poster
Rep: Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185
@teckk: "Just because they say you're paranoid doesn't mean they're not out to get you…" I suppose it's Tails on the pc?

Thanks, guys, both of you. I will definite look at those browsers. I'm not doing anything that requires security today, but I would like to get rid of my gmail account, but have to hold onto it for the play store. If those alternatives do the business, I can lose it. As I understand it, google is into selling advertising info, and passes police everything they want to know, and just about any site you mention (even LQ) sells on data to google anyhow.

As my phone has twin SIM capability, I mean to buy one of those anonymous type cash up front SIMS, but they're not common here.

Last edited by business_kid; 10-29-2019 at 06:19 AM.
 
Old 10-29-2019, 06:33 AM   #7
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 10,669

Original Poster
Rep: Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185
Guys, have you links for any of that stuff?

Naked Browser I have. I followed their advice and started with the free one.
Fdroid, Yalp, or Android Security Suite aren't so easy.
 
Old 10-29-2019, 09:52 AM   #8
teckk
Senior Member
 
Registered: Oct 2004
Distribution: FreeBSD Arch
Posts: 2,409

Rep: Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565
fdroid, you simply go to their site and download the app that you want. Then side load it onto the phone. Know what that means? You have to go into to setup on the droid and allow installing from non play store. If you try to open the .apk file in your androids file browser, android will usually ask you if you want to allow installing from non play store and how it's bad, blah blah. Allow it. Now, you'll often times have to choose an .apk app for the version of droid that you have. Some will work with version 4.2 to present, others need at least 6.0 etc. Look at the specs for the app before you download it.

Yalp store is on fdroid. Get it, install it, run it. It seems to be like youtube-dl. Only good for a while until it no longer works and you'll need an upgrade.

I often times get an app that I want from the play store. And yalp will allow you to download an app from the play store without installing it, to a folder that you want. That means that you have the .apk file to do what you want with. You can transfer that to your desktop or external HD to keep a backup, you can also put that on other droid devices from your PC and install it on them. Another words download once, give it to whatever droid device that you want. But it'll only work if made for that droid version.

That's what I do. No google account on my droids. Period. If you want you can go into the settings and disable play store so that it won't hound you. I haven't done that for a while...I think that you need it for yalp, so you'll have to enable it for it to work.

Anyway..a droid can/will work without a google account. Not gmail, or the play store, no of course not. But you can open a browser and get your gmail. The site even allows basic html version without scripts turned on. Is it harder and less convenient to use that way? Of course.

Then there are sites across the internet that have free downloads of .apk files. Can you trust them? Decide for yourself.

Edit: Spelling

Last edited by teckk; 10-29-2019 at 10:03 AM.
 
Old 10-29-2019, 10:16 AM   #9
teckk
Senior Member
 
Registered: Oct 2004
Distribution: FreeBSD Arch
Posts: 2,409

Rep: Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565
And to that end, open duckduckgo or google and search for
Code:
.apk free download
I neither promote or criticize those results. But it shows that play store is certainly not needed for a droid.

Then you might ask, what about the possibility of malware on those sites. I would say so.

Looked at the play store lately? Just about all of those apps are spyware for advertising and data collection. They are in the open about it.

Ever compile tcpdump for droid and let it run in jackpal terminal? About like installing zonealarm on a windows machine, and watching every single process that tries to access the internet without permission.

So.. I think that droid and security are oxymorons.
 
Old 10-29-2019, 12:45 PM   #10
Aeterna
Member
 
Registered: Aug 2017
Location: Terra Mater
Distribution: VM Host: Slackware-current, VM Guests: Artix, CRUX, FreeBSD, Funtoo, HardenedBSD, OpenIndiana
Posts: 249

Rep: Reputation: Disabled
Quote:
Originally Posted by business_kid View Post
I'm wondering what browser security addons work for Firefox on my S7 Edge phone & Nexus Tablet. For a while, I got one phone text per month (I suspect through my provider) with a link to some dodgy site on http://bit.ly/. On the PC, it looked dodgy; On the mobile it was a whole different experience - a draw, or a game; say yes once and you got a malware download. On Tor, it just didn't want to know. I couldn't read it on lynx.

I tried noscript, but I couldn't even get slashdot.org up, and didn't see a way to disable it on certain sites.

What are folks using?
I have Galaxy Note 9
two browsers:
firefox
installed addons:
uBlock Origin for mobile
CanvasBlocker
decentraleyes

heavily edited prefs.js in a fashion similar to desktop version of firefox (some options are not available).

tested on very decent test site (e.g. panopticlick) and in everyday life. No issues so far. When connected to VPN router, no leaks detected.

that is good to fend off any trackers, cookies, adds
second browser: Tor - no modifications

In general, minimum software installed.
Even though this is not rooted device (too much bother with updates), I used adb to remove all google and Samsung bloatware (including a lot of apps that user is not able to remove).
Whenever possible replaced default apps with ones that do not call home.

total time required: 1 day.

Personally I am against all antivirus/security software for the phone.
 
Old 10-29-2019, 02:42 PM   #11
teckk
Senior Member
 
Registered: Oct 2004
Distribution: FreeBSD Arch
Posts: 2,409

Rep: Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565
And adb refers to android debug bridge
https://wiki.archlinux.org/index.php...d_Debug_Bridge
Code:
pacman -Si android-tools
...
Name            : android-tools
Version         : 29.0.4-2
Description     : Android platform tools
Architecture    : x86_64
URL             : http://tools.android.com/
Licenses        : Apache  MIT
...
Provides        : fastboot  adb
Depends On      : pcre2  libusb
Optional Deps   : python: for mkbootimg script
                  python2: for unpack_bootimg & avbtool scripts
Conflicts With  : fastboot  adb
...
Download Size   : 1420.05 KiB
Installed Size  : 7691.00 KiB
...
Which is way more info than you asked for @business_kid

But other people read these threads.
 
Old 10-30-2019, 03:25 AM   #12
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 12,871
Blog Entries: 9

Rep: Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507Reputation: 3507
Quote:
Originally Posted by business_kid View Post
I'm generally wondering what I can do to make phone browsing safer - something that would stop tripping over such a link as I used to receive from my last phone provider.
The same Addons you use at home. Noscript? uMatrix? Yes, and yes. Pain in the sphincter to use on a touchscreen device though.
Oh, and f-droid is here: https://f-droid.org/
and I use this version of FF: https://f-droid.org/en/packages/org.....fennec_fdroid
 
Old 10-30-2019, 05:46 AM   #13
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 10,669

Original Poster
Rep: Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185
Very helpful & educational links & posts, guys. Thank you all for sharing your secrets. Curiously, I'm not in favour of anti-virus either.I do dislike telling google everything, I shun built-in apps, and I fear nasty javascript.
 
Old 10-30-2019, 03:57 PM   #14
Aeterna
Member
 
Registered: Aug 2017
Location: Terra Mater
Distribution: VM Host: Slackware-current, VM Guests: Artix, CRUX, FreeBSD, Funtoo, HardenedBSD, OpenIndiana
Posts: 249

Rep: Reputation: Disabled
Quote:
Originally Posted by business_kid View Post
Very helpful & educational links & posts, guys. Thank you all for sharing your secrets. Curiously, I'm not in favour of anti-virus either.I do dislike telling google everything, I shun built-in apps, and I fear nasty javascript.
If you want to try ADB and bloatware removal get platform tools from here:
https://developer.android.com/studio...platform-tools

on linux this installs nothing, just decompresses the package (I have Slackware).
This is better that distro specific installation because you will avoid some bizarre dependencies.

I removed more than 150 apps (but I have seen users removing as much as 250 apps).
For ADB to work you will have to enable Developpers Options and from there USB debugging

Whole process is pretty easy and also reversible ("removal" just removes software from user account, so it is easy to re-install/enable it back if needed), there is an option do disable app, but in the view that software is not really removed, I don't see any point for this option. Also no need for system reset (which will re-enable all apps). Just re-connect Samsung to your computer and using adb install removed software.

I don't think that with exception of Tor browser you will find anything better than firefox, because all android firefox based browsers are really conservative in terms of enabling privacy security options so you will have to tweak prefs.js anyway.
Everything chrome derived is just waste of time.

If you really need to install something, make sure to check required prermissions. Don't keep location on if you are not using maps or bluetooth on if not connected to a bluetooth device.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: A la Mobile's Complete Linux System Platform for Mobile Phones LXer Syndicated Linux News 0 06-20-2006 07:03 AM
Charlotte Church's mobile phone Oops! Topless photo jumps through mobile phones in UK furfurdemon666 General 3 05-03-2005 09:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Mobile

All times are GMT -5. The time now is 09:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration