Android privacy and security

Dirk Diggler · 28 Sep 2020 at 00:43

I've become more aware of privacy and security, and would like to know what fellow Android users do to keep their data safe online?

Below is non exhaustive list of areas where privacy and security could be improved, please share your tactics.

Browser:

Search:

Email:

Password manager:

Authenticator:

Messaging:

Keyboard:

Dirk Diggler · 28 Sep 2020 at 00:43

Browser: ~~Brave~~. I've ditched Brave and went back to Chrome.

Search: Duck Duck Go

Email: Microsoft 365. After doing some research I ended up buying a domain name and going for the basic business account for M365. With calender integration, office apps and OneDrive storage I think it's great value for £5.00/month. I'm currently using Outlook app as I think that's secure/private enough?

Password manager: LastPass. It seems to be the go to manager?

Authenticator: I've opted for the Microsoft version as it backs up the data which is surely a must in case the phone gets lost.

Messaging: Using WhatsApp right now but definitely needs to change...

Keyboard: Gboard

lmfy2k · 28 Sep 2020 at 08:04

Browser: Chrome

Search: Google

Email: Gmail

Password manager: Bitwarden

Authenticator: Google

Messaging: What's app

Keyboard: SwiftKey

Chris344 · 28 Sep 2020 at 09:55

Browser: Samsung

Search: Google

Email: G-Suite

Password manager: 1Password

Authenticator:

Messaging:WhatsApp

Keyboard:Samsung

uvarvu · 28 Sep 2020 at 11:33

Browser: Chrome

Search: Google

Email: Gmail

Password manager: 1Password

Authenticator: 1Password (Also have the Microsoft one which I use for my work and personal Microsoft accounts. It also has a code to log into 1Password itself.)

Messaging:WhatsApp

Keyboard:Gboard

Rensin · 28 Sep 2020 at 13:00

Browser: Firefox Nightly (add-ons: uBlock, HTTPS Everywhere, Privacy Badger, Ghostery, Bitwarden)

Search: Duck Duck Go

Email: Gmail

Password manager: Bitwarden

Authenticator: Microsoft

Messaging: Whatsapp

Keyboard: Gboard

glenimp617 · 28 Sep 2020 at 13:48

Browser: Chrome (also use Pi-Hole)

Search: Google

Email: Gmail

Password manager: Chrome

Authenticator: SMS or usually via the android pop-up

Messaging: Whatsapp

Keyboard: Gboard

ID: 682187306528762393 enjoys IT, Technology, Sci-Fi, Overclockers and Porn

Dirk Diggler · 28 Sep 2020 at 14:07

1password isn't a free service? I'd be interested why people choose that over a free service like Last Pass?

Fubsy · 28 Sep 2020 at 14:38

Browser: Edge (Chrome constantly freezes on my OP)

Search: DuckDuckGo

Email: Gmail

Password manager: LastPass

Authenticator: Authy

Messaging: WhatsApp

Keyboard: GBoard

Orcvader · 28 Sep 2020 at 14:56

Browser: Mix of Edge and Kiwi (with uBlock Origin, Nano Defender, Privacy Badger, HTTPS everywhere, Decentraleyes, Redirect AMP to HTML). May move back to Firefox in the future, they're now asking for feedback on Reddit.

Search: Google

Email: Nine app with Google + Outlook

Password manager: Bitwarden

Authenticator: Mix of Microsoft and Authy

Messaging: WhatsApp

Keyboard: GBoard

And extra, Private DNS: Cloudflare

Big Elf · 28 Sep 2020 at 16:52

Browser: Samsung Internet

Search: Google

Email:Gmail/Outlook/Mail

Password manager:

Authenticator:Authy (for the backups) switched from Google Authenticator

Messaging:WhatsApp & AntiNuisance for SMS (for the keyword filtering)

Keyboard:Microsoft Swiftkey

Tephnos · 28 Sep 2020 at 17:40

Dirk Diggler said:
1password isn't a free service? I'd be interested why people choose that over a free service like Last Pass?

Forget lastpass. Bitwarden is the only answer.

Dirk Diggler · 28 Sep 2020 at 17:51

Tephnos said:
Forget lastpass. Bitwarden is the only answer.

Any reasoning behind that, mate? Functionality? Security?

Tephnos · 28 Sep 2020 at 18:05

Dirk Diggler said:
Any reasoning behind that, mate? Functionality? Security?

Bitwarden is open source, for one. You can self host it if you want.

Dirk Diggler · 28 Sep 2020 at 20:02

Tephnos said:
Bitwarden is open source, for one. You can self host it if you want.

Thanks, I'll have a look at it.

If using a Chrome browser, maybe it's better just to use the Chrome password save facility?

Mekrel · 28 Sep 2020 at 20:54

Browser: Firefox with uBlock, Privacy Badger installed

Search: Google - Tried to live with DuckDuckGo but it just isn't as good as Google and I kept having to go back to Google to get decent search results

Email: Gmail

Password manager: 1Password. I used to use LastPass but found 1Password better for auto-fill consistency on Android. However, this might not be much different now with Android 11 allowing password fill from the keyboard.

Authenticator: I tend to just use 2FA on a per site basis at the moment, i.e. via SMS (Unless it's Google and it comes straight to my Pixel phone). Will probably look into this although I'm not sure storing authentication on a cloud service sounds like a good idea so I'm not sure why Microsoft's authenticator is getting praise for that.

Messaging: WhatsApp - Ideally I wouldn't like to use anything associated with Facebook (I deleted my account earlier this year) but in reality, everyone else uses it

Keyboard: Gboard

Privacy wise that's missing, you can actually change a lot of preferences in your Google account:
Web & App activity - including setting what's stored and how often you want to auto-delete (3/18/36 months)
Audio recordings - Turn off audio recordings from Google search, Assistant and Maps etc
Location History - you can turn this off rather than turning location off on your phone, i.e. you can still use cell tower/GPS location but it will not be stored
YouTube History - turn off storing your YouTube watched and search history

Pretty sure most if not all of these have the auto-delete option too.

Orcvader · 28 Sep 2020 at 21:02

Dirk Diggler said:
If using a Chrome browser, maybe it's better just to use the Chrome password save facility?

Then you'll be locked to Chrome if you want to change browsers in the future. Bitwarden, LastPass, 1Password, etc work on any browser and usually offers more.

Mekrel said:
Authenticator: I tend to just use 2FA on a per site basis at the moment, i.e. via SMS (Unless it's Google and it comes straight to my Pixel phone). Will probably look into this although I'm not sure storing authentication on a cloud service sounds like a good idea so I'm not sure why Microsoft's authenticator is getting praise for that.

The main issue is changing phones. When I was using Google with no way to backup/restore, I had to manually unregister every service and register again on my new phone. It's more for convenience reasons. Then there's also the issue if you lose your phone as well, recovering accounts when you no longer have access to 2FA can be a real pain, some even suggesting just to start a new account.