Android

1. Install ADB on computer.
2. Enable USB debugging on phone.
3. Connect via USB cable.

4. adb devices

   You should see just one device listed.
5. If "adb -d devices" lists device as unauthorized, unplug USB cable, go to Settings / Developer options / Revoke all authorizations, plug USB cable in, should see "authorize this device ?", click OK, try "adb -d devices" again.

adb devices
adb -d devices

adb shell uname -a
adb shell ls -R /
adb shell cmd statusbar expand-settings
adb shell service call statusbar 1
adb shell top		# ctrl+C to exit
adb shell dumpsys -l
adb shell netstat -l -p
adb shell settings -h
adb shell settings list global >globalBackup.txt
adb shell			# "exit" to exit

adb bugreport >bugreport.txt

adb shell pm -h
adb shell pm list packages
adb shell pm list packages | grep google
adb shell pm list packages -f

adb shell pm uninstall PACKAGENAME
adb shell am start -a android.intent.action.DELETE -d package:PACKAGENAME

adb shell pm list permissions
adb shell pm list permissions -g -d
adb shell pm revoke PACKAGENAME android.permission.CAMERA

# Copy an APK from phone to PC:
adb shell pm path PACKAGENAME		# to get PATHNAME
adb pull PATHNAME
# Copy the NAME.apk file you got to NAME.jar, then open it.

adb logcat | grep "$(adb shell ps | grep PACKAGENAME | awk '{print $2}')"

# Show all recorded logs collected by the Android system:
adb logcat -d
# Clear logs:
adb logcat -c

# run adb and do logcat and color the output
# https://github.com/JakeWharton/pidcat
# download pidcat.py and put it somewhere in your PATH, then:
pidcat PACKAGENAME

• One big reason to install a custom ROM is to get a newer version of Android than your phone manufacturer supports. This gives you new features, maybe new apps, more bug and security fixes, maybe more memory space because newer versions use SD card better.
  
  
• Another reason is to avoid using Google play store, apps, and services.
  
  Removing Google services will break some apps you might want. You could try using microG to replace Google services. Sumit Khanna's "Lineage with microG on a Sony XA2"
  
  You could try using Aurora Store or Plexus to see which apps you use today depend on Google services. Some popular apps (WhatsApp, Facebook, Telegram, Twitter, Instagram, LinkedIn, Spotify) don't use Google Services. article
  
  
• If you just want to tweak settings or remove standard applications, you could just root the phone instead of installing a custom ROM.
  
  
• Each custom ROM project supports a limited number of phone types. I'm tempted to pick a ROM and then go buy one of the phones it supports.
  
  
• Installing a custom ROM does not change the kernel on the phone, I think. So if you have an old kernel that doesn't have some feature (e.g. BPF), any ROM that requires that feature can't be used.
  
  

• Security guys seem to recommend the Copperhead custom ROM.
  Wikipedia's "CopperheadOS"
  But it supports only a few late-model phones, and supports a limited list of apps, doesn't allow Google Play Store.
  
  
• The most popular custom ROMs used to be from Cyanogenmod, but they've shut down, and now a continuation from their base is LineageOS.
  LineageOS Wiki - Devices
  Devices for LineageOS
  LineageOS Wiki - Get LineageOS for the Samsung Galaxy S4 (International LTE)
  Terence Eden's "What doesn't work in LineageOS 20"
  The Cool Blog's "Degoogled Android - My Experience"
  
  
• Some other custom ROMs:
  /e/
  Havoc-OS
  GrapheneOS (emphasis on security and privacy; Pixel phones only)
  CalyxOS (few phone models; article in Unredacted Magazine issue 3 page 28; article)
  Sapphire by Paranoid Android
  OmniROM
  PixelExperience
  AospExtended ROM
  Resurrection Remix OS (can't figure out what devices it supports)
  DivestOS
  crDroid (based on LineageOS)
  iode (based on LineageOS)
  Murena /e/OS (article1, article2, article3)
  
  
  

GrapheneOS

Special emphasis on security and privacy.
Google Pixel phones only.

Calvin Wankhede article
video
PrivSec's "Banking Applications Compatibility with GrapheneOS"
GrapheneOS
/r/GrapheneOS
GrapheneOS Discussion Forum

Downsides of GrapheneOS, from people on reddit approx 11/2022:
"Pixel phones don't have things such as a headphone jack, microSD card slot, dual SIM, HDMI out."
Google Pay (through NFC) and Android Auto don't work.
Missing things relative to stock OS: Adaptive Charging, Adaptive Sound, Clear calling, Live Captions and Live Translate, Spatial audio, WebView.
Camera app is substandard, compared to Google's app.
Can't use streaming apps such as Hulu or Netflix.

Downsides, from /u/JackfruitSwimming683 on reddit 4/2023:

The downsides are very minimal, but it's very smart to ask this question.

From the beginning, you will have to wipe your device. Be sure to upload your files to a flash-drive or cloud.

You will start off with very few apps, and it may actually be difficult to get more in the first place, outside of the sandboxed Play Store that can be downloaded from the built-in app store.

GrapheneOS apps tend to load more slowly on lower-end devices because it doesn't use the traditional Zygote spawning system, in favor of loading fresh apps whose location in your RAM is much less predictable, and is actually more memory-efficient. Two seconds may not seem like much, but just it will weigh on you eventually.

99% of apps from the Google Play Store work on GrapheneOS, but some have been known not to because of a Google Play feature called "SafetyNet". Fortunately, many SafetyNet apps such as Snapchat and Netflix still work. While SafetyNet is primarily used for banking apps, most seem to work. It's actually harder to find an app that is incompatible with GrapheneOS than isn't. Unfortunately, Google Play is moving towards a new feature called Play Integrity API that will replace SafetyNet, and will almost certainly make more apps incompatible due to it being more invasive.

If you're into work profiles, on GrapheneOS, they only work on your owner profile. GrapheneOS allows for up to 32 user profiles, including owner and guest, as opposed to Androids measley 4. On regular Android, all user profiles may use a work profile, but on GrapheneOS, it is limited to only the owner.

Also note that GrapheneOS has a very strong security model, but it is NOT invincible. Using GrapheneOS might give you a false sense of invincibility. In fact, it can still suffer from some of Android and the Linux kernel's vulnerabilities. Even the GrapheneOS developers have said this. It is still up to you to be smart about what you download, and to set your phone up in a way that's protective against evil-maid attacks.

Q: Should I install over Wi-Fi before activating the phone with carrier ?
A: GrapheneOS works best when you update the phone before install, but you can do that over Wi-Fi without activation.

"GrapheneOS supports phones as long as Google supports them with security patches. Not a good idea to switch from stock OS to GrapheneOS after Google drops support for the phone."

Apparently, many people like the Google keyboard better than the GrapheneOS keyboard.

Storage Scopes: apparently, you enable on a per-app basis. When enabled, it fools the app into thinking it can access all of storage, when in fact it can access none of it.
But it seems to act (badly) like Portals on Linux: "With SS, apps aren't able to access any files outside of where you've explicitly enabled (other than files it's created), but it can bring up the system file picker and once you explicitly select a file then it will be able to access that specific file at least temporarily."

After installing GrapheneOS, probably want to install F-Droid, Aurora Store, maybe Obtainium (gets apps from source: GitHub, GitLab, etc).

Patch speed, from /u/GrapheneOS on reddit 9/2023:

GrapheneOS is currently a couple weeks ahead of the stock Pixel OS on AOSP patches and months ahead on Linux kernel patches. Monthly Android security patches are normally shipped in under a day.

Play services is normally updated via the Play Store and we add support for new versions to the compatibility layer when they're still in beta so there doesn't have to be any delay.

Bought a Pixel 6a and put GrapheneOS on it:

In 4/2023, I bought a new carrier-unlocked Pixel 6a with 128 GB storage from EBay.es for €300 plus €16 shipping.


Steps to do (many choices are opinion) after receiving the phone:

1. On old phone, back up any data (especially WhatsApp) you want to keep.
   
   
2. Check that you got what you ordered. SKU for mine ends with GB, so Great Britain model, I think.
3. Check that phone seems functional and undamaged.
4. Record IMEI, MAC addresses from Settings / About Phone. Seems to be no serial number on the device, but box gives SKU and eID numbers. Later found that fastboot gives a serial number. Later found that IMSI is under *#*#4636#*#* (Testing) / Phone Information.
   
   
5. Set display timeout longer, or you'll be fighting it. Default is 30 seconds.
6. Connect to Wi-Fi.
7. No need to have SIM card in phone at this point.
8. Check software version: Settings / About Phone / Build Number.
   It says TP1A.220624.021.A1 on my phone. Android 13.
9. Update: Settings / System / System Update.
   Three rounds of updates, took well more than an hour [but maybe my Wi-Fi was slow].
   After update, my phone says build TQ2A.230405.003.E1.
10. Use latest instructions from Install
    If system software is older than June 2022, do a Factory Reset.
    (From install instructions: "For the Pixel 6a, OEM unlocking won't work with the version of the stock OS from the factory. You need to update it to the June 2022 release or later via an over-the-air update. After you've updated it you'll also need to factory reset the device to fix OEM unlocking.")
11. If you did a factory reset, connect to Wi-Fi and update again.
12. Go to Settings / About Phone, tap Build Number until a message says "you are now a developer".
13. Go to Settings / System / Developer Options and enable OEM Unlocking.
    Unfortunate: must have internet access: article
    
    
14. Restart the phone.
15. Hold the volume down button while the phone boots.
16. See bootloader screen (there is a serial number; take a picture of the data, maybe ?). See "Device state: locked", which is normal.
17. Connect cable from phone to PC.
    
    
18. Install GrapheneOS.
    Use latest instructions from Install
    Side Of Burritos' "How to install GrapheneOS on Google Pixel 6a" (video)
    On Linux:
    
    Can't use Firefox on Linux, have to use a chrom* browser.
    Also: avoid Flatpak and Snap versions of browsers.
    
    My distro is Nobara KDE, Fedora-family.
    I installed "android-tools" and native-packaged chromium browser.
    
    I'm stuck: in browser, when I click "Unlock bootloader", I get "Error: Failed to execute 'open' on 'USBDevice': Access denied.". Tried many times, plugging and unplugging cable.
    On CLI, tried "fastboot flashing unlock" and it's waiting for a device, but none ever appears.
    On Windows 11:
    
    I had to download a patch through Windows Update, then download a driver, then install the driver.
    
    Used Chrome browser.
    It worked, to unlock the bootloader. Confirm on phone.
19. Download Release takes a while, maybe half an hour [but maybe my Wi-Fi was slow].
20. Flash Release: The Fastboot screen disappeared and re-appeared several times, then it showed "fastbootd" for less than 10 minutes, then back to Fastboot. I let it sit there for a couple of minutes to make sure it was done. Then I noticed there was a completion message I should have seen.
    
    
21. Lock the bootloader, confirming on the phone.
22. Unplug cable.
23. Start the phone via the Start menu item on it.
24. See warning "you are starting another OS", then get GrapheneOS logo and Start button.
    
    
25. Set language and date/time.
26. Set Wi-Fi.
27. Turn on Location Services.
28. Don't set fingerprint.
29. Set a PIN.
30. Go to Settings / About Phone, tap Build Number until a message says "you are now a developer".
31. Go to Settings / System / Developer Options and disable OEM Unlocking.
32. Power off and insert SIM card.
33. Power on, pause display, verify boot key hash. Verify
    
    
34. I will use the "owner profile" for everything, no need to have "user profiles". Don't need to do anything, owner profile is the default.
35. I want to turn off IPv6. Seems to be no way to do it. Settings / About Phone / IP Address shows both IPv4 and IPv6 addresses.
36. Go to Settings / System / Developer Options, disable Developer Options.
37. Set Settings / System / System Update / Permitted Networks to "unmetered" to update only over Wi-Fi.
38. Set Language & Input / On-Screen Keyboard / Keyboard / Text Correction / Auto-Correction to Disabled.
39. Set Settings / Battery / Battery Percentage to Enabled.
40. Set Settings / Display / Adaptive Brightness to Enabled.
41. Set Settings / Display / Lock Screen / Privacy to "Show sensitive content only when unlocked".
42. Set Settings / Display / Lock Screen / Wake Screen For Notifications to Disabled.
43. Leave Settings / About Phone / Phone Number empty/unknown, so apps can't reveal it. Looks read-only anyway.
44. Set Settings / Security / Auto Reboot to 24 hours.
45. Set Settings / Security / Enable Native Code Debugging to Disabled.
46. Set Settings / Connected Devices / USB Preferences / Use USB For to File Transfer.
    
    
47. VPN:
    
    There is built-in VPN client support for IKEv2 only (VPN support). You have to install a client app to get support for Wireguard or OpenVPN. Also Orbot for Tor support. Using a client app prevents use of a firewall, as in normal Android.
    
    Windscribe 9/2023 does support IKEv2: use same name for "IPSec identifier" and "Username".
    
    Apparently ProtonVPN doesn't support native IKEv2 although there may be enough info in the Strongswan instructions to do it natively. But the free plan I have seems not to support Strongswan; I can get configs only for OpenVPN and Wireguard. Tried Wireguard, and hit some weird filename limit on the conf file: Proton-WG-NL-free123456.conf didn't work, but same file named Proton-WG-NL.conf did work.
    
    https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-client-android.html
    Needed to do IKEv2:
    server certificate (which is a self-signed root CA; for MSCHAPv2 at least), or PSK (for IKEv2/IPSec PSK at least),
    address/hostname of the server (which matches a value in the server certificate),
    identifier (a username or e-mail address) on the EAP pre-shared key,
    username or e-mail address,
    password (EAP key value).
    
    Installed Wireguard app and got it running; see a "key" icon in the upper tray. In Settings / Network & Internet / VPN / Wireguard, enable "Always-on VPN" and "Block connections without VPN" settings.
    
    Can't find a free VPN that offers IKEv2; some that say they do really mean they offer Strongswan. And most offer a 7-day trial or something, not permanent.
    
    Tried http://freeikev2vpn.com/ But I'm missing what to put in the "identifier" field, and that seems mandatory. Android examples on YouTube don't have that field. Found a mention that says that field can have anything in it, shouldn't be mandatory. Regardless of what's in there, the http://freeikev2vpn.com/ stuff doesn't work.
    
    Got the native IKEv2 to work with a free trial at https://www.uplinks.net/ They give username password servername, no certs, put anything in identifier field. Service works, but lots of sites (maybe those using HSTS ?) give "bad cert" errors.
    
    Always-On VPN (with Windscribe IKEv2) really kills battery. Overnight, battery goes from 90% to 30%. Turned off "Always-On".
48. Firewall:
    
    Built-in firewall (firewall) just allows/denies network on a per-app basis; no monitoring or logging or per-port control or inbound/outbound control. Go to Settings / Apps / See All N Apps / choose an app, set Permissions to include Network or not.
    
    I want something like OpenSnitch, that will show which domains each app is accessing, let you control that.
    
    Tried NetGuard, but the logging/filtering features I want seem to be paid-only.
    
    AFWall+ ?
    https://trackercontrol.org/ ?
    
49. Ad-blocker ? My VPN does ad-blocking. Instead could use Blokada.
50. Install anti-virus app ? Apparently it's strongly discouraged.
51. Test VPN, and info leakage from system:
    
    With no VPN, on Wi-Fi to ISP that doesn't support IPv6:
    browserleaks.com: IP page gives 50x error; other pages work.
    deviceinfo.me: shows IPv4 info and more.
    iplocation.net: shows IPv4 info and more.
    
    With Wireguard VPN, on Wi-Fi to ISP that doesn't support IPv6:
    browserleaks.com: shows IPv4 info, all pages work, VPN works.
    deviceinfo.me: shows IPv4 info and more, VPN works.
    iplocation.net: shows IPv4 info and more, VPN works.
    
52. Google:
    
    Some apps may depend on Google Services Framework (GSF), Google Play services, and/or Google Play Store.
    
    You could try installing just GSF and then seeing if all your apps work (but some failures may be that push notifications don't work; hard to test). If not, try adding Play Services and Play Store and test apps again.
    
    Play Services and Play Store depend on each other: have to install neither or both.
    
    I decided to go straight to installing all three. Apps / Google Play Services. I gave network permission to all of them.
    
    
53. Don't sign in to a Google account. Or if you do, create a new Google account just for this phone.
54. Install F-Droid (f-droid.org in browser).
55. Aurora Store:
    
    From F-Droid, install app Aurora Store by Rahul Kumar Patel.
    
    Change Settings / Apps / Aurora Store / Permissions / Pause App Activity If Unused to Disabled.
    
    But app keeps crashing as soon as it's launched. Uninstalled 4.2, installed 4.1.1, and disabled updates for the app, and it worked. But it's unreliable: sometimes gets in a mode where searching finds no results at all, just sits there. Ended up re-installing it a couple of times, and then it started working again.
    
    A workaround, to install apps from Play Store or other web site:
    - Settings / Apps / Default apps / Opening links / Aurora Store / Add link / check both boxes
    - Search for your desired app with any web browser + search engine
    - Long press on the play store link
    - Open link in external app
    
    Use Aurora Store (instead of Play Store) in Session Installer mode. Also with "Anonymous" sign-in. If you can't find a locale-specific app, switch to "Anonymous (insecure)" sign-in for that one operation.
    
    Doesn't work if VPN is on.
    
    
56. Install and test each app wanted.
57. Should have backed up apps from my old phone: WhatsApp and K-9 Mail. But I don't keep much data on my phone, it was easy to set them up again.
58. There is no default Calendar app. There is a default Contacts app.
59. Default Camera app includes QR code and flashlight functionality.
60. Files app is weird: for audio/video it insists on reading meta-data and displaying a fake folder hierarchy based on that. Fix: in the app, to show just actual folders, select HamburgerMenu / Pixel 6a.
61. Installed a Terminal Emulator app, but it's mostly useless. Most dirs don't let you do ls, commands say no network permission, no sudo, etc.
62. In Vanadium settings, turned off Passwords stuff, Payment Methods, Addresses And More, Privacy / Improve Search Suggestions, Site Settings / Sound.
63. Use Graphene's camera app (Google's has more features, but that doesn't matter to me). Use 4:3 aspect ratio for photos. QR code scanning is built-in. Enable More Settings / Zero Shutter Lag. Disable Camera Sounds. Set Image Quality to 100%.
    Side Of Burritos video
64. I want it so no other app can see the password manager database file. But I don't think "storage scopes" do what I want. Apparently they affect only apps that ask for file permission, not those that access files through a dialog. And I think I'd have to set a scope on every app except the password manager app ? https://grapheneos.org/usage#storage-access https://youtu.be/WjrANjvrSzw?t=169 Tried to achieve what I want by putting the file in the app's private storage area, Internal shared storage / Android / media / appsdomain / files, but it's accessible to other apps. Put it in Internal shared storage / Android / data / appsdomain / files, but now even the app itself can't see it. No solution.
65. Need to enable Settings / Apps / appname / Exploit Protection Compatibility Mode on some apps ?
66. Give a battery optimization exception (Settings / Apps / appname / App Battery Usage / Unrestricted) and disable pause-if-unused (Settings / Apps / appname / Permissions / Pause App Activity If Unused) for:
    Google Play services.
    Any battery-monitoring app you install.
    Music player.
    VPN client app.
    Email app.
    DAVx5 calendar connector app.
    Calendar app.
    
    
67. Test common operations: taking photos, copying photos from phone to PC, copying password database from PC to phone.
68. Port-scan the phone from another device.
69. Default wallpaper is black, with no other choices except "photo". Get a photo, put it in Downloads folder, go to Settings / Wallpaper & Style to select it. The UI is a little non-obvious, just poke at it.
    
    
70. Do a backup:
    
    Side Of Burritos backup video
    
    Need a USB stick or drive, and a cable to it.
    Using built-in Seedvault app.
    Will overwrite the backup drive.
    I used a 3 GB USB stick formatted as vfat.
    
    Attach the USB stick.
    Will have to format the USB stick if it's in an unknown format.
    
    Set Settings / System / Backup to enabled.
    Write down 12 recovery words (user is forced to use a 60+-char password every time; ridiculous).
    Go through configuration.
    When done, click on three dots and then Backup Now.
    Click on Backup Status and see status of each item.
    
    Backup of a fairly empty phone will take 15+ minutes ? Someone on reddit said 20 minutes to do 60 apps plus other data.
    See status icons change to check-marks.
    Apps with lots of data may show "Backup quota exceeded", even though USB stick ends up with 1.7 GB free. Turn off backups for those apps (such as maps) via Backup Settings / threedots / Exclude Apps, and try again ?
    Some apps will show a red exclamation point, I guess no backup of them. A lower section will list "Apps that do not allow data backup".
    Someone on reddit said apps with check-mark will have app plus data restored when doing a restore; apps with triangle will have only the app re-installed, no data.
    
    UI of backups is horrible: no way to tell when a backup is finished, apps excluded still show "waiting" status, no clear way to stop a backup in progress, hard to start a new backup later. Have to turn off Backup Apps and turn it on again to stop a backup and allow starting a new one ?
    I gave up; never got a backup to complete.
    Found out later: there is a Notification that shows percent completed. When you click on it for details, it just takes you to Backup Status. And for me the notification said "100%" even though plenty of statuses still said "waiting". Even after restarting the phone, those statuses still say "waiting". Very confusing.
    
    USB stick ends up with a directory ".SeedVaultAndroidBackup" added to it; previously-existing files were not deleted.
    
    Side Of Burritos restore video
    
    forum thread about Seedvault bugs
    
    Maybe try app Super Backup & Restore instead ?
    
    
71. Screenshot: hold power and volume down while using an app.
72. Notified that Google Play Store wants to update Google Play Services. I assume this is a bad thing, I cancelled it. Now that update is "stuck" in Aurora Store. https://grapheneos.org/usage#sandboxed-google-play says "You can obtain updates to these apps from our app repository client or from the Play Store.". In Aurora Store, I blacklisted the app Google Play Store.
73. Sometimes I get into an app-screen where there is no back button. I think swiping-down gives back ? Changed Settings / System / Gestures / System Navigation to 3-Button Navigation.
74. Display seems to be on a lot. Changed Settings / System / Gestures / Tap To Check Phone and Lift To Check Phone to off.
75. Location services: check under Settings / Location, and under Settings / Apps / Sandboxed Google Play (it's a menu item, not an app name) / Geolocation (section).
76. Any way to limit max battery charge ?
    No: issue 2105
    AccuBattery says for longest life, don't charge above 80%.
    But: JollyRoger's "Battery Management"
77. Spell-checker is funny when more than one language installed ? Only uses last language in the list ? Or maybe there are just so many suggestions that one language crowds out the other ? Settings / System / Languages & Input / Languages. Maybe try GBoard app (with no network access).
78. Inside my Music app, sometimes when I try to delete an MP3 file, after the app's "confirm ?" dialog and maybe the system's "Allow ?" dialog, it says "delete failed, maybe the storage media isn't writable". Going to Files app and deleting that file works.
79. While playing audio in my Music app and coming home, as I near or get into the elevator in my apartment building, the app pauses playing the audio. Maybe when the Wi-Fi auto-connects ? Or cell connection cuts out ? I turned off "react to phone events" setting in the app; no difference.
80. Is there a "find my phone" or "remote-wipe my phone" function ?
81. Headphones issue: if headphones are plugged-in and phone is sleeping, then I log in and start playing audio, sound comes out of speakers not headphones. Looks like phone has to be logged-in when I plug in the headphones in order for it to "see" the headphones and use them. Fix: change "Settings / Security / USB Accessories" to "Allow new USB peripherals".
    
    
82. Almost every app I tried worked (note: with GSF and Google Play Services and Play Store):
    
    Specific apps that worked:

    • Coinbase: Buy ... by Coinbase Android.
    • E*Trade: Invest ... by E*Trade Securities.
    • IBKR Mobile by Interactive Brokers Group.
    • Openbank - banca movil by Openbank SA.
    • Wise by Wise, formerly Transferwise.
    • Expedia.
    • NetBenefits by Fidelity.
    • Malwarebytes Mobile Security by Malwarebytes. Leave real-time scanning disabled.

    
    I had to give SMS and Phone permissions to Google Play Services for some of the financial apps.
    
    Specific apps that didn't work:

    • HP Smart by HP. Not found in Aurora Store. Found a link to it inside HP Print Service Plugin app. Wouldn't install, stuck at 0%.

    
    
    
    
83. To connect from computer to phone and use "adb":
    
    

    1. On phone, enable Developer Options: go to Settings / About Phone and click on Build Number until it says you're now a developer.
    2. On phone, enable Settings / System / Developer Options / USB Debugging.
       
       
    3. Connect computer to phone via USB cable.
    4. On phone, get notification "USB Debugging Connected".
    5. On computer CLI, do "adb devices" to see device.
       [It probably says "no permissions" or "unauthorized".]
    6. On phone, swipe down on notifications, click on "Charging This Device Via USB", click on "File Transfer" radio button.
    7. On phone, get "Allow USB Debugging ?" dialog. Click "Allow".
       [Also could enable "Always allow from this computer".]
    8. On computer CLI, do "adb devices" to see device.
       [Now it should NOT say "no permission" or "unauthorized".]
    9. On computer CLI, do "adb shell" to get shell on phone.
       
       
    10. Userid is 2000, not root.
    11. Some useful commands to get started: pwd, ls, ls -l, cd, uname -a.
    12. Some commands not available: sudo, su, root access.
    13. When finished, ctrl+d to end shell.

    
    My phone has kernel 5.10.
    
    Looking in /sys/class/power_supply/battery, "charge_full" is 99.5% of "charge_full_design" (on my laptop it's about 84%), and both are RO for everyone. "charge_limit" is no-access for non-root users.
    
    Couldn't find a way to get root access. Tried commands such as "run-as com.android.angle --user 0 sh", and "adb root". Couldn't find any /bin files with SUID bit set. /etc/passwd is empty.
    
    
84. After 4 months or so, phone started going crazy. In music-player app, music would start or stop, volume would go up or down, even when the app wasn't in foreground. Music might turn on in the middle of the night, draining the battery. Took me a while to figure it out: the USB-C earbuds are wearing out and failing. I've always had 3.5 mm audio-jack earbuds on my phones, and when they wear out, all you get is that the audio might cut out and back in as you wiggle the wire. But with the 6a's USB-C earbuds wearing out, when you wiggle the wire, you can get button-presses and maybe audio-device events !

See Google Pixel 6a smartphone

Joe Fedewa's "What You Need to Try GrapheneOS"
Side Of Burritos' "14 settings I changed after installing GrapheneOS" (video)
Side Of Burritos' "You just installed GrapheneOS, now what?" (video)
Side Of Burritos' "GrapheneOS Google Services | Sandboxed Play Services | How to install" (video)
C B Mason's "One Month with GrapheneOS"
Terence Eden's "Notes on installing GrapheneOS on a Pixel 8 Pro - some bugs & oddities"

Joe Hindy's "Google Play Services"
FOSSBytes' "Google Play Services"

• Before installing any custom ROM, check that it supports your model of phone, and look for user reviews or experiences.
  
  
• Decide what you're going to do about Google services: install them, do without them, or replace them with microG. article
  
  
• Decide what you're going to do about Google apps: install them, or replace them with other apps.
  
  
• Before installing a custom ROM, you'll have to root your phone, unlock the boot-loader, and install a custom "recovery". Popular "recoveries" are TWRP (Team Win Recovery Project) and CWM (ClockworkMod Recovery). But check the instructions for the custom ROM you've chosen; some may not require rooting.
  Android Tips and Hacks' "TWRP: the complete guide to using Recovery on Android"
  
  
• Apparently it makes no difference whether or not your phone is encrypted; it's never mentioned in the instructions.
  
  
• I'm not sure how much free memory space your phone must have. I think if you do "sideloading", new ZIP files (about 1 GB) are downloaded to your computer instead of your phone, so much less phone memory needed.
  
  
• Risks of the process:
  
  

  • You might wipe data, and then find that your backup was bad or recovery doesn't work.
    
    
  • You will void the warranty (if any) on your phone.
    
    
  • You might "soft brick" your phone (make it unable to boot all the way), which means you'd have to fix it.
    Carrie Murray's "How to Fix a Bricked Android Phone"
    Alice MJ's "How to Fix the Soft Bricked Android Phone?"
    
    
  • You might "hard brick" your phone (make it unable to boot at all), which means you'd have to throw away the phone. But from /u/noahajac: "it is extremely difficult to hard brick a phone these days without the intention to do so".
    
    
  • You'll probably end up with the phone rooted, which means any malicious app can access all of the data. And may make you fail SafetyNet, which means some apps won't run.
    
    
  • You'll probably end up with an unlocked boot-loader, which has dangers (what ?). And may make you fail SafetyNet, which means some apps won't run.
    
    
  • You'll have to do any later minor system updates yourself; they won't happen automatically through Android's built-in software update facility ? But I think Lineage OS has an app to do this for their ROM.
    
    
  • You will have to trust that the supplier of the custom ROM has not put any malware in it. Get the files from XDA or the ROM builder directly, not any of the aggregation/downloading sites.
    
    

  Madaidan's Insecurities' "Android"
  

• To go with your custom ROM, you'll need a matching GApps package for it.
  
  
• Download recovery, ROM, and GApps files (ZIP files) to your computer. Don't unzip them.
  
  

• These articles cover all the steps, with some more complete than others:
  WikiHow's "How to Install a Custom ROM on Android"
  Whitson Gordon's "How to Flash a ROM to Your Android Phone"
  XDA's "How To Install Custom ROM on Android"
  Andy Betts' "How to Install a Custom ROM on Your Android Device"
  
  The steps (unless instructions with the custom ROM say otherwise) are:
  1. Install Android Debug Bridge and phone's drivers on your computer.
  2. Enable USB Debugging on the phone.
  3. Connect USB cable between phone and computer.
  4. Root your phone.
  5. Make an apps-and-data backup.
     XDA's "How to Backup Android"
     Whitson Gordon's "How to Back Up and Restore Your Android Phone with TWRP"
     random neuron misfires' "HOWTO: Back up your Android device with native rsync"
     Super Backup & Restore by MobileIdea Studio
  6. Unlock boot-loader.
     Whitson Gordon's "How to Unlock Your Android Phone's Bootloader, the Official Way"
  7. Install new recovery.
  8. Make a full "nandroid" backup, which includes the ROM and all data, using TWRP.
  9. Install new ROM.
  10. Install new GApps.
  11. Restore applications and data.
  
  From /u/noahajac on reddit's /r/LineageOS 5/2017:
  
  > install Lineage OS on Samsung Galaxy S4 GT-I9505:
  
  The following instructions are for Windows only. Please don't use a virtual machine as these can cause problems communicating with the device. ...
  
  First we need to download the tool that flashes to the devices different partitions. On most devices you use a tool called fastboot, but Samsung devices aren't like most devices. This tool is called Odin, it's Windows only and leaked from Samsung so you need to get it from a trusted source. You can download the latest version. Extract the "Odin_VERSION.zip" file. You should now have a folder called "Odin_VERSION". Treat this as your working directory and download all other files to this folder.
  
  You don't need a PIT file for your phone.
  
  GT-i9505 is same as "Qualcomm" version of phone.
  
  Now we need to download Team Win Recovery Project, or TWRP as most people call it. TWRP is a custom recovery. A recovery is a mini-OS that is stored on another partition of the device that can do basic functions like flashing and wiping. TWRP is one of the more full featured recoveries as it has stuff like backup and restore built in. Devices do have stock recoveries but these are programmed to only flash files signed by the vendor, people don't often notice this but stock recovery is what the device uses when you run an OTA (Over The Air) update or a factory reset. You can get the latest version (as of 5/5/2017) of TWRP for your device TWRP. Make sure to click "Download twrp-3.1.0-0-jfltexx.img.tar" to download the actual file.
  
  Now we need to download the Android platform tools. These contain multiple tools (including fastboot as I mentioned earlier) but we are after ADB (Android Debug Bridge). It has multiple use cases and can be used in recovery or just in the normal Android system. You can download the latest version (as of 5/5/2017) of the platform tools for Windows tools. Extract the "platform-tools-latest-windows.zip" file and there should be a "platform-tools" folder. Open this folder and move its contents into the "Odin_3.12.3" folder from before.
  
  Now to download LineageOS itself. Custom ROMs, along with a bunch of other things come in a flashable zip format that gets flashed using a custom recovery. LineageOS has two build types as of now, one is an experimental migration build, and the other is the normal build. As you're doing a clean install you need the normal build. Please keep in mind stability isn't promised and it is recommended to keep TWRP backups. You can get the latest build (as of 5/5/2017) for your device [broken link].
  
  The next file we need is Gapps (well we don't actually need it but the majority use it). Gapps (Google Apps) are basically all the Google branded apps like the Play Store and it's needed services. They come in multiple variants depending on how many Google Apps you want. I usually recommend either the stock package (installs Google Apps like it's on a Nexus) or the nano package which is smaller and installs just the needed apps. You can get the latest nano package for your device: nano. Or the latest stock package: stock.
  
  Also, if you would like to have root access you will need to download the optional root add-on from [broken link]. Keep in mind if you want SafetyNet to pass you would need to use an unofficial root method like Magisk.
  
  Now to prepare the device to be flashed. Go into settings and look for "Developer Options" or something along those lines. If it isn't there, go into "About phone" and tap "Build number" 7 times. Then go back up into settings. They should be there now. Enable "Developer Options" (if it has a toggle) then enable "USB Debugging". This allows us to use ADB on the stock ROM but it usually isn't needed (we enable it just in case). Also enable "OEM Unlock" if it's there, this would allow us to flash unsigned images to the device however not all builds have this setting so you may not need to enable it. Also go back into security settings and disable "Reactivation Lock" if you can, because sometimes it can cause issues. Once you have these options set, say goodbye to your stock ROM and just pull your battery.
  
  Reinsert the battery and then hold the Volume Down, Home, and Power keys. This should put the device into download mode; hold the keys until you see that. Accept any warnings then plug the device in. Open "Odin.exe" from the "Odin_3.12.3" folder. In the log, it should say Added! and have a blue COM thing near the top, meaning it detected your device. If it didn't detect it, then tell me because that means you probably have a driver issue. Click the "Option" tab and make sure "F. Reset Time" and "Auto Reboot" is enabled. Also check the checkbox next to the "AP" button and then click the button. Select the "twrp-3.1.0-0-jfltexx.img.tar" file. Now on the device, hold the Volume Up and Home keys and click "Start" in Odin. Normally the key combo to get into recovery is Volume Up, Home, and Power but since Odin is going to auto reboot the device when it finishes flashing we don't need to use the Power button. If it's too hard to click "Start" at the same time as holding the buttons. You can just disable "Auto Reboot" and click "Start". Once Odin says "RESET" or "PASS" near the top and says it successfully flashed in the log. You can then just hold the Volume Up, Home, and Power keys. Whatever method you choose, keep holding the keys until you see the Team Win Recovery Project (TWRP) splash screen.
  
  It's going to ask you if you want to modify the system, you can just allow it to do this by swiping the slider. It may also ask you anytime during the process if you want to root, don't let it do this. Now click "Wipe", "Advanced Wipe", select "System", "Data", and "Cache", and then swipe the slider. This clears the partition that user data is stored in, along with the caches. Once that finishes you can click the home button. Now click "Advanced" and click "ADB Sideload". Swipe the slider, you don't need to wait for it to start as it will start once it gets the command from your computer. Open a command prompt Window up to the "Odin_3.12.3" folder and run "adb devices". After the message about starting the daemon you should see something like "SERIALNUMBER sideload". If you don't then tell me because that means there is probably a driver issue. There is multiple methods to flash with TWRP but this is my favorite as it doesn't leave the files on the device. Now just run "adb sideload lineage-14.1-20170503-nightly-jfltexx-signed.zip" to flash it. The percentage is inaccurate so don't worry if it goes over 100%. TWRP will say once it finishes. Don't reboot yet though, we still need to flash Gapps. Click the home button and go back to the ADB Sideload menu. Swipe the slider and this time run the same command but for the Gapps file ("adb sideload open_gapps-arm-7.1-full-20170505.zip" in my case). If you want root, do the same step for the root add-on ("adb sideload addonsu-arm-signed.zip" in my case) once Gapps is done flashing.
  
  Now you can "Reboot System" to reboot into LineageOS. You should now see the LineageOS boot animation. The first boot may take up to 15 minutes but you should soon be seeing the setup wizard where you can continue like you normally would. If it doesn't boot, tell me.
  
  If you flashed the root add-on don't forget to enable it in developer settings.


• I have a Windows 10 computer with USB cable to phone.
  
  
• I have a Samsung Galaxy S4 GT-I9505 phone with 16 GB memory running Android 5.0.1.
  
  
• Lineage OS has a custom ROM and GApps official-lineageos-14-1 for Android 7.1 (Nougat) for my phone. It's marked official, weekly, experimental, and nightly ?
  
  
• I want to get a sense of how stable it is. Changelogs on the nightly downloads are empty. Went to reddit's /r/LineageOS. I don't see any error reports, and my phone is pretty basic and old, so I think I'm okay.
  
  
• What I did 5/2017:
  
  

  1. Installed Titanium Backup and TWRP Manager apps on my phone. The apps both want root mode, which I don't have yet.
  2. Turned on USB Debugging Mode. I don't see "OEM Unlock" or "Reactivation Lock" settings.
  3. Installed Android SDK Tools on my computer from instructions in Whitson Gordon's "How to Unlock Your Android Phone's Bootloader, the Official Way" failed. There's no "SDK Manager.exe" to run.
  4. Installed ADB and fastboot from instructions in Eric Ravenscraft's "The Easiest Way to Install Android's ADB and Fastboot Tools on Any OS" worked.
  5. Tested ADB by opening a command window in the new folder and running "adb devices". Got a code and "unauthorized" in the list, and a "let this device connect" dialog opened on my phone. Said yes, did "adb devices" again, got a code and "device" in the list. Working.
  6. Downloaded Heimdall Suite and extracted it.
  7. Downloaded zadig.exe from zadig.akeo.ie and put it in "Heimdall Suite / Drivers" folder, overwriting the older version already there. Plugged in phone, logged in to phone, ran zadig.exe, followed instructions in Heimdall README file, and got "driver installation failed - resource already installed".
  8. Downloaded PIT file from xda-developers and put extracted file in "Heimdall Suite" folder. There seem to be a lot of scam sites offering PIT files; be careful. Ran "hiemdall-frontend.exe", went to Utilities, loaded the PIT file. It loaded okay, but I don't understand the contents.
     Found another PIT file at xda-developers. On casual inspection, it seems identical to the other one.
  9. Downloaded Lineage OS 14.1 file from [broken link] and put zip file in "Heimdall Suite" folder.
  10. Downloaded GApps arm-7.1-full file from gapps and put zip file in "Heimdall Suite" folder.
  11. Downloaded rooting file su(arm) from extras and put zip file in "Heimdall Suite" folder.
  12. Tried to root phone by downloading Kingo Android Root from Kingo Android Root. Installed it on computer (installer tried to install bloatware and change my home page, be careful). Ran it with phone connected and well charged, and it ran for 5-10 minutes, up to 99% progress, saying all this stuff about rooting. Then at 99% it said "okay, last step is to flash a custom recovery, okay ?". I said cancel, and it said "rooting failed". Restarted the phone, everything is fine, but phone is not rooted. But Kingo installed a couple of bloatware apps I didn't want: SuperBattery and AliExpress.
      Then I saw this in their FAQ:
      "There are two universal ways to root your Android, one is by implementing "exploits", the other is through flashing custom recovery. The former one is relatively safe while the latter one can be risky. Kingo mainly focused on "exploits" method, but also covers "recovery" for certain tricky devices (hot ones with no exploit available)."
      So I ran it again, it took 10-15 minutes, then I allowed it to flash a custom recovery. It restarted the phone a couple of times, phone said it was restoring the stock recovery, then I had to log in to phone a couple of times, then Kingo said rooting succeeded, then phone said updating apps and updating Android. Finally done, phone still works, Titanium Backup says it has root permission.
  13. Ran Titanium Backup app to do backup. Very confusing; couldn't figure out how to back up just an app's data, without also backing up the app itself. And I'm not sure where the data is being backed up. In the cloud ?
  14. Tried to do backup by direct filesystem access through USB cable. Mainly, I wanted to back up my Contacts. But I couldn't find the file where they're stored.
  15. Now /u/noahajac tells me Kingo is essentially spyware, I probably shouldn't have used it. But it was a quick way to root and be able to use Titanium Backup.
  16. Followed /u/noahajac's instructions to use Odin to flash TWRP, and it seemed to succeed, but my phone won't boot into TWRP. Says something like "Recovery not SEANDROID enforcing" and gives black screen. Can still boot into normal ROM; nothing changed there. Searching, I see this error is a mismatch between versions of TWRP and ROM. But that's the whole point, I'm upgrading.
  17. Found an answer and it worked: after seeing "Recovery not SEANDROID enforcing", let go of Home and Power buttons, keep holding Volume+ button, and TWRP will boot eventually.
  18. In TWRP, tried to wipe data, got all kinds of "can't find /data" and "can't find partition" failures. Maybe because my phone is encrypted ?
  19. Then I realized I should have done a TWRP backup first. Too late now.
  20. Yes, wiping is different because my phone is encrypted. Did "Wipe --> Format Data" first, then wipe data, all worked.
  21. Did "adb sideload lineage-14.1-20170503-nightly-jfltexx-signed.zip" which succeeded.
  22. Did "adb sideload open_gapps-arm-7.1-full-20170505.zip" which failed because not enough space.
  23. Did "adb sideload open_gapps-arm-7.1-mini-20170506.zip" which succeeded.
  24. Did "adb sideload addonsu-arm-signed.zip" which succeeded.
  25. In TWRP, clicked "Reboot System". Got "no OS installed" warning, ignored it. Kept going, phone rebooted, got something on phone about "not SEANDROID enforcing", then into a small green arc animation which I think is LineageOS starting up. Took about 5 minutes. Then it started going through phone setup stuff: select language, connect to Wi-Fi, etc. Got through it, tweaked various settings, it's working ! Powered off, powered on, looks good !
  26. Clicked LineageOS build number seven times to get into developer mode, then turned on root access for apps.
  27. Phone started the process encrypted, ended up unencrypted.
  28. Installed Titanium Backup, and the backups I did are nowhere to be found [told later: the backup was done to internal memory, which then got wiped]. Have to rebuild my Contacts etc from scratch. There wasn't much on the phone, so it's not hard. [Also realized later: I should have done a backup inside the WhatsApp application before starting.]
  29. I've heard stories of phones getting bricked when people apply ROM upgrades. So I'm not going to do that. And should do a TWRP backup before trying any upgrade. Also might brick if you try to flash a new TWRP.
  30. Still have to do this trick to boot into TWRP: after seeing "Recovery not SEANDROID enforcing", let go of Home and Power buttons, keep holding Volume+ button, and TWRP will boot eventually.
  31. Did a TWRP backup. It gave an error "E: failed to write /dev/block/mmcblk0p9: I/O error" before starting the actual backup, but otherwise seemed to work. Warns the backups of Data do not include files such as pictures or downloads. Took about 2.2 GB of storage ! Took about 3 minutes. The storage used is in type "Other" in Settings/Storage.
  32. So far, I don't see any amazing new features in Android 7 as opposed to 5. You can revoke permissions from apps. If I had an SD card, I guess I could use it for app storage.
  33. Biggest problem: something is draining the battery heavily. But changing Location setting from "High accuracy" to "Battery saving" seems to have fixed most of that.
  34. 5/2018: phone died, won't charge or run off charger. New battery revived it for a moment, then it was dead again. Took it to a shop for repair, and they replaced the entire internals of it. I had little data in it, so that's no problem, but goodbye LineageOS, it's running empty stock Samsung Android 5.0.1.
  35. 8/2018: for 2 months I've been using a phone running empty stock Doogee Android 6.0, and I really don't miss LineageOS.
  
  
  

Painful Lineage OS installation:

I bought a used LG G3 d855 to install Lineage OS on and use as my (only) phone. The installation instructions (at https://wiki.lineageos.org/devices/d855/install) for the phone seemed (reasonably) straightforward, even for a novice user like myself, so I thought this would be a fun, little project. However I ended up using 20-30 hours (over multiple weeks) in total.

This is not meant as a complaint - on the contrary, I am full of gratitude to all developers creating open source software - You're making the world a better place. Rather, by describing the efforts I went through, I hope others may learn something from them and get an easier time than I had.

Here are the main painpoints and time sinks I encountered.

• Unable to root from Linux. I thought that this would be a no-brainer (hey, Linux has everything!), but no - it seems you have to have access to a windows pc to root the phone. Lesson: Use a windows pc to root.
  
  
• The main time sink was trying to root the phone (from Windows). Eventually I downgraded the phone to Android 4.4 (KitKat) to root it, and then the root instructions from linked from the lineage os wiki were more or less ok. However, before I got there I went via multiple failed attempts to root from Android Lollipop and Android Marshmallow and a bootlooped phone before the ultimate success. Lesson: Find and install an appropriate version of Android before rooting.
  
  
• Installing custom recovery (TWRP). The instructions at the lineage wiki said to push the recovery file to /sdcard, but that is not the correct location for Android KitKat on LG. Quite a few hours trying, researching, trying again. In the end, the place to push was /storage/external_SD/, but I believe this may be LG/KitKat specific. Lesson: Not sure.
  
  
• It also took me a little bit of time to realise I had to install an actual SD card in the phone to install the TWRP - I've read this before, but the instructions for the phone at the lineage os wiki said nothing on this. (You may write this down as "beginner" if you want to, and you will not be entirely incorrect.) Lesson: Install an SD card :)
  
  
• Installing LineageOS from recovery. I got an error 7, because the installation expected a different Android version than the one I was using. Removing the version checking from the installation script fixed the issue. Lesson: Search for specific error messages you get.
  
  

Ultimately, the instructions at the lineage os wiki were not particularly helpful. Specifically, they're somewhat misleading in that they make no provision at all for differences in Android versions. I found no other web site with a complete AND working tutorial, either - I had to research each specific problem as it occurred.

The good news - it DID work out in the end. It was actually doable, and I believe it will be for other phones and android versions as well.

I'd like to end with a thank you to all developers using their time to develop free and open source software. Thank you!

I just switched to LineageOS 18 w/ MicroG and oh my lord is this stuff still complicated. I'm fairly familiar with this stuff and yet still it took me many hours to set everything up correctly. To be clear, this is not the fault of LineageOS, this is simply the state of the FOSS Android environment and the fact that Google has no interest in supporting this setup whatsoever, to put it mildly. Not only is it complicated, it also seems to change pretty much every year.

First the question is how to transfer all your application data, for which there still seems to be no sure-fire way. I settled on "Neo Backup", which mostly worked fine, except for Signal (of course...), and the darned Microsoft Authenticator.

So first unlock the bootloader (good luck), then you need to find the correct TWRP for your phone (and careful with 32/64 bit) and flash it via fastboot.

Then I flashed LineageOS, which worked fine. Luckily I found an image which already had the signature-spoofing patch included, so I didn't have to worry about that. How do you get root? SuperSU? XPosed? Magisk? OK it seems everybody's using Magisk nowadays. OK, flashing worked fine, but now, how do you get MicroG on it? If you look at the MicroG homepage, you might think you can just install it with F-Droid, and you actually can, but many things won't work (like FCM notifications). It needs to be a system app. I tried using the F-Droid Privileged Extension, flashed it via TWRP, which seemed to work fine but actually wasn't installed and not working at all. Now what? There's a multitude of information in forums what to do. Some say to flash NanoDroid, but the last release was in January 2021, it seems it's not updated anymore? I settled on the "MicroG installer revived" Magisk module, which worked fine (btw, there's no curated Magisk module repo anymore, you have to search the web and hope you find something that's not malicious).

Of course my banking apps refuse to run because "U ROOTED UR PHONE", I search for Magisk Hide, it doesn't exist anymore, now you need to configure a "Zygisk deny list", whatever that is. Then I also need to hide the Magisk app, my banking works now thank you very much. FCM notifications also work after I uninstall and reinstall my apps which need it ...

To be clear: I'm eternally grateful to all the developers who make this possible in their spare time. This is not their fault.

I eventually found out about LineageOS for MicroG which is a variant of LOS with MicroG bundled which cuts out most of the fooling around, removes the need to root my phone and works with both banking apps that I've tried.

• Activities: screens/pages. Some IDEs offer pre-built Activities including Bottom Navigation Activity, Google Map Activity, Login Activity, Settings Activity, Tabbed Activity, more.
  
  
• Services: do background processing.
  
  
• Broadcast Receivers: handle messages (intents) from OS and other applications.
  
  
• Content Providers: handle data and database management. (SQLite is built into Android, accessed through "android.database.sqlite" and SQL statements. There also are files, stored in internal or external storage.) An app can expose content providers for other apps to use, or keep them private. Examples: to get all contacts "content://contacts/people", to get a specific contact "content://contacts/people/2", to get your app's specific data maybe "content://com.MYAPPNAME.MYINTENTNAME/MYTYPENAME/3".

• Fragments: behaviors or pieces of UI, which can be placed in Activities. Standard fragments might include Google Map, more.
  
  
• Views: UI elements. Standard views include TextView, EditText, Button, CheckBox, RadioButton, ProgressBar, DatePicker, more. Views can receive and handle Events such as Click, LongClick, Key, more. Adapters connect Views to data sources.
  
  
• Layouts: hierarchies of views (using viewgroups, widgets, views). Standard layouts include Linear, Relative, Table, Absolute, Frame, List, Grid.
  
  
• Intents: messages among components or among apps. Requests (e.g. someone make a phone call to N, someone do a web search of X, send email, send SMS) or events (e.g. battery is low, or Call button was pressed). They can be system-wide (AKA "implicit": addressed as "android.intent.action.*") or app-specific (AKA "explicit": addressed as "com.MYAPPNAME.MYINTENTNAME").
  
  
• Resources: strings, images, styles, etc.
  
  

• Google Play Store.
  
  
• F-Droid
  
  And under Settings / Repositories you can enable additional repos. I don't know if this is a good idea.
  
  PrivSec's "F-Droid Security Issues"
  
  
• What is the Kali NetHunter App Store?
  
  
• Aurora app store (a client for Google Play apps without using the Google Play Store app)
  
  From people on reddit 3/2020:
  Has useful filters when searching for apps (minimum rating, ads, IAPs, minimum downloads); if you don't want to update an app for any reason you can blacklist it; you can download apps from other countries.
  But: downloads sometimes randomly bug and don't complete; need to re-login with Google account all the time; sometimes search an app and it just doesn't show up at all; to update all apps, you need to manually tap "allow" each time an update downloads, for each app; it says using Google account in Aurora Store will lead to ban by Google, so use Anonymous.
  
  Home page seems to be AuroraOSS app.
  
  Doesn't work if VPN is on.
  
  
• APKMirror (especially for beta-test versions of apps)
  
  
• APKPure
  
  
• Yalp Store.
  
  
• Aptoide.
  
  
• Amazon Appstore.
  
  
• Mobogenie.
  
  
• Accrescent.
  
  
• Obtainium. Gets apps from source: GitHub, GitLab, etc. Use your own GitHub token if you want to avoid rate-limiting. Export list of subscriptions in case the app forgets it (has happened to people).
  
  

• Requirements for admission: e.g. F-Droid allows only open-source, Google Play Store doesn't allow ad-blockers ?
  
  
• Because of the open-source requirement, some apps have different features/subsystems in the different stores (e.g. Firebase subsystem).
  
  
• Some apps have different pricing in the different stores.
  
  
• Degree of screening of apps; e.g. Google has "Play Protect".
  
  
• Because of market share, some apps may publish first to Google Play Store, then later to other stores.
  
  
• Google won't allow OAuth2 feature in apps from other stores ?
  
  

• aCalendar by Tapir Apps GmbH (Google Play Store only ?).
• Compass by Philipp Bobek (from F-Droid).
• DAVx5 by bitfire web engineering (from F-Droid), to connect to server for calendar and contacts.
• Etar - OpenSource Calendar by ??? (from F-Droid).
• Firefox Fast & Private Browsing by Mozilla.
• Flashlight Free: No Permissions by Humberto.
• K-9 Mail by K-9 Dog Walkers.
• OpenKeychain: Easy PGP by Cotech (works with K-9 Mail; optional ?).
• Keepass2Android Offline by Philipp Crocoll (Croco Apps).
• Music Folder Player by Zorillasoft.
• Offline Organic Maps by Organic Maps OU.
• OsmAnd (AKA Maps & GPS Navigation OsmAnd+, in F-Droid).
• Signal Private Messenger by Signal Foundation.
• WhatsApp Messenger by WhatsApp LLC.

• AccuBattery by Digibites.
• Adobe Acrobat.
• Bitdefender Antivirus (AKA Antivirus Free) by Bitdefender.
• Certo Mobile Security by Certo Software (malware scanner).
• F-Droid (from F-Droid).
• Fake GPS location by Lexa Tools.
• Fing - Network Tools by Fing Limited (network probe).
  [Use WiFiman from Ubiquity Inc instead ?]
• Malwarebytes Mobile Security by Malwarebytes. Leave real-time scanning disabled.
• QR Code Reader by Scan Mobile (but some Camera apps include QR-code functionality).
• Terminal Emulator (from F-Droid). termoneplus.com
• WireGuard (VPN client; from F-Droid).

• 061 Salut Respon by Generalitat de Catalunya. (I don't use any more.)
• AlertCops by Secretaria de Estado de Seguridad - Mo Interior. (I don't use any more.)
• Barcelona City Map Lite by Topobyte.de. (unavailable ?)
• Barcelona Offline City Map by CityMaps2Go.
• Barcelona a la butxaca by Ajuntament de Barcelona.
• BCN+65 by Ajuntament de Barcelona.
• La meva salut.
• Mi Sanitas by Sanitas.
• TMB App (Metro Bus Barcelona) by Transports Metropolitans de Barcelona.

• Coinbase: Buy ... by Coinbase Android.
• Expedia.
• IBKR Mobile by Interactive Brokers Group.
• Openbank - banca movil by Openbank SA.
• Wise by Wise, formerly Transferwise.
• E*Trade: Invest ... by E*Trade Securities.
• NetBenefits by Fidelity

• Bluetooth Scanner by Zoltan Pallagi (look for Bluetooth devices).
• ClassyShark3xodus (from F-Droid).
• DiskDigger photo recovery by Defiant Technologies LLC (for the free-space-wipe feature).
• Exodus Privacy (from F-Droid).
• Google Earth by Google LLC.
• HP Smart by HP Inc.
• IRS2Go (for US IRS).
• Package Name Viewer 2.0 by csing.
• Phone Doctor Plus by iDea Mobile Tech Inc.
• PlantNet Plant Identification by PlantNet.
• Privacy Scanner from Lighthouse.
• SD Maid - System Cleaning Tool by darken.
• Samourai Wallet by Samourai.
• strongSwan VPN Client by strongSwan Project.
• TestM by TestM.
• UPnP Tool by TJ App.
• GlassWire ? Tried briefly, blocking apps seems to require paid.
• NetGuard no-root firewall by Marcel Bokhorst, FairCode BV. A firewall/monitor. But the logging/filtering features I want seem to be paid-only.
• DataGuard No Root Firewall by Fulldive ? A blocker/monitor. Tried it on GrapheneOS and all network access by all apps stopped.
• TrackerControl ? A blocker/monitor. Haven't tried it.
• RethinkDNS ? A blocker/monitor. Haven't tried it.
• AdGuard DNS ? A blocker/monitor. Haven't tried it.
• NoRoot Firewall ? A blocker/monitor. Haven't tried it.
• I haven't used it: Bouncer - Temporary App Permissions by Sam Ruston.
• I haven't used it: Shelter. A sandboxing app. article
• I haven't used it: Insular. A sandboxing app. Forked from Island

Audio / podcasting apps

It seems "audio" apps just know about MP3 files. I want an app that lets me skip back and forward 15 seconds, which is hard to find. I found "Music Folder Player Free by Zorillasoft". It's okay, but has ads and way too many features for my needs. Since all it gets is MP3 files, it has no way to show any "show notes" page for a podcast. It does have skip back/forward on play.

It seems "podcasting" apps know about RSS feeds, downloading, playing or calling an external player app, maybe displaying "show notes" page. I found "AntennaPod" (in F-Droid). It has lots of features, including handling OPML feed-list files. It does have skip back/forward on play.

On desktop Linux, I use "Liferea" and "uGet" to download audio podcast MP3 files, and read web pages, from RSS feeds.

I guess I'm going to stay with Liferea and Music Folder Player, because I just have so many RSS feeds that I need to handle them in a desktop app, not a phone app.

• Anti Spy Mobile FREE by Anti Spy Mobile (checks permissions; didn't detect any of the test apps).
• Bitdefender Antivirus Free (detected all test apps in the next section).
• Kaspersky Mobile Antivirus: AppLock & Web Security by Kaspersky Lab (maybe detected only 2 of 3 test apps; results confusing).

• F-Secure AV Test by F-Secure Corporation (should be detected as malware by AV apps; very small; AKA "AV Test App").
• Test Virus by Itus Mobile Security (should be detected as malware by AV; has some extra tests you can run).
• Test your antivirus by Guillermo Hernandez Cabrera (should be detected as malware by AV apps; has some extra tests you can run, but I don't see anything happen).

• Firefox Fast & Private Browser:
  
  The regular Firefox. This is the one you should use.
  
  
• Firefox Beta for Testers:
  
  A beta version that is used for testing future features.
  
  
• Firefox Nightly for Developers:
  
  For people who want to make add-ons or contribute to the codebase for Firefox.
  
  
• Firefox Focus: No Fuss Browser:
  
  A simplified Firefox browser. Focus does not save history or cookies at all, and has tracking blockers a bit more aggressive than regular Firefox. It doesn't support add-ons. Focus focuses on short-lived browsing sessions.
  
  
• Fennec F-Droid:
  
  A version of Firefox available outside of the Play Store. Fennec also allows you to install more than Mozilla's tiny whitelist of add-ons and removes their weird about:config block.
  
  
• Mull:
  
  A fork of Fennec but it doubles down on privacy even more than degoogling regular Firefox.
  
  
• Klar:
  
  The ad-blocking and tracking-mitigation does not seem to be up to par with Nightly for instance.
  
  

Chromium has far more effort put into fuzzing and security research, which are substantial advantages not disadvantages. It has more fixed vulnerabilities primarily due to more resources put into it. Vulnerabilities being discovered and fixed is a positive thing. It's also common for a CVE to encompass numerous similar issues. There is plenty of objective evidence to compare including the fact that Firefox doesn't do any form of content sandboxing on Android and has significantly weaker mitigations.

GrapheneOS's "Web browsing"

• Best way: install Package Name Viewer 2.0 app.
  
  
• Go to Settings / Applications and click on each app you don't recognize.
  
  But you will get little information about each.
  
  Many are pre-installed and can't be removed, or even deactivated. Some can only be reverted to the original factory version, which seems useless.
  
  
• Go to Google Play Store, then My Applications.
  
  
• Using ADB:
  1. Install ADB on computer.
  2. Enable USB debugging on phone.
  3. Connect via USB cable.

  4. adb devices

     You should see just one device listed.

  5. adb shell pm list packages

     Mohamed Ibrahim's "Android: ADB - List Installed Package Names"
  6. Find the package name of the app you want to delete, in the list.
  
  
  

• Android: Beaming Service (NFC).
• Bixby (smart assistant)
• Wake up by voice
• Samsung voice input
• Galaxy Store
• TouchWiz (launcher)
• Knox (security)
• Good Lock (replacement for TouchWiz)
• OM Customize
• Game Optimizing Service
• Smart Switch (for migrating from a non-Android phone)
• SmartThings (home automation).
• Jooble (job-seeking)
• Google: speech synthesis
• Nextdoor (neighborhood watch/trade)
• Start ?
• Lite: Facebook Messenger ?

• Backup and Restore: com.mediatek.datatransfer
• DG Xender: cn.xender
• Duo: com.google.android.apps.tachyon
• GMail: com.google.android.gm
• Google Drive: com.google.android.apps.docs
• Google Play Movies & TV: com.google.android.videos
• Google Play Music: com.google.android.music
• Google Text-to-speech Engine: com.google.android.tts
• Hangouts: com.google.android.talk
• YouTube: com.google.android.youtube

• YouTube: use NewPipe from F-Droid.
• Maps: use Osmand from F-Droid, or Organic Maps by Offline Organic Maps Hike&Bike.

• Disable it: leave it installed, but not running.
• Delete it: uninstall it completely.
• Any way to use parental controls to disable an app ?

• Other apps may depend on some app or service you want to remove.
• Many are pre-installed and can't be removed, or even deactivated.
• Some can only be reverted to the original factory version, which seems useless (but it might free some memory).
• Sometimes you can disable or delete an app, only to have it come back to life later (after you use another app, or after you reboot the phone).

• Go to Settings / Applications and click on each app you want to remove. See what options are available.
  
  
• Using ADB:
  1. Install ADB on computer and connect to phone (see Using adb (Android Debug Bridge) section).

  2. adb shell pm disable-user --user 0 PACKAGENAME

     If package name is right, get "Success".
     If name is wrong, get "Failure [???]".
  
  
  

• Go to Settings / Applications and click on each app you want to remove. See what options are available.
  
  
• Using ADB:
  1. Install ADB on computer and connect to phone (see Using adb (Android Debug Bridge) section).
  2. On phone, go into Settings / Apps / theappname, and do Disable and then Force Stop ?

  3. adb shell pm uninstall PACKAGENAME

     If package name is right, get "Success".
     If name is wrong, get "Failure [DELETE_FAILED_INTERNAL_ERROR]".
  4. Alternate method that probably won't work on system/pre-installed apps:

     adb shell am start -a android.intent.action.DELETE -d package:PACKAGENAME

     If package name is correct, get a "Do you want to uninstall this app ?" pop-up on the phone.
     If package name is bad, get an "App not found" pop-up on the phone.
  5. You may see the removed apps still appear in certain lists, with small amounts of storage assigned to them. You could try going into your computer's File Explorer, going to the phone's storage folders, and deleting any folders you see corresponding to the deleted packages, under the InternalStorage/Android/data, InternalStorage/Android/media, InternalStorage/.install, and InternalStorage folders.
  6. You may see the removed apps still appear the main list of apps. Try going into Settings / Apps, clicking on the app, and clicking Disable.
  
  
  
• Instructions from a post somewhere:
  1. Only if your device is rooted.
  2. Download and Install Titanium Backup from the Play Store.
  3. Enable USB Debugging under Developer Options.
  4. Open Titanium Backup and Grant Root Access.
  5. Go to the Backup/Restore Tab.
  6. Find the app you want to delete.
  7. Select Wipe Data.
  8. Select OK on the Backup Prompt to continue without backing up.
  9. Do the same with the Un-Install option.
  10. Restart.
  
  
  

adb shell ls -R /
adb shell

adb shell pm list packages
adb shell pm list packages -f