mirror of
https://0xacab.org/anarsec/anarsec.guide.git
synced 2025-08-02 19:36:14 -04:00
update most guides
This commit is contained in:
parent
be05046783
commit
3ce6491c8f
21 changed files with 86 additions and 79 deletions
|
@ -8,7 +8,7 @@ tags = ["intro", "mobile", "easy"]
|
|||
|
||||
[extra]
|
||||
toc = true
|
||||
blogimage="/images/graphene.avif"
|
||||
blogimage="/images/graphene.png"
|
||||
dateedit=2023-05-10
|
||||
a4="grapheneos-a4.pdf"
|
||||
letter="grapheneos-letter.pdf"
|
||||
|
@ -127,7 +127,7 @@ Using the example of RiseupVPN, once it is installed, accept the 'Connection req
|
|||
|
||||
Now we will delegate apps to their needed profiles:
|
||||
|
||||
* In the Owner profile, disable all applications other than the VPN: **Settings → Apps → [Example] → Disable**.
|
||||
* In the Owner profile, disable all applications downloaded through the Play Store other than the VPN: **Settings → Apps → [Example] → Disable**.
|
||||
* To install Riseup VPN (or any other app) in the Default user profile: **Settings → System → Multiple users → Default → Install available apps**, then select Riseup VPN.
|
||||
|
||||
## Software That Isn't On the Play Store
|
||||
|
@ -158,16 +158,15 @@ Applications like Cwtch and Briar have Tor built in, and should not be used thro
|
|||
|
||||
# Recommended Settings and Habits
|
||||
|
||||
* **Settings → Security → Auto reboot:** 8 hours [Owner user profile]
|
||||
* [Owner user profile] **Settings → Security → Auto reboot:** 8 hours
|
||||
* Auto reboot when no profile has been unlocked for several hours will put the device fully at rest again, where [Full Disk Encryption](/glossary/#full-disk-encryption-fde) is most effective. It will at minimum reboot overnight if you forget to turn it off. In the event of [malware](/glossary/#malware) compromise of the device, [Verified Boot](https://www.privacyguides.org/en/os/android-overview/#verified-boot) will prevent and revert changes to the operating system files upon rebooting the device. If police ever manage to obtain your phone when it is in a lock-screen state, this setting will return it to effective encryption even if they keep it powered on.
|
||||
* Keep the Global Toggles for Bluetooth, location services, the camera, and the microphone disabled when not in use. Apps cannot use disabled features (even if granted individual permission) until re-enabled.
|
||||
* **Settings → Connected devices → Bluetooth timeout:** 2 minutes
|
||||
* Keep the Global Toggles for Bluetooth, location services, the camera, and the microphone disabled when not in use. Apps cannot use disabled features (even if granted individual permission) until re-enabled. Also set a Bluetooth timeout: **Settings → Connected devices → Bluetooth timeout:** 2 minutes
|
||||
* Quite a few applications allow you to "share" a file with them for media upload. For example, if you want to send a picture on Signal, do not grant Signal access to "photos and videos", because it will have access to all of your pictures then. Instead, in the Files app, long-press to select the picture, then share it with Signal.
|
||||
* Once you have all the applications you need installed in a given user profile, disable app installation within it [Owner user profile].
|
||||
* **Settings → System → Multiple users → [Username]:** Disallow installing apps (enabled)
|
||||
* Once you have all the applications you need installed in a given user profile, disable app installation within it - updates will still happen to apps installed in a secondary user profile which have been delegated from the Owner profile.
|
||||
* [Owner user profile] **Settings → System → Multiple users → [Username]:** Disallow installing apps (enabled)
|
||||
* If an app asks for storage permissions, choose Storage Scopes. This makes the app assume that is has all of the storage permissions that were requested by it, despite not actually having any of them.
|
||||
* It is convenient to be able to receive notifications from any user profile. Within the Owner user profile:
|
||||
* **Settings → System → Multiple users:** Send notifications to current user (enabled)
|
||||
* It is convenient to be able to receive notifications from any user profile.
|
||||
* [Owner user profile] **Settings → System → Multiple users:** Send notifications to current user (enabled)
|
||||
|
||||
# How to Backup
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue