The no-root section for the PrivMod, for those who don't need / want to have root access (but still rely on TWRP).
If you haven't booted to TWRP yet (by the pre-cleanup phase you should be), boot to TWRP via whatever means available, whether it's using the provided advanced reboot feature, or by holding down some buttons.
More information regarding this can be found in the System Apps list.
You can get my hosts from the Git Releases. Alternatively, you may also use hosts copy/pasted from a PrivModded PDA, or your own customized hosts file.
Actions for the already PrivModded PDA (if you have one):
Actions for the PDA about to be PrivModded:
Flash NanoDroid module zip(s) of your choice (microG / F-Droid) in TWRP. Keep in mind that NanoDroid modules can't be flashed on TWRP without rw access.
Don't flash F-Droid and/or microG module if using Lineage-microG, OmniROM microG, CalyxOS (microG via setup wizard, custom F-droid version prebuilt), DivestOS (prebuilt upstream F-Droid, but no support for microG), & /e/ (the last one doesn't have F-Droid) since it's prebuilt.
Flash your custom kernel zip in TWRP.
Custom kernels don't really grant any privacy boons, but might enhance performance and/or battery life. However, some custom kernels may also replace the default DNS with other provider (such as CloudFlare), so watch out for that.
Wipe Dalvik (on A-only devices, wipe Dalvik & Cache), & select Reboot System.
Now that we're back in system, our first actions are to enable USB debugging, by going to Settings > System > Developer options & tapping on Android debugging to enable it. If you have microG installed via NanoDroid, go to the microG section & set-up microG.
If you haven't enabled Developer options yet, go to Settings > About phone & tap on the Build number until a toast saying development settings are enabled.
Plug the PDA to your PC, & open terminal / powershell / commandprompt in the PC (for powershell / commandprompt, navigate to the folder with adb/fastboot binaries, press Shift & right click, & Open PowerShell window here). Then, type adb devices & press Enter, which should prompt your PDA to accept USB debugging requests - accept it. Afterwards, your PC should recognize your PDA as an ADB device in the terminal / powershell.
Gain adb shell access in the terminal / powershell. Afterwards, you have 2 choices: to change the captive portal to a more trustworthy captive portal provider, or to disable them altogether.
For those who'd like to use captive portal, first read the captive portal provider list for more information. Then, use these commands:
However, if you're confident that you won't use any Wi-Fi / mobile connections with captive portal, or refuse to use external services for internet connectivity checking, here are the commands:
If you're using alternative captive portal & you would like to verify that the setting's applied, here's how :
Gain adb shell access in terminal / powershell (preferably while changing captive portal provider). Afterwards, you have 2 choices : change the NTP provider to a more trustworthy one, or disable it.
It is recommended to do this before typing in reboot in terminal / powershell, if only to streamline the work done.
In short, here's what we're doing:
For now, we're done in setting up our device to not trigger unwanted connections (and trigger only the ones that are wanted & necessary).
For the cleanups, head over to the clean-up section of the basic privacy hardening guide.Back to top
Android Privacy Hardening - Basic