The no-root section for the PrivMod, for those who don't need / want to have root access.
If you haven't booted to TWRP yet (by the pre-cleanup phase you should be), boot to TWRP via whatever means available, whether it's using the provided advanced reboot feature, or by holding down some buttons.
More information regarding this can be found in the System Apps list.
You can get my hosts from here : Git Releases
Alternatively, the hosts can be obtained by copy-pasting from a PrivModded PDA.
Actions for the already PrivModded PDA (if you have one):
Actions for the PDA about to be PrivModded:
Flash NanoDroid module zip(s) of your choice (microG / F-Droid / Bromite) in TWRP. Keep in mind that NanoDroid modules can't be flashed on TWRP without rw access.
Don't flash F-Droid and/or microG module if using either Lineage-microG, OmniROM microG, or /e/ (the last one doesn't have F-Droid) since it's prebuilt.
Flash your custom kernel zip in TWRP.
Custom kernels don't really grant any privacy boons, but might enhance performance and/or battery life. However, some custom kernels may also replace the default DNS with other provider (such as CloudFlare), so watch out for that.
Wipe Dalvik (on A-only devices, wipe Dalvik & Cache), & select Reboot System.
Now that we're back in system, our first actions are to enable USB debugging, by going to Settings > System > Developer options & tapping on Android debugging to enable it. If you have microG installed via NanoDroid, go to the microG section & set-up microG.
If you haven't enabled Developer options yet, go to Settings > About phone & tap on the Build number until a toast saying development settings has appeared.
Connect the PDA to your PC, & open terminal / powershell in the PC (for powershell, navigate to the folder with adb/fastboot binaries, press Shift & right click, & Open PowerShell window here). Then, type adb devices & press Enter, which should prompt your PDA to accept USB debugging requests - accept it. Afterwards, your PC should recognize your PDA as an ADB device in the terminal / powershell.
Gain adb shell access in the terminal / powershell. Afterwards, you have 2 choices: to change the captive portal to a more trustworthy captive portal provider, or to disable them altogether.
For those who'd like to use captive portal, first read the captive portal provider list for more information. Then, use these commands:
However, if you're confident that you won't use any Wi-Fi / mobile connections with captive portal, or refuse to use external services for internet connectivity checking, here are the commands:
In short, here's what we're doing:
If you're using alternative captive portal & you would like to verify that the setting's applied, here's how :
For now, we're done in setting up our device to not trigger unwanted connections (and trigger only the ones that are wanted & necessary).
For the cleanups, head over to the clean-up section of the basic privacy hardening guide.Back to top
Android Privacy Hardening - Basic