On Wed, 1 Mar 2023 01:26:03 -0500 efeizbudak via Replicant <replicant@osuosl.org> wrote:
> Hi everyone, Hi, > Because of professors in my department that just won't take no for an > answer, I've blocked the installation of WhatsApp on my phone by > installing an empty package I made with the name com.whatsapp. > But this package is easily uninstallable and directly shows up in app > lists. Therefore, I thought it would be nice if I could install it as > a system app. There were applications in f-droid that could move applications from normal apps to system apps. I don't remember the names and I don't know if they still show up in the default f-droid repository. If they don't they have an f-droid archive with all the older applications. The issue is that nowadays, most f-droid applications now in practice depends on a nonfree dependency (the Android SDK). > Is this possible? Can someone point me in the right direction? Or do > you have any other ideas on how to keep the faculty off my back? First Replicant smartphones don't have Google play, so just getting WhatsApp will be complicated. If the threat model is the faculty getting your phone and installing WhatApp on it, since there is no google play, it will complicate the installation a lot. Installing Google Play Store is probably not going to work and I don't know if there are legal ways to obtain it or not separately, so that might deter the faculty of doing it. So they might not even find a way to do that. So they could resort to downloading APKs manually somehow, but here again I've no idea of the legality of that for nonfree software: The faculty might need to look at terms and conditions, the local law, etc, and maybe that would deter them from trying. Then if they know how to do it and try to download APKs, it will most likely not work anyway because Replicant doesn't use microG, and just installing microG will not work either as Whatsapp seems to need some application ID spoofing to work[1]. And that has to be integrated inside the distribution. And the phones supported by Replicant are not supported anymore by LineageOS or derivatives for instance, so images might be complicated to find, and you'd need to migrate all the data, and since that's complicated maybe you'd have enough leverage to refuse. If they still try to install an APK even if it's known not to work, you'd still have a big risk here given the huge amounts of permissions that Whatsapp requires[2], so it would be best to try to block that or show them that it's not compatible anyway. So trying to block the installation of com.whatsapp is a good idea indeed. Though there is also the risk of them trying to install another apk than com.whatsapp, and maybe there is a way to block the installation of applications but I'm unsure about that. Replicant 6.0 also has a Guest mode in case that could help. If you try to install an apk there it will says "Install blocked" and "Your administrator doesn't allow installations of apps obtained from unknown sources". It's also a good idea to deactivate root and adb and maybe remove the microSD too in case you have to hand over your phone somehow. To get the Guest mode: (1) slide the top of the screen to get the wifi indication etc, and (2) click on the top-right button that look like a person. You can then enter the Guest mode, add users, etc. Though if they know about the Guest mode they could ask you to deactivate it. You could also create another account "just for Whatsapp" to try to limit a bit the risk, just in case they try it. References: ----------- [1]https://github.com/microg/GmsCore/issues/695 [2]https://reports.exodus-privacy.eu.org/en/reports/com.whatsapp/latest/ Denis.
pgpxoZMZLZObm.pgp
Description: OpenPGP digital signature
_______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant