On 23/03/06 11:10PM, Denis 'GNUtoo' Carikli via Replicant wrote: > On Wed, 1 Mar 2023 01:26:03 -0500 > efeizbudak via Replicant <replicant@osuosl.org> wrote: > > > Hi everyone, > Hi, > > > Because of professors in my department that just won't take no for an > > answer, I've blocked the installation of WhatsApp on my phone by > > installing an empty package I made with the name com.whatsapp. > > > But this package is easily uninstallable and directly shows up in app > > lists. Therefore, I thought it would be nice if I could install it as > > a system app. > There were applications in f-droid that could move applications from > normal apps to system apps. I don't remember the names and I don't know > if they still show up in the default f-droid repository.
I've found one that required busybox and just got busybox and installed my fake com.whatsapp as a system app. Thank you! > > If they don't they have an f-droid archive with all the older > applications. > > The issue is that nowadays, most f-droid applications now in practice > depends on a nonfree dependency (the Android SDK). I actually was oblivious about this. May I ask, is there any way to create android applications without the Android SDK? > > > Is this possible? Can someone point me in the right direction? Or do > > you have any other ideas on how to keep the faculty off my back? > > First Replicant smartphones don't have Google play, so just getting > WhatsApp will be complicated. > > If the threat model is the faculty getting your phone and installing > WhatApp on it, since there is no google play, it will complicate the > installation a lot. > > Installing Google Play Store is probably not going to work and I don't > know if there are legal ways to obtain it or not separately, so that > might deter the faculty of doing it. So they might not even find a way > to do that. > > So they could resort to downloading APKs manually somehow, but here > again I've no idea of the legality of that for nonfree software: The > faculty might need to look at terms and conditions, the local law, etc, > and maybe that would deter them from trying. > > Then if they know how to do it and try to download APKs, it will most > likely not work anyway because Replicant doesn't use microG, and just > installing microG will not work either as Whatsapp seems to need some > application ID spoofing to work[1]. And that has to be integrated > inside the distribution. > > And the phones supported by Replicant are not supported anymore by > LineageOS or derivatives for instance, so images might be complicated > to find, and you'd need to migrate all the data, and since that's > complicated maybe you'd have enough leverage to refuse. > > If they still try to install an APK even if it's known not to work, > you'd still have a big risk here given the huge amounts of permissions > that Whatsapp requires[2], so it would be best to try to block that or > show them that it's not compatible anyway. So trying to block the > installation of com.whatsapp is a good idea indeed. > > Though there is also the risk of them trying to install another apk > than com.whatsapp, and maybe there is a way to block the installation > of applications but I'm unsure about that. > > Replicant 6.0 also has a Guest mode in case that could help. If you try > to install an apk there it will says "Install blocked" and "Your > administrator doesn't allow installations of apps obtained from unknown > sources". > > It's also a good idea to deactivate root and adb and maybe remove the > microSD too in case you have to hand over your phone somehow. > > To get the Guest mode: (1) slide the top of the screen to get the wifi > indication etc, and (2) click on the top-right button that look like a > person. You can then enter the Guest mode, add users, etc. > > Though if they know about the Guest mode they could ask you to > deactivate it. You could also create another account "just for > Whatsapp" to try to limit a bit the risk, just in case they try it. Thank you for such an elaborate analysis! I'm not ever giving away my phone to anyone in the faculty but I needed a way to say to them "See? I can't even install it!" but your advice will come in handy if ever I was to give my phone so thank you. -- All the best, Efe The funny quote of this email is trivial and left as an exercise.
signature.asc
Description: PGP signature
_______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant