On 23/03/06 11:10PM, Denis 'GNUtoo' Carikli via Replicant wrote:
> On Wed, 1 Mar 2023 01:26:03 -0500
> efeizbudak via Replicant <replicant@osuosl.org> wrote:
> > Hi everyone,
> Hi,
> > Because of professors in my department that just won't take no for an
> > answer, I've blocked the installation of WhatsApp on my phone by
> > installing an empty package I made with the name com.whatsapp.
> > But this package is easily uninstallable and directly shows up in app
> > lists. Therefore, I thought it would be nice if I could install it as
> > a system app. 
> There were applications in f-droid that could move applications from
> normal apps to system apps. I don't remember the names and I don't know
> if they still show up in the default f-droid repository.

I've found one that required busybox and just got busybox and installed
my fake com.whatsapp as a system app. Thank you!

> If they don't they have an f-droid archive with all the older
> applications.
> The issue is that nowadays, most f-droid applications now in practice
> depends on a nonfree dependency (the Android SDK).

I actually was oblivious about this. May I ask, is there any way to
create android applications without the Android SDK?

> > Is this possible? Can someone point me in the right direction? Or do
> > you have any other ideas on how to keep the faculty off my back?
> First Replicant smartphones don't have Google play, so just getting 
> WhatsApp will be complicated.
> If the threat model is the faculty getting your phone and installing
> WhatApp on it, since there is no google play, it will complicate the
> installation a lot.
> Installing Google Play Store is probably not going to work and I don't
> know if there are legal ways to obtain it or not separately, so that
> might deter the faculty of doing it. So they might not even find a way
> to do that.
> So they could resort to downloading APKs manually somehow, but here
> again I've no idea of the legality of that for nonfree software: The
> faculty might need to look at terms and conditions, the local law, etc,
> and maybe that would deter them from trying.
> Then if they know how to do it and try to download APKs, it will most
> likely not work anyway because Replicant doesn't use microG, and just
> installing microG will not work either as Whatsapp seems to need some
> application ID spoofing to work[1]. And that has to be integrated
> inside the distribution.
> And the phones supported by Replicant are not supported anymore by
> LineageOS or derivatives for instance, so images might be complicated
> to find, and you'd need to migrate all the data, and since that's
> complicated maybe you'd have enough leverage to refuse.
> If they still try to install an APK even if it's known not to work,
> you'd still have a big risk here given the huge amounts of permissions
> that Whatsapp requires[2], so it would be best to try to block that or
> show them that it's not compatible anyway. So trying to block the
> installation of com.whatsapp is a good idea indeed.
> Though there is also the risk of them trying to install another apk
> than com.whatsapp, and maybe there is a way to block the installation
> of applications but I'm unsure about that.
> Replicant 6.0 also has a Guest mode in case that could help. If you try
> to install an apk there it will says "Install blocked" and "Your
> administrator doesn't allow installations of apps obtained from unknown
> sources". 
> It's also a good idea to deactivate root and adb and maybe remove the
> microSD too in case you have to hand over your phone somehow.
> To get the Guest mode: (1) slide the top of the screen to get the wifi
> indication etc, and (2) click on the top-right button that look like a
> person. You can then enter the Guest mode, add users, etc.
> Though if they know about the Guest mode they could ask you to
> deactivate it. You could also create another account "just for
> Whatsapp" to try to limit a bit the risk, just in case they try it.

Thank you for such an elaborate analysis! I'm not ever giving away my
phone to anyone in the faculty but I needed a way to say to them "See? I
can't even install it!" but your advice will come in handy if ever I was
to give my phone so thank you.

All the best,

The funny quote of this email is trivial and left as an exercise.

Attachment: signature.asc
Description: PGP signature

Replicant mailing list

Reply via email to