My debloating experience with Poco F3
mete.devThe best way to debloat and prevent phones from calling home servers in China is simply by running LineageOS; don't even bother with anything else. I use Lineage on multiple devices (OnePlus, Poco F1), and it's at least as good as plain Android on a Pixel.
Warning: Poco F3 is different from the Poco F3 GT available in some regions - GT uses Mediatek Dimensity 1200 instead of Snapdragon 870. Mediatek SoCs don't work well with LineageOS.
I ended up on Havoc but I agree the experience is much better than stock.
2 things that make me much less excited about how much control I have:
There is still a xiaomi boot rom running under Havoc or Lineage, I can only assume xiaomi can put anything they want in that, so my phone isn't more secure, it's just less bloated.
Also, once you unlock you can now get access to the phone with a computer, bypassing the password. It becomes physically less secure. I believe there are some full storage encryption options but they seemed very finicky.
Please correct me if I'm wrong with any of the terminology, I last messed with this months ago. Sad that these are our options (walled garden and/or wiretap ourselves).
If you're not using full disk encryption, you're going to be vulnerable to physical attacks no matter what. It does mean the attacker will need 30 more minutes with your phone though.
Just set up encryption. Once it works, it works, so it's worth it.
Does Android even have a full disk encryption option anymore? Last I heard they moved to file based encryption. I don't know enough to knowledgeably discuss the tradeoffs though.
You're right, from Android 10 onwards it's file based encryption. Still, it can be set up with ROMs and work. The most difficult part is getting the bootloader and recovery to grok the encryption
Xiaomi makes great hardware for the price but the software is simply terrible. I would not recommend buying their hardware if you come from a high end Samsung or iPhone and expect to be able to debloat it easily without wiping the entire thing and installing something like LineageOS.
I've bought a Mi 9 which had a similar price to features ratio in the hope the it'd become popular with the LineageOS community so I could run the latest and greatest open source ROM (it didn't) and the phone is pretty great.. . except for the terrible Xiaomi software. Nothing quite makes a premium piece of hardware feel cheap like a shitty "storage cleaner" application and ads (which you can disable, luckily) built right into the OS.
I'll probably buy Xiaomi again because of the hardware value for money, but this time I'll probably wait until LineageOS support is there officially instead if just hoping someone will add it eventually.
I had lots of luck with https://github.com/phhusson/treble_experimentations/wiki on Mi Max 3. In general any recent phone should work with these ROMs.
On Mi Max 3 it works perfectly with only a few tweaks after flashing.
https://github.com/phhusson/treble_experimentations/issues/1...
This one, and one more for Bluetooth audio
Fingerprint reader: Works Broken on Always on Display (turn screen on first)
Kind of a big deal. Do you still need to apply to unlock your own device and hope they let you?
> Kind of a big deal.
That the fingerprint reader doesn't work is a feature, not a bug. Fingerprints are the worst passwords, as they are easily obtained/faked and cannot be changed.
This tendency to embed biometric sensors in consumer devices is hurting users and hurting security. Only cops and psychopaths find any sort of advantage in that.
Last time I checked it still was required.
It's not required on A-series devices (A1, A2, A2-Lite, A3). But the latest device in that line is the Mi A3 from mid-2019, and there's no official news of further releases so far.
The sad thing is that, a big interest of the first Xiaomi (MIUI) phones was that you had a kind of bloat free and feature full OS. But it all changed when they started to offer android one.
Quote: "It was funny because I was removing these applications to stop sharing my personal data"
and goes later to
Quote: "Here is the list of apps that I deleted from my phone.
com.android.chrome
Alternative: Microsoft Edge"
+1 for Firefox.
Some think that a local evil dude is less evil than a foreign evil dude. As an European, I would be less concerned if my data was pwned by Xiaomi rather than Microsoft; should my government ask for my data, they're more likely to be served by Microsoft than Xiaomi.
Firefox for mobile is a good choice, but Tor Browser is even better (like on desktop), because it has built-in fingerprinting prevention.
> Some think that a local evil dude is less evil than a foreign evil dude.
Some people think that, although like you i'm less afraid of chinese secret police than french/US secret police, but what would be even better is when no "evil dude" is involved at all :)
He seems to be a MS fan. He replaced everything Google with MS
Unfortunately I have tried to use other applications to setup my company email and install another browser on my computer rahter than Chrome or Edge to have consistent browser experience. Unfortunately it wasn't possible, maybe I should have mentioned it :)
or Bromite.
> Unfortunately, this list doesn’t cover all installed bloatware because some applications are breaking the phone if you remove them... Uninstalling the Security Center application (com.miui.securitycenter) or the Find Device service (com.xiaomi.finddevice) puts the phone in a boot loop.
those are the only two apps truly necessary for the manufacturer to recoup the costs of producing the device
Does debloating using this method actually eliminate the phone-home/telemetry functionality? Or is there still some left from the packages that can't be disabled (eg. telemetry code is in frameworks-base)? Personally I don't trust xiaomi enough to settle for a bunch of pm disable commands. It has to be a clean install (eg. lineageos).
Most phone manufacturers can force update certain components. So even if you would uninstall all additional "phone home" packages, the system could still install more https://www.hexnode.com/mobile-device-management/help/how-to...
It doesn't, Android telemetry hidden deeply inside. You can't disable it with build flags or packages removing.
Xiaomi caught many times on stealing user data: https://hn.algolia.com/?q=Xiaomi+browser
dude. i bought moto g30 yesterday with "near stock android" and this is the best android experience i have ever had. i can disable EVERY frigging thing including multiple facebook apps, installer, service and some other facebook crap. i had an old Mi pad 1 and i broke its bootloader from some crappy image.
i had made a point to not buy realme or xiaomi or oneplus or oppo or samsung because of their "custom ui" are ladden with crap.
i do not own a google account so i use aurora store and f-droid store to get mah apps. i use pi-hole at my home and i generally see around 80% blocked requests.
edit: i disabled google assistant so the dedicated assitant button doesnt work. i dont know if it can be reused somehow?
For £80 more you can get a Pixel 4a that runs GrapheneOS
Giving money to Google is not an option. Ever. Hell half the reason why I love Xiaomi is they're threatening the status quo of the tech industry! As long as I'm not seeing any ads and not giving money to software developers I'm satisfied privacy be damned.
Yes, but it will be far inferior technically, it's not even close.
The GUI tool mentioned in the article the author cites in his post is just awesome. It's a one-stop-shop for everything from debloating to flashing ROMs and recoveries for Xiaomi phones: