[Replicant] How to install as system app?
Denis 'GNUtoo' Carikli
GNUtoo at cyberdimension.org
Mon Mar 6 22:10:17 UTC 2023
On Wed, 1 Mar 2023 01:26:03 -0500
efeizbudak via Replicant <replicant at osuosl.org> wrote:
> Hi everyone,
Hi,
> Because of professors in my department that just won't take no for an
> answer, I've blocked the installation of WhatsApp on my phone by
> installing an empty package I made with the name com.whatsapp.
> But this package is easily uninstallable and directly shows up in app
> lists. Therefore, I thought it would be nice if I could install it as
> a system app.
There were applications in f-droid that could move applications from
normal apps to system apps. I don't remember the names and I don't know
if they still show up in the default f-droid repository.
If they don't they have an f-droid archive with all the older
applications.
The issue is that nowadays, most f-droid applications now in practice
depends on a nonfree dependency (the Android SDK).
> Is this possible? Can someone point me in the right direction? Or do
> you have any other ideas on how to keep the faculty off my back?
First Replicant smartphones don't have Google play, so just getting
WhatsApp will be complicated.
If the threat model is the faculty getting your phone and installing
WhatApp on it, since there is no google play, it will complicate the
installation a lot.
Installing Google Play Store is probably not going to work and I don't
know if there are legal ways to obtain it or not separately, so that
might deter the faculty of doing it. So they might not even find a way
to do that.
So they could resort to downloading APKs manually somehow, but here
again I've no idea of the legality of that for nonfree software: The
faculty might need to look at terms and conditions, the local law, etc,
and maybe that would deter them from trying.
Then if they know how to do it and try to download APKs, it will most
likely not work anyway because Replicant doesn't use microG, and just
installing microG will not work either as Whatsapp seems to need some
application ID spoofing to work[1]. And that has to be integrated
inside the distribution.
And the phones supported by Replicant are not supported anymore by
LineageOS or derivatives for instance, so images might be complicated
to find, and you'd need to migrate all the data, and since that's
complicated maybe you'd have enough leverage to refuse.
If they still try to install an APK even if it's known not to work,
you'd still have a big risk here given the huge amounts of permissions
that Whatsapp requires[2], so it would be best to try to block that or
show them that it's not compatible anyway. So trying to block the
installation of com.whatsapp is a good idea indeed.
Though there is also the risk of them trying to install another apk
than com.whatsapp, and maybe there is a way to block the installation
of applications but I'm unsure about that.
Replicant 6.0 also has a Guest mode in case that could help. If you try
to install an apk there it will says "Install blocked" and "Your
administrator doesn't allow installations of apps obtained from unknown
sources".
It's also a good idea to deactivate root and adb and maybe remove the
microSD too in case you have to hand over your phone somehow.
To get the Guest mode: (1) slide the top of the screen to get the wifi
indication etc, and (2) click on the top-right button that look like a
person. You can then enter the Guest mode, add users, etc.
Though if they know about the Guest mode they could ask you to
deactivate it. You could also create another account "just for
Whatsapp" to try to limit a bit the risk, just in case they try it.
References:
-----------
[1]https://github.com/microg/GmsCore/issues/695
[2]https://reports.exodus-privacy.eu.org/en/reports/com.whatsapp/latest/
Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20230306/4406cb88/attachment.asc>
More information about the Replicant
mailing list