The Magic Mask for Android. Contribute to topjohnwu/Magisk development by creating an account on GitHub.
I have OnePlus 7 Pro that I successfully flashed with LineageOS 21 with MicroG.
Do you have some interesting apps or ideas to take advantage of it? I thought of some Magisk modules. Maybe someone is more experience than me! This is the spare smartphone, the main one is GrapheneOS, so I don't mind breaking stuff.
Someone suggested to me the other day that safetynet was now (or will soon be) deprecated. I'm not sure what the situation is with regards to attestation, though I sort of dread to think about what will replace it.
AFWall+ firewall to allow list apps to internet using your preferred method (e.g. VPN, wifi, data, etc)
PcapDroid to help monitor and analyze packets, or to just confirm things aren't communicating unexpectedly
AdAway if you're not using your own dedicated dns over a permanent VPN connection
If not all 3 of these, AFWall is probably the best to go with. Having a way to not only block Apps, but also define your own custom firewall rules is very powerful. For example, I redirect all DNS requests to my own DNS with a custom rule (for apps, like Termux, using hardcoded DNS lookups instead of what the phone is set to)
I'll have to check out TrackerControl, that's a new one to me!
I have seen app manager but currently use AppOps. I didn't recommend AppOps above because I'm not sure it's still supported or not, and it's also not really Foss. It's treated me well over the years, but I'm definitely interested in finding a better alternative. The last time I checked app manager, it wasn't as good... But maybe that's changed as it's been several years now so I think I might be due for looking at it again!
My wireguard connection on my phone connects to my home network to an pi hosting my internal VPN... But the network is completely covered by a mullvad VPN through opnsense. I've got pihole setup using the mullvad anti-trackkng private DNS. With this setup, the only real need I have for root on my phone is because I do some pretty low level automation on it through crond and some backups of core app data that I'd really hate to lose... And the complex firewall rules lol.
This is where rooting the phone is required. I use wireguard without root and have AFWall granted with root at bootup so it doesn't require acting as a VPN
I think it may be based on ksu, but also uses superkeys with passwords or something. I don't know much about its security, you may want to check the issues tab on github or generally the project itself.
Oh oke oke. I had issues with magisk a few months before I switch. I think there were incompatibility issues between magisk and lsposed manager, so I did a full reset, I upgraded the rom (from a beta version from November 2021 of the rom xiaomi.eu miui 12.6/android 11, I went to xiaomi.eu hyperOS/android13) and installed apatch so that I dont have incompatibikity issues (plus, it hides root much better).