Better Mobile App

Do we need a good firewall app?

After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip

Here you go:
http://www.appbrain.com/app/droidwall-android-firewall/com.googlecode.droidwall.free

MrGibbage said:
After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Click to expand...
Click to collapse
1. There's already a couple adblock apps like Adfree which block a lot of stuff.
2. If you read the permissions for the apps you CHOOSE to download, then you'll know exactly what access to data they'll have. If you don't like that PaperToss wants access to your device ID, then just don't install PaperToss.
And of course, such an app would undoubtedly cause more issues than the perception of "security" it would provide, since you'd probably not be able to use half the apps anymore. Or they'd stop being ad-supported, and would begin to charge instead.
From the article:
Google requires Android apps to notify users, before they download the app, of the data sources the app intends to access. Possible sources include the phone's camera, memory, contact list, and more than 100 others. If users don't like what a particular app wants to access, they can choose not to install the app, Google says.
Click to expand...
Click to collapse
Just read the app permissions. That tells you almost everything you need to know.

The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.

MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App

MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
All free apps will collect some information .... so they know what ads to aim your way ..... so they can make money ... Every one does this .... on your computer its the same as your cookies .... and only the really paranoid will set their browser cookies settings to "ultimate :block all cookies "...
Here's the difference, android openness will allow others to research and publish their findings, un like others that are closed and will not allow research, and if anyway is found to get the research. done the publication will be deleted from the web ......
The openness is why you see soooooo many articles on this issue over n over, none of them mentioning that the paid versions of these apps don't collect any thing .....
How much personal information are you planning on storing in the paper toss game?
Consider this in your answer, android system runs apps in sand box mode meaning, one app cannot access another without YOUR permission, or if an app is infected with malware, that malware will only operate in that app, unlike your windows machine where it would have a free for all .....

ferhanmm said:
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
That's my point. That would be a legitimate need for access to the phone state. However, granting that permission also gives the app permission to make phone phone calls. I still think the apps need to be more specific about the permissions they need.
The bottom line is, these phones are great, they can run all kinds of awesome software, but the people writing the software need to make a living too. If someone really wants to prevent their phone from sending out personal information, then they should not install any software, and maybe shouldn't even be using the phone at all. But I still see a need for a firewall app (possibly DroidWall, as mentioned above) to help us prevent this type of thing from happening.

A permissions firewall would be much more interesting and useful in my opinion.
Being able to block a certain thing like "read contact data" for all apps and only permit access with a white list would be very useful to me.

Is your app spying on you?

Most of the app now require acces to the phone calls..even a news app requires it, sms app such as go sms also requires it. So I want to know after knowing that an app will be able to acces your phone call you still download it? And does anyone in what way the developers use such info?
Sent from my E10i using XDA App

Excellent topic, I'm really troubled by this. The business world makes a whole lot of money based on the average persons inertia - their lack of information or willingness when it comes to the products and services they use and the money they use to pay for them. Particular mobile phone network providers come to mind, who are happy to charge the most expensive prices because people don't know or don't care.
This lazy attitude is seeping into the Android app world. It will be a small per centage of us who will realize this threat and do something about it - exactly like cookies and public wifi privacy etc.
For those of us already interested, are there websites or apps which can guide us on this?

I had thought about it before but it seemed to be all apps out there at least need to access your internet, calls, phonebook and etc.. Not sure really if some of these nasty apps has the evil purpose to steal our vital informations in the phone... say if we're checking our bank account or something similar..
What I practice:
1) Installed AVG pro and do scan regularly, and set to scan every newly installed apps.
2) Use both cache cleaner and history eraser to clean up all traces once a day.
3) Hope they don't see me as a target.

Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!

Deehee3 said:
Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!
Click to expand...
Click to collapse
What about data? When you install an app in most cases you allow data access to it.

Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App

Deehee3 said:
Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App
Click to expand...
Click to collapse
What if not? What if app you´ve installed is spying on you and sending info to hackers. How would you know?

On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...

On other systems, apps usually have an user/administrator scheme, where the 'user' has access to some things and 'administrator' has access to everything.
There is no such thing on Android (except if you have a rooted phone and some app asks for superuser access, but you get a requester asking for permissions as well).
Each app has to specifically ask for permissions or the system will deny it. A spyware has to ask for those permissions or it won't work.
Some permission requests to look out for:
- "Call phone"
can be used by the application to silently dial some "premium" numbers
- "Send SMS"
can be used to send SMS to special "premium" numbers
- "Record phone calls"
can be harmful if associated with "internet access" permission
- "Access fine location"/"access coarse location" and "internet access"
can be used for tracking purposes
Many apps ask for:
- "Phone identity" / "internet access"
they use it for "statistics purposes" (flurry.com mostly) but it is bad. The developer should always inform the user about those.
BTW, that an app is open source makes no difference. Someone can always (willingly or not) tamper with the final build. And not everyone reviews open source apps.

zapek666 said:
A spyware has to ask for those permissions or it won't work.
Click to expand...
Click to collapse
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?

ppirate said:
On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...
Click to expand...
Click to collapse
Don´t tell me that you evaluate the source code of each application you load from the market. And even so, how would you know the difference between what is shown to you and the final build, available on the market?

vlissine said:
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?
Click to expand...
Click to collapse
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Android apps are all sandboxed into their own homes.
A good example of a suspicious application is HTML5 Reference.
"This HTML5 reference lists all tags supported in the HTML5 specification.", fine. Let's look at the permissions:
Network communication: full Internet access
Phone calls: read phone state and identity
While the first 2 could be produced as a side effect of the developer implementing some "statistics library" (flurry.com or so), the next 2:
Your location: fine (GPS) location
Your personal information: read sensitive log data
Are a giveaway that this app does a bit more than just listing HTML reference tags

zapek666 said:
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Click to expand...
Click to collapse
Ok, how about a picture viewer, which usually picks pictures from each and every
directory, no matter if you want it (and not only from memory card).

Hey vlissine and zapek666. You both have a point.
One individual cannot review every code he or she uses. And also one does not only uses his or her own builds of the projects. But every now and then, I have to go into a project, mostly to add functionality. During that time, I usually have to go over a lot of code to understand the program. It is no guarantee, but you can imagine that some strange code will stand out.
I'm surely not the only person. So while one individual is not capable of such an endeavor. A lot are.
Your other point is as valid as can be. But here again, builds are comparable.
Surely, one does not have to find himself or herself obliged to use certain kind of projects. But to me, when I have the change, I use and support the open source project. One important reason is because of the concern raised by the original poster!

http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html
Apparently we were not that paranoid, thinking of spying apps

Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..

farsight73 said:
Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..
Click to expand...
Click to collapse
One more option - stop giving stupid advises when you have nothing to say.

maybe apps need to call functions or need it to run?
write them your self if your that bothered?
...
Sent from my E10i using the XDA mobile application powered by Tapatalk

[Q] How can we stop Android from phoning home?

Many of you have probably already read the news:
Apple, Google Receive Phone Users' Locations
I must say, they're doing it to a degree beyond what most of us may have assumed was taking place.
How can we stop this? Do we know if cooked ROMs also do it?
Update 4/25/2011 5:00PM ET:
- Here's how I stop Android from phoning home.
- I dont' use this, but here's a sweet google removal script.
- A seperate thread for discussion: Why the data Android sends to Google is less anonymous than Apple's implementation
Update 4/26/2011 9:25PM ET:
- [Q] How do we protect our Android device from the CelleBrite UFED?
Update 6/8/2011 5:24PM ET:
- Use Autostarts to stop apps from opening behind your back!

Its not that they care where you are personally, you're more of an anonomous statistic to them. They use these huge mountains of collected data to decide which markets are the most potentially lucrative fir them to invest their zillions of dollars of advertising and marketing money into. You and I will likely never be directly affected by our locations being disclosed, save for more accurate search suggestions from our google search widgets.
Sent from my HTC HD2 using XDA App

I'll ask again to try and keep this thread on topic. Anyone who wants to discuss why the companies do it is free to start another thread and discuss that there.
How can we stop this? Do we know if cooked ROMs also do it?

Droidwall...

I was so mad when I heard what they were doing, I wanted to throw my phone out the window. How is it even legal for them to do this, regardless of where its anonymous or not its still bs and I want that crap off my phone. I am a newb to the whole android and software thing and I wish I could help.

There out to find your house and steal your prized poodle. Honestly if its for marketing then it what it is. Honestly if you want to get mad at something, get mad at T-Mobile for throttling 4G speeds. I see what your saying but I would like them putting the right ads for my area and know quickest way to the quickie-e-mart.
Also we are using their OS.
Every other OS is monitored also.
Sent from my UD Glacier

What's with the useless comments defending these companies?
Can anyone answer the question - DO cooked ROMs also track your location?
According to this article, Android tracks the last 50 mobile masts and last 200 WiFi networks.
This is a problem, anyone have the solution?

I found this comment on one of the articles, does this explain it?
All mobile phones keep a record of the locations and unique IDs of the most recent mobile masts that it has communicated with. It's called the neighbour cell list and normally it enables the phone to connect to the network more quickly than it otherwise would. GSM mobile phones have done this since about 1992.
To see the benefits storing the neighbour cell list compare the time it takes a mobile to find a network after it is switched on in a new location, e.g., after a long flight, with the time it takes to find a network when the phone is switched on in the location where it was switched off.
The difference in the iPhone case is that the iPhone is keeping this information for such a long period of time.
Click to expand...
Click to collapse

wrapper said:
I found this comment on one of the articles, does this explain it?
Click to expand...
Click to collapse
That is about the iPhone storing, not about a device sending GPS location data day and night.
So far, the only mentioned potential solution is Droidwall.
I'm going to play around with that.

There's a related app named HiSurfing, but one reviewer says that does not work as well as DroidWall. Seems DroidWall does a better job of keeping things from slipping out when they've been blocked.

Darnell_Chat_TN said:
So far, the only mentioned potential solution is Droidwall.
I'm going to play around with that.
Click to expand...
Click to collapse
The only viable option I can see to block is "10052: Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync."
Problem is, I use some of these.

I have ultimate juice defender it has a section in it where you can control how and when apps connect to the network, but I don't know if it will stop the Droid from phoning home.

wrapper said:
The only viable option I can see to block is "10052: Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync."
Problem is, I use some of these.
Click to expand...
Click to collapse
Yea, it uses a different listing number on my device, but "Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync" may be the one to disable to stop the device from phoning home. I sync my data locally (via MyPhoneExplorer), so I can't think of any personal need for those, I've disabled that from all network and WiFi connectivity.
I've done some testing (blocking an app I could test with) and the firewall continues to work even after exiting DroidWall and even after killing DroidWall with a task killer. That's good to see so it won't be any burden on the battery.
I'm not any expert that can test for "certain" whether my device has really stopped phoning Google with my location data, but this seems to be the best shot for now.

Darnell_Chat_TN said:
I've done some testing (blocking an app I could test with) and the firewall continues to work even after exiting DroidWall and even after killing DroidWall with a task killer. That's good to see so it won't be any burden on the battery.
Click to expand...
Click to collapse
That's because DroidWall is just an interface for iptables, the built-in firewall. So your battery life will not change at all, that's correct.
I'm not any expert that can test for "certain" whether my device has really stopped phoning Google with my location data, but this seems to be the best shot for now.
Click to expand...
Click to collapse
You could connect to your wireless network, run a sniffer like Wireshark on your PC and check whether any packets are transmitted to Google servers.

frosty_ice said:
You could connect to your wireless network, run a sniffer like Wireshark on your PC and check whether any packets are transmitted to Google servers.
Click to expand...
Click to collapse
Or turn on my router's logging and check there, yea either of those would work.
Not sure if/when I'll get around to it .

droidhell said:
I have ultimate juice defender it has a section in it where you can control how and when apps connect to the network, but I don't know if it will stop the Droid from phoning home.
Click to expand...
Click to collapse
that seems like the best app if it works, any way to verify?

slapshot136 said:
that seems like the best app if it works, any way to verify?
Click to expand...
Click to collapse
I'm new to Droid, I really don't know how to test and see, it does stop other app really well, as far as a OS I don't know.

From what i here it's all stored in a location history file.
One simple solution might be to routinely delete this file.
Doesn't exactly solve the problem.

Might we consider expanding the subject to protecting our privacy? If not, I apologize in advance, as I think it is all connected.
It is probably Darnell's call, as he started the thread.
In the meantime, please consider this article: http://bit.ly/gCynrh

So let me understand this. I buy access to a network for my phone, which I also paid for. My location information, which is the result of my purchases is being used to generate income. So I'm allowing my spent cash to generate data and be leveraged to generate income. My information wouldn't exist with out my investment in the technology, so I own it.
I'm paying to be stalked !!!
Reduce my bill, provide remuneration for my investment in this technology, prove that it's anonymous, remember since I paid for the means to generate the data- the data belongs to me.
BTW for $1.50 I'll wire the battery to switch off, try getting data then.
I'd rather have an app which monitors my relevant info and bills the users for access to it.

Researcher Says That 8% of Android Apps Are Leaking Private Information

http://digitizor.com/2011/07/21/android-malware/
Android has had its fair share of malware problems. Whenever malware are detected, Google reacts swiftly and remove them. However, according to security researcher Neil Daswani, around 8% of the apps on the Android market are leaking private user data.
Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages.
Google needs to take charge
This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.
Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.
However, this comes at a price - the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?
I think that it is time that Google make approval of the apps a requirement before it gets into the Market. They do not need to do it like Apple, but a basic security check before an app gets on the market will be nice.
If nothing is done about and this problem is allowed to grow, it will end up killing the platform.

Ur a good man
Sent from my PG86100 using XDA Premium App

Get an iPhone then.

Don't know if apple should approve or disaproove since that can slow down the release of new apps, but they need to check, that's for sure.

Yeah, just read permissions when installing applications. A lot of them will state access to personal data (such as contacts, browser history, etc.)
Such apps like MP3 downloaders contain ALOT of this malware.

if you're that paranoid.....LBE Privacy Guard + Droidwall = #winning

This article is very true in sense of lacking of control on big G part. My friend developed an app and he was able to get it into market almost instantly. I was very shocked to find that no scanning or checking was done.
Therefore, it's a risk that we take everyday to use these apps, specially, custom ROMs because who knows what it installed really. Users just need to be aware of their action, and don't use bank apps on rooted devices, or corporate email on rooted devices, or email yourself passwords to your online banking from your rooted devices. My thought is that, if it's out there then somebody can get it these days with all the technologies.

A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol

xHausx said:
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
Click to expand...
Click to collapse
hahaha, was tryna to download a new app and wondering why it just stalled kept on saying, downloading..... downloading paused....blah blah!!! lol
turns out it was droidwall (even with market enabled) lol

Yea when a simple clock widget wants to read your contact, data and location but has no ads or settings, I avoided that one.

I prefer the risk of an open system to the purgatory that is a closed system ruled by a draconian company any day.

Oh look iOS does this too.
/troll

DoctorComrade said:
Oh look iOS does this too.
/troll
Click to expand...
Click to collapse
hah, they're at almost 50%

[Q] Android without GAPPS?

I am not really comfortable with the idea of sharing data with Google, so I wonder how it could be possible to run Android without the Google apps.
Using CM7 as the base for my devices (SE X10 mini pro & ZTE Blade) is already a good starting point, by not installing the GAPPS package.
But then what?
How to get apps from the market without GAPPS?
Which (offline) navigation software instead of Google Maps?
Which calendar app instead of Google Calendar?
Any other Google service replacement?
Any suggestions are highly appreciated.

You could probably use amazon appstore instead of market. The real market requires google's framework. As far as the calender i'm not sure look around on the amazon market for one.
Personally i would just use gapps what could you possibly be doing where the info google collects could hurt you ? They don't collect personal data like sms or phone calls. So unless you download child porn its prob ok to use google's apps.

I am not thinking about anything illegal, but you can be identified by your (required) Google account, and once you enable data synchronization / localization service, or the background data submission required for using the Market, you are already deeply caught in the Google network.
I don't know about the Amazon Appstore. Does it feature the same apps as the Google Market? I guess not, and when I try to access it, it tells "The Amazon Appstore is only available to customers located in the United States.", so I don't think this is a suitable alternative anyway.
So the only real downside of not using GAPPS is access to the market. A possible workaround could be to use the Android emulator of the Android SDK to download apps, then package them up to APKs and copy them over to your mobile.
I am sure there are a lot of others which are not comfortable with Google as well, but do not want to surrender their Android phones.

If you just want the apps you can install them from your pc to your phone on the market website. If you don't have a Google account or want one at all maybe use 4shared to download them. You can also usually download them from the developers website.
Sent from ???

I am still testing the use of Android without GAPPS, but there are some issues I have no idea how to overcome:
There seems to be no suitable Calendar App that does not rely on the Google Calendar / synchronization with Google. My preferred app would have been aCalendar, which works kind of, but no appointment can be saved because it tells "You have no calendar". Any suggestions? How is the calendar issue solved on Android-without-GAPPS devices like the Kindle Fire?
Some apps simply can not be installed without the Google framework present. For example when trying to install the Adaffix and QR Droid apk's manually, it simply tells "Application not installed" without any error message pointing out the problem. Any idea about that?
These two issues are the main problems with having no GAPPS on the phone, and as much as I would have liked to run my Android phones without GAPPS, it seems there is no way around it, if one does not want to have it overly complicated.

I have been using android for a few weeks now with no google account. Installing a firewall and lbe privacy seems to work fine. Just dont allow any google services access to the net. Works fine for me

I don't understand why you would by a Google OS but not want google apps.

UPDATE: Android without GAPPS is a go now!
Android is NOT really a GoogleOS, it's a Linux distribution with proprietary Google apps added. You can successfully run Android without Google, which is what Amazon already proofed with the Kindle Fire on a large scale.
I am not talking about running Android without Google account, but Android without GAPPS installed, and I am happy to confirm, that it is indeed possible without too much hassle, since I overcame my initially major issues:
The calendar issue could be solved by installing Jorte, which uses its own database.
I simply omit apps which rely on the Google Framework, so I replaced QR Droid with Barcode Scanner, and just deleted Adaffix, for which there is no replacement (not that much of a loss, especially since I was not really sure about their privacy policy; would you willingly submit the phone numbers of all your callers to a private company?).
I am going to use MapQuest instead of Google Maps, a free app based on https://www.openstreetmap.org
I already installed all my apps, which I previously downloaded from the Market, on that Google-free phone, in addition to AdFree, to get rid of the advertisement in the typical free apps, as well as AmazonAppstore (just in case). Now for my kind of use I don't miss any Google services at all.
The next logical step is to install the Android SDK on a computer, run Android 2.3 including GAPPS for Market access in the Android emulator, and just download all the desired software and software-updates there, to be exported (using ASTRO) to the Google-free phone.
Some may argue that it may not be worth the hassle, but I am still in the opinion, that it's best not to share ANY data with Google ever.
BTW Don't use Google at all, not even for simple searches -> have a look at https://duckduckgo.com (they even have an Andoid app)!

Where to start?
Android is not a Linux distribution, it only uses a Linux kernel, these two mean vastly different things and should not be confused.
What exactly do you want to hide from Google?
Your email? It goes through dozens of servers without encryption. The only people not reading it are the ones who don't want to.
Your location? Your cell phone provider has it. And so does your government)
Your searches? Okay you're right on this one I use duckduckgo on my pc.
The point is that most of your data is tracked by hundreds of companies. They use your os and flash version, your cookies, user agent, screen resolution. You can run but you can't hide.
You're not on Facebook, are you?
---------- Post added at 09:15 PM ---------- Previous post was at 09:12 PM ----------
smokin1337 said:
You could probably use amazon appstore instead of market. The real market requires google's framework. As far as the calender i'm not sure look around on the amazon market for one.
Personally i would just use gapps what could you possibly be doing where the info google collects could hurt you ? They don't collect personal data like sms or phone calls. So unless you download child porn its prob ok to use google's apps.
Click to expand...
Click to collapse
Never make the assumption that if you're not going anything illegal than you shouldn't worry about tracking. Never never never. Okay? If you do you don't deserve privacy. Read "little brother" by Cory Doctorow.

For the calendar and the contacts i use to synchronise every day my Desire S with an old version of Lotus Notes (7.xx) on my Job computer. I use MyphoneExplorer with a USB connexion. It works very well without microsoft exchange or any connexion with google agenda.

Wikipedia said:
Android is a Linux-based operating system for mobile devices
Click to expand...
Click to collapse
From my point of view I consider everything based on the Linux kernel a Linux distribution. Android = Linux kernel plus a bunch of open source software, the proprietary Google code does not have to be considered to be part of the base system.
What I want to hide from Google? About everything. Isn't it the same with Facebook, where the user is not the customer, but the product?
Of course everybody leaves a large track in the net, but one can at least try to prevent data sharing as much as possible, and not using Google services and not providing them any additional info is part of it.
Of course that topic is mind splitting, but I know I am not alone on this, and as shown, it it indeed possible to successfully use an Android phone completely without Google, and I do not see any disadvantage in it.

Hope this helps:
http://www.androidauthority.com/how-to-download-any-apk-to-your-computer-62153/
(apk leecher)
There are many other reasons for wanting to avoid Google. For example, let's say you have your contacts synchronized. You're using gmail and calendar and you have a card linked to your Google Play account.
You go on holiday and you card gets cloned. The criminal uses your card to do something horrendous and you wind up in jail. Because you had all your eggs in one basket your account has been disabled and your defense has no access to your emails to plan your case and defend you in court. You're utterly screwed.
By using different companies and services you at least have more chance of keeping access to those services.
Google services are pretty monolithic. They're great, but there's advantage in using separate services if you can.
Here are some alternatives to the Google apps:
- Gmail = K9mail
- Play = app leacher, sdk virtual image method. fDroid
- Maps = MapQuest. Various SatNav apps. Waze
- GTalk = Skype or Fring (though both of those aren't greatly done). Various SIP/VoIP apps like cSipSimple
- contacts = t9dialer?
- Goggles = any barcode scanner will do for me
- any others?

I use f-droid.org .
It is strictly open-source. Has all the basic apps in there (Email, Firefox, tons of Timers, AlarmClocks, etc).
randomchars said:
You're not on Facebook, are you?
Click to expand...
Click to collapse
Of course ! Why not ? Facebook leaves you the choice what to upload.

i agree with this thread, i dont mind sharing my information with companies, i do it all the time, but i dont like forced sharing with no opt out, this is essential stealing. eg ics and motoblur contacts
i guess you could say the opt out is to not install, which is what the thread is talking about
i think we are lucky to have android available without the gapps bloat such as with cyanogen mod

zzerozzero1 said:
I use f-droid.org .
It is strictly open-source. Has all the basic apps in there (Email, Firefox, tons of Timers, AlarmClocks, etc).
Of course ! Why not ? Facebook leaves you the choice what to upload.
Click to expand...
Click to collapse
// Puts on tinfoil hat.
Sure kid. Whatever helps you sleep at night.

haydent said:
i agree with this thread, i dont mind sharing my information with companies, i do it all the time, but i dont like forced sharing with no opt out, this is essential stealing. eg ics and motoblur contacts
i guess you could say the opt out is to not install, which is what the thread is talking about
i think we are lucky to have android available without the gapps bloat such as with cyanogen mod
Click to expand...
Click to collapse
here's my fix http://forum.xda-developers.com/showthread.php?t=1808037

zzerozzero1 said:
I use f-droid.org .
It is strictly open-source. Has all the basic apps in there (Email, Firefox, tons of Timers, AlarmClocks, etc).
Of course ! Why not ? Facebook leaves you the choice what to upload.
Click to expand...
Click to collapse
Actually facebook track you a lot. Use your browser to visit youtube and you'll see a share button for it just as many sites have now.
Facebook know a lot about where its members visit
Dave
( http://www.google.com/producer/editions/CAownKXmAQ/bigfatuniverse )
Sent from my LG P920 using Tapatalk 2

randomchars said:
// Puts on tinfoil hat.
Sure kid. Whatever helps you sleep at night.
Click to expand...
Click to collapse
LOL ...
You obviously don't agree. Which is fine.
But plz don't troll
---------- Post added at 01:29 PM ---------- Previous post was at 01:22 PM ----------
mistermentality said:
Actually facebook track you a lot. Use your browser to visit youtube and you'll see a share button for it just as many sites have now.
Facebook know a lot about where its members visit
Click to expand...
Click to collapse
I have been using Ghostery and Adblock Plus for years. They should take care of that.

If your really worried about your privacy you should check out Orbot the Tor client for android (https://guardianproject.info/apps/orbot/)

I will revive this thread, because I also install CM10.1 and try to use withoug GAPPS.
My phone is already running much smoother than with stock rom (Galaxy S3 I9300).
No Samsung push service, Google push, Calender...
So I am already using f-droid and androidpit now. At the moment I am missing Skype and Facebook Messenger.
I know worrying about privacy + using facebook might sound strange. But most friends I can only contact by Facebook (or SMS, lol), so I have to use it.
David.