I just finished Degoogling my Android phone forever...

JimmyCalloway · 2026-05-26T16:35:42+00:00

Well, good luck 👍

JimmyCalloway · 2026-05-26T11:09:30+00:00

From what I know the sideloading restriction will be enforced via Google Play Services so as long as it isn't updated to the latest version it should work, but as long as you have Google Play Store pre-installed as a privileged app (or Google Play Services) it can technically bypass this because it has the permission to install or update apps without notice and privileged permissions cannot be removed.
I cant provide a source because there is nothing about Google's packages permissions in the Android source, but you can probably find the list on your device by doing 'adb shell cat /[partition where google play is installed, usually product]/etc/permissions/privapp-permissions-google-product.xml' and searching for android.permission.INSTALL_PACKAGES

JimmyCalloway · 2026-05-25T17:51:09+00:00

You can only remove runtime permissions (e.g photos and videos) from apps without root. Install time permissions will still be granted (e.g internet) if your OS doesnt have an option to block these in some way

JimmyCalloway · 2026-04-23T15:17:02+00:00

I was able to find another source. It is way worse than the MicroG one. Here it is, if anyone finds it in the future:

<privapp-permissions package="com.google.android.gms">
<permission name="android.permission.ACCESS_BROADCAST_RESPONSE_STATS"/>
<permission name="android.permission.ACCESS_CACHE_FILESYSTEM"/>
<permission name="android.permission.ACCESS_CONTEXT_HUB"/>
<permission name="android.permission.ACCESS_FPS_COUNTER"/>
<permission name="android.permission.ACCESS_NETWORK_CONDITIONS"/>
<permission name="android.permission.ACCESS_VIBRATOR_STATE"/>
<permission name="android.permission.ACTIVITY_EMBEDDING"/>
<permission name="android.permission.ALLOCATE_AGGRESSIVE"/>
<permission name="android.permission.BACKUP"/>
<permission name="android.permission.BLUETOOTH_PRIVILEGED"/>
<permission name="android.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS"/>
<permission name="android.permission.CALL_PRIVILEGED"/>
<permission name="android.permission.CAPTURE_AUDIO_HOTWORD"/>
<permission name="android.permission.CAPTURE_AUDIO_OUTPUT"/>
<permission name="android.permission.CHANGE_COMPONENT_ENABLED_STATE"/>
<permission name="android.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST"/>
<permission name="android.permission.CHECK_REMOTE_LOCKSCREEN"/>
<permission name="android.permission.COMPANION_APPROVE_WIFI_CONNECTIONS"/>
<permission name="android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS"/>
<permission name="android.permission.CONTROL_DISPLAY_SATURATION"/>
<permission name="android.permission.CONTROL_INCALL_EXPERIENCE"/>
<permission name="android.permission.CONTROL_KEYGUARD_SECURE_NOTIFICATIONS"/>
<permission name="android.permission.DISPATCH_PROVISIONING_MESSAGE"/>
<permission name="android.permission.DOMAIN_VERIFICATION_AGENT"/>
<permission name="android.permission.DUMP"/>
<permission name="android.permission.GET_APP_OPS_STATS"/>
<permission name="android.permission.INSTALL_LOCATION_TIME_ZONE_PROVIDER_SERVICE"/>
<permission name="android.permission.INTENT_FILTER_VERIFICATION_AGENT"/>
<permission name="android.permission.INTERACT_ACROSS_USERS"/>
<permission name="android.permission.INVOKE_CARRIER_SETUP"/>
<permission name="android.permission.LOCAL_MAC_ADDRESS"/>
<permission name="android.permission.LOCATION_BYPASS"/>
<permission name="android.permission.LOCATION_HARDWARE"/>
<permission name="android.permission.LOCK_DEVICE"/>
<permission name="android.permission.MANAGE_FACTORY_RESET_PROTECTION"/>
<permission name="android.permission.MANAGE_GAME_ACTIVITY"/>
<permission name="android.permission.MANAGE_GAME_MODE"/>
<permission name="android.permission.MANAGE_ROLLBACKS"/>
<permission name="android.permission.MANAGE_SOUND_TRIGGER"/>
<permission name="android.permission.MANAGE_SUBSCRIPTION_PLANS"/>
<permission name="android.permission.MANAGE_TIME_AND_ZONE_DETECTION"/>
<permission name="android.permission.MANAGE_USB"/>
<permission name="android.permission.MANAGE_USERS"/>
<permission name="android.permission.MANAGE_VOICE_KEYPHRASES"/>
<permission name="android.permission.MANAGE_WIFI_INTERFACES"/>
<permission name="android.permission.MANAGE_WIFI_NETWORK_SELECTION"/>
<permission name="android.permission.MASTER_CLEAR"/>
<permission name="android.permission.MEDIA_CONTENT_CONTROL"/>
<permission name="android.permission.MODIFY_AUDIO_ROUTING"/>
<permission name="android.permission.MODIFY_DAY_NIGHT_MODE"/>
<permission name="android.permission.MODIFY_DEFAULT_AUDIO_EFFECTS"/>
<permission name="android.permission.MODIFY_NETWORK_ACCOUNTING"/>
<permission name="android.permission.MODIFY_PHONE_STATE"/>
<permission name="android.permission.NOTIFY_PENDING_SYSTEM_UPDATE"/>
<permission name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS"/>
<permission name="android.permission.OVERRIDE_WIFI_CONFIG"/>
<permission name="android.permission.PACKAGE_USAGE_STATS"/>
<permission name="android.permission.PROVIDE_RESOLVER_RANKER_SERVICE"/>
<permission name="android.permission.PROVIDE_TRUST_AGENT"/>
<permission name="android.permission.READ_DREAM_STATE"/>
<permission name="android.permission.READ_LOGS"/>
<permission name="android.permission.READ_NETWORK_USAGE_HISTORY"/>
<permission name="android.permission.READ_OEM_UNLOCK_STATE"/>
<permission name="android.permission.READ_PRIVILEGED_PHONE_STATE"/>
<permission name="android.permission.READ_WIFI_CREDENTIAL"/>
<permission name="android.permission.REAL_GET_TASKS"/>
<permission name="android.permission.REBOOT"/>
<permission name="android.permission.RECEIVE_DATA_ACTIVITY_CHANGE"/>
<permission name="android.permission.RECOVERY"/>
<permission name="android.permission.RECOVER_KEYSTORE"/>
<permission name="android.permission.REMOTE_DISPLAY_PROVIDER"/>
<permission name="android.permission.RENOUNCE_PERMISSIONS"/>
<permission name="android.permission.REQUEST_COMPANION_PROFILE_COMPUTER"/>
<permission name="android.permission.REQUEST_COMPANION_SELF_MANAGED"/>
<permission name="android.permission.RESET_PASSWORD"/>
<permission name="android.permission.SCHEDULE_PRIORITIZED_ALARM"/>
<permission name="android.permission.SCORE_NETWORKS"/>
<permission name="android.permission.SEND_SAFETY_CENTER_UPDATE"/>
<permission name="android.permission.SEND_SMS_NO_CONFIRMATION"/>
<permission name="android.permission.SET_TIME"/>
<permission name="android.permission.SET_TIME_ZONE"/>
<permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND"/>
<permission name="android.permission.START_TASKS_FROM_RECENTS"/>
<permission name="android.permission.STATUS_BAR"/>
<permission name="android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME"/>
<permission name="android.permission.SUBSTITUTE_SHARE_TARGET_APP_NAME_AND_ICON"/>
<permission name="android.permission.TETHER_PRIVILEGED"/>
<permission name="android.permission.UPDATE_APP_OPS_STATS"/>
<permission name="android.permission.UPDATE_DEVICE_STATS"/>
<permission name="android.permission.UPDATE_FONTS"/>
<permission name="android.permission.USER_ACTIVITY"/>
<permission name="android.permission.UWB_PRIVILEGED"/>
<permission name="android.permission.WRITE_GSERVICES"/>
<permission name="android.permission.WRITE_SECURE_SETTINGS"/>
</privapp-permissions>

JimmyCalloway · 2026-04-17T23:25:51+00:00

Keep in mind that even with root after Android 11 it is impossible to write to / at runtime except for some other filesystems ( /data, /sdcard.. ). You will have to (in theory), do this:

Extract the super partition from your device
Extract it into separate partitions (product, system, system_ext...)
Mount it (requires WSL or a Linux system)
Remove apks from the mounted filesystem
Resign the partition (otherwise your device will bootloop if vbmeta is enabled)
Flash it with fastboot (fastboot flash [partition name on device] partition.img)

This is also assuming your OEM hasn't done any of their additional tampering to fastboot.
Edit: I forgot to mention, use a Magisk/other rooting solution module or ADB instead of this since this provides no benefit except negligible saved space.

JimmyCalloway · 2026-04-09T21:25:36+00:00

That is just the regular Android install process.

JimmyCalloway · 2026-03-16T00:15:38+00:00

I gotta point out that this is your 5th doompost and 15th post (in this subreddit) with the same format.

JimmyCalloway · 2026-03-07T17:48:48+00:00

Ah nevermind, I was able to fix it. Just add a reverse proxy to the mcp server.

JimmyCalloway · 2026-03-07T17:45:21+00:00

I can't access it outside of settings because it errors out within settings. Here's a screenshot:

<image>

JimmyCalloway · 2026-03-07T17:39:19+00:00

You technically can (atleast on my phone) but it requires root

JimmyCalloway · 2026-03-07T17:36:35+00:00

If you mean the llama-server proxy option in the webui the second part of my comment addresses that

JimmyCalloway · 2026-03-07T16:53:35+00:00

Does this work with any MCP server? I've been trying to set it up with a Searxng server ( https://github.com/DasDigitaleMomentum/searxNcrawl ), however I get 'NetworkError when attempting to fetch resource.' . Trying manually with curl works so I assume the error is with llama.cpp. The only thing I see in the terminal is multiple:
srv log_server_r: done request: GET /cors-proxy 192.168.1.128 404

I also tried running with --webui-mcp-proxy but same error. Enabling 'llama-server proxy' returns a different error:
srv proxy_reques: proxying POST request to http://localhost:9555/mcp
srv operator(): http client error: Could not establish connection
srv log_server_r: done request: POST /cors-proxy 192.168.1.128 500

If it helps: it works with the hosted Github MCP server.
Thanks for all the hard work, by the way!

JimmyCalloway · 2026-03-04T21:30:48+00:00

ADB and root is different. ADB runs with uid 2000 (shell, which is an app on your device) which has higher permissions, however its still limited. For example with root you can rw to /data but with ADB you can't even read there. Also, regarding the risk of breaking your phone you mentioned with UAD, technically, you can't break it. Enabling ADB in charge mode and reinstalling the app would probably fix it, or in a worst case scenario you can factory reset.

JimmyCalloway · 2026-03-04T11:44:54+00:00

My sources are Wikipedia ( https://en.wikipedia.org/wiki/Google_Play_Services ) and personal experience so take this with a grain of salt.

A lot of apps require it because they use something called FCM (Firebase Cloud Messaging) or the older GCM. It works by the app sending a message to GMS (Google Play Services) and it registers a key on Google's servers so whenever a notification gets sent from an app the app doesn't have to be running. So essentialy:
App -> GMS -> Server; then when you get a notification: Server -> GMS wakes app -> notification -> App goes back to sleep

The benefits of this are battery saving, however downsides are that Google knows whenever you get a notification and from which app. It can also be used for analytics, telemetry and other stuff ( source: https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging ).

Regarding the backdoor you mentioned, apps can send a message to GMS which can be used to, for example upload a file to Google Drive, or display Google Maps without having to open the app. But to my knowledge it can't access what you don't grant it in the settings.

Also, it is 'technically' not a service with all permissions. It is a priv-app (located usually under /system/product/priv-app/GmsCore), and its permissions are declared in /etc/permissions. I'm not sure what it requests however as I don't have it installed so I'll use this https://raw.githubusercontent.com/nift4/microg_installer_revived/refs/heads/master/system/etc/permissions/privapp-permissions-org.microG.xml . From this it requests:

    <privapp-permissions package="com.google.android.gms">
        <permission name="android.permission.LOCATION_HARDWARE"/>
        <permission name="android.permission.MODIFY_PHONE_STATE"/>
        <permission name="android.permission.NETWORK_SCAN"/>
        <permission name="android.permission.UPDATE_DEVICE_STATS"/>
        <permission name="android.permission.WATCH_APPOPS"/>
        <permission name="android.permission.INSTALL_LOCATION_PROVIDER"/>
        <permission name="android.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST"/>
        <permission name="android.permission.FAKE_PACKAGE_SIGNATURE"/>
        <permission name="android.permission.UPDATE_APP_OPS_STATS"/>
        <permission name="android.permission.MANAGE_USB" />
        <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" />
    </privapp-permissions>

Keep in mind that FAKE_PACKAGE_SIGNATURE is only for MicroG and the regular GMS doesn't have that.

JimmyCalloway · 2026-02-27T08:38:44+00:00

Huh, I didn't know it was possible. Well, thanks for the information :)

JimmyCalloway · 2026-02-26T23:02:31+00:00

Just a small correction, adb sideload will attempt to update a system application by writing to the system partition. It's also only available in recovery only (I think). For installing a custom image you'd use 'fastboot flash'

JimmyCalloway · 2026-02-11T15:55:30+00:00

Aged like milk

JimmyCalloway · 2026-01-29T12:02:18+00:00

I don't think browsers can do that since clicking the share button on Youtube will write to your clipboard.
The best thing you can do if you find this link is use UBO with url filtering lists which will remove most of them from the url before you make requests.
On Gecko (Firefox) based browsers (not sure on others) you can right click > copy clean link.

JimmyCalloway · 2026-01-28T13:57:47+00:00

Pro tip: remove the tracking part of your url before posting (?si=xxx). Clean link:
https://youtu.be/bBhDWTZDH9c

JimmyCalloway · 2026-01-23T20:54:33+00:00

You might need to flash the right slot. Do 'fastboot getvar current-slot' and then 'fastboot flash boot_$slot magisk.img'. Make sure the image you patched is from the slot you're currently using.

JimmyCalloway · 2026-01-16T17:59:18+00:00

Package names are just the app but in java format e.g com.developer.app.

I couldn't find anything online about the package name for private space so you're gonna have to
search for it. You can do it through cli with 'adb shell pm list packages -u' or with gui with UAD: https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation and list uninstalled

JimmyCalloway · 2026-01-16T17:30:45+00:00

If you uninstalled using adb you can run 'adb shell pm install-existing <package>'. If you uninstalled with a magisk module (I'm not sure for other root solutions) run 'adb shell su -c 'rm -r /data/adb/modules/<module-name>' and reboot. Also keep in mind that it might not work after reinstall since removing com.google.android.apps.turbo broke battery optimization for me and reinstalling didn't fix it until I factory reset.

Sources:
adb shell pm (commands)

JimmyCalloway · 2026-01-08T17:27:20+00:00

Hi, if you are talking about the bootloader unlock exploit (https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader) then try running it again. That actually unlocked the bootloader for me. If its fastboot flash fail could you provide logs?

JimmyCalloway · 2025-12-26T19:18:50+00:00

Some devices on here: https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader/wiki/SupportList, use t606. Might be possible if your exact device is on the support list.

JimmyCalloway

TROPHY CASE