Spoof Android User Agents without rooting

Legged8

Is it possible to Spoof Android User Agents without rooting? I have found https://github.com/ray-lothian/UserAgent-Switcher but it requires rooting. Since I’m using GOS I don’t think rooting my device is a good idea.

thanks a lot for your help

pxlkng

UAs are a browser thing, not an OS thing. You absolutely don't need root for this (and should never ever root), only a browser that supports changing the UA would be needed.

But in general, especially with Vanadium as the recommended browser, I don't recommend tampering with the UA.
It is a default one not revealing much about your system, that is intentionally the same for all people using Vanadium. Changing it would mean you fall out of the masses and are more unique and recognizable.

The User Agent afaik isn't that much of a worry privacy-wise anyways and there are a TON of more ways to potentially uniquely identify you, especially if JavaScript comes into play (and paradoxically even more so if you disable it, as that makes you stand out from nearly all others)

Vanadium already does a good job at making all users look as equal as possible and it is an ongoing effort.

Legged8

pxlkng

The reason I thought there is a system wise UA is because aurora store supports spoofing device model for downloading unsupported apps. Maybe I am wrong

The User Agent afaik isn't that much of a worry privacy-wise anyways and there are a TON of more ways to potentially uniquely identify you, especially if JavaScript comes into play (and paradoxically even more so if you disable it, as that makes you stand out from nearly all others)

you are right, JS is more intrusive and UA spoof changes little

Vanadium already does a good job at making all users look as equal as possible and it is an ongoing effort.

very few people use vanadium, as it can only be used on GOS, I'm afraid I might still stand out. maybe brave is a better choice? (if we only focus on privacy)

userofgos

pxlkng there are a TON of more ways to potentially uniquely identify you

pxlkng Vanadium already does a good job at making all users look as equal as possible and it is an ongoing effort.

Going a bit off topic, but related to your above comments. One thing I wish was more clear in the Vanadium UI and documentation is what specific changes to default settings cause a deviation from the crowd and thus result in uniquely identifying the user.

Example: I don't like it when I go to a social media website and I immediately get a pop-up asking me to allow the per-site notification permission. So I turn on blocking those pop-ups, but have no idea if that causes me to stand out from the crowd.

pxlkng

Legged8 aurora store

While this is not the related to your main question, I want to point out that Aurora Store is officially not recommended by the community and project.
It has security issues and no privacy benefit over sandboxed Play Services on GrapheneOS.
It does not avoid Google.
If you downloaded apps from Aurora, you already have Google libraries running on your device, giving them the same access as if you would have installed Play Services. It does nothing except crippling your security.

I recommend you to uninstall Aurora Store and install sandboxed Play Services from GOS App Store. After that, create an anonymous Google account. You don't need to provide any private data or phone number, the trick is to create the account from a non-suspicious IP address, meaning no VPN or Tor, as you will get the phone number prompt otherwise.
Usual recommendation is a public place that offers free WiFi.
After that, reinstall all your Play Store apps from the official Play Store.

Legged8 very few people use vanadium

What's your source for that, or way of measuring? GrapheneOS has many users worldwide and many of those are likely daily-driving Vanadium as it is the recommended browser and offering the best security.
I wouldn't call that "very few" at all.

Legged8 maybe brave is a better choice? (if we only focus on privacy)

Preference. I personally don't think it makes that big of a privacy difference. I would only recommend Vanadium.

de0u

Legged8 The reason I thought there is a system [wide] UA is because aurora store supports spoofing device model for downloading unsupported apps.

Aurora device model spoofing isn't system-wide, or anything-wide. It is something that Aurora does when talking to Google's servers. It doesn't trick the device into thinking it is a different device. Every app on the device will know what kind of device it is on.

A browser user-agent string isn't system-wide. Two different browsers on the same device will have two different user-agent strings. If you were using UserAgent-Switcher to make all browsers on the device appear to be Safari, it would be tweaking them one by one.

Legged8

pxlkng If you downloaded apps from Aurora, you already have Google libraries running on your device, > giving them the same access as if you would have installed Play Services. It does nothing except crippling your security.

I totally understand this. But I don't have play service installed and I can't register a google account without going through a lot of trouble. I also need a VPN working all the time for google play store for install and update. The only reason I use aurora store is I can download from google without an account. and privacy is more important than security in my use case

pxlkng What's your source for that, or way of measuring? GrapheneOS has many users worldwide and many of those are likely daily-driving Vanadium as it is the recommended browser and offering the best security.
I wouldn't call that "very few" at all.

gos is very popular amongst people who care to make a difference. but majority are still using shit like google chrome. there might only be less than 10 who use gos are <5km nearby me

Preference. I personally don't think it makes that big of a privacy difference. I would only recommend Vanadium.

I think vanadium is great. It could be better if there is a way to sync bookmark and history to desktop and other browser

DeletedUser495

pxlkng hi, nice to see you back. Since you brought it up, I have to tell you that regardless of the security reasons there is a very valid reason for using Aurora Store for obtaining apps. I will tell you from my example.

There are several apps available in Play Store that I am using, some tools are completely offline and some have network access and I am logged in with them and I don't mind Google knows it's me because of the functionality they provide. But because the other apps can't talk to Play services which would know from the list of installed apps what other apps I am using and would otherwise provide means and APIs for talking to them possible including some FOSS apps (worth pointing out some apps from Github,, even Accrescent) that contain Google libraries which I want to avoid. Standard stock Android with all encompassing Play services (and other services added on) is designed to do just that.

Yes, using sandboxed Play services is arguably more private because of specific hardening GrapheneOS provides, but not private enough because it is capable to look over all my installs not only the ones I otherwise give it access to only via apps that contain Google libraries and can use network.

Before you go on to say that any app can potentially talk to another app via IPC, let me tell you that I don't believe that ALL apps work this way but stock Android is designed to do just that via Play services.

Many of us who dedicated time to go over official recommendations
https://grapheneos.org/usage#sandboxed-google-play
are aware of it but at the end of the day, it is up to everyone how they decide to source their apps as long as they can verify they are genuine.

Delaney

Legged8 only reason I use aurora store is I can download from google without an account. and privacy is more important than security in my use case

Do you absolutely need to use those apps, or can you find those apps or alternatives elsewhere not on the play store?

Legged8

Delaney

yes

google map for example