Replicant

h1. Usage Notes

{{>toc}}

General-purpose usage notes and tips can be found on this page.

"The website":https://www.replicant.us/freedom-privacy-security-issues.php#recommendations also provides recommendations and general advice.

h2. Enabling root access

See [[EnablingRootAccess]] for more details.

h2. Device Encryption

See [[DeviceEncryption]] for how to do it.

h2. Browser and webview: freedom and security issues

The default Browser has JavaScript enabled and runs the JavaScript that is loaded when you visit a website. Replicant has no mechanism to check if the complex JavaScript programs that are included in some websites are free software. See the "JavaScript Trap":https://www.gnu.org/philosophy/javascript-trap.en.html article for more general freedom-related information about JavaScript.

Not only browser apps might run non-free JavaScript. Some apps include an embedded view that loads websites which is called webview. Although app developers can disable JavaScript for the webview, JavaScript is usually enabled in the webview. So you might run non-free software inside a webview.

For these reasons, it is recommended to disable JavaScript by default in the browser settings. As most browser exploits require JavaScript to work, you can also prevent that malicious websites can make use of security issues with your browser. Unfortunately, the currently used webview in Replicant has many security issues. See #1780 for more information. So disabling JavaScript helps a lot in securing your device.

h3. Prevent usage of the embedded webview in apps

Some apps have a setting that allows to use an external browser to view websites. This ensures that the embedded webview is not used and websites are loaded with a browser you can configure for security and privacy and that allows to disable JavaScript.

h3. Use AdAway

"AdAway":https://f-droid.org/repository/browse/?fdfilter=adaway&fdid=org.adaway blocks a lot of known malicious websites that contain spyware and malware. However, using AdAway does not guarantee that all malicious websites or domains in general are blocked or that only free JavaScript is loaded.

h3. Use two web browsers

The "Lightning browser":https://f-droid.org/repository/browse/?fdfilter=lightning&fdid=acr.browser.lightning works well with Replicant, but it is prone to the same security issues as the default browser or the webview in general. However, this browser can be better configured for privacy and security. It is recommended to go through all the settings and to not only disable Javascript, but also to enable other settings that enhance privacy and security.

If you use Lightning as your default browser with the above described configuration, some websites might not work due to disabled JavaScript or other settings. But if you are sure that these websites do not contain non-free JavaScript, spyware or malware, you could load these websites with the default browser that has JavaScript enabled. This way, you do not need to enable JavaScript or disable other conflicting settings in Lightning for certain websites and revert the changes afterwards again. The default browser is then your browser for trusted websites with only free programs, while you visit all other websites with the configured Lightning browser.

**Note: The recommendation above to use the Lightning browser needs to be reviewed because it hasn't been updated in "over two years":https://f-droid.org/en/packages/acr.browser.lightning/

h3. Use a Gecko-based web browser

Gecko-based web browsers (such as "IceCatMobile":https://f-droid.org/packages/org.gnu.icecat/ and Orfox) don't use WebView, and therefore don't have the security issues associated with WebView.  However, Gecko-based web browsers require [[Graphics#Enabling-llvmpipe-as-software-renderer|enabling llvmpipe]].

Note that "Firefox Klar":https://f-droid.org/packages/org.mozilla.klar/ uses "WebView, not Gecko":https://github.com/mozilla-mobile/focus-android/issues/13, and therefore does have the security issues associated with WebView.

h2. Backups

See the [[UsingReplicant#Backup-and-restore-data|"Backup and restore data" section in the UsingReplicant wiki page]].

h2. Camera app

* If the front camera on your device [[ReplicantStatus|requires a non-free firmware]], selecting the front camera will crash the app and you will not be able to use the app unless you delete the data of the app: 

  # In the settings under *Personal*, select *Apps* 

  # There will be two apps named *Camera*. Select the second one that has a camera as icon. 

  # Press *Storage*

  # Select *Clear Data* and confirm the dialog

  You should now be able to use the camera again. 

* If the camera app freezes when you take a picture, press the shutter button a second time. This should restart the camera in the background and take the picture.

* If your device [[ReplicantStatus|needs a non-free firmware]] for hardware media encoding/decoding, video recording will not work.

h2. Barcode scanning

The mostly used barcode scanner app "ZXing":https://f-droid.org/repository/browse/?fdfilter=zxing&fdid=com.google.zxing.client.android has a slow preview. The "privacy-friendly QR Scanner":https://f-droid.org/repository/browse/?fdfilter=qr+code&fdid=com.secuso.privacyFriendlyCodeScanner has a faster preview.

h2. Video playback

Viewing videos in the gallery or in the browser is not possible. See #1539 for background information.

Only the VLC app is known to be able to play videos on Replicant. Make sure to disable hardware acceleration in the settings to prevent crashes.

h2. Terminal emulator

See [[TerminalEmulator]] for more details.