Waydroid Security

I am curious to know if Waydroid is secure enough to install Google Play. I have installed Waydroid on my L5 but the problem I face is getting my banking apps installed which is a must have to be able to unlock my cards to make purchase with out having to carry around my old iPhone and having to hotspot it through my L5. Actually this is the only reason I have for installing Waydroid. Unfortunately, My financial institutions only offer their apps through the Apple app store or Google Play and the card control is only on the app. So my question is… Does anyone know if the Waydroid container is secure enough to not leak data? I have looked around on here and the web for a bit and could not find much information on how secure the container is. If it is not very secure, would Opensnitch block anything outgoing from the container?

Can you install Google Play, install the banking apps that you need, and then uninstall Google Play?

Do you know whether your banking apps need network access? If so, then you won’t be able to block all outgoing traffic from the container anyway. (You may be able to check whether they need network access on the iPhone.)

I think you can use Aurora instead, which is available from F-Droid, and provides anonymous login to get Play apps.
See: Anyone Successfully Run WayDroid on Librem 5?

Check out Kyle’s post on that, if you haven’t already: New Post: Snitching on Phones That Snitch on You
You can test it with some innocuous Android app in Waydroid and let us know. :slight_smile:

Another option for blocking trackers is to subscribe to a VPN service that actually incorporates tracker- and ad-blocking DNS filters, such as AirVPN, which is the one I use. Its Wireguard protocol works great on the Librem 5. (Although Opensnitch has the advantage of being able to actually show you what is being blocked. The VPN service may not do that, but they generally use the well-known tracker/ad-blocking lists you can find online or via uBlock Origin, etc.)


Cool deal! I will install opensnitch and test it out. I have it installed on my Librem Mini but it takes some trial and error to figure out what to block and what not to block but I will let you know after it runs for a little while. Once I am familiar with what is normal it should be relatively easy to pick out anything new. Then I will install Google Play, install what I need and get rid of it. I now have another question in light of the advice. If there is an update for any of the apps, will the app be able to be updated without Google Play or would I need to reinstall it to get any updates that become available?

1 Like

Tangentially related: some banks in my country support a CAP scheme as an alternative to smartphone apps.
In fact, I went so far as to cancel all my bank accounts that didn’t support that.


I would recommend using the Aurora store instead of installing google play on your phone.


I agree with this, @Imbatmanyo. Here’s a link to its description in F-Droid: https://f-droid.org/en/packages/com.aurora.store/

I don’t have any experience with Waydroid…and certainly none with Google Play. On my Androids, I have only ever used F-Droid, Aurora, and /e/OS’s app store frontend… without any Google applications.

Yep and they work great. /e/ OS is a great de-googled Android experience.

I just got Waydroid set backup on my L5 after having to wipe it. I think it will work great.

1 Like

Wayland? Or Waydroid?

What? :smile:

Thank you all for the advice. I have not installed opensnitch yet on my L5 but I did install F-Droid and Aurora and it worked great! I got all my card control apps installed, although I have not opened any of them yet to set up my log in. I have ZERO experience with Android as I migrated to the L5 from Apple so it took a bit of time to explore the settings and such before getting the app stores installed. The internet connection is a bit slower on Waydroid but other then that, I had no problems. After going through the setting in Aurora, I found that you can spoof the phone so it does not ID as an L5. I picked a samsung S9 profile. I am still playing around with the Waydroid layout before I commit to any thing that may cause a privacy issuse before attempting to log into my apps and getting all that set up. Is there a way to make a shortcut to disable Waydroid with out having to bring up the terminal and killing it with systemctl when I am not using Waydroid?
I read on Anyone Successfully Run WayDroid on Librem 5? that Magisk can be used to mask the fact that Waydroid is rooted. Does anyone have any experience with this? I am fearful that if the banking apps have a way to check for root access that it will block me for accessing my accounts and I really do not want to spend the energy calling the bank to have them unblock my access from this device.
On the subject of opensnitch, Open Snitch runs all the time and any time something tries to access the internet it will throw a pop up to let you know what is going on and choose to block it or not. The caveat with this is some access is required for an app to function but it will let you know if other attempts are made by embedded trackers access the internet within the same applications. According to the Docs, Its better to let it run for a while and research what pops up before blocking it. Another thing is because it runs all the time, it will eat up battery and processes. This is not an issue on a desktop but it can be an issue for the L5 even though the suspend function has been improved, it can potentially shorten the battery between charges. You hook up the L5 to a monitor to use the convergence and run iftop to monitor with an without Waydroid and its apps running before deciding to install it on your L5. I intend to do this tonight before installing opensnitch to see if it will be worth the extra battery expense.

Also I am wondering about Bluetooth access in Waydroid. I read about Purism is soon to upgrade PureOS from 10 to 11 and solve the HFP problem so that the phone can connect to automotive entertainment systems for hands free calling but I emailed support and they can not say when this will happen so until then I was thinking I could install my Toyota app from Aurora to give me that function until such time the new OS has been published. Does anyone have any experience with Bluetooth access for Waydroid?

By the way, regarding F-Droid, if you would prefer a less busy, less graphics-heavy, less infuriatingly-unsearchy interface, check out F-Droid Classic, which you can install from F-Droid. It’s a re-implementation of F-Droid’s old interface, and a lot easier to use. (If you install it and like it, you can then uninstall the current F-Droid app.)

Post can’t be empty

1 Like

I did not see anything about hiding root access from apps in the Magisk website however I did find something to help.

As far as keeping leaks from happening I am still looking into it. So far the best option would be to block outgoing trackers with Opensnitch. When using iftop, you may occasionally see ip addresses pop up from Google and Facebook and other data mining servers. Opensnitch is an application firewall that monitors outgoing connections instead of incoming connections. Pop up warnings will be frequent until its all sorted out. I still do not know what power usage will be. I have been running Opensnitch on my mini for a couple of years now. It would be great if Purism could put this in the repo so regular updates can be had. You can view the source code on Github here

Looks like its time to update again…

Waydroid has no access to Bluetooth

PS. Read this whole thread Anyone Successfully Run WayDroid on Librem 5? (I know, its long🙄)

No Bluetooth huh? :disappointed_relieved:I suppose I will be waiting for PureOS 11 then.
If anyone is interested, I found that Aurora will list what trackers are embedded in the gapps under the privacy section. Also, It looks like Opensnitch does not have a readily available download for Arm however according to the docs you can build packages for Arm if someone wants to take a shot at it. I was sooo out of date on my desktop that I had to go read the docs again. I found that none of my banking apps had any trackers listed so I am not going to go through the trouble of generating custom Arm packages for my L5 at this time. However, If anyone does, Please post what your results here including how much more power it uses to run it. On a good day I can get about 10 hours before I need to charge my phone but I only really mess with it during my break times.

You can also check almost any Android app directly, right here:

That’s where Aurora gets its ratings, I think.

Waydroid’s security regarding Google Play installation is uncertain. Data leakage concerns persist. Opensnitch could potentially assist in blocking outgoing data.

1 Like