Privacy Policy
Last changed: 2025-02-10
The AXP.OS Project
Web Services
Self-Hosting
The following services running in containers which themselves run on a dedicated server owned by the AXP.OS project. More details can be found here: Server Setup.
The server is physically located in: Germany (Frankfurt am Main).
https://code.binbash.rocks
- Main purpose: Source code hosting running Gitea
- several CI/CD processes (e.g. building AOSmium and other packages, syncing Mirrors)
- Issue tracking (e.g. Feature Requests, Bugs, but also the Project Roadmap and some Documentation)
- Protected by CrowdSec
https://leech.binbash.rocks
TOR alias:http://e3tx35xwvqoihx36tjmnzurjcghs6kjwrwnen55jg7ujqilbaicutpid.onion
- Main purpose: Downloads
- downloads for all OS relevant parts of AXP.OS (i.e. OS + factory zip’s, recovery images and more)
- Protected by CrowdSec
https://sfxota[-unstable].binbash.rocks:
Not self-hosting
https://axpos.org:
- Main purpose: Homepage
- Documentation
- Download links
- See Third parties / Website
CrowdSec
About CrowdSec
- How often: see the How often line of any service protected by CrowdSec
- What is received:
- IP address
- +service logs (e.g. webserver logs, see the What is received line of any service protected by CrowdSec)
- Why it is received: Protecting from several kinds of attacks (incl. (D)DoS, SQL injection, XSS, etc.)
- When it will be deleted: DB and logs not kept longer than 15 days
- Configuration:
- All services using CrowdSec are configured to send no data at all to CrowdSec (i.e. opting out sharing)
- Depending on the service the IP gets either banned or the user receives a Captcha to escape from a ban
- A ban is taken in several steps (1. Captcha if possible, 2. Ban)
- A ban duration depends on the detection (5 minutes up to 12 hours)
- What else will it be used for: Nothing else
- How to anonymize: Use the TOR Browser / Install Orbot and access the Onion addresses where available
- The CrowdSec Privacy Policy does not apply for the AXP.OS services as we opt-out sharing any data
Operating System
- The operating system does not contain any analytics and any requests are used only for supporting it
Connectivity Checks
- What is received: Static User Agent, IP Address
- How often: On every Wi-Fi and cell connection
- Why it is received: Used to determine if there is a working connection and if there is a captive portal
- When it will be deleted: All requests to generate_204 are never logged
- What else will it be used for: Nothing else
- How to disable: Toggle in settings app (noted below) or
$ adb shell settings put global captive_portal_mode 0; - Settings can be accessed via:
- 14.1/15.1: Settings > Network > Data usage > Disable Captive Portal
- 16.0/17.1: Settings > Network & Internet > Advanced > Captive portal mode
- 18.1/19.1/20.0: Settings > Network & Internet > Advanced > Internet connectivity check
Updater
- What is received: Device Model, Incremental Build ID, Default User Agent, NO IP Address (redacted before logging)
- How often: On every boot and also once per week (note: 14.1 only is daily)
- Why it is received: Used to serve system updates
- When it will be deleted: Logs are kept for no longer than 15 days
- What else will it be used for: creating OTA stats
- How to anonymize: Install Orbot and enable ‘Perform requests over Tor’
- How to disable: Disable ‘Auto updates check’
- Settings can be accessed via:
- 9+: Settings > System > Advanced > AXP.OS updates > 3dot > Preferences
- <9: Settings > About > AXP.OS updates > 3dot > Preferences
- Example:
- - - [TIMESTAMP] "GET /axp-unstable/api/v1/cheetah/dos/engemy20250123212920 HTTP/1.1" 200 3683 "-" "Dalvik/2.1.0 (Linux; U; Android 13; Pixel 7 Pro Build/TQ3A.230901.001)"
AXP.OS F-Droid Repos
- What is received: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
- How often: Once per day
- Why it is received: Used to serve apps and their updates
- When it will be deleted: Web server logs are kept for no longer than two weeks
- What else will it be used for: Nothing else
- How to anonymize: Install Orbot and enable ‘Use Tor’ in F-Droid > Settings
- How to reduce: Decrease the ‘Automatic update interval’ in F-Droid > Settings
- How to disable: Disable the ‘AXP.OS’ repos in F-Droid > Settings > Repositories
- Example:
[IP Address] - - [Timestamp] "HEAD /fdroid/official/index-v1.jar HTTP/1.1" 200 - "-" "F-Droid 1.13.1"
Apps
LoveLaceAV
- What is received: Signature Database Requests, IP Address
- How often: Manually
- Why it is received: Used to serve signature databases
- When it will be deleted: Web server logs are kept for no longer than 15 days
- What else will it be used for: Nothing else
- How to anonymize: Install Orbot and enable ‘Download over Tor’
- Example:
[IP Address] - - [Timestamp] "GET /MalwareScannerSignatures/hypatia-sha1-bloom.bin HTTP/1.1" 304 - "-" "Hypatia"
Aurora Store
- Who: Google
- What is received: IP Address, search query, packagename of any new app getting installed
- Timezone, MCC & MNC: stripped & replaced
- List of installed apps: can be filtered in App settings
- When adding a Google account: account details
- How to anonymize: Install Orbot and enable ‘Proxy’ in
Aurora Store -> Settings -> Network - How to reduce: Decrease the ‘Automatic App update’
Aurora Store -> Settings -> Updates - How to disable:
Long press App icon -> App info -> Disable- and/or remove the
Networkpermission
- Privacy Policy: Aurora Store
- Privacy Policy: Google
Pro flavor
Neo Launcher
- Who: Neo Launcher developer
- How often: manually, when requesting support
- How to disable:
Long press App icon -> App info -> Permissionsremove:Network
- Privacy Policy: Neo Launcher
MicroG
- Who: Google
- Network Connections @Google
- MicroG’s Implementation
- How to disable:
Long press App icon -> App info -> DisableDeveloper options -> Signature Spoofing -> Disable(note: this disables PhoneSky as well)- and/or remove the
Networkpermission - and/or remove the
Signature Spoofingpermission
- Privacy Policy: Google
- Privacy Policy MicroG: N/A
PhoneSky
- Who: Google
- How often: on regular intervals, any app which depends on it (e.g. license checks)
- How to disable:
Long press App icon -> App info -> DisableDeveloper options -> Signature Spoofing -> Disable(note: this disables MicroG as well)- and/or remove the
Networkpermission - and/or remove the
Signature Spoofingpermission
- Privacy Policy: Google
Magisk
- Who: Github
- How often: on regular intervals
- (note: AXP.OS recommends disabling the check to avoid device bricks)
- How to disable:
Magisk -> Settings (gears icon) -> toggle update check- and/or
Long press App icon -> App info -> Permissions -> remove: Network
- No Privacy Policy policy available for Magisk itself
- Privacy Policy: Github¹ Github²
Chat room (Matrix)
Matrix homeservers share user data with the wider ecosystem over federation. Federated homeservers can be located anywhere in the world, and are subject to local laws and regulations.
When you send messages or files in the AXP.OS room, a copy of the data is sent to all participants in the room, including participants who join the room in future. If these participants are on different homeservers than you, your username, display name, messages and files may be replicated across each participating homeserver.
Federated homeservers are outside the control area of AXP.OS.
Overall it is important to choose a homeserver service you trust or host your own one if possible.
- What is received: depends on the chosen homeserver
- How often: join, leave, post, delete, ping
- Why it is received: Used to provide the chat service to you
- When it will be deleted: depends on the chosen homeserver and federation configuration
- What else will it be used for: depends on the chosen homeserver provider
- How to anonymize: Use a throwaway username. Route your Matrix client over Tor.
- Example Privacy Policy for: matrix.org (note: if you are using a different homeserver, this does not apply)
Third parties
Third parties are used to support basic functions along with features and apps.
Website
- This website is hosted at Codeberg and has a minimum-collection policy.
- How often: On every page visit
- Why it is received: Used to serve the web pages to users
- When it will be deleted: Logs are kept for no longer than 7 days
- What else will it be used for: Nothing else
- How to anonymize: Visit the site using the Tor Browser
- Privacy Policy: Codeberg
Connectivity Checks
- Who: Google
- Description: Used to determine if there is a working connection and if there is a captive portal
- What they receive: Static User Agent, IP Address
- How often: On every Wi-Fi and cell connection
- How to disable: Toggle in settings app (noted below) or
$ adb shell settings put global captive_portal_mode 0; - Settings can be accessed via:
- 14.1/15.1: Settings > Network > Data usage > Disable Captive Portal
- 16.0/17.1: Settings > Network & Internet > Advanced > Captive portal mode
- 18.1/19.1/20.0: Settings > Network & Internet > Advanced > Internet connectivity check
- Privacy Policy: Google
Network Time Protocol
- Who: pool.ntp.org volunteers
- Description: Used to set an accurate (clock) time
- What they receive: IP Address
- How often: On every boot
- Privacy Policy: unavailable
Fallback Domain Name System Lookups
- Who: Quad9
- Description: Used to translate domain names into IP addresses to establish network connections, only when no other DNS was advertised by the network
- What they receive: DNS requests, IP Address
- How often: Every network request to a non-cached and non-expired domain
- Privacy Policy: Quad9
F-Droid Official Repo
- Who: F-Droid
- What they receive: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
- How often: Once per day
- Why they receive: Used to serve apps and their updates
- How to anonymize: Install Orbot and enable ‘Use Tor’ in F-Droid > Settings
- How to reduce: Decrease the ‘Automatic update interval’ in F-Droid > Settings
- How to disable: Disable the ‘F-Droid’ repos in F-Droid > Settings > Repositories
- Privacy Policy: F-Droid Security Information