Android Non Root

Android Non Root has three versions:

The HTML version: https://willie169.github.io/Android-Non-Root.
The Markdown version: https://github.com/Willie169/Android-Non-Root.
The app version: https://github.com/Willie169/Android-Non-Root-App.
App download link: https://github.com/Willie169/Android-Non-Root-App/releases/download/v1.0/com.willie.androidnonroot%5F10.apk.

In this tutorial, we’ll explore a range of powerful, open-source tools such as Termux, F-Droid, Shizuku, Tor, TrackerControl, InviZible Pro, QEMU, Tailscale, OpenSSH, and PipePipe to enhance your Android device’s functionality, security, privacy, and customization without the need for root access.

Please read the Global Note before you start or you may encounter errors.

My main development of Termux Shell scripts has been moved to my another repository, termux-sh, which includes setup automation, shortcuts, installations and configurations of development tools and emulation environments such as proot, proot-distro, QEMU system emulation, and box64, and more, while tutorials for Termux, some of my scripts in termux-sh, and other related stuff remain here.

Table of Contents
Author Information
Global Note
F-Droid: Free Software Android Apps Repository and App Store
- Install F-Droid
- Introduction of F-Droid
- F-Droid Repositories
Termux: A Powerful Terminal Emulation with an Extensive Linux Package Collection
- Install Termux
- Short Introduction of Termux
- Termux App User Interface
- Shortcuts in Termux
- Types of Storage in Termux
- Storage Related Utilities in Termux
- Shell in Termux
- Termux Chroot
- Termux Fix Shebang
- Environment Variables in Termux
- Difference Between Linux and Termux
- Termux-Properties
- Termux PKG Package Manager
- Debian Derivatives and Termux APT Package Manager
- Termux Change Repo
- Package Command Error
- Process completed (signal 9) - press Enter Error
POSIX References
- Shell Reference
Termux:Styling, Termux:Widget, Termux:Boot, Termux:Float, and Termux:API
- Termux:Styling
- Termux:Widget
- Termux:Boot
- Termux:Float
- Termux:API
TigerVNC, Termux-x11, Fluxbox, Openbox, XFCE, LXQt, and MATE: Termux VNC or X Server and Graphical Environment
- Introduction of VNC (Virtual Network Computing)
- Introduction of X Window System (X11, or X)
- Termux X11 Repository
- TigerVNC VNC Server in Termux
- Termux-x11
- Fluxbox in Termux
- Openbox in Termux
- XFCE in Termux
- LXQt in Termux
- MATE in Termux
- Further Readings and References about Termux VNC or X Server and Graphical Environment
AVNC: A VNC Client for Android
- Install AVNC
- Connect a VNC Server
- Introduction of AVNC
Tailscale: Peer-to-Peer Mesh VPN
- Introduction of Tailscale
- Tailscale in Linux
- Tailscale in Android
PRoot-Distro with Termux: Install Linux Distributions in Termux
- Introduction of Chroot, PRoot, PRoot-Distro
- PRoot-Distro Usage
- Supported Distributions
- Hint to Install Linux OS with PRoot-Distro
Andronix with Termux: Install Linux Distributions in Termux
- Install Andronix App (Optional)
- Install an OS Following Andronix App Instructions
- Uninstall an Not Modded OS Following Andronix App Instructions
- PulseAudio Server Sound Output
- Example: Debian with XFCE Desktop Environment
- Example: Debian with CLI Only
- Example: Uninstall Debian OS (Not Modded)
- Further Readings and References about Chroot, Proot, and Andronix
QEMU System Emulation with Termux: Full System Emulation
- Install QEMU System Emulation for x86-64
- Install QEMU System Emulation for AArch64
- ISO and QCOW2 Image Methods
- Host Port Forwarding
- Alpine Linux x86-64 ISO Image
- Alpine Linux AArch64 ISO Image
- Debian Linux AMD64 QCOW2 Image
- Debian Linux ARM64 QCOW2 Image
- Check Image Info
- Check VM Disk
- Resize Image
- Resize Partition in Debian AMD64
- Resize Partition in Debian ARM64
- Further Readings and References about QEMU
Shizuku, SystemUI Tuner, and aShell: Use Local ADB of Android Device on Terminals Such as Termux without Another Device with Shizuku, Leave Developer Options off When Doing So with SystemUI Tuner, and Use ADB with Features like Autocomplete Suggestion with aShell
- Install Shizuku
- Introduction of ADB and Shizuku
- Connect Shizuku to Wireless ADB
- Use Shizuku in a Terminal Application for the First Time
- Install SystemUI Tuner
- To Leave Developer Options off When Using Shizuku to Connect to ADB with SystemUI Tuner
- Reconnect Shizuku in Case it Stops with SystemUI Tuner
- Other SystemUI Tuner Usage
- aShell
- Further Readings and References about ADB and Shizuku
Tor, Tor Browser, NoScript Security Suite, and Torsocks
- Introduction of Tor
- Install Tor Browser
- NoScript Security Suite
- Tor in Termux
- Torsocks in Termux
TrackerControl and InviZible Pro: Route Traffic through Tor, Block DNS over UDP, Set DNS Server, Block Trackers, etc.
- Install InviZible Pro
- Install TrackerControl
- Configure TrackerControl to Block Trackers without InviZible Pro
- Configure TrackerControl and InviZible Pro for DNSCrypt and Tor
- Configure TrackerControl and InviZible Pro for DNSCrypt Only
- Configure TrackerControl and InviZible Pro for Tor Only
- Check Whether the Tor Route Setup Is Successful
- Configure InviZible Pro to Block Trackers without TrackerControl
OpenSSH: Secure Remote Access with SSH, SCP, and SFTP
- Introduction of SSH (Secure Shell) and OpenSSH
- OpenSSH Server
- OpenSSH Client
- SCP (Secure Copy Protocol)
- SFTP (Secure File Transfer Protocol)
- Further Readings and References about OpenSSH with Linux and Termux
OpenSSL: SSL and TLS Protocals and Cryptography Library Implementation
- Introduction of OpenSSL
- Install OpenSSL in Termux
- Install of OpenSSL in Debian Derivatives
- RSA (Rivest-Shamir-Adleman)
- Symmetric Encryption
droidVNC-NG: VNC Server App for Android That Does Not Require Root Privileges
- Install droidVNC-NG
- Introduction of droidVNC-NG
SD Maid SE: A File Management Tool and System Cleaner
- Install SD Maid SE
- Introduction of SD Maid SE
- Use SD Maid SE with Shizuku
Phyphox: Perform Physics Experiments with Your Phone
- Install Phyphox
- Introduction of Phyphox
AndroidIDE: IDE for Android App development on Android devices
- Install AndroidIDE
- Introduction of AndroidIDE
Linux Command Library
- Install Linux Command Library (Optional)
- Introduction of Linux Command Library
- Website Version of Linux Command Library
Material File: Linux-Aware File Manager with FTP, SFTP, SMB and WebDAV Support
- Install Material Files
- Introduction of Material Files
- Mount External Storage or NAS (Network-Attached Storage) Server
PipePipe: A FLOSS Android App to Let You Browse YouTube, NicoNico and BiliBili Freely.
- Install PipePipe
- Introduction of PipePipe
Xtra: Twitch Player and Browser
- Install Xtra
- Introduction of Xtra
Material Photo Widget
- Install Material Photo Widget
- Introduction of Material Photo Widget
LibreOffice Viewer: Viewer for Open Document Formats and Microsoft Office Formats
- Introduction of LibreOffice
- Introduction of LibreOffice Viewer
VLC for Android: Open Source Media Player and Multimedia Engine
- Install VLC for Android
- Introduction of VLC
Firefox: Fast and Private Browser
- Install Firefox
- Introduction of Firefox
DuckDuckGo: Privacy Browser
- Install DuckDuckGo
- Introduction of DuckDuckGo
Brave: Privacy Browser
- Install Brave
- Introduction of Brave
Safe Space: A Safe Space For Your Digital Valuables
- Install Safe Space
- Introduction of Safe Space
SimplyTranslate Mobile: A Privacy Friendly Frontend to Google Translate
- Install SimplyTranslate Mobile
- Introduction of SimplyTranslate Mobile
- Website Version of SimplyTranslate Mobile
LibreTorrent
- Install LibreTorrent
- Introduction of BitTorrent
- Introduction of LibreTorrent
Thunderbird: Privacy-Focused Email App
- Install Thunderbird
- Introduction of Thunderbird
Promoted or Related Works, References, and Bibliography
- ANC by Gaurav Ujwal / gujjwal00
- AndroidIDE by AndroidIDE / AndroidIDEOfficial
- Andronix by Devriz Technologies LLP / Andronix App /AndronixApp
- aShell by Sunil Paul Mathew M. / sunilpaulmathew
- Brave / Brave Browser by Brave Software / brave
- Debian by the Debian Project
- DontKillMyApp / DontKillMyApp: Make apps work by Urbandroid Team / urbandroid-team / Petr Nálevka (Urbandroid)
- droidVNC-NG / droidVNC-NG VNC Server by Christian Beier / bk138
- DuckDuckGo / DuckDuckGo Browser / DuckDuckGo Privacy Browser / DuckDuckGo Private Browser by DuckDuckGo or duckduckgo
- F-Droid by F-Droid
- Firefox / Firefox Fast & Private Browser by Mozilla
- GNU
- Invizible Pro by Garmatin Oleksandr / Oleksandr Garmatin / Gedsh
- IzzyOnDroid by IzzyOnDroid
- LibreOffice and LibreOffice Viewer by The Document Foundation
- LibreTorrent by Yaroslav Pronin / proninyaroslav
- Linux Command Library by Simon Schubert / SimonSchubert
- Material Files / MaterialFiles by Hai Zhang / zhanghai
- MyIP / IPCheck.ing by Jason Ng / jason5ng32
- NetGuard by Marcel Bokhorst / M66B / Marcel Bokhorst, FairCode BV
- NewPipe by Team NewPipe / TeamNewPipe
- OpenSSH by OpenSSH / openssh
- OpenSSL by OpenSSL / openssl
- Phyphox by RWTH Aachen University / phyphox
- PipePipe by InfinityLoop1309 / InfinityLoop1308
- QEMU by Qemu Project / QEMU
- Safe Space by aashishksahu
- SD Maid SE / SD Maid 2/SE - System Cleaner / sdmaid-se by d4rken / d4rken-org / darken / darken development
- Shizuku by Xingchen & Rikka / RikkaApps
- SimplyTranslate Mobile by ManeraKai
- SystemUI Tuner by Zachary Wander / zacharee
- Tailscale by Tailscale / tailscale
- Termux by Fredrik Fornwall / Termux / termux
- Termux:API by Fredrik Fornwall / Termux / termux
- Termux:Boot by Fredrik Fornwall / Termux / termux
- Termux:Float by Fredrik Fornwall / Termux / termux
- Termux:Styling by Fredrik Fornwall / Termux / termux
- Termux:Widget by Fredrik Fornwall / Termux / termux
- Termux-x11 by Fredrik Fornwall / Termux / termux
- TigerVNC or tigervnc by TigerVNC
- Thunderbird or Thunderbird: Free Your Inbox by Mozilla Thunderbird / thunderbird / Mozilla
- Tor and Tor Browser by The Tor Project
- TrackerControl / TC by TrackerControl / Oxford HCC
- VLC for Android / vlc-android by Videolabs / VLC Mobile Team / VideoLAN / videolan
- Wireguard by Jason A. Donenfeld
- Xtra by AndreyAsadchy or Andrey Asadchy and crackededed
- Others
Contribution
License
- GNU Free Documentation License, Version 1.3 (GFDL 1.3)
- Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0)

Author Information

The author of this tutorial is Willie169, Willie Shen, or 沈威宇.

If for whatever reason you want to send me money, here are where you may do so:

BTC: bc1qm7fuvza2tktvjzfmvf37vw6yft5ntd2u5gh9l0
ETH: 0xC5A26bF0F3564a77973a261624231Ac9DE647967
BNB (BNB Smart Chain): 0xC5A26bF0F3564a77973a261624231Ac9DE647967
SOL: 5ytjeNsMqxUqCZGHghGWjZNZHFSebwfAkKXepExmqvTU
DOGE: DQUWv5vBhCLgoCCyNU2T4fh35ZhGi9cM4T
XMR: 48j6iQDeCSDeH46gw4dPJnMsa6TQzPa6WJaYbBS9JJucKqg9Mkt5EDe9nSkES3b8u7V6XJfL8neAPAtbEpmV2f4XC7bdbkv

Global Note

This tutorial, as well as the software mentioned in it, is provided WITHOUT ANY WARRANTY, including but not limited to the implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Most of the software mentioned in this tutorial is open source.
To prevent apps from being killed, you may turn off battery optimization and auto sleeping, set battery usage to unrestricted, acquire wakelock, etc. Go to DontKillMyApp for more information.
Many sections of the tutorial mention F-Droid, read [F-Droid
Many sections of the tutorial mention Termux. For people who are new to it, please refer to Termux: A Powerful Terminal Emulation with an Extensive Linux Package Collection.
For people who are new to POSIX, please refer to POSIX References.
You may encounter Process completed (signal 9) press Enter error even if you follow the steps in this tutorial. Read the tutorial about how to fix it in Process completed (signal 9) press Enter Error.
Many sections of the tutorial mention VNC. Go to Introduction of VNC (Virtual Network Computing) for introduction of VNC. You can connect to a VNC server with a VNC client. One recommended one for Android is AVNC. Read AVNC: A VNC Client for Android.
Run update command (such as pkg update and apt update) before install command (such as pkg install and apt install) to update available packages.
Add sudo at the beginning of commands in Linux if root permission is needed. Remove sudo from the beginning of commands in Termux if the device is not rooted. Termux doesn’t need root permission to install packages etc.
Type Y, y, Yes, yes, etc. as asked for in response to any prompts that request confirmation during command execution to confirm execution.
Change the file names, directories, paths, addresses, ports, variables, etc. in the commands provided in the tutorial to the actual ones of yours.
Some sections about Linux usages are included, some of which assumes the Linux distribution is Debian derived.
When the tutorial uses text editor such as nano, vim, or vi to edit a file, you can use any text editor you want.
In Linux, root is usually the password for root for the first time. You can usually set password latter by passwd.

F-Droid: Free Software Android Apps Repository and App Store

Install F-Droid

F-Droid (org.fdroid.fdroid) can be installed from their official website.

Introduction of F-Droid

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

F-Droid is both a repository of verified free software Android apps as well as a whole “app store kit”, providing all the tools needed to setup and run an app store. It is a community-run free software project developed by a wide range of contributors. It also includes complete build and release tools for managing the process of turning app source code into published builds.

The F-Droid server tools provide various scripts and tools that are used to maintain the main F-Droid application repository. You can use these same tools to create your own additional or alternative repository for publishing, or to assist in creating, testing and submitting metadata to the main repository.

F-Droid Repositories

F-Droid repositories are compatible with an F-Droid client application. To add a repository, go to F-Droid app’s Settings page tap My Apps > Repositories, tap the plus sign in the lower right corner, and scan QR code or enter or paste repository URL.

The Offical F-Droid repository is http://f-droid.org/repo, which is pre-added in the app by default.

One of the most popular unofficial F-Droid repository is the IzzyOnDroid F-Droid repository.

A list of some known F-Droid repositories:

F-Droid: https://f-droid.org/repo.
F-Droid Archive: https://f-droid.org/archive.
Guardian Project: https://guardianproject.info/fdroid/repo.
Guardian Project Archive: https://guardianproject.info/fdroid/archive.
IzzyOnDroid: https://apt.izzysoft.de/fdroid/repo.
microG: https://microg.org/fdroid/repo.
Netsyms: https://repo.netsyms.com/fdroid/repo.
Bromite: https://fdroid.bromite.org/fdroid/repo.
Molly: https://molly.im/fdroid/foss/fdroid/repo.
NewPipe: https://archive.newpipe.net/fdroid/repo.
Collabora Office: https://www.collaboraoffice.com/downloads/fdroid/repo.
LibRetro: https://fdroid.libretro.com/repo.
KDE Android: https://cdn.kde.org/android/stable-releases/fdroid/repo.
KDE Android Nightly: https://cdn.kde.org/android/fdroid/repo.
The Calyx Institute (testing): https://calyxos.gitlab.io/calyx-fdroid-repo/fdroid/repo.
DivestOS Official: https://divestos.org/fdroid/official.
DivestOS Unofficial: https://divestos.org/fdroid/unofficial.
Fedilab Apps: https://fdroid.fedilab.app/repo.
Kali Nethunter App Store: https://store.nethunter.com/repo.
Umbrella: https://secfirst.org/fdroid/repo.
Langis / Patched Apps: https://thecapslock.gitlab.io/fdroid-patched-apps/fdroid/repo.
Bitwarden: https://mobileapp.bitwarden.com/fdroid/repo.
Briar Project: https://briarproject.org/fdroid/repo.
Wind Offline: https://guardianproject-wind.s3.amazonaws.com/fdroid/repo.

Termux: A Powerful Terminal Emulation with an Extensive Linux Package Collection

Install Termux

Termux (com.termux) can be installed from F-Droid.

WARNING: If you installed termux from Google Play or a very old version, then you will receive package command errors. Google Play builds are deprecated and no longer supported. It is highly recommended that you update to termux-app v0.118.0 or higher as soon as possible for various bug fixes, including a critical world-readable vulnerability reported at https://termux.github.io/general/2022/02/15/termux-apps-vulnerability-disclosures.html. It is recommended that you shift to F-Droid or GitHub releases.

Short Introduction of Termux

Termux is an Android terminal application and Linux environment. Termux combines powerful terminal emulation with an extensive Linux package collection. Some of the commands available in Linux are available in Termux too, such as cp, mv, ls, mkdir, apt, and apt-get.

Features:

Shells: bash, zsh etc.
Editors: nano, vi, vim, neovim, emac, etc.
Connection: openssh, tor, iproute2, net-tools, curl, wget, tigervnc, x11vnc, etc.
Development: gcc, g++, clang, gdb, openjdk-17, openjdk-21, python2, python3, nodejs, go, rust, perl, ruby, cmake, maven, git, subversion, gh, glab-cli, apksigner, android-tools, fdroidcl, etc.
Emulation: proot, proot-distro, qemu-system, qemu-user, etc.
Encryption: openssl, etc.
Multimedia: ffmpeg, etc.
Archiving: bzip, tar, etc.
Graphical environment: fluxbox, openbox,xfce4, lxqt, mate, etc.
Textual user interface: frotz, ncurses-utils, etc.

and more.

At first startup, a small base system is downloaded. Desired packages can then be installed using the apt package manager, which is known from the Debian and Ubuntu Linux distributions. To learn more, access the built-in help by long-pressing anywhere on the terminal and selecting the Help menu option.

Official Wiki: https://wiki.termux.com.
Reddit community: https://termux.com/community.

For people who are new to POSIX, please refer to POSIX References.

Termux App User Interface

Pinch to zoom in or out.
Swipe right from the left edge of the screen to drag out the navigation bar, where you can open Termux Settings, start another NEW SESSION, switch to another session, or launch KEYBOARD.
Long press on screen to:
- COPY
- PASTE
- More
- Select URL
- Share transcipt: transfer all output of the current session (via Android api)
- Reset: Reset
- Kill process: Kill the current terminal session process
- Style: Style (requires Termux:Styling plugin)
- Keep screen on
- Help: Help documentation (Termux Wiki)

Shortcuts in Termux

The following are some of the shortcuts commonly used in the terminal, and they also work in Termux. The volume plus button (abbreviated to Volume below) can be used as a special key to generate a specific input, which can be roughly understood as the Fn key on a laptop.

Ctrl + A - Move cursor to the start position
Ctrl + E - Move cursor to the end
Ctrl + K - Cut everything from here to the end
Ctrl + U - Cut everything from here to the beginning
Ctrl + W - Cut everything from here to the left
Ctrl + Y - Paste words cut by Ctrl + U, Ctrl + D, or Ctrl + W
Ctrl + L - Equivalent to clear command or clear screen
Ctrl + C - Send Signal Interrupt (SIGINT), which terminate the process
Ctrl + D - Close the terminal
Ctrl + Z - Send Signal Terminal Stop (SIGTSTP), which suspend the current process
Volume + E - Esc
Volume + T - Tab
Volume + 1 - F1
Volume + 2 - F2
Volume + 3 - F3
Volume + 4 - F4
Volume + 5 - F5
Volume + 6 - F6
Volume + 7 - F7
Volume + 8 - F8
Volume + 9 - F9
Volume + 0 - F10
Volume + B / Alt + B - Return a word when using readline
Volume + F / Alt + F - Forward a word when using readline
Volume + X / Alt + X
Volume + W - Up Arrow
Volume + A - Left Arrow
Volume + S - Down Arrow
Volume + D - Right Arrow
Volume + L - | (pipe character)
Volume + H - ~ (tilde character)
Volume + U - _ (underscore character)
Volume + P - Page Up (previous page)
Volume + N - Page Down (next page)
Volume + . / Ctrl + \ - Signal Quit (SIGQUIT)
Volume + V - Show volume control
Volume + Q / Volume + K - Show extra button view

Types of Storage in Termux

There are three main types of storage in Termux:

Internal storage: files put in $HOME, available from inside Termux or when explictly picked in an app compatible with Storage Access Framework (SAF).
Shared storage: general purpose file storage available for the all applications allowed by user. The root directory of the main storage of Android is usually /storage/emulated/0.
External storage: external SD cards or USB hard drives. Typically read-only, except the Termux private directory. Full read-write access to external SD cards and USB drives is available only on rooted devices.

Feature comparison between storage types:

Storage type	chmod/chown support	Special files support	Executables support	Access mode
Internal ($HOME/$PREFIX)	yes	yes	yes	RW (app dir)
Shared storage	no	no	no	RW
External storage	no	no	no	RO / RW (app dir)

To access shared and external storage you need to run termux-setup-storage. You will then be prompted to Allow Termux access photos, media and files on your device, which you should tap Allow.
The contents of the created ~/storage folder are symlinks to different storage folders. Run termux-setup-storage to rebuild its structure.
After creating directory Android/data/com.termux, through file manager or by termux-setup-storage, you can access your external SD directly in this folder. The remainder of the external SD card will not be accessable from Termux unless you grant storage permission for Termux in Android. The symlink to the Termux-private folder on external storage will be ~/storage/external-1 or something similar. WANRNING: Please remember that if you uninstall Termux app or clear Termux application data through Android Settings (or Something similar), this directory will be deleted!
If you have Termux:API application and termux-api package installed, you can use Android file picker to get any file from either shared or external storage by using utility termux-storage-get. For example, termux-storage-get filename.txt will save the file that has been chosen through file picker as filename.txt.
You can access Termux home directory ($HOME) from the file manager using Storage Access Framework (SAF) and capable of accessing drives like USB or external SD-card in read-write mode. One recommended file manager which can access Termux home directory is Material Files. My tutorial for it is available in Material File: Linux-Aware File Manager with FTP, SFTP, SMB and WebDAV Support.

Shell in Termux

A shell is an command language interpreter that executes commands from standard input devices (like a keyboard) or from a file. Shells are not a part of the system kernel, but use the system kernel to execute programs, create files, etc.

Use chsh from termux-tools to change your login shell. Currently Termux supports bash, fish, tcsh, zsh, xonsh, beanshell, and ipython. The default one is bash.

Termux Chroot

If you want a classical Linux file system layout, you can to use termux-chroot from package proot. The termux-chroot utility may be very helpful if you use custom software that requires standard paths like /tmp, /etc, /usr to be available.

Install Proot:

pkg install proot

Use Termux chroot:

termux-chroot

Result:

$ ls /usr
bin  doc  etc  include lib  libexec  share  tmp  var

Termux Fix Shebang

You may have a problem executing scripts that have standard shebangs (e.g. #!/bin/sh) because Termux is not FHS compliant. Use the termux-fix-shebang script to modify these files before executing. Recent versions of Termux provide a special package (termux-exec) which allows usage of standard shebangs.

Environment Variables in Termux

$HOME and ~ refer to /data/data/com.termux/files/home.
$PREFIX refers to /data/data/com.termux/files/usr.
Most packages have shared library dependencies which are installed to $PREFIX/lib. On devices before Android 7, Termux exports the special variable $LD_LIBRARY_PATH which tells the linker where to find shared library files. On Android 7 or higher, the DT_RUNPATH ELF header attribute is used instead of LD_LIBRARY_PATH.

Difference Between Linux and Termux

Termux is not FHS compliant: Termux does not follow Filesystem Hierarchy Standard unlike majority of Linux distributions. You cannot find directories like /bin, /etc, /usr, /tmp and others at the usual locations. Thus, all programs must be patched and recompiled to meet requirements of the Termux environment otherwise they will not be able to find their configuration files or other data. This is why Termux does not use official Debian or Ubuntu packages for its environment and you may have a problem executing scripts that have standard shebangs (e.g. #!/bin/sh).
Termux uses Bionic libc: To have the best compatibility with Android OS and to remove the need to maintain custom toolchains we compile all our packages with the Android NDK. The resulting binaries are linked against the Bionic libc (files libc.so, libm.so, libdl.so from /system/lib or /system/lib64).
- Dynamically linked programs will not run because the linker is expected in a nonexistent location (/lib) and libc ABI does not match.
- Statically linked programs (only networking ones) will not be able to resolve DNS names. GNU libc normally doesn't allow static linking with resolver. Also, the file /etc/resolv.conf does not exist on Android.
- On non-rooted Android 8 or newer, statically linked programs will not run due to issues with seccomp filter.
Root file system is stored as ordinary application data: The root file system and user home directory are located in a private application data directory which lives on the /data partition. Paths to these directories are exposed as $PREFIX and $HOME respectively. You cannot move $PREFIX to another location because all programs expect that $PREFIX will not be changed. Additionally, you cannot have binaries, symlinks and other files from $PREFIX on sdcard because that file system does not support unix permissions, symlinks, sockets, etc.
Termux is single-user: Android applications are sandboxed and have their own Linux user id and SELinux label. Everything within Termux is executed with the same user id as the Termux application itself and cannot be changed as it is derived from the user id by Bionic libc.
- All packages in Termux (except root-only ones) are patched to drop any multiuser, setuid/setgid and other similar functionality.
- Default ports for server packages are changed. ftpd, httpd and sshd have their default ports set to 8021, 8080, and 8022 respectively.

Termux-Properties

You can edit properties of Termux by:

nano ~/.termux/termux-properties

Properties that can be changed include default-working-directory, allow-external-apps, volume-keys, etc.

Termux PKG Package Manager

pkg is a tool for managing apt packages in Termux.

Usage: pkg [--check-mirror] command [arguments].
--check-mirror - forces a re-check of availability of mirrors
Commands:
- autoclean - Remove all outdated packages from apt cache.
- clean - Remove all packages from apt cache.
- files <packages> - Show all files installed by packages.
- install <packages> - Install specified packages.
- list-all - List all packages available in repositories.
- list-installed - List installed packages.
- reinstall <packages> - Reinstall specified installed packages at the latest version.
- search <query> - Search package by query, for example by name or description part.
- show <packages> - Show basic metadata, such as dependencies.
- uninstall <packages> - Uninstall specified packages. Configuration files will be left intact.
- upgrade - Upgrade all installed packages to the latest version.
- update - Update apt databases from configured repositories.

Debian Derivatives and Termux APT Package Manager

apt is a commandline package manager and provides commands for searching and managing as well as querying information about packages. It provides the same functionality as the specialized APT tools, like apt-get and apt-cache, but enables options more suitable for interactive use by default.

Usage: apt [options] command
Synopsys: apt [-h] [-o=config_string] [-c=config_file] [-t=target_release] [-a=architecture] {list | search | show | update | install pkg [{=pkg_version_number | /target_release}]... | remove pkg... | upgrade | full-upgrade | edit-sources | {-v | --version} | {-h | --help}}
Most used commands:
- list - list packages based on package names
- search - search in package descriptions
- show - show package details
- install - install packages
- reinstall - reinstall packages
- remove - remove packages
- autoremove - automatically remove all unused packages
- update - update list of available packages
- upgrade - upgrade the system by installing/upgrading packages
- full-upgrade - upgrade the system by removing/installing/upgrading packages
- edit-sources - edit the source information file
- satisfy - satisfy dependency strings
See apt(8) for more information about the available commands: https://manpages.debian.org/unstable/apt/apt.8.en.html.
Configuration options and syntax is detailed in apt.conf(5): https://manpages.debian.org/unstable/apt/apt.conf.5.en.html.
Information about how to configure sources can be found in sources.list(5): https://manpages.debian.org/unstable/apt/sources.list.5.en.html.
Package and version choices can be expressed via apt_preferences(5): https://manpages.debian.org/unstable/apt/aptpreferences.5.en.html.
Security details are available in apt-secure(8): https://manpages.debian.org/unstable/apt/apt-secure.8.en.html.

Termux Change Repo

Run termux-change-repo command.
Select one or more repositories for which you want to change mirror by tapping "space" and navigating over list by up/down arrow keys. Tap enter to confirm the choice.
Pick a mirror. Control method is same as the last step.

Package Command Error

Termux had to move the primary Termux package repository hosting from Bintray to Fosshost since Bintray shut down on May 1st, 2021 which created problems for users while running package installation and update commands with pkg or apt and their commands would fail with errors similar to the following:

E: The repository 'https://termux.org/packages stable Release' does no longer have a Release file.
N: Metadata integrity can't be verified, repository is disabled now.
N: Possible cause: repository is under maintenance or down (wrong sources.list URL?).

E: The repository 'https://dl.bintray.com/grimler/game-packages-24 games Release' does not have a Release file.
N: Metadata integrity can't be verified, repository is disabled now.
N: Possible cause: repository is under maintenance or down (wrong sources.list URL?).

E: The repository 'https://science.termux-mirror.ml science Release' does not have a Release file.
N: Metadata integrity can't be verified, repository is disabled now.
N: Possible cause: repository is under maintenance or down (wrong sources.list URL?).

Command Solution

Run termux-change-repo command.
Select one or more repositories for which you want to change mirror by tapping "space" and navigating over list by up/down arrow keys. Tap enter to confirm the choice.
Pick a mirror. Control method is same as the last step.
If you have installed other package repositories, like x11 and root, then you must select and change those mirrors as well. You can check your current mirrors by running the termux-info command. Note that the science and game repos have been merged into main repo and should be removed with apt remove science-repo game-repo if you have them installed.

Accept them by answering y if you receive errors like:

E: Repository 'https://grimler.se/termux-root-packages-24 root InRelease' changed its 'Origin' value from 'Bintray' to 'termux-root-packages-24 root'
E: Repository 'https://grimler.se/termux-root-packages-24 root InRelease' changed its 'Label' value from 'Bintray' to 'termux-root-packages-24 root'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
Do you want to accept these changes and continue updating from this repository? [y/N]

After changing the mirror, it is highly advisable to run pkg upgrade command to update all packages to the latest available versions, or at least update termux-tools package with pkg install termux-tools command. Also make sure your device has internet connectivity and the repository URLs are accessible in a browser.

Manual Solution

If for some reason termux-change-repo is not available, you can manually edit sources.list to replace the main url with a value obtained from Termux Mirrors List.
Run nano $PREFIX/etc/apt/sources.list to edit it.
This will not change the urls of other package repositories, to change those run pkg install termux-tools afterwards and use termux-change-repo or manually edit their files under $PREFIX/etc/apt/sources.list.d directory.
Changing the mirror may specially be needed if a user is still using bintray as the mirror or pkg upgrade command hasn’t been run in a while to update termux package related scripts.

Process completed (signal 9) - press Enter Error

Some Android OS will kill any (phantom) processes greater than 32 (limit is for all apps combined) and also kill any processes using excessive CPU.

You may get Process completed (signal 9) - press Enter message in the terminal without actually exiting the shell process yourself.

Here is the guide of how to turn it off.

Graphical Fix

This fix is generally available for Stock Android 12L and beyond, and often unavailable for QEMs like OneUI, MiUi, Samsung, etc. and other non-stock Android. If this fix is not available for your phone, please refer to the command line solution in next section.

In phone’s Settings or something similar, go to About Phone > Software Information or something similar, and tap the Version Number seven times to enable Developer Options. Some phones may have different methods to enable Developer Options.
Click the section named Feature Flags.
Toggle off settings_enable_monitor_phantom_procs to disable phantom process killer.
To enable phantom process killer again, just toggle on settings_enable_monitor_phantom_procs.

Command Line Fix

Connect to Android Debug Bridge (ADB) of your Android device from another device or via Shizuku. For people who are new to them, please refer to the tutorial for them in Shizuku, SystemUI Tuner, and aShell: Use Local ADB of Android Device on Terminals Such as Termux without Another Device with Shizuku, Leave Developer Options off When Doing So with SystemUI Tuner, and Use ADB with Features like Autocomplete Suggestion with aShell.
Type adb shell to enter adb shell.

Run the following commands inside adb shell:

/system/bin/device_config set_sync_disabled_for_tests persistent
/system/bin/device_config put activity_manager max_phantom_processes 2147483647
settings put global settings_enable_monitor_phantom_procs false

To check the status of whether phantom process killer is disabled, run the following commands inside adb shell:

/system/bin/dumpsys activity settings | grep max_phantom_processes
/system/bin/device_config get activity_manager max_phantom_processes

To enable phantom process killer again, run the following commands inside adb shell:

/system/bin/device_config set_sync_disabled_for_tests none; /system/bin/device_config put activity_manager max_phantom_processes 32
settings put global settings_enable_monitor_phantom_procs true

POSIX References

POSIX (Portable Operating System Interface) is a family of standards specified by the IEEE for maintaining compatibility between operating systems. It defines a set of APIs, command-line interfaces, and utility interfaces to enable software portability across different Unix-like systems.

Shell Reference

Go to Bash Reference Manual for more information.

Shell Syntax

When the shell reads input, it proceeds through a sequence of operations. If the input indicates the beginning of a comment, the shell ignores the comment symbol (#), and the rest of that line.

Otherwise, roughly speaking, the shell reads its input and divides the input into words and operators, employing the quoting rules to select which meanings to assign various words and characters.

The shell then parses these tokens into commands and other constructs, removes the special meaning of certain words or characters, expands others, redirects input and output as needed, executes the specified command, waits for the command’s exit status, and makes that exit status available for further inspection or processing.

Shell Commands

A simple shell command such as echo a b c consists of the command itself followed by arguments, separated by spaces.

More complex shell commands are composed of simple commands arranged together in a variety of ways: in a pipeline in which the output of one command becomes the input of a second, in a loop or conditional construct, or in some other grouping.

Shell Functions

Shell functions are a way to group commands for later execution using a single name for the group. They are executed just like a "regular" command. When the name of a shell function is used as a simple command name, the list of commands associated with that function name is executed. Shell functions are executed in the current shell context; no new process is created to interpret them.

Functions are declared using this syntax:

fname () compound-command [ redirections ]

function fname [()] compound-command [ redirections ]

This defines a shell function named fname. The reserved word function is optional. If the function reserved word is supplied, the parentheses are optional.

Shell Parameters

A parameter is an entity that stores values. It can be a name, a number, or one of the special characters listed below. A variable is a parameter denoted by a name. A variable has a value and zero or more attributes. Attributes are assigned using the declare builtin command.

A parameter is set if it has been assigned a value. The null string is a valid value. Once a variable is set, it may be unset only by using the unset builtin command.

A variable may be assigned to by a statement of the form

name=[value]

If value is not given, the variable is assigned the null string. All values undergo tilde expansion, parameter and variable expansion, command substitution, arithmetic expansion, and quote removal.

Shell Expansion

Expansion is performed on the command line after it has been split into tokens. The order of expansions is: brace expansion; tilde expansion, parameter and variable expansion, arithmetic expansion, and command substitution (done in a left-to-right fashion); word splitting; and filename expansion.

Shell Redirections

Before a command is executed, its input and output may be redirected using a special notation interpreted by the shell. Redirection allows commands’ file handles to be duplicated, opened, closed, made to refer to different files, and can change the files the command reads from and writes to. Redirection may also be used to modify file handles in the current shell execution environment. The following redirection operators may precede or appear anywhere within a simple command or may follow a command. Redirections are processed in the order they appear, from left to right.

Redirecting input: [n]<word.
Redirecting output: [n]>[|]word.
Appending redirected output: [n]>>word.
Redirecting standard output and standard error: &>word (preferred) or >&word. This is semantically equivalent to >word 2>&1.
Appending standard output and standard error: &>>word. This is semantically equivalent to >>word 2>&1.

File and Directory Management

Command	Usage
`ls`	List directory contents: `ls` `ls -l`: long format `ls -a`: include hidden files `ls -A`: include hidden files except `.` (current directory) and `..` (parent directory) `ls -lh`: human-readable sizes. `ls -d`: show directory names instead of their contents `ls -R`: list subdirectories recursively `ls -t`: sort by modification time (newest first) `ls -S`: sort by file size (largest first) `ls -X`: sort by extension `ls -r`: reverse order of sorting `ls -1`: list one entry per line `ls -F`: append indicators (`/` for directories, `*` for executables, etc.) `ls -p`: append `/` to directories `ls --color=auto`: colorize output based on file type `ls -i`: show inode numbers `ls -n`: show numeric UID and GID instead of names `ls -g`: like `-l` but without showing owner `ls -o`: like `-l` but without group information `ls --time=ctime`: sort by change time (instead of modification) `ls --time=access`: sort by last access time `ls -Z`: show SELinux security context (if enabled) `ls --full-time`: show complete timestamps
`cd`	Change directory: `cd /path/to/dir`
`pwd`	Print current working directory
`mkdir`	Create a new directory: `mkdir newdir` `mkdir -m newdir`: set file mode (as in `chmod`), not `a=rwx - umask` `mkdir -p newdir`: no error if existing, make parent directories as needed, with their file modes unaffected by any `-m` option
`rmdir`	Remove empty directory: `rmdir emptydir`
`rm`	Remove files or directories: `rm file` `rm -r dir`: recursive `rm -f`: force
`cp`	Copy files/directories: `cp src dest` `cp -r dir1 dir2`: recursive
`mv`	`mv oldname newname`: rename files/directories `mv file /destination/`: move files/directories
`touch`	`touch newfile.txt`: Create an empty `newfile.txt` or update its timestamp `touch -c newfile.txt`: Don’t create `newfile.txt` if it doesn’t exist
`find`	Search for files: `find [path] [options] [expression]` `find /home/user/ -name '.txt'`: Find all `.txt` files under `/home/user/` `find . -type d -name 'dir'`: Find directories starting with `dir`
`locate`	Quickly find files using an index: `locate filename` (remember to run `updatedb`
`updatedb`	Update the `locate` database
`stat`	Display detailed file information: `stat file`
`tree`	Show directory structure in a tree format (not always installed)
`df`	Show disk usage of file systems: `df [options] [file]` `df -h`: human-readable size `df -T`: include filesystem type `df --total`: Show a grand total of all file systems
`du`	Show disk usage of files and directories: `du [options] [file]` `du -h`: human-readable size `du -sh /path/to/dir`: Show the total size of `/path/to/dir` `du -a`: Show the size of all files and directories `du --max-depth=1`: Limit the depth of directory traversal to 1 level
`basename`	Extract filename from a path: `basename /path/to/file`
`dirname`	Extract directory path from a full file path: `dirname /path/to/file`

File Permissions and Ownership

Command	Usage
`chmod`	Change file permissions: Numeric Mode: Syntax: `chmod [permissions] file` First number in permissions is for user (owner), second is for group, third is for others Permissions: `4`: read `2`: write `1`: execute Permissions are additive. For example, `7` = `4` + `2` + `1` Symbolic Mode: Syntax: `chmod [who][+/-/=][permissions] file` Who: `u`: User (owner) `g`: Group `o`: Others `a`: All (user, group, and others) Operators `+`: Add permission `-`: Remove permission `=`: Set exact permission Permissions: `r`: read `w`: write `x`: execute Recursively: `-R` or `--recursive`: change files and directories recursively. The following options modify how a hierarchy is traversed when the `-R` option is also specified. If more than one is specified, only the final one takes effect. `-H` is the default. `-H`: if a command line argument is a symbolic link to a directory, traverse it `-L`: traverse every symbolic link to a directory encountered `-P`: do not traverse any symbolic links
`chown`	Change file owner: `chown [options] user[:group] file` `chown user file.txt`: Change the owner to `user` `chown user:group file.txt`: Change the owner to `user` and the group to `group` `chown :group file.txt`: Change the group to `group` without changing the owner Recursively: same as `chmod`
`chgrp`	Change group ownership: `chgrp group file`
`umask`	Set default permissions: `umask 022` (default 755 for new files)

File Viewing and Manipulation

Command	Usage
`cat`	Display file contents: `cat file.txt`
`tac`	Display file contents in reverse order
`more`	View file page by page (scroll forward only)
`less`	View file page by page (scroll forward and backward)
`head`	Show first N lines: `head -n 10 file.txt`
`tail`	Show last N lines: `tail -n 10 file.txt`, `tail -f logfile` (follow changes)
`cut`	Extract specific fields: `cut -d':' -f1 /etc/passwd`
`sort`	Sort lines: `sort file.txt`, `sort -n numbers.txt`
`uniq`	Remove duplicate lines: `sort file.txt
`wc`	Count words, lines, characters: `wc -l file.txt`
`diff`	Compare two files: `diff file1 file2`
`cmp`	Compare two files byte by byte
`tee`	Read from standard input and write to file and standard output: `echo "hello"
`split`	Split large files into smaller ones: `split -b 1M largefile`
`paste`	Merge lines of files: `paste file1 file2`: Merge corresponding lines from two files `paste -d ',' file1 file2`: Use a comma as a delimiter `paste -s file`: Merge all lines of a file into a single line
`tr`	Translate or delete characters: `echo "hello" \| tr 'a-z' 'A-Z'`: Convert lowercase to uppercase `echo "hello world" \| tr -d 'o'`: Delete all 'o' characters `echo "hello world" \| tr ' ' '\n'`: Convert spaces to newlines
`xargs`	Build and execute command lines: `echo file1 file2 \| xargs rm`: Remove listed files `find . -name "*.txt" \| xargs cat`: Concatenate all .txt files `cat list.txt \| xargs -n 1 echo`: Process one argument per line
`grep`	Search for patterns in files: `grep "pattern" file`: Search for 'pattern' in a file `grep -i "pattern" file`: Case-insensitive search `grep -r "pattern" /path`: Recursively search in a directory `grep -v "pattern" file`: Exclude lines matching 'pattern'
`egrep` / `fgrep`	Extended and fixed string search: `egrep "regex" file`: Extended regular expressions `fgrep "string" file`: Fixed string search (no regex)
`cut`	Extract portions of text: `cut -d ':' -f 1 /etc/passwd`: Extract first field using ':' as delimiter `cut -c 1-5 file`: Extract first five characters of each line
`awk`	Process and analyze text files: `awk '{print $1}' file`: Print first field of each line `awk -F ':' '{print $1, $3}' /etc/passwd`: Specify a field separator `awk 'NR==3' file`: Print only the third line
`sed`	Stream editing: `sed 's/old/new/g' file`: Replace 'old' with 'new' `sed -n '5p' file`: Print only the fifth line `sed '/pattern/d' file`: Delete lines matching 'pattern'

Process and Job Management

Command	Usage
`ps`	Show active processes: `ps aux` (detailed list)
`top`	Display real-time system processes
`htop`	Interactive process monitor (not always installed)
`kill`	Send signal to a process: `kill PID`, `kill -9 PID` (force kill)
`pkill`	Kill process by name: `pkill processname`
`jobs`	Show background jobs
`fg`	Bring background job to foreground: `fg %1`
`bg`	Resume a suspended job in the background: `bg %1`
`nohup`	Run a process immune to hangups: `nohup command &`
`nice`	Start a process with a priority: `nice -n 10 command`
`renice`	Change process priority: `renice 10 -p PID`
`time`	Measure execution time of a command: `time command`

Networking

Command	Usage
`ping`	Check network connectivity: `ping example.com`
`wget`	Download files: `wget URL`
`curl`	Transfer data: `curl -O URL` (download), `curl -X POST URL`
`scp`	Copy files over SSH: `scp file user@host:/path`
`rsync`	Efficient file transfer: `rsync -av source destination`
`netstat`	Show network connections and ports: `netstat -tulnp`
`ss`	More advanced network statistics: `ss -tulnp`
`traceroute`	Show network route to a host: `traceroute example.com`
`dig`	Query DNS records: `dig example.com`
`nslookup`	Query DNS: `nslookup example.com`

Disk and System Information

Command	Usage
`uptime`	Show system uptime
`who`	Show logged-in users
`w`	Show active users and their processes
`id`	Show user ID and group ID
`uname`	Show system information: `uname -a`
`hostname`	Show system hostname
`df`	Show disk space usage: `df -h`
`du`	Show directory size: `du -sh /path`
`free`	Show memory usage: `free -m`
`vmstat`	Show system performance statistics
`iostat`	Show CPU and I/O statistics

Archiving and Compression

Command	Usage
`tar`	Archive files: `tar -cvf archive.tar files`, `tar -xvf archive.tar` (extract)
`gzip`	Compress files: `gzip file`
`gunzip`	Decompress files: `gunzip file.gz`
`zip`	Create ZIP archive: `zip archive.zip files`
`unzip`	Extract ZIP archive: `unzip archive.zip`

User Management

Command	Usage
`whoami`	Show current user
`who`	Show logged-in users
`groups`	Show groups a user belongs to
`passwd`	Change user password
`su`	Switch user: `su - username`
`sudo`	Run command as superuser: `sudo command`

Miscellaneous

Command	Usage
`echo`	Print text: `echo "Hello"`
`date`	Show current date and time
`cal`	Show calendar
`clear`	Clear terminal screen
`history`	Show command history
`alias`	Create alias: `alias ll='ls -l'`
`env`	Show environment variables
`export`	Set environment variable: `export VAR=value`

Termux:Styling, Termux:Widget, Termux:Boot, Termux:Float, and Termux:API

Termux:Styling

Termux:Styling (com.termux.styling) can be installed from F-Droid.

This plugin for Termux provides beautiful color schemes and powerline-ready fonts to customize the appearance of the terminal.

Long-press anywhere on the Termux terminal and use the "Style" menu entry to use after installation.

Go to the official wiki for more information.

Termux:Widget

Termux:Widget (com.termux.widget) can be installed from F-Droid.

Add-on app which adds shortcuts to Termux scripts and commands on the home screen. Scripts should be placed in the $HOME/.shortcuts/ folder to allow quick access to frequently used commands without typing.

Go to the official wiki for more information.

Termux:Boot

Termux:Boot (com.termux.boot) can be installed from [F-Droid](<https://f-droid.org/packages/com.termux.boot).

This plugin for Termux allows programs to be run at boot.

Instructions:

Start the Termux:Boot app once by clicking on its launcher icon.
This allow the app to be run at boot.
Create the ~/.termux/boot/ directory.
Put scripts you want to execute inside the ~/.termux/boot/ directory.
If there are multiple files, they will be executed in a sorted order.

Note that you may want to run termux-wake-lock as first thing want to ensure that the device is prevented from sleeping.

Go to the official wiki for more information.

Termux:Float

Termux:Float (com.termux.float) can be installed from F-Droid.

This plugin for Termux provides a floating terminal window which is shown above other apps.

Long-press on the floating window to move or resize it and tap on the notification to temporarily hide it.

Go to the official wiki for more information.

Termux:API

Termux:API (com.termux.api) can be installed from F-Droid.

Expose basic Android functionality like sending SMS or accessing GPS data to the Termux app. This is an add-on which requires that the main Termux app is installed to use.

Read and send sms messages from your terminal.
Access device GPS location sensor from scripts.
Pipe the result of commands into the device text-to-speech engine.
Vibrate the device when something interesting happens.
Access the system clipboard from shell scripts.
List contacts from the system contact list.

Besides installing this app an additional package is required to install inside Termux:

apt install termux-api

Go to the official wiki for more information.

TigerVNC, Termux-x11, Fluxbox, Openbox, XFCE, LXQt, and MATE: Termux VNC or X Server and Graphical Environment

Introduction of VNC (Virtual Network Computing)

VNC (Virtual Network Computing) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network.

Introduction of X Window System (X11, or X)

The X Window System (X11, or simply X) is a windowing system for bitmap displays, common on Unix-like operating systems. X is an architecture-independent system for remote graphical user interfaces and input device capabilities. Each person using a networked terminal has the ability to interact with the display with any type of user input device. The X server is typically the provider of graphics resources and keyboard/mouse events to X clients.

Termux X11 Repository

X11 packages are available in a separate APT repository. You can enable it by running the following command:

pkg install x11-repo

It will automatically add appropriate sources.list file and PGP key. You can disable this repository by running the following command:

pkg uninstall x11-repo

TigerVNC VNC Server in Termux

Go to their official website for more information.

Install TigerVNC

pkg install x11-repo
pkg install tigervnc

Start a VNC Server

vncserver [:1] [-geometry 1920x1080]

You can optionally specify port with :port and resolution with -geometry. VNC server will start on the unused port with the smallest number on localhost if no port specified.

You can specify xstartup script in the ~/.vnc/xstartup file. When the VNC server starts, it will run the script in ~/.vnc/xstartup (if any).

At first time, you will be prompted for setting up passwords:

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? n

Note that passwords are not visible when you are typing them and maximal password length is 8 characters.

If everything is okay, you will see this message:

New 'localhost:1 ()' desktop is localhost:1

Creating default startup script /data/data/com.termux/files/home/.vnc/xstartup
Creating default config /data/data/com.termux/files/home/.vnc/config
Starting applications specified in /data/data/com.termux/files/home/.vnc/xstartup
Log file is /data/data/com.termux/files/home/.vnc/localhost:1.log

It means that the server is available on display localhost:1.

To make programs do graphical output to the display localhost:1, set environment variable like shown here (yes, without specifying localhost):

export DISPLAY=":1"

You may even put this variable to your bashrc or profile so you don’t have to always set it manually unless display address will be changed.

You can connect to the VNC server from a VNC viewer to view the output.

Note that you have to start a windows manager or desktop environment in ~/.vnc/xstartup or no graphical environment will be shown.

Kill a VNC Server

vncserver -kill localhost:1

Replace :1 with the actual port your VNC server started on.

Termux-x11

Install Termux-x11 App

Termux-x11 (com.termux.x11) app for Android can be installed from the .apk asset corresponding to your architecture in its GitHub release.

Install Termux-x11 Package

pkg install x11-repo
pkg install termux-x11-nightly

Start a Termux-x11 X Server

To start Termux-x11 X server, run:

termux-x11 :1 -xstartup "$XSTARTUP"

Replace :1 with the actual port you want and $XSTARTUP with the actual xstartup script.

Note that you have to start a windows manager or desktop environment in the argument of -xstartup or no graphical environment will be shown.

Connect to a Termux-x11 X Server

Open the Termux-x11 app. It will connect to the Termux-x11 X server automatically.

Fluxbox in Termux

Install Fluxbox

pkg install fluxbox

Xstartup Script

#!/data/data/com.termux/files/usr/bin/sh
fluxbox-generate_menu
fluxbox &

Fluxbox windows manager will start automatically on VNC or X server startup.

Openbox in Termux

Install Openbox

pkg install openbox pypanel xorg-xsetroot

Xstartup Script

#!/data/data/com.termux/files/usr/bin/sh
openbox-session &

Don’t put any other command than the lines above to the xstartup script since Openbox has its own autostart script, which is located at ${PREFIX}/etc/xdg/openbox/autostart.

nano ~/etc/xdg/openbox/autostart

Copy below and paste to it (replace gray with the color you want):

# Make background gray.
xsetroot -solid gray
pypanel &

Openbox windows manager will start automatically on VNC or X server startup.

XFCE in Termux

Install XFCE

pkg install xfce4

Xstartup Script

#!/data/data/com.termux/files/usr/bin/sh
xfce4-session &

Don’t put any other command than the lines above to the xstartup script.

XFCE desktop environment will start automatically on VNC or X server startup.

Additional Recommended Packages for Installation

netsurf - Simple graphical web browser. Javascript is not supported.
xfce4-terminal - Terminal emulator for XFCE. It is not included as part of XFCE installation to allow use of aterm or st.

LXQt in Termux

Install LXQt

pkg install lxqt

Xstartup Script

#!/data/data/com.termux/files/usr/bin/sh
startlxqt &

Don’t put any other command than the lines above to the xstartup script.

LXQt desktop environment will start automatically on VNC or X server startup.

Additional Recommended Packages for Installation

otter-browser - Free and open source web browser that aims to recreate aspects of Opera 12.x
qterminal - Terminal emulator for LXQt. It is not included as part of LXQt installation to allow use of aterm or st.

MATE in Termux

Install MATE

pkg install mate-* marco

Xstartup Script

#!/data/data/com.termux/files/usr/bin/sh
mate-session &

Don’t put any other command than the lines above to the xstartup script.

MATE desktop environment will start automatically on VNC server startup.

Additional Recommended Packages for Installation

netsurf - Simple graphical web browser. Javascript is not supported.
mate-terminal - Terminal emulator for MATE. It is not included as part of MATE installation to allow use of aterm or st.

AVNC: A VNC Client for Android

Install AVNC

AVNC (com.gaurav.avnc) can be installed from F-Droid.

Connect a VNC Server

Tap the + sign in the lower right corner,
Input Name (arbitrary name), Host address (localhost for localhost), and Port, input Username and Password if needed, adjust ADVANCED options if needed, and then tap SAVE.
Tap the Server name to connect to it.
If you encounter incorrect mouse display or recieving, going to Settings > Input > Mouse and toggling on Hide local pointer may help.
Note that you may have to run export DISPLAY='1', export DISPLAY=remote_host:0, or similar commands in the server side to set the display of the session to the client.

Introduction of AVNC

Gesture styles: Automatic, Touchscreen (Do actions at touch-point), or Touchpad mode (Do actions at pointer).
Material Design: Dark theme and light theme.
Configurable gestures: Configure the meaning of each gesture.
Tight encoding.
Virtual Keys: Go to Settings => Input => Virtual keys => Customize keys to customize Virtual Key layout.
Picture-in-Picture mode.
View-only mode.
Zeroconf Server Discovery.
TLS support: AnonTLS and VeNCrypt.
SSH tunnel: VNC over SSH.
Import/Export servers.
VNC Repeater support.
Clipboard Sync with server.
Pause update in background.
Automatic reconnection.
Automatically find supported servers.

Tailscale: Peer-to-Peer Mesh VPN

Introduction of Tailscale

Tailscale is a modern, user-friendly mesh VPN that creates a secure, peer-to-peer network between your devices using WireGuard. It allows devices across different networks to communicate directly without complex firewall configurations or port forwarding.

WireGuard is a registered trademark of Jason A. Donenfeld.

Features of Tailscale:

Easy setup: No need for manual VPN configurations. Just sign in with an identity provider. Google, Microsoft, GitHub, Apple, and passkey are available.
Zero trust security: Enforces access control using multi-factor authentication (MFA) and device authentication.
Automatic NAT traversal: Works across different networks, even behind NAT and firewalls.
Mesh networking: Devices connect directly when possible, improving performance and reducing latency.
Access Control Lists (ACLs): Fine-grained control over which devices can communicate.
Multiplatform support: Supports Linux, Windows, macOS, Android, iOS, etc.
Exit nodes: Use a specific device as a VPN gateway.
Subnet routing: Access remote networks securely.

Go to their official website for more information.

Tailscale in Linux

Install

curl -fsSL https://tailscale.com/install.sh | sh

Log in

sudo tailscale up

Systemd Enable

sudo systemctl enable tailscaled

Manually Start Userspace Networking

sudo tailscaled --tun=userspace-networking &

Tailscale IP

Your tailscale ip will be

tailscale ip

You can connect to it from another device logged in with the same account.

Subnet Routing

If you want to access devices on your local network through Tailscale, enable subnet routing

sudo tailscale up --advertise-routes=192.168.1.0/24

Tailscale in Android

Install Tailscale

Tailscale (com.tailscale.ipn) can be installed from F-Droid or Google Play.

Introduction of Tailscale in Android

Tailscale is a mesh VPN alternative that makes it easy to connect your devices, wherever they are. No more fighting configuration or firewall ports. Built on WireGuard®, Tailscale enables an incremental shift to zero-trust networking by implementing “always-on” remote access. This guarantees a consistent, portable, and secure experience independent of physical location.

You can view the devices logged in and their Tailscale IPs in the app.

PRoot-Distro with Termux: Install Linux Distributions in Termux

Introduction of Chroot, PRoot, PRoot-Distro

Chroot: Chroot is an operation on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally cannot access) files outside the designated directory tree.
PRoot: PRoot is a user-space implementation of chroot, mount --bind, and binfmt_misc. This means that users don’t need any privileges or setup to do things like using an arbitrary directory as the new root file system, making files accessible somewhere else in the file system hierarchy, or executing programs built for another CPU architecture transparently through QEMU user-mode.
PRoot-Distro: PRoot-Distro is a Bash script wrapper for PRoot. It provides a set of functions with standardized command line interface to let user easily manage Linux PRoot containers. By default it supports a number of well known Linux distributions such Alpine Linux, Debian or openSUSE. However it is possible to add others with a help of plug-ins.

PRoot-Distro Usage

Usage: proot-distro [COMMAND] [ARGUMENTS]
Commands:
- help - Show this help information.
- backup - Backup a specified distribution.
- install - Install a specified distribution.
- list - List supported distributions and their installation status.
- login - Launch a login shell for the specified distribution if no additional arguments were given. Otherwise execute the given command and exit.
  - Usage: proot-distro login [OPTIONS] [DISTRO ALIAS] [-- [COMMAND]]
  - Command aliases: sh
  - Options:
    - --help - Show this help information.
    - --user [user] - Login as specified user instead of 'root'.
    - --fix-low-ports - Modify bindings to protected ports to use a higher port number.
    - --isolated - Run isolated environment without access to host file system.
    - --termux-home - Mount Termux home directory to /root. Takes priority over --isolated option.
    - --shared-tmp - Mount Termux temp directory to /tmp. Takes priority over --isolated option.
    - --bind [path:path] - Custom file system binding. Can be specified multiple times. Takes priority over --isolated option.
    - --no-link2symlink - Disable hardlink emulation by proot. Adviseable only on devices with SELinux in permissive mode.
    - --no-sysvipc - Disable System V IPC emulation by proot.
    - --no-kill-on-exit - Wait until all running processes will finish before exiting. This will cause proot to freeze if you are running daemons.
    - --no-arch-warning - Suppress warning about CPU not supporting 32-bit instructions.
    - --kernel [string] - Set the kernel release and compatibility level to string.
    - --work-dir [path] - Set the working directory.
    - --env ENV=val - Set environment variable. Can be specified multiple times.
  - Put -- if you wish to stop command line processing and pass options as shell arguments.
  - If no --isolated option given, the following host directories will be available:
    - /apex (only Android 10+)
    - /data/dalvik-cache
    - /data/data/com.termux
    - /sdcard
    - /storage
    - /system
    - /vendor
- remove - Delete a specified distribution. WARNING: this command destroys data!
- rename - Rename installed distribution.
- reset - Reinstall from scratch a specified distribution. WARNING: this command destroys data!
- restore - Restore a specified distribution. WARNING: this command destroys data!
- clear-cache - Clear cache of downloaded files.

Supported Distributions

Here are the supported distributions (alias: name):

alpine: Alpine Linux (edge)
archlinux: Arch Linux ARM
artix: Artix Linux (AArch64 only)
debian: Debian (stable)
deepin: Deepin (beige)
fedora: Fedora 39 (AArch64 only)
manjaro: Manjaro (AArch64 only)
openkylin: OpenKylin (Yangtze)
opensuse: OpenSUSE (Tumbleweed)
pardus: Pardus (yirmibir)
ubuntu: Ubuntu (23.10)
void: Void Linux

Hint to Install Linux OS with PRoot-Distro

Type command proot-distro list to get a list of the supported distributions.

Pick a distro alias and run the next command to install it:

proot-distro install <alias> [--override-alias <new alias>]

Runtime data is stored at this location:

/data/data/com.termux/files/usr/var/lib/proot-distro

If you have issues with proot during installation or login, try to set PROOT_NO_SECCOMP=1 environment variable.

Andronix with Termux: Install Linux Distributions in Termux

Install Andronix App (Optional)

Andronix (studio.com.techriz.andronix) can be installed from Google Play.

Andronix is an app that lets you install Linux distributions like Ubuntu, Debian, Manjaro etc. in Termux on non-rooted Android devices with PRoot. Andronix provides paid, close-source modded OS too, which won’t be mentioned in this tutorial.

Install an OS Following Andronix App Instructions

Open Andronix app.
Click the Linux Distribution card.
Click on the Linux distribution you want to install. It is recommended to get started with Ubuntu or Debian if you are overwhelmed by the options.
Click on the user interface you want. Graphical User Interface or GUI is the visual interface that you interact with to do things in your Linux distribution. Command Line Interface or CLI is the text-based interface that you interact with to execute commands and perform tasks in your Linux distribution.
Desktop Environment: You can choose a Desktop Environment if you would like to use your mouse as well as your keyboard, or you’ve little or no experience with Linux.
Window Manager: You can choose a Window Manager if you only want to use your keyboard to manage windows and other OS-level tasks. These are pretty light and fast, but do require some skill before getting productive.
CLI Only: If you don’t want a Graphical User-interface, you can go ahead with the Command Line Interface.
Andronix will automatically copy the command to your clipboard.
Paste and run in Termux.

Uninstall an Not Modded OS Following Andronix App Instructions

Open Andronix app.
Click the Linux Distribution card.
Long press on the Linux distribution you want to uninstall.
Select Uninstall.
Andronix will automatically copy the command to your clipboard.
Paste and run in Termux (Not inside that OS).

PulseAudio Server Sound Output

Install and Setup

Run the following command in Termux (Not inside that OS):

pkg install wget && wget https://andronixos.sfo2.cdn.digitaloceanspaces.com/OS-Files/setup-audio.sh && chmod +x setup-audio.sh && ./setup-audio.sh

Start PulseAudio Server

pulseaudio --start

Example: Debian with XFCE Desktop Environment

Install Debian with XFCE

pkg update -y && pkg install wget curl proot tar -y && wget https://raw.githubusercontent.com/AndronixApp/AndronixOrigin/master/Installer/Debian/debian-xfce.sh -O debian-xfce.sh && chmod +x debian-xfce.sh &&  bash debian-xfce.sh

The file directory of the Debian OS will be debian-fs. You can read, write, and execute files in it both in Termux or in the Debian OS.

Turn on the OS (CLI)

./start-debian.sh

VNC Server

Run vncserver-start in the OS to start the VNC server (default on port 1).
Get a VNC viewer. AVNC is recommended for Android.
Add a new connection with address localhost:1.
View GUI of the OS from VNC viewer.
Run vncserver-start in the OS to kill all VNC servers.

Example: Debian with CLI Only

Install Debian

pkg update -y && pkg install wget curl proot tar -y && wget https://raw.githubusercontent.com/AndronixApp/AndronixOrigin/master/Installer/Debian/debian.sh -O debian.sh && chmod +x debian.sh && bash debian.sh

The file directory of the Debian OS will be debian-fs. You can read, write, and execute files in it both in Termux or in the Debian OS.

Turn on the OS (CLI)

./start-debian.sh

Example: Uninstall Debian OS (Not Modded)

wget https://raw.githubusercontent.com/AndronixApp/AndronixOrigin/master/Uninstall/Debian/UNI-debian.sh && chmod +x UNI-debian.sh && bash UNI-debian.sh

QEMU System Emulation with Termux: Full System Emulation

Install QEMU System Emulation for x86-64

Run the following command in Termux:

pkg update && pkg install qemu-utils qemu-common qemu-system-x86-64-headless wget -y

Install QEMU System Emulation for AArch64

Run the following command in Termux:

pkg update && pkg install qemu-utils qemu-common qemu-system-aarch64-headless wget -y

ISO and QCOW2 Image Methods

For more complex distribution like Debian and Ubuntu, using ISO image method is easier to encounter some issues like GRUB menu not showing on CLI or stuck in the middle of the installation process which QCOW2 image method usually doesn’t cause.

Host Port Forwarding

Set hostfwd to set host port forwarding. Take hostfwd=tcp::2222-:22 for example, tcp specifies the TCP protocol for the forwarding rule, ::2222 indicates that on the host machine, TCP connections to port 2222 will be forwarded, and -:22 indicates that these connections will be forwarded to port 22 (the default SSH port) on the guest virtual machine.

Alpine Linux x86-64 ISO Image

Installation

size='5G'
memory='1024'
cpu='2'
pkg update && pkg install qemu-utils qemu-common qemu-system-x86-64-headless wget -y
mkdir ~/alpine-x86_64 && cd ~/alpine-x86_64
wget https://dl-cdn.alpinelinux.org/v3.21/releases/x86_64/alpine-virt-3.21.0-x86_64.iso
qemu-img create -f qcow2 alpine-x86_64.img $size
qemu-system-x86_64 -machine q35 -m $memory -smp cpus=$cpu -cpu qemu64 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -cdrom alpine-virt-3.21.0-x86_64.iso -drive file=alpine-x86_64.img,format=qcow2 -nographic

Run below in the Alpine Linux VM to setup:

setup-alpine

CLI Only

memory='1024'
cpu='2'
qemu-system-x86_64 -machine q35 -m $memory -smp cpus=$cpu -cpu qemu64 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/alpine-x86_64/alpine-x86_64.img,format=qcow2 -nographic

With VNC Display

memory='1024'
cpu='2'
qemu-system-x86_64 -machine q35 -m $memory -smp cpus=$cpu -cpu qemu64 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/alpine-x86_64/alpine-x86_64.img,format=qcow2 -vnc :0

Alpine Linux AArch64 ISO Image

Installation

size='5G'
memory='1024'
cpu='2'
pkg update && pkg install qemu-utils qemu-common qemu-system-aarch64-headless wget -y
mkdir ~/alpine-aarch64 && cd ~/alpine-aarch64
wget https://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/aarch64/alpine-virt-3.21.0-aarch64.iso
qemu-img create -f qcow2 alpine-aarch64.img $size
qemu-system-aarch64 -machine virt -m $memory -smp cpus=$cpu -cpu cortex-a72 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-aarch64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -cdrom alpine-virt-3.21.0-aarch64.iso -drive file=alpine-aarch64.img,format=qcow2 -nographic

Run below in the Alpine Linux VM to setup:

setup-alpine

CLI Only

memory='1024'
cpu='2'
qemu-system-aarch64 -machine virt -m $memory -smp cpus=$cpu -cpu cortex-a72 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-aarch64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/alpine-aarch64/alpine-aarch64.img,format=qcow2 -nographic

With VNC Display

memory='1024'
cpu='2'
qemu-system-aarch64 -machine virt -m $memory -smp cpus=$cpu -cpu cortex-a72 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-aarch64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/alpine-aarch64/alpine-aarch64.img,format=qcow2 -vnc :0

Debian Linux AMD64 QCOW2 Image

Installation

size='5G'
memory='1024'
cpu='2'
pkg update && pkg install qemu-utils qemu-common qemu-system-x86-64-headless wget -y
mkdir ~/debian-amd64 && cd ~/debian-amd64
wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-nocloud-amd64.qcow2
qemu-img resize debian-12-nocloud-amd64.qcow2 +$size
qemu-system-x86_64 -machine q35 -m $memory -smp cpus=$cpu -cpu qemu64 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/debian-amd64/debian-12-nocloud-amd64.qcow2,format=qcow2 -nographic

CLI Only

memory='1024'
cpu='2'
qemu-system-x86_64 -machine q35 -m $memory -smp cpus=$cpu -cpu qemu64 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/debian-amd64/debian-12-nocloud-amd64.qcow2,format=qcow2 -nographic

With VNC Display

memory='1024'
cpu='2'
qemu-system-x86_64 -machine q35 -m $memory -smp cpus=$cpu -cpu qemu64 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/debian-amd64/debian-12-nocloud-amd64.qcow2,format=qcow2 -vnc :0

Debian Linux ARM64 QCOW2 Image

Installation

size='5G'
memory='1024'
cpu='2'
pkg update && pkg install qemu-utils qemu-common qemu-system-aarch64-headless wget -y
mkdir ~/debian-arm64 && cd ~/debian-arm64
wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-nocloud-arm64.qcow2
qemu-img resize debian-12-nocloud-arm64.qcow2 +$size
qemu-system-aarch64 -machine virt -m $memory -smp cpus=$cpu -cpu cortex-a72 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-aarch64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/debian-arm64/debian-12-nocloud-arm64.qcow2,format=qcow2 -nographic

CLI Only

memory='1024'
cpu='2'
qemu-system-aarch64 -machine virt -m $memory -smp cpus=$cpu -cpu cortex-a72 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-aarch64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/debian-arm64/debian-12-nocloud-arm64.qcow2,format=qcow2 -nographic

With VNC Display

memory='1024'
cpu='2'
qemu-system-aarch64 -machine virt -m $memory -smp cpus=$cpu -cpu cortex-a72 -drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-aarch64-code.fd -netdev user,id=n1,dns=8.8.8.8,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 -drive file=~/debian-arm64/debian-12-nocloud-arm64.qcow2,format=qcow2 -vnc :0

Check Image Info

In host, run:

qemu-img info <image>

Check VM Disk

Inside guest, run:

df -h

and for partition, run:

lsblk

Resize Image

In host, run:

qemu-img resize <image> +5G

+5G indicates increasing 5GB disk image. You can adjust the size as needed.

Resize Partition in Debian AMD64

In Debian guest, run:

sudo apt update
sudo apt install parted e2fsprogs -y
sudo parted /dev/sda

In (parted), run:

print
fix
resizepart 1 100%
quit

and then in Debian guest run:

sudo resize2fs /dev/sda1

Resize Partition in Debian ARM64

In Debian guest, run:

sudo apt update
sudo apt install parted e2fsprogs -y
sudo parted /dev/vda

In (parted), run:

print
fix
resizepart 1 100%
quit

and then in Debian guest run:

sudo resize2fs /dev/vda1

Shizuku, SystemUI Tuner, and aShell: Use Local ADB of Android Device on Terminals Such as Termux without Another Device with Shizuku, Leave Developer Options off When Doing So with SystemUI Tuner, and Use ADB with Features like Autocomplete Suggestion with aShell

Install Shizuku

Shizuku (moe.shizuku.privileged.api) can be installed from IzzyOnDroid F-Droid repository or Google Play.

Introduction of ADB and Shizuku

Android Debug Bridge (ADB): The Android Debug Bridge (ADB) is a programming tool used for the debugging of Android-based devices. The daemon on the Android device connects with the server on the host PC over USB or TCP, which connects to the client that is used by the end-user over TCP. Made available as open-source software under the Apache License by Google, its features include a shell and the possibility to make backups. The ADB software is available for many devices such as Windows, Linux and macOS. It has been misused by botnets and other malware, for which mitigations were developed such as RSA authentication and device whitelisting.
Shizuku: Shizuku is an open-source app for serving multiple apps that require root/adb. If your "root required app" only needs adb permission, you can easily expand the audience by using Shizuku. Also, Shizuku is significantly faster than root shell. Go to their official website for more information.

Connect Shizuku to Wireless ADB

Grant Shizuku notification permission.
Tap Pairing in Start via Wireless debugging block in Shizuku.
Connect to a WiFi you trust. You don’t need to log in to the WiFi though. You just need to let your phone think that you’re connected to WiFi.
In phone’s Settings or something similar, go to About Phone > Software Information or something similar, and tap the Version Number seven times to enable Developer Options. Some phones may have different methods to enable Developer Options.
In the Developer Options, enable Wireless ADB and tap Pair with a pairing code.
Input the pairing code in the notification of Shizuku.
In the Developer Options, togle on Disable adb authorization timeout if you don’t want to do all the above again every few times using Shizuku. If the connection is disconnected due to whatever reason, follow Reconnect Shizuku in Case it Stops with SystemUI Tuner to reconnect if you’re using SystemUI Tuner, or follow above guide again to reconnect.
Back to Shizuku and tap Start in Start via Wireless debugging block. You all see Shizuku is running on the top of the app interface of Shizuku.

Use Shizuku in a Terminal Application for the First Time

Tap Use Shizuku in terminal applications in Shizuku and export files rish and rish_shizuku.dex to somewhere on your phone.
Use a text editor to replace PKG in rish with the package name of your terminal application. Take Termux for example, Termux’s package name is com.termux. Run termux-setup-storage and tap Allow to grant Termux storage permission.
Open your terminal application and move the exported files to somewhere it can access (usually with mv old_location new_location). The root directory of the main storage of Android is usually /storage/emulated/0. One recommended terminal application for Android is Termux. My tutorial for it is available in Termux: A Powerful Terminal Emulation with an Extensive Linux Package Collection.
Go to the directory you moved the exported files to with cd directory (assumed ~/shizuku below) and run sh rish.
~ $ should become <device>:/ $ (such as e2q:/ $) if sh rish succeeded. Write ADB commands here. Note that there is no need to use adb or adb shell prefixes before commands and that devices command gets /system/bin/sh: devices: inaccessible or not found.
You can turn WiFi off after ADB is connected. The notification of Shizuku may say Paring failed after that, but you can check Shizuku app to check whether there’s a block that reads Shizuku is running on the top.
Optionally, create a .sh file (nano ~/shizuku.sh for example), paste cd shizuku && sh rish, save it, and make it executable with chmod +x shizuku.sh so that you can run this shortcut to start Shizuku on your terminal afterward.

Install SystemUI Tuner

SystemUI Tuner can be installed from Google Play (pub: Zachary Wander).

To Leave Developer Options off When Using Shizuku to Connect to ADB with SystemUI Tuner

WARNING: In Android 14’s latest update, now Enable ADB can’t be persistently on unless USB connected.

Some apps (such as many financial apps) may require Developer Options to be off when using them. This section is the tutorial about how to turn Developer Options off while still using ADB Shell with Shizuku.

Run adb shell command pm grant com.zacharee1.systemuituner android.permission.WRITE_SECURE_SETTINGS (you can do it with Shizuku and a terminal such as Termux or aShell).
Connect to a WiFi. You don’t need to log in or have real WiFi access, just make your phone believes you are connected to WiFi.
Turn off Developer Options if it’s on. The toggle switch is usually on the top of Developer Options.
In SystemUI Tuner, go to Developer and turn on Enable ADB and Enable Wireless ADB.
In SystemUI Tuner, go to Persistent Options and select Enable ADB.
Press Start on Shizuku.
Turn off WiFi. Enable Wireless ADB will be turned off automatically by system settings. You can check that in SystemUI Tuner.

Reconnect Shizuku in Case it Stops with SystemUI Tuner

Connect to a WiFi. You don’t need to log in or have real WiFi access, just make your phone believes you are connected to WiFi.
Turn off Developer Options if it’s on. The toggle switch is usually on the top of Developer Options.
In SystemUI Tuner, go to Developer and turn on Enable Wireless ADB.
Press Start on Shizuku.
Turn off WiFi. Enable Wireless ADB will be turned off automatically by system settings. You can check that in SystemUI Tuner.

Other SystemUI Tuner Usage

SystemUI Tuner exposes some hidden options in Android. You can set them, add them to Persistent Options to keep them on, etc. Different manufacturers may remove or change these options, which SystemUI Tuner may not work around.

You may need to run the following adb shell command (you can do it with Shizuku and a terminal such as Termux or aShell) in order to change the settings:

pm grant com.zacharee1.systemuituner android.permission.WRITE_SECURE_SETTINGS
pm grant com.zacharee1.systemuituner android.permission.PACKAGE_USAGE_STATS
pm grant com.zacharee1.systemuituner android.permission.DUMP

aShell

Install aShell

aShell can be installed from F-Droid.

Introduction of aShell

An elegantly designed user interface.
Included a bundle of examples about common adb commands.
Handles continuously running commands, such as logcat, top, etc.
Search for specific text from the last command output.
Option to save last command output as a text file.
Bookmark frequently using commands.
Dark/light theme.
Auto complete.

Usage of aShell

Give aShell the permission moe.shizuku.manager.permission.API_V23.
Connect to ADB.
Use aShell.

Tor, Tor Browser, NoScript Security Suite, and Torsocks

Introduction of Tor

Tor is a free overlay network for enabling anonymous communication. Built on free and open-source software and more than seven thousand volunteer-operated relays worldwide, users can have their Internet traffic routed via a random path through the network.

Using Tor makes it more difficult to trace a user’s Internet activity by preventing any single point on the Internet (other than the user’s device) from being able to view both where traffic originated from and where it is ultimately going to at the same time. This conceals a user’s location and usage from anyone performing network surveillance or traffic analysis from any such point, protecting the user’s freedom and ability to communicate confidentially.

Key Features of Tor:

Block Trackers: Isolates each website you visit so third-party trackers and ads can’t follow you.
Defend Against Surveillance: Prevents someone watching your connection from knowing what websites you visit.
Resist Fingerprinting: Aims to make all users look the same, making it difficult for you to be fingerprinted based on your browser and device information.
Multi-layered Encryption: Traffic is relayed and encrypted three times as it passes over the Tor network. The network is comprised of thousands of volunteer-run servers known as Tor relays.
Browse Freely: With Tor, you are free to access sites your local internet service provider may have blocked and access hidden services with .onion domain names, which are not reachable through standard web browsers.

Some services may crash when routing traffic through Tor, changing the Exit nodes may help.

Install Tor Browser

Tor Browser can be installed from Google Play or the Guardian Project F-Droid repository. For the latter, please refer to F-Droid Repositories for more information about how to add a F-Droid repository to your F-Droid client app.

The Tor Browser for Android is a mobile version of the Tor Browser that utilizes Mozilla Firefox for Android codebase.

NoScript Security Suite

NoScript (or NoScript Security Suite) is a free and open-source extension for Firefox- and Chromium-based web browsers, written and maintained by Giorgio Maone, a software developer and member of the Mozilla Security Group. By default, NoScript blocks active (executable) web content, which can be wholly or partially unblocked by allowlisting a site or domain from the extension’s toolbar menu or by clicking a placeholder icon. It is recommended to enable NoScript for all Tor sites unless you fully trust it.

Tor in Termux

Install

pkg install tor

Configurations

nano $PREFIX/etc/tor/torrc

Default SOCKS proxy port is:

SOCKSPort 9050

Run

tor

or in background,

tor &

You can add tor & in .bashrc (or .zshrc) to start Tor automatically when opening Termux.

Torsocks in Termux

Install

pkg install torsocks

Configurations

nano $PREFIX/etc/tor/torsocks.conf

Default address and port are:

TorAddress 127.0.0.1
TorPort 9050

To use the tor in Termux, use TorAddress 127.0.0.1 and ensure TorPort is the same as the SOCKSPort in $PREFIX/etc/tor/torrc.

Usage

You can route any command through Tor by adding torsocks in the beginning of the command. For example:

torsocks curl https://check.torproject.org

You can add aliases in .bashrc (or .zshrc) to force commands to go through torsocks. For example:

alias apt="torsocks apt"

To start tor and let it run in background on every boot, you can install Termux:Boot and add

#!/data/data/com.termux/files/usr/bin/bash
nohup tor &

to ~/.termux/boot/boot.sh.

TrackerControl and InviZible Pro: Route Traffic through Tor, Block DNS over UDP, Set DNS Server, Block Trackers, etc.

This section mentions Tor, for people who are new to it, please refer to Tor, Tor Browser, NoScript Security Suite, and Torsocks.

Install InviZible Pro

InviZible Pro (pan.alexander.tordnscrypt.stable) can be installed from F-Droid or Google Play.

Install TrackerControl

TrackerControl (net.kollnig.missioncontrol.fdroid), also known as TC, can be installed from F-Droid.

WARNING: Please avoid use the Google Play version because it doesn’t have the feature like trackers blocking in order to comply with Google’s terms.

Blocking trackers can be used independently or with proxy (such as Prxoy mode of InviZible Pro).
TrackerControl has a Traffic log feature for free, which can help a lot in identifying which trackers should be unblocked when the services crash.
This tutorial section, including the setting .xml, can be used in NetGuard as well because TrackerControl uses NetGuard’s code. However, Traffic log feature is not available in NetGuard’s free version but only available in Pro version. NetGuard is available on F-Droid: https://f-droid.org/packages/eu.faircode.netguard or Google Play: https://play.google.com/store/apps/details?id=eu.faircode.netguard.
You have to disable monitoring of apps route traffic through Tor itself within TrackerControl, such as Tor Browser, and Termux if you’re using tor, torsocks, or similar things.

Configure TrackerControl to Block Trackers without InviZible Pro

Block unwanted trackers in the main interface of the apps.
TrackerControl categorizes trackers by port, corporation, category, etc. You can easily block and allow connections. You may have to try several time to figure out what trackers to allow in order to prevent apps from crashing in few cases.
Turn on TrackerControl as the VPN service of the device.

Configure TrackerControl and InviZible Pro for DNSCrypt and Tor

Configure TrackerControl

Turn on TrackerControl as the VPN service of the device.
Go to TrackerControl.
Disable Monitoring of InviZible Pro (pan.alexander.tordnscrypt.stable).
Go to the Settings > Advanced options.
Turn on Block Trackers on UDP.
Set the SOCKS5 address to 127.0.0.1.
Set the SOCKS port to the port you’ve configured Tor to use in InviZible Pro (9050 by default).
Enable the Use SOCKS5 proxy option.
Tap Port forwarding.
Tap ⊕. Set protocol as UDP, Source port to 53, Destination address to 127.0.0.1, Destination port to the port you configure DNSCrypt of InviZible pro to listen to (5354 by default), and Destination app to nobody.
Tap ⊕. Set protocol as TCP, Source port to 53, Destination address to 127.0.0.1, Destination port to the port you configure DNSCrypt of InviZible pro to listen to (5354 by default), and Destination app to nobody.
Set first (above) VPN DNS as 9.9.9.9.
Set second (below) VPN DNS as 149.112.112.112.
Set where to validate the internet connection in Validate at if you want, www.f-droid.org for example.
Block unwanted trackers and set other things if you want.

If you export settings and import it on another device, the blocklist may not be able to be configured as that in the previous device. You can apply some of the above settings with the .xml below (assuming the configuration of Invizible Pro is as in this tutorial) by coping it, storing it in a .xml file and going to Settings > Backup > Import settings of TrackerControl to import this file. However, it just contains some of the settings, you have to configure others yourself and test whether your applications work as normal because things may vary from case to case.

<?xml version='1.0' encoding='UTF-8' standalone='yes' ?>
<trackercontrol>
  <application>
    <setting key="dns2" type="string" value="149.112.112.112" >
    <setting key="filter_udp" type="boolean" value="true" >
    <setting key="domain_based_blocking" type="boolean" value="true" >
    <setting key="dark_theme" type="boolean" value="true" >
    <setting key="dns" type="string" value="9.9.9.9" >
    <setting key="hosts_url_new" type="string" value="https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >
    <setting key="wifi_homes" type="set" value="" >
    <setting key="traffic_blocked" type="boolean" value="true" >
    <setting key="hosts_url" type="string" value="https://www.netguard.me/hosts" >
    <setting key="socks5_addr" type="string" value="127.0.0.1" >
    <setting key="socks5_port" type="string" value="9050" >
    <setting key="proto_tcp" type="boolean" value="true" >
    <setting key="manage_system" type="boolean" value="true" >
    <setting key="validate" type="string" value="www.f-droid.org" >
    <setting key="update_check" type="boolean" value="true" >
    <setting key="socks5_enabled" type="boolean" value="true" >
    <setting key="filter" type="boolean" value="true" >
  </application>
  <apply>
    <setting key="com.termux" type="boolean" value="false" >
    <setting key="pan.alexander.tordnscrypt.stable" type="boolean" value="false" >
  </apply>
  <forward>
    <port pkg="nobody" protocol="17" dport="53" raddr="127.0.0.1" rport="5354" >
    <port pkg="nobody" protocol="6" dport="53" raddr="127.0.0.1" rport="5354" >
  </forward>
</trackercontrol>

Configure InviZible Pro

Change to Proxy mode by tapping the ⋮ button in the upper right corner and select that option.
Go to Fast settings.
Turn on Autostart DNSCrypt and Autostart Tor if you want.
Set Delay, DNSCrypr servers, Bridges, whether to Spoof SNI, etc. if needed.
Go to Common Settings and turn on Prevent device sleep if needed.
Go to DNSCrypt Settings.
Go to Listen port and set it to the port TrackerControl forwarding UDP and TCP of port 53 to (5354 by default).
Set Require DNSSEC, Require no log, and Require no filter if you want.
Turn on Force TCP because Tor doesn’t support UDP.
Turn on SOCKS proxy > Outbound proxy.
Set Proxy port as the port you want to configure Tor to use in InviZible Pro (9050 by default).
Turn on Query logging and Suspicious logging if you want.
Go to Tor settings.
Set Nodes, Proxy, etc. if you want. Make sure the SOCKS port is coordinated with the SOCKS proxy in TrackerControl and the DNS port is coordinated with the Forwarding rules in DNSCrypt Settings (onion 127.0.0.1:5400 by default).
Set other things if you want.
Turn on DNSCrypt and Tor.

You can apply some of the above settings with the files below (assuming the configuration of TrackerControl is as in this tutorial). However, they just contain some of the settings, you have to configure others yourself and test whether your applications work as normal because things may vary from case to case.

dns-proxy.toml: Copy the text in the below block, tap Edit dns-proxy.toml in DNSCrypt Settings, and paste.

ipv4_servers = true
ipv6_servers = true
require_dnssec = true
require_nolog = false
require_nofilter = false
block_ipv6 = false
force_tcp = true
server_names = ['adguard-dns', 'adguard-dns-ipv6', 'ahadns-doh-la', 'brahma-world-ipv6', 'dnsforge.de', 'mullvad-base-doh', 'sfw.scaleway-fr']
disabled_server_names = []
listen_addresses = ['127.0.0.1:5354', '[::1]:5354']
max_clients = 250
#user_name = '0'
dnscrypt_servers = true
doh_servers = true
odoh_servers = true
timeout = 5000
keepalive = 30
netprobe_timeout = -1
log_level = 2
log_file = '/data/user/0/pan.alexander.tordnscrypt.stable/logs/DnsCrypt.log'
use_syslog = false
cert_refresh_delay = 240
dnscrypt_ephemeral_keys = false
tls_disable_session_tickets = false
bootstrap_resolvers = ['9.9.9.9:53', '[2620:fe::fe]:53']
netprobe_address = '9.9.9.9:53'
block_unqualified = true
block_undelegated = true
reject_ttl = 10
ignore_system_dns = false
http3 = true
log_files_max_size = 1
log_files_max_age = 7
log_files_max_backups = 1
cache = true
cache_size = 4096
cache_min_ttl = 2400
cache_max_ttl = 86400
cache_neg_ttl = 60
cache_neg_max_ttl = 600
forwarding_rules = 'forwarding-rules.txt'
cloaking_rules = 'cloaking-rules.txt'
proxy = 'socks5://127.0.0.1:9050'
[captive_portals]
map_file = 'captive-portals.txt'
[dns64]
#prefix = ['64:ff9b::/96']
[local_doh]
#listen_addresses = ['127.0.0.1:3000']
#path = '/dns-query'
#cert_file = 'localhost.pem'
#cert_key_file = 'localhost.pem'
[query_log]
format = 'tsv'
file = '/data/user/0/pan.alexander.tordnscrypt.stable/cache/query.log'
ignored_qtypes = ['DNSKEY', 'NS']
[nx_log]
format = 'tsv'
file = '/data/user/0/pan.alexander.tordnscrypt.stable/cache/nx.log'
[blocked_names]
blocked_names_file = 'blacklist.txt'
[blocked_ips]
blocked_ips_file = 'ip-blacklist.txt'
[allowed_names]
allowed_names_file = 'whitelist.txt'
[sources]
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'public-resolvers.md'
refresh_delay = 72
prefix = ''
[sources.'relays']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md']
cache_file = 'relays.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
[sources.'odoh-servers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md']
cache_file = 'odoh-servers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
[sources.'odoh-relays']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md']
cache_file = 'odoh-relays.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
[broken_implementations]
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']
[anonymized_dns]
skip_incompatible = false
routes = [
{ server_name = 'adguard-dns', via=['anon-kama', 'anon-scaleway', 'anon-tiarap'] },
{ server_name = 'sfw.scaleway-fr', via=['anon-kama', 'anon-serbica', 'anon-tiarap'] },
{ server_name = 'adguard-dns-ipv6', via=['anon-ams-ipv6', 'anon-scaleway-ams-ipv6', 'anon-tiarap-ipv6'] }
]
[static]

tor.conf: Copy the text in the below block, tap Edit tor.conf in Tor Settings, and paste.

RunAsDaemon 0
AvoidDiskWrites 1
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit, .onion
#ExcludeExitNodes
TransPort 9040
DNSPort 127.0.0.1:5400
DNSPort [::1]:5400
SOCKSPort 127.0.0.1:9050
SOCKSPort [::1]:9050
HardwareAccel 1
Schedulers Vanilla
#Socks5Proxy 127.0.0.1:1080
ClientOnly 1
ExitPolicy reject *:*
ExitPolicy reject6 *:*
GeoIPFile /data/user/0/pan.alexander.tordnscrypt.stable/app_data/tor/geoip
GeoIPv6File /data/user/0/pan.alexander.tordnscrypt.stable/app_data/tor/geoip6
DataDirectory /data/user/0/pan.alexander.tordnscrypt.stable/tor_data
VirtualAddrNetworkIPv4 10.192.0.0/10
VirtualAddrNetworkIPv6 [FC00::]/8
Log notice file /data/user/0/pan.alexander.tordnscrypt.stable/logs/Tor.log
ConnectionPadding 1
ReducedConnectionPadding 1
#ExcludeNodes
ExitNodes {AU},{AT},{GB},{US},{DE},{SE},{CH},{LU},{NL},{NZ},{CA},{JP},{TW},{KR},{BE},{KY},{DK},{FI},{GL},{GR},{IS},{HU},{IE},{IT},{ES},{PT},{PL},{HR},{EE},{LV},{NO},{PH},{SG},{FR}
#EntryNodes
StrictNodes 0
#ReachableAddresses *:80,*:443
NewCircuitPeriod 30
MaxCircuitDirtiness 600
EnforceDistinctSubnets 1
HTTPTunnelPort 8118
DormantCanceledByStartup 1
DormantClientTimeout 15 minutes
CircuitsAvailableTimeout 86400
ClientUseIPv4 1
ClientUseIPv6 1
UseBridges 0

Some services may crash when routing traffic through Tor, changing the Exit nodes in InviZible Pro may help; otherwise, you may try to disable monitoring that app or toggle off Use SOCKS5 proxy in TrackerControl, which however compromise your privacy to some degree.

Configure TrackerControl and InviZible Pro for DNSCrypt Only

To use DNSCrypt but not Tor of InviZible Pro with TrackerControl, there are below differences in the configuration compared with both DNSCrypt and Tor in above section.

Configure TrackerControl

Turn on TrackerControl as the VPN service of the device.
Go to TrackerControl.
Disable Monitoring of InviZible Pro (pan.alexander.tordnscrypt.stable).
Go to the Settings > Advanced options.
Turn on Block Trackers on UDP.
Tap Port forwarding.
Tap ⊕. Set protocol as UDP, Source port to 53, Destination address to 127.0.0.1, Destination port to the port you configure DNSCrypt of InviZible pro to listen to (5354 by default), and Destination app to nobody.
Tap ⊕. Set protocol as TCP, Source port to 53, Destination address to 127.0.0.1, Destination port to the port you configure DNSCrypt of InviZible pro to listen to (5354 by default), and Destination app to nobody.
Set first (above) VPN DNS as 9.9.9.9.
Set second (below) VPN DNS as 149.112.112.112.
Set where to validate the internet connection in Validate at if you want, www.f-droid.org for example.
Block unwanted trackers and set other things if you want.

Configure InviZible Pro

Change to Proxy mode by tapping the ⋮ button in the upper right corner and select that option.
Go to Fast settings.
Turn on Autostart DNSCrypt if you want.
Set Delay, DNSCrypr servers, Bridges, whether to Spoof SNI, etc. if needed.
Go to Common Settings and turn on Prevent device sleep if needed.
Go to DNSCrypt Settings.
Go to Listen port and set it to the port TrackerControl forwarding UDP and TCP of port 53 to (5354 by default).
Set Require DNSSEC, Require no log, and Require no filter if you want.
Turn on Force TCP if you want.
Turn on Query logging and Suspicious logging if you want.
Turn on DNSCrypt.

Configure TrackerControl and InviZible Pro for Tor Only

To use Tor but not DNSCrypr of InviZible Pro with TrackerControl, there are below differences in the configuration compared with both DNSCrypt and Tor in above section.

Configure TrackerControl

Turn on TrackerControl as the VPN service of the device.
Go to TrackerControl.
Disable Monitoring of InviZible Pro (pan.alexander.tordnscrypt.stable).
Go to the Settings > Advanced options.
Turn on Block Trackers on UDP.
Set the SOCKS5 address to 127.0.0.1.
Set the SOCKS port to the port you’ve configured Tor to use in InviZible Pro (9050 by default).
Enable the Use SOCKS5 proxy option.
Tap Port forwarding.
Tap ⊕. Set protocol as UDP, Source port to 53, Destination address to 127.0.0.1, Destination port to the Forwarding rules in DNSCrypt Settings of InviZible Pro (5400 by default), and Destination app to nobody.
Tap ⊕. Set protocol as TCP, Source port to 53, Destination address to 127.0.0.1, Destination port to the Forwarding rules in DNSCrypt Settings of InviZible Pro (5400 by default), and Destination app to nobody.
Set first (above) VPN DNS as 9.9.9.9.
Set second (below) VPN DNS as 149.112.112.112.
Set where to validate the internet connection in Validate at if you want, www.f-droid.org for example.
Block unwanted trackers and set other things if you want.

Configure InviZible Pro

Change to Proxy mode by tapping the ⋮ button in the upper right corner and select that option.
Go to Fast settings.
Turn on Autostart Tor if you want.
Set Delay, DNSCrypr servers, Bridges, whether to Spoof SNI, etc. if needed.
Go to Common Settings and turn on Prevent device sleep if needed.
Go to Tor settings.
Set Nodes, Proxy, etc. if you want. Make sure the SOCKS port is coordinated with the SOCKS proxy in TrackerControl and the DNS port is coordinated with the Port forwarding rules in TrackerControl.
Set other things if you want.
Turn on Tor.

Check Whether the Tor Route Setup Is Successful

Go to https://check.torproject.org to check if your Tor route succeeded. If yes, you will see "Congratulations. This browser is configured to use Tor." or similar massage in other languages.
Go to https://whatismyipaddress.com (not open source), https://ipcheck.ing, or other IP checking websites to see wether it’s your device’s IP. If not, your Tor route is probably successful.
Go to https://www.dnsleaktest.com (not open source), https://ipcheck.ing, or other DNS leak testing websites to check if there is a DNS leak. You will see the DNS servers you set in DNSCrypt Settings in InviZible Pro instead of your ISP’s servers if there’s no DNS leak.

Configure InviZible Pro to Block Trackers without TrackerControl

Change to VPN mode by tapping the ⋮ button in the upper right corner and select that option.
Settings for DNSCRypt and Tor, DNSCrypr only, and Tor only remain the same as the above counterparts that is used with TrackerControl except that those parts coordinated with Port forwarding of TrackerControl are no longer needed.

OpenSSH: Secure Remote Access with SSH, SCP, and SFTP

Introduction of SSH (Secure Shell) and OpenSSH

SSH provides a secure way for accessing remote hosts and replaces tools such as telnet, rlogin, rsh, ftp.
OpenSSH, also known as OpenBSD Secure Shell, is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.
Default SSH port in Termux is 8022.
Default SSH port in Linux is usually 22.

OpenSSH Server

Install in Debian Derivatives

sudo apt install openssh-server

Install in Termux

pkg install openssh

Edit Configuration

sudo nano /etc/ssh/sshd_config

Listening Port

Edit

#Port 22

line to change the listening port.

Note that you may need to set it to higher port in VMs.

Ports Listening to

Edit

#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

lines to change ports listening to.

PermitRootLogin

Change the PermitRootLogin line to

PermitRootLogin yes

if you want to permit login as root. In Termux, this is common, but in normal Linux, this is not discouraged.

PasswordAuthentication

Change the PasswordAuthentication line to

PasswordAuthentication yes

to permit password authentication. Password can be set by running passwd.

Usage in Linux with Systemctl

sudo systemctl start ssh
sudo systemctl enable ssh
sudo systemctl restart ssh
sudo systemctl status ssh
sudo systemctl disable ssh

Usage in Termux

Start

sshd

Stop

pkill sshd

Deny

nano /etc/hosts .deny

Ubuntu Firewall

sudo ufw enable
sudo ufw allow ssh

OpenSSH Client

Install in Debian Derivatives

sudo apt install openssh-client

Install in Termux

pkg install openssh

Connect

ssh [user]@[ssh_server] -p [port] -L [local_port]:[remote_host]:[remote_port]

-p: Port. Default is 22.
-L: Local port forwarding.

Key

ssh-keygen -R [localhost]:2222

You need to delete the original key if the server is reset.

If you’re using password authentication, you won’t need to generate key.

SCP (Secure Copy Protocol)

SCP is a simple command-line tool for securely copying files between local and remote systems based on the rcp (remote copy) command but uses SSH for security. It is faster but less flexible than SFTP.

You can use scp on the client side to transfer files between the server side and the client side.

The syntax of scp is generally the same as that of cp, but with the <user@remote>: added before the path from the server and optional -P <port> to specify the port. For example:

scp -r root@localhost:/root/Desktop /data/data/com.termux/files/home -P 22

SFTP (Secure File Transfer Protocol)

SFTP is a full-fledged file transfer protocol that runs over SSH. This makes it more secure than traditional FTP (File Transfer Protocol). SFTP allows for various file management operations, such as listing, renaming, deleting directories and files, and changing directories.

The syntax of sftp, which connects to the server from the client, is generally the same as that of ssh. For example:

sftp -p 2222 user@example.com

You can also connect to the sftp server from other clients. One recommended file manager for Android which can connect to sftp server is Material Files. My tutorial for it is available in Material File: Linux-Aware File Manager with FTP, SFTP, SMB and WebDAV Support.

OpenSSL: SSL and TLS Protocals and Cryptography Library Implementation

Introduction of OpenSSL

OpenSSL is an open-source library that provides a comprehensive suite of cryptographic tools for securing communications over computer networks. It implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general-purpose cryptographic library that supports a variety of encryption algorithms, hashing functions, digital signatures, key generation, certificate management, and secure random number generation.

Install OpenSSL in Termux

pkg install openssl openssl-tool

Install of OpenSSL in Debian Derivatives

sudo apt install openssl libssl-dev

RSA (Rivest-Shamir-Adleman)

Introduction of RSA

RSA is a widely used asymmetric encryption algorithm that underpins many security protocols. Its strength lies in the difficulty of factoring large prime numbers. The algorithm involves key generation, encryption, and decryption processes utilizing a pair of keys: a public key, shared openly, and a private key, kept secret.

Key Generation: The algorithm begins by selecting two large prime numbers. The totient function, equal to the product of the decrements of the two large prime numbers by one, is computed. A public exponent, typically 65537, is chosen, which is coprime to the totient function of the product of the two large prime numbers. The public key is the array of the product of the two large prime numbers and the public exponent. The private exponent is calculated such that the product of the public exponent and the private exponent is congruent to 1 modulo the totient function of the product of the two large prime numbers. The private key is the array of the product of the two large prime numbers and the private exponent. RSA’s security relies on the ease of multiplying primes and the difficulty of factoring their product.
Public Encryption and Private Decryption (Communication): After generating the keys, RSA can be used for secure communication. To encrypt a message, which should be less than the product of the two large prime numbers, the sender uses the recipient’s public key with the formula that the ciphertext equals the message to the power of the public exponent modulo the product of the two large prime numbers. Only the intended recipient, with the private key, can decrypt it using the formula that the message equals the cyphertext to the power of the private exponent modulo the product of the two large prime numbers.
Private Encryption and Public Decryption (Signature): RSA can also create digital signatures for authenticity and non-repudiation. The sender encrypts a hash of the message with their private key with the formula that the signature equals the hash to the power of the private exponent modulo the product of the two large prime numbers. The signature is sent accompanying the original message. The recipient verifies the signature by decrypting it with the sender’s public key with the formula that the hash equals the signature to the power of the public exponent modulo the product of the two large prime numbers. If hash obtained from the formula matches the hash of the received message, it confirms the message’s authenticity.

Applications:

RSA is employed in various applications that require secure communication and data integrity:
Secure Web Communications (HTTPS): RSA is commonly used in SSL/TLS protocols to establish secure connections between web browsers and servers.
Email Encryption: Services like PGP (Pretty Good Privacy) use RSA for encrypting emails, ensuring only intended recipients can read them.
Digital Signatures: RSA is used to sign software and documents, verifying the identity of the sender and ensuring the content hasn’t been altered.
Secure Key Exchange: RSA can facilitate the secure exchange of symmetric keys for faster encryption methods, allowing secure communication without the need for shared secrets.

Generate New Private Key

openssl genrsa -out /path/privatekeyfilename.pem 2048

2048 means 2048 iterations, change the number as needed.

Generate Public Key from Private Key

openssl rsa -pubout -in /path/privatekeyfilename.pem -out /path/publickeyfilename.pem

Encrypt with Public Key

openssl pkeyutl -in /path/filename.txt -out /path/publickeyencryptedfilename.txt -inkey /path/publickeyfilename.pem -pubin -encrypt

Decrypt with Public Key

openssl pkeyutl -in /path/publickeyencryptedfilename.txt -out /path/filename.txt -inkey /path/privatekeyfilename.pem -decrypt

Encrypt with Private Key

openssl pkeyutl -in /path/filename.txt -out /path/privatekeyencryptedfilename.txt -inkey /path/privatekeyfilename.pem -encrypt

Decrypt with Private Key

openssl pkeyutl -in /path/privatekeyencryptedfilename.txt -out /path/filename.txt -inkey /path/publickeyfilename.pem -pubin -decrypt

Sign a Raw File

openssl pkeyutl -in filename.txt -rawin -out signed_filename.txt -inkey keyfile/privatekeyfile.pem -sign

Sign a Hex File

openssl pkeyutl -in hexfilename.txt -out signed_filename.txt -inkey keyfile/privatekeyfile.pem -sign

Verify a Signature Against a Raw File

openssl pkeyutl -in filename.txt -rawin -out verification.txt -sigfile signed_filename.txt -inkey keyfile/publickeyfile.pem -pubin -verify

Verify a Signature Against a Hex File

openssl pkeyutl -in hexfilename.txt -rawin -out verification.txt -sigfile signed_filename.txt -inkey keyfile/publickeyfile.pem -pubin -verify

All Command Options of Pkeyutl from Official Doc

openssl pkeyutl [-help] [-in file] [-rawin] [-digest algorithm] [-out file] [-sigfile file] [-inkey filename|uri] [-keyform DER|PEM|P12|ENGINE] [-passin arg] [-peerkey file] [-peerform DER|PEM|P12|ENGINE] [-pubin] [-certin] [-rev] [-sign] [-verify] [-verifyrecover] [-encrypt] [-decrypt] [-derive] [-kdf algorithm] [-kdflen length] [-pkeyopt opt:value] [-pkeyopt_passin opt[:passarg]] [-hexdump] [-asn1parse] [-engine id] [-engine_impl] [-rand files] [-writerand file] [-provider name] [-provider-path path] [-propquery propq] [-config configfile]

DESCRIPTION: This command can be used to perform low-level public key operations using any supported algorithm.

OPTIONS:

-help: Print out a usage message.
-in filename: This specifies the input filename to read data from or standard input if this option is not specified.
-rawin: This indicates that the input data is raw data, which is not hashed by any message digest algorithm. The user can specify a digest algorithm by using the -digest option. This option can only be used with -sign and -verify and must be used with the Ed25519 and Ed448 algorithms.
-digest algorithm: This specifies the digest algorithm which is used to hash the input data before signing or verifying it with the input key. This option could be omitted if the signature algorithm does not require one (for instance, EdDSA). If this option is omitted but the signature algorithm requires one, a default value will be used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the default digest algorithm. For SM2, it will be SM3. If this option is present, then the -rawin option must be also specified.
-out filename: Specifies the output filename to write to or standard output by default.
-sigfile file: Signature file, required for -verify operations only.
-inkey filename|uri: The input key, by default it should be a private key.
-keyform DER|PEM|P12|ENGINE: The key format; unspecified by default. See openssl-format-options (1) for details.
-passin arg: The input key password source. For more information about the format of arg see openssl-passphrase-options (1).
-peerkey file: The peer key file, used by key derivation (agreement) operations.
-peerform DER|PEM|P12|ENGINE: The peer key format; unspecified by default. See openssl-format-options (1) for details.
-pubin: By default a private key is read from the key input. With this option a public key is read instead. If the input contains no public key but a private key, its public part is used.
-certin: The input is a certificate containing a public key.
-rev: Reverse the order of the input buffer. This is useful for some libraries (such as CryptoAPI) which represent the buffer in little endian format.
-sigfile file: Signature file, required for -verify operations only.
-inkey filename|uri: The input key, by default it should be a private key.
-keyform DER|PEM|P12|ENGINE: The key format; unspecified by default. See openssl-format-options (1) for details.
-passin arg: The input key password source. For more information about the format of arg see openssl-passphrase-options (1).
-peerkey file: The peer key file, used by key derivation (agreement) operations.
-peerform DER|PEM|P12|ENGINE: The peer key format; unspecified by default. See openssl-format-options (1) for details.
-pubin: By default a private key is read from the key input. With this option a public key is read instead. If the input contains no public key but a private key, its public part is used.
-certin: The input is a certificate containing a public key.
-rev: Reverse the order of the input buffer. This is useful for some libraries (such as CryptoAPI) which represent the buffer in little endian format.
-sign: Sign the input data (which must be a hash) and output the signed result. This requires a private key.
-verify: Verify the input data (which must be a hash) against the signature file and indicate if the verification succeeded or failed.
-verifyrecover: Verify the input data (which must be a hash) and output the recovered data.
-encrypt: Encrypt the input data using a public key.
-decrypt: Decrypt the input data using a private key.
-derive: Derive a shared secret using the peer key.
-kdf algorithm: Use key derivation function algorithm. The supported algorithms are at present TLS1-PRF and HKDF. Note: additional parameters and the KDF output length will normally have to be set for this to work. See EVP_PKEY_CTX_set_hkdf_md (3) and EVP_PKEY_CTX_set_tls1_prf_md (3) for the supported string parameters of each algorithm.
-kdflen length: Set the output length for KDF.
-pkeyopt opt:value: Public key options specified as opt:value. See NOTES below for more details.
-pkeyopt_passin opt[:passarg]: Allows reading a public key option opt from stdin or a password source. If only opt is specified, the user will be prompted to enter a password on stdin. Alternatively, passarg can be specified which can be any value supported by openssl-passphrase-options (1).
-hexdump: hex dump the output data.
-asn1parse: Parse the ASN.1 output data, this is useful when combined with the -verifyrecover option when an ASN1 structure is signed.
-engine id: See "Engine Options" in openssl (1). This option is deprecated.
-engine_impl: When used with the -engine option, it specifies to also use engine id for crypto operations.
-rand files, -writerand file: See "Random State Options" in openssl (1) for details.
-provider name: See "Provider Options" in openssl (1), provider (7), and property (7).
-provider-path path: See "Provider Options" in openssl (1), provider (7), and property (7).
-propquery propq: See "Provider Options" in openssl (1), provider (7), and property (7).
-config configfile: See "Configuration Option" in openssl (1).

Symmetric Encryption

Introduction of Symmetric Encryption

Symmetric encryption uses the same key for both encryption and decryption, requiring both parties to possess and keep the key confidential.

Features:

Single Key: Both parties use the same key, making key management critical. If the key is compromised, the encrypted data is at risk.
Speed: Symmetric algorithms are faster than asymmetric ones, making them ideal for encrypting large amounts of data, particularly in real-time applications.
Confidentiality: Only authorized parties with the correct key can decrypt the data, maintaining its confidentiality.

Common Algorithms:

AES: Secure and efficient, with key sizes of 128, 192, or 256 bits.
DES: Uses a 56-bit key; now considered insecure.
3DES: Applies DES three times with different keys but slower than AES.
Blowfish: A fast cipher with key lengths of 32 to 448 bits.
Twofish: A more advanced version of Blowfish, supporting keys up to 256 bits.
RC4: A stream cipher known for speed but now insecure in many uses.

Applications:

Data Encryption: Secures data in storage and transmission (e.g., SSL/TLS).
VPNs: Encrypts data over public networks to protect privacy.
Disk Encryption: Protects data on devices, ensuring confidentiality if lost or stolen.
Secure Communications: Used in messaging apps and secure protocols.
Cloud Storage Security: Encrypts data in the cloud, protecting it from unauthorized access.

AES-256-CBC Encryption

openssl enc -aes-256-cbc -in file.rar -out encfile.rar -pass pass:1234567890123456789012345678901234567890123456789012345678901234 -base64 -iv 12345678901234567890123456789012 -S 1234567890123456 -md sha-256 -iter 2048 -pbkdf2 -p

AES-256-CBC Decryption

openssl enc -aes-256-cbc -in encfile.rar -out file.rar -pass pass:1234567890123456789012345678901234567890123456789012345678901234 -d -base64 -iv 12345678901234567890123456789012 -S 1234567890123456 -md sha-256 -iter 2048 -pbkdf2

All Command Options of Enc / Cipher

openssl enc|cipher [-cipher] [-help] [-list] [-ciphers] [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a] [-base64] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md digest] [-iter count] [-pbkdf2] [-saltlen size] [-p] [-P] [-bufsize number] [-nopad] [-v] [-debug] [-none] [-engine id] [-rand files] [-writerand file] [-provider name] [-provider-path path] [-propquery propq]

DESCRIPTION: The symmetric cipher commands allow data to be encrypted or decrypted using various block and stream ciphers using keys based on passwords or explicitly provided. Base64 encoding or decoding can also be performed either by itself or in addition to the encryption or decryption.

OPTIONS:

-help: Print out a usage message.
-list: List all supported ciphers.
-ciphers: Alias of -list to display all supported ciphers.
-in filename: The input filename, standard input by default.
-out filename: The output filename, standard output by default.
-pass arg: The password source. For more information about the format of arg see "Pass Phrase Options" in openssl (1).
-e: Encrypt the input data. This is the default.
-d: Decrypt the input data.
-a: Base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted.
-base64: Same as -a.
-A: If the -a option is set then base64 process the data on one line.
-k password: The password to derive the key from. This is for compatibility with previous versions of OpenSSL. Superseded by the -pass argument.
-kfile filename: Read the password to derive the key from the first line of filename. This is for compatibility with previous versions of OpenSSL. Superseded by the -pass argument.
-md digest: Use the specified digest to create the key from the passphrase. The default algorithm is sha-256.
-iter count: Use a given number of iterations on the password in deriving the encryption key. High values increase the time required to brute-force the resulting file. This option enables the use of PBKDF2 algorithm to derive the key.
-pbkdf2: Use PBKDF2 algorithm with a default iteration count of 10000 unless otherwise specified by the -iter command line option.
-saltlen: Set the salt length to use when using the -pbkdf2 option. For compatibility reasons, the default is 8 bytes. The maximum value is currently 16 bytes. If the -pbkdf2 option is not used, then this option is ignored and a fixed salt length of 8 is used. The salt length used when encrypting must also be used when decrypting.
-nosalt: Don’t use a salt in the key derivation routines. This option SHOULD NOT be used except for test purposes or compatibility with ancient versions of OpenSSL.
-z: Compress or decompress encrypted data using zlib after encryption or before decryption. This option exists only if OpenSSL was compiled with the zlib or zlib-dynamic option.
-none: Use NULL cipher (no encryption or decryption of input).
-rand files, -writerand file: See "Random State Options" in openssl (1) for details.
-provider name: See "Provider Options" in openssl (1), provider (7), and property (7).
-provider-path path: See "Provider Options" in openssl (1), provider (7), and property (7).
-propquery propq: See "Provider Options" in openssl (1), provider (7), and property (7).
-engine id: See "Engine Options" in openssl (1). This option is deprecated.

Supported ciphers:

aes-128-cbc
aes-128-cfb
aes-128-cfb1
aes-128-cfb8
aes-128-ctr
aes-128-ecb
aes-128-ofb
aes-192-cbc
aes-192-cfb
aes-192-cfb1
aes-192-cfb8
aes-192-ctr
aes-192-ecb
aes-192-ofb
aes-256-cbc
aes-256-cfb
aes-256-cfb1
aes-256-cfb8
aes-256-ctr
aes-256-ecb
aes-256-ofb
aes128
aes128-wrap
aes128-wrap-pad
aes192
aes192-wrap
aes192-wrap-pad
aes256
aes256-wrap
aes256-wrap-pad
aria-128-cbc
aria-128-cfb
aria-128-cfb1
aria-128-cfb8
aria-128-ctr
aria-128-ecb
aria-128-ofb
aria-192-cbc
aria-192-cfb
aria-192-cfb1
aria-192-cfb8
aria-192-ctr
aria-192-ecb
aria-192-ofb
aria-256-cbc
aria-256-cfb
aria-256-cfb1
aria-256-cfb8
aria-256-ctr
aria-256-ecb
aria-256-ofb
aria128
aria192
aria256
bf
bf-cbc
bf-cfb
bf-ecb
bf-ofb
blowfish
camellia-128-cbc
camellia-128-cfb
camellia-128-cfb1
camellia-128-cfb8
camellia-128-ctr
camellia-128-ecb
camellia-128-ofb
camellia-192-cbc
camellia-192-cfb
camellia-192-cfb1
camellia-192-cfb8
camellia-192-ctr
camellia-192-ecb
camellia-192-ofb
camellia-256-cbc
camellia-256-cfb
camellia-256-cfb1
camellia-256-cfb8
camellia-256-ctr
camellia-256-ecb
camellia-256-ofb
camellia128
camellia192
camellia256
cast
cast-cbc
cast5-cbc
cast5-cfb
cast5-ecb
cast5-ofb
chacha20
des
des-cbc
des-cfb
des-cfb1
des-cfb8
des-ecb
des-ede
des-ede-cbc
des-ede-cfb
des-ede-ecb
des-ede-ofb
des-ede3
des-ede3-cbc
des-ede3-cfb
des-ede3-cfb1
des-ede3-cfb8
des-ede3-ecb
des-ede3-ofb
des-ofb
des3
des3-wrap
desx
desx-cbc
id-aes128-wrap
id-aes128-wrap-pad
id-aes192-wrap
id-aes192-wrap-pad
id-aes256-wrap
id-aes256-wrap-pad
id-smime-alg-CMS3DESwrap
idea
idea-cbc
idea-cfb
idea-ecb
idea-ofb
rc2
rc2-128
rc2-40
rc2-40-cbc
rc2-64
rc2-64-cbc
rc2-cbc
rc2-cfb
rc2-ecb
rc2-ofb
rc4
rc4-40
seed
seed-cbc
seed-cfb
seed-ecb
seed-ofb
sm4
sm4-cbc
sm4-cfb
sm4-ctr
sm4-ecb
sm4-ofb

droidVNC-NG: VNC Server App for Android That Does Not Require Root Privileges

Install droidVNC-NG

droidVNC-NG (net.christianbeier.droidvnc_ng) can be installed from F-Droid or Google Play.

Introduction of droidVNC-NG

Remote Control & Interaction

Screen Sharing: Share your device’s screen over the network, with optional scaling on the server side for better performance.
Remote Control: Use your VNC client to control your device, including mouse and basic keyboard input. To enable this, you must activate the Accessibility API Service on your device.
Special Key Functions: Remotely trigger key functions like Recent apps, Home button, and Back button.
Text Copy & Paste: Support for copying and pasting text from your device to the VNC client. Note: Copying text from the client to the device isn’t supported due to Android security restrictions.
Multiple Mouse Pointers: Display different mouse pointers for each connected client on your device.

Comfort Features

Web Browser Access: Control your device’s shared screen directly from a web browser, without needing a separate VNC client.
Auto-Discovery: Advertise the VNC server using Zeroconf/Bonjour for easy discovery by native clients.

Security & Configuration

Password Protection: Protect your VNC connection with a password.
Custom Port Settings: Choose which port the VNC server uses for connections.
Startup on Boot: Automatically start the VNC service when your device boots up.
Default Configuration: Load a default configuration from a JSON file.

Advanced VNC Features

Reverse VNC: Allow your device to initiate the VNC connection to a client.
Repeater Support: Connect to a repeater that supports UltraVNC-style Mode-2 for more flexible networking.

SD Maid SE: A File Management Tool and System Cleaner

Install SD Maid SE

SD Maid SE (eu.darken.sdmse) can be installed from F-Droid or Google Play.

Introduction of SD Maid SE

SD Maid SE (also known as SD Maid 2 or SD Maid 2/SE) is a file management tool and system cleaner for Android that specializes in maintenance, freeing up space, and removing unwanted data.

Features include:

CorpseFinder - Removing data that belongs to apps that are no longer installed
SystemCleaner: User configurable filters for random files
AppControl - Controling/disabling apps
StorageAnalyzer - Storage overview
Root and Shizuku support

Use SD Maid SE with Shizuku

Setup Shizuku. For people who are new to it, please refer to Shizuku, SystemUI Tuner, and aShell: Use Local ADB of Android Device on Terminals Such as Termux without Another Device with Shizuku, Leave Developer Options off When Doing So with SystemUI Tuner, and Use ADB with Features like Autocomplete Suggestion with aShell. The part about using SystemUI Tuner to enable ADB persistently in order to keep Shizuku running when Developer Options is turned off isn’t necessary here but recommended if you want to keep SD Maid SE using Shizuku.
Give consent for SD Maid SE to use Shizuku inside SD Maid SE, you can use it to enable/disable SD Maid SE’s use of Shizuku.
After giving consent, a Grant access dialog from Shizuku should show.
Confirm the dialog.
SD Maid SE should display a new status indicator that show whether SD Maid SE can connect to the Shizuku service.

Phyphox: Perform Physics Experiments with Your Phone

Install Phyphox

Phyphox (de.rwth_aachen.phyphox) can be installed from F-Droid or Google Play.

WARNING: Please be careful not to damage your phone while experimenting. Please take special care to avoid dropping it on hard surfaces and do not expose it to excessive magnetic fields. The authors of phyphox are not responsible for any damage to your phone.

Introduction of Phyphox

Access to the sensors of your phone either directly or through ready-to-play experiments.A selection of pre-defined experiments is provided. Just press play to start.
Export your data to CSV (Comma separated values), TSV (Tab-separated values), or Excel.
Remote-control your experiment through a web interface from any PC on the same network as your phone. No need to install anything on those PCs - all you need is a modern web browser.
Define your own experiments by selecting sensor inputs, defining analysis steps, and creating views as an interface using our web-editor (http://phyphox.org/editor). The analysis can consists of just adding two values or using advanced methods like Fourier transforms and crosscorrelation. We offer a whole toolbox of analysis functions.

Supported sensors:

Acceleration
Gyroscope (rotation rate)
Light
Location (GPS)
Magnetometer
Pressure
Audio Amplitude
Audio Autocorrelation
Audio Scope
Audio Spectrum
Doppler effect
Frequency history
Sonar
Tone generator
Applause meter
Elevator
(In)elastic collision
Centripetal acceleration
Pendulum
Roll
Spring
Acoustic Stopwatch
Motion Stopwatch
Optical Stopwatch
Proximity Stopwatch
Acceleration Spectrum
Depth sensor (LiDAR / ToF)
Inclination
Magnetic Spectrum
Magnetic ruler

Go to their official website for more information.

AndroidIDE: IDE for Android App development on Android devices

Install AndroidIDE

AndroidIDE (com.itsaky.androidide) can be installed from F-Droid archive repository or the .apk asset corresponding to your architecture in its GitHub release.

Note that this project is not maintained anymore.

Introduction of AndroidIDE

The main goal is to bring support for building Gradle-based Android projects on Android devices itself.

Gradle Support: Stay ahead of the curve by building your projects with the newest and most advanced Gradle build system.
JDK 17 & 21 support.
Code Editor: Upgrade your coding game with our IDE's smart code editor that offers code completions, actions, and analysis to help you write better code quickly.
Studio Project Support: Effortlessly build Android Studio projects in AndroidIDE without any modifications.
Terminal: Seamlessly access a full Linux environment with AndroidIDE's built-in terminal, based on the powerful Termux project, with limited packages.
SDK Manager.
Log reader - Real-time display of your app's logs.
AAB Support: Export it as AAB files.
API Information - Provides information on classes and their members, including details on since, removed, and deprecated elements.
Java language support.
XML language support.
UI Designer.
Git support.
A basic installation (Android SDK, JDK, etc) is needed before you can start working with projects.
Documentation: Read the documentation at https://docs.androidide.com for more details.

Go to their official website for more information.

Linux Command Library

Install Linux Command Library (Optional)

Linux Command Library app can be installed from F-Droid or Google Play.

Introduction of Linux Command Library

Linux Command Library has 6056 manual pages, 22+ basic categories and a bunch of general terminal tips about Linux (retrieved Sep. 27, 2024). The app works completely offline.

Website Version of Linux Command Library

There is a website version of Linux Command Library: https://linuxcommandlibrary.com.

Material File: Linux-Aware File Manager with FTP, SFTP, SMB and WebDAV Support

Install Material Files

Material Files (me.zhanghai.android.files) can be installed from F-Droid or Google Play.

Introduction of Material Files

Open source: Lightweight, clean and secure.
Material Design: Follows Material Design guidelines, with attention into details.
Breadcrumbs: Navigate in the filesystem with ease.
Root support: View and manage files with root access.
Archive support: View, extract and create common compressed files.
NAS (Network-Attached Storage) support: View and manage files on FTP, SFTP, SMB and WebDAV servers.
Themes: Customizable UI colors, plus night mode with optional true black.
Linux-aware: Knows symbolic links, file permissions and SELinux context.
Robust: Uses Linux system calls under the hood, not yet another ls parser.
Well-implemented: Built upon the right things, including Java NIO2 File API and LiveData.

Mount External Storage or NAS (Network-Attached Storage) Server

Pull out the left sidebar.
Tap Add storage….
Tap the option you want.
For external storage such as Termux home folder ($HOME), select it from Storage Access Framework (SAF).
For NAS server, input necessary information such as Hostname, Port, and Path. Leave Path empty to mount the whole file system of the server side.

PipePipe: A FLOSS Android App to Let You Browse YouTube, NicoNico and BiliBili Freely.

Install PipePipe

PipePipe (InfinityLoop1309.NewPipeEnhanced) can be installed from F-Droid or the .apk asset corresponding to your architecture in its GitHub release.

Note that because YouTube is trying to block third-party clients, especially for anonymous access, PipePipe sometimes has to be updated frequently to address issues that arise. You can receive the latest update from GitHub release without waiting for F-Droid update building process.

Introduction of PipePipe

Browse YouTube, YouTube Music, BiliBili, NicoNico, SoundCloud, media.ccc.de, FramaTube, and Bandcamp.
Watch videos at different resolutions up to 4K.
Watch live streams.
Show or hide subtitles.
Search videos, audios, channels, playlists, etc. with language, channel, etc. filters.
Enqueue videos.
Comments page, Related items page, and Description page.
Search videos, audios, channels, playlists, albums, etc.
Subscribe to channels without or with account logged in.
Get notifications about new videos from channels you’re subscribed to.
Create, edit, search, and sort channel groups.
Browse feeds generated from your channel groups.
Save or don’t save history.
Search and watch playlists.
Create and edit local playlists.
Download videos, audios, subtitles etc. with different format and quality.
Login to watch restricted and premium contents.
SponsorBlock and ReturnYouTubeDislike.
Bullet comments and Live Chats.
Filter out unwanted items by keywords, channels, etc.
Music player mode, Background playing, and Popup mode (floating player, aka Picture-in-Picture).
Sleep timer.
Configurable fullscreen, volume, and brightness gestures.
Auto-translation captions.
Open in browser.
Feeds in normal mode or fast mode.

Xtra: Twitch Player and Browser

Install Xtra

Xtra (com.github.andreyasadchy.xtra) can be installed from F-Droid.

Introduction of Xtra

Xtra for Twitch is a Twitch client providing the viewing and chatting experience on mobile devices:

Uses TTV.lol API which is not libre and leaks your Twitch user ID and personal IP to their Russian proxy.
Support for popular emotes with BetterTTV and FrankerFaceZ plugins.
Watch VODs and clips with chat replay.
Download VODs to watch offline.
Continue watching outside of the app with Picture-in-Picture mode.
Sleep timer to stop the stream automatically.
Customizable interface with 3 different color themes.

Material Photo Widget (com.fibelatti.photowidget) can be installed from IzzyOnDroid F-Droid repository.

5 aspect ratios: square, tall, wide, original and fill widget.
Customize your square widgets with 10 different shapes.
Customize the rounded corners of your tall, wide or original widgets.
Customize the opacity, offset and padding.
Choose each photo or sync the widget with device folders.
Set an optional interval and have photos flip automatically.
Choose the tap action of each widget: none, view next photo, view in full screen, open another app, or open a link.

LibreOffice Viewer: Viewer for Open Document Formats and Microsoft Office Formats

LibreOffice Viewer (org.documentfoundation.libreoffice) can be installed from F-Droid or Google Play.

Introduction of LibreOffice

LibreOffice is a powerful, free and private office suite - the successor project to OpenOffice - used by millions of people around the world and backed by a non-profit organisation, The Document Foundation.
LibreOffice includes:
- Writer (word processing)
- Calc (spreadsheets)
- Impress (presentations)
- Draw (vector graphics and flowcharts)
- Base (databases)
- Math (formula editing).
LibreOffice can write the following format:
- Microsoft, Microsoft 365, Microsoft Office Open XML, Word, Excel, PowerPoint, Publisher (.doc, .docx, .dot, .xls, .xlsx, .xlt, .xlw, .ppt, .pptx, .pps, .pot, .xml)
- OpenDocument Format Text, Presentation, Spreadsheet, Graphics (.odf, .odt, .fodt, .odp, .fodp, .ods, .fods, .odg, .fodg)
- BMP file format (.bmp)
- Comma-separated values (.csv, .txt)
- Data Interchange Format (.dif)
- DBase, Clipper, VP-Info, FoxPro (.dbf)
- DocBook (.xm)
- Encapsulated PostScript (.eps)
- Enhanced Metafile (.emf)
- Graphics Interchange Format (.gif)
- HTML (.html, .htm)
- JPEG (.jpeg, .jpg)
- Macintosh Picture File (.pct)
- MathML (.mml)
- MET (.met)
- Microsoft RTF (.rtf)
- Netpbm format (.pgm, .pbm, .ppm)
- Open Office Base (.odb)
- OpenOffice.org XML (.sxw, .stw, .sxc, .stc, .sxi, .sti, .sxd, .std, .sxm)
- Plain text (.txt)
- Portable Document Format (.pdf)
- Portable Network Graphics (.png)
- Scalable vector graphics (.svg)
- SunOS Raster (.ras)
- SVM (.svm)
- SYLK (.slk)
- Tag Image File Format (.tif, .tiff)
- Unified Office Format (.uof, .uot, .uos, .uop)
- Windows Metafile (.wmf)
- X PixMap (.xpm)
Available on Linux, Windows, and macOS.

Go to their official website for more information

Introduction of LibreOffice Viewer

Simplified form of LibreOffice that only supports viewing but not writing documents, available on Android and iOS.

VLC for Android: Open Source Media Player and Multimedia Engine

Install VLC for Android

VLC for Android (org.videolan.vlc) can be installed from F-Droid or Google Play.

Introduction of VLC

VLC is a libre and open source media player and multimedia engine, focused on playing everything, and running everywhere.

VLC can play most multimedia files, discs, streams, devices and is also able to convert, encode, stream and manipulate streams into numerous formats.

VLC is available on Windows, macOS, Linux, BSD, Android, iOS, and Haiku.

Firefox: Fast and Private Browser

Install Firefox

Firefox (org.mozilla.firefox), also known as Firefox Fast & Private Browser, can be installed from Google Play.

Introduction of Firefox

Automatic tracker blocking: By default, Firefox blocks trackers and scripts such as social media trackers, cross-site cookie trackers, crypto-miners and fingerprinters.
Enhanced tracking protection: Choose the “strict” setting and get even more privacy protections.
Private browsing mode: When you close private mode, your browsing history is automatically erased from your device.
Easy-to-use tabs: Create as many tabs as you like without losing track. See your open tabs as thumbnails or a list view.
Password management: Firefox remembers your passwords across devices and suggests passwords for new log-ins and stores them securely.
Enhanced tracking protection: automatically blocks online trackers from following you around the web and slowing down your pages.
Tailored search options: Get suggestions and previously searched results in the search bar. Move the search bar location to the top or the bottom of the screen.
Firefox search widget: Search the web directly from your device’s home screen.
Browsing history: See the recent searches you’ve done on other devices for seamless searching across mobile, desktop and more.
Add-on extensions: Includes ways to block ads, block certain webpages, turbo-charge privacy settings, translation, and more.
Firefox home screen: Access your recent bookmarks, top sites and see popular articles from across the internet, recommended by Pocket, which is part of Mozilla.
Dark and light mode.
Float video player: Pop videos out of their webpages or players and pin them to the top of your phone’s screen.
Share links.
Saves data and battery.
Bookmarks: Private bookmarks. Sync bookmarks. Import/export bookmarks from/to another browser.
Multiplatform support: Firefox is available on Linux, Microsoft, macOS, Android, iOS, etc.
Mozilla account: Sync tabs, history, etc. across devices.
Select search engines: Search with Google, Bing, DuckDuckGo, or other search engines.

Go to their official website for more information.

DuckDuckGo: Privacy Browser

Install DuckDuckGo

DuckDuckGo (com.duckduckgo.mobile.android), also known as DuckDuckGo Privacy Browser or DuckDuckGo Private Browser, can be installed from F-Droid or Google Play.

Introduction of DuckDuckGo

Bing ads: The ads in DuckDuckGo are Bing ads, powered by Microsoft.
DuckDuckGo search engine: Uses DuckDuckGo as the search engine, for which the source code is not available.
Duck.ai: Anonymous access to popular AI models, including GPT-4o mini, Claude 3, and open-source Llama 3.3 and Mistral, on Duck.ai. No Al training on your conversations.
Duck player: Lets you watch YouTube without targeted ads in DuckDuckGo and what you watch won’t influence your recommendations.
Enforce HTTPS encryption protection: Forces sites to use an encrypted HTTPS connection where available, protecting your data from prying eyes, like ISPs.
Tracking protection: Blocks all the found hidden third-party trackers, and exposes the major advertising networks tracking you over time to you.
Cookie pop-up protection: Banishes cookie pop-ups and automatically set your preferences to minimize cookies and maximize privacy.
Escape fingerprinting: Makes it harder for companies to create a unique identifier for you by blocking attempts to combine info about your browser and device.
Decode privacy policies: DuckDuckGo has partnered with Terms of Service Didn’t Read to include their scores and labels of website terms of service and privacy policies, where available.
Privacy grade: Shows you a Privacy Grade rating when you visit a website, which is scored automatically based on the prevalence of hidden tracker networks, encryption availability, and website privacy practices.
App tracking protection: Detects and blocks app trackers from other companies.
Email protection: Blocks most email trackers and hide your existing email address with @duck.com addresses.
Fire button: Clear all your tabs and data with one tap.
Application lock: Secure the app with Touch ID or Face ID.
DuckDuckGo search widget: Search the web directly from your device’s home screen.
Browsing history.
Recent and private tabs.
Dark and light mode.
Saves data and battery.
Multiplatform support: DuckDuckGo is available on Linux, Microsoft, macOS, Android, iOS, etc.

Go to their official website for more information.

Brave: Privacy Browser

Install Brave

Brave (com.brave.browser), also known as Brave Privacy Browser or Brave Private Web Browser, VPN, can be installed from Google Play.

Introduction of Brave

Brave search engine: Uses Brave Search as the search engine, for which the source code is not available.
Brave Leo AI: The smart AI assistant built right into your browser. Ask questions, summarize pages, create new content, and more. Privately.
Brave Rewards: Earn BAT tokens for private ads you see in Brave.
Brave Wallet: A cryptocurrency wallet.
Redirect AMP pages: Redirect to original (non-AMP) page URLs, instead of Google’s Accelerated Mobile Page versions.
Adblock and tracking protection: Prevents trackers and ads from loading and showing in webpages.
Script blocker: Blocks JavaScript.
Enforce HTTPS encryption protection: Forces sites to use an encrypted HTTPS connection where available, protecting your data from prying eyes, like ISPs.
Cookie pop-up protection: Banishes cookie pop-ups and automatically set your preferences to minimize cookies and maximize privacy.
Escape fingerprinting: Makes it harder for companies to create a unique identifier for you by blocking attempts to combine info about your browser and device.
Pop-up blocker.
Saves data and battery.
Brave search widget: Search the web directly from your device’s home screen.
Dark and light mode.
Bookmarks: Private bookmarks. Sync bookmarks. Import/export bookmarks from/to another browser.
Browsing history.
Recent and private tabs.
Removes tracking codes when you copy URLs.
Multiplatform support: Brave is available on Linux, Microsoft, macOS, Android, iOS, etc.

Safe Space: A Safe Space For Your Digital Valuables

Install Safe Space

Safe Space (org.privacymatters.safespace) can be installed from F-Droid.

Introduction of Safe Space

Store files in a secure storage location that is not visible to other apps and is secured by device encryption and system authentication (Biometric and PIN/Pattern/Password).
Open Images, Audio, Video, PDF documents and plain text documents.
Create simple text notes without leaving the app.
Dark and light mode.
ability to copy and move files.
Import from and export files to external storage without storage permissions.
Completely offline with no telemetry and data collection.

SimplyTranslate Mobile: A Privacy Friendly Frontend to Google Translate

Install SimplyTranslate Mobile

SimplyTranslate Mobile (com.simplytranslate_mobile) can be installed from F-Droid.

Introduction of SimplyTranslate Mobile

This app is an alternative frontend to Google Translate.
Supports 108 languages.
Text-To-Speech (TTS).
Can receive shared text from other apps.
A translate button in the text selection toolbar.

Website Version of SimplyTranslate Mobile

There is a website version of SimplyTranslate Mobile: https://simplytranslate.org.

LibreTorrent

Install LibreTorrent

LibreTorrent (org.proninyaroslav.libretorrent) can be installed from F-Droid or Google Play.

Introduction of BitTorrent

BitTorrent: BitTorrent is a communication protocol for peer-to-peer file sharing (P2P), which enables users to distribute data and electronic files over the Internet in a decentralized manner. BitTorrent downloading is considered to be faster than HTTP ("direct downloading") and FTP due to the lack of a central server that could limit bandwidth.
BitTorrent trackers: BitTorrent trackers provide a list of files available for transfer and allow the client to find peer users, known as "seeds", who may transfer the files. BitTorrent trackers help the participants in the system find each other and form efficient distribution groups called swarms.
BitTorrent client: A BitTorrent client enables a user to send or receive data as a peer in one or more swarms. The official BitTorrent client, μTorrent, qBittorrent, Transmission, Vuze, and BitComet are some of the most popular clients.
Torrent file or meta-info file: A torrent file or meta-info file is a computer file that contains metadata about files and folders to be distributed, and usually also a list of the network locations of trackers, normally named with the extension .torrent.
WebTorrent: WebTorrent is a peer-to-peer (P2P) streaming BitTorrent client written in JavaScript for use in web browsers, as well as a WebTorrent Desktop stand alone version able to bridge WebTorrent and BitTorrent serverless networks.

Introduction of LibreTorrent

BitTorrent 2.0 and WebTorrent support
Select which files to download.
Move files while downloading.
Auto-move downloaded files to another folder or external drive.
Stream files, with sequential downloads.
Android TV.
Material design, dark and black theme, and tablet UI.
Customisable network, battery, and UI settings, etc.
35+ translations.
Scheduling.
Auto-downloading, with Atom/RSS manager.
Create torrents, with many and big files.
HTTP\S and magnet links.
DHT, PeX, encryption, LSD, UPnP, NAT*PMP, µTP.
IP filtering (eMule dat and PeerGuardian).
Supports proxy for trackers and peers.
Based on libtorrent4j.
And more.

Thunderbird: Privacy-Focused Email App

Install Thunderbird

Thunderbird (net.thunderbird.android), also known as Thunderbird: Free Your Inbox, can be installed from F-Droid or Google Play.

Introduction of Thunderbird

Thunderbird is a powerful, privacy-focused email app. Effortlessly manage multiple email accounts from one app, with a Unified Inbox option for maximum productivity. Built on open-source technology and supported by a dedicated team of developers alongside a global community of volunteers, Thunderbird never treats your private data as a product. Supported solely by financial contributions from our users, so you never have to see ads mixed in with your emails again.

Features of Thunderbird:

Ditch multiple apps and webmail. Use one app, with an optional Unified Inbox, to power through your day.
Thunderbird directly connect you to your email provider and doesn’t sell your personal data.
OpenPGP email encryption (PGP/MIME) with the “OpenKeychain” app, to encrypt and decrypt your messages.
Choose to sync your email instantly, at set intervals, or on-demand.
Local and server-side search.
Thunderbird works with IMAP and POP3 protocols, supporting a wide range of email providers, including Gmail, Outlook, Yahoo Mail, iCloud, and more.
Multiplatform support: Thunderbird is available on Linux, Microsoft, macOS, Android, iOS, etc.

Go to their official website for more information.

DontKillMyApp / DontKillMyApp: Make apps work by Urbandroid Team / urbandroid-team / Petr Nálevka (Urbandroid)

F-Droid: https://f-droid.org/packages/com.urbandroid.dontkillmyapp.
Google Play: https://play.google.com/store/apps/details?id=com.urbandroid.dontkillmyapp.
GitHub: https://github.com/urbandroid-team/dontkillmy-app.
Official website: https://dontkillmyapp.com.

droidVNC-NG / droidVNC-NG VNC Server by Christian Beier / bk138

F-Droid: https://f-droid.org/packages/net.christianbeier.droidvnc%5Fng.
Google Play: https://play.google.com/store/apps/details?id=net.christianbeier.droidvnc%5Fng.
GitHub: https://github.com/bk138/droidVNC-NG.

DuckDuckGo / DuckDuckGo Browser / DuckDuckGo Privacy Browser / DuckDuckGo Private Browser by DuckDuckGo or duckduckgo

F-Droid: https://f-droid.org/packages/com.duckduckgo.mobile.android.
Google Play: https://play.google.com/store/apps/details?id=com.duckduckgo.mobile.android.
GitHub: https://github.com/duckduckgo/Android.
Official website: https://duckduckgo.com.

F-Droid by F-Droid

GitLab: https://gitlab.com/fdroid.
Official website: https://f-droid.org.

Firefox / Firefox Fast & Private Browser by Mozilla

Google Play: https://play.google.com/store/apps/details?id=org.mozilla.firefox.
Mercurial: https://hg.mozilla.org/mozilla-central.
Official Website: https://mozilla.org.

GNU

Official website: https://www.gnu.org.

Invizible Pro by Garmatin Oleksandr / Oleksandr Garmatin / Gedsh

F-Droid: https://f-droid.org/packages/pan.alexander.tordnscrypt.stable.
Google Play: https://play.google.com/store/apps/details?id=pan.alexander.tordnscrypt.gp.
GitHub: https://github.com/Gedsh/InviZible.
Official website: https://invizible.net.

IzzyOnDroid by IzzyOnDroid

IzzyOnDroid F-Droid repository: http://apt.izzysoft.de/fdroid/repo.

LibreOffice and LibreOffice Viewer by The Document Foundation

F-Droid: https://f-droid.org/packages/org.documentfoundation.libreoffice.
Google Play: https://play.google.com/store/apps/details?id=org.documentfoundation.libreoffice.
Official website: https://www.libreoffice.org.
Source code: https://git.libreoffice.org.

LibreTorrent by Yaroslav Pronin / proninyaroslav

F-Droid: https://f-droid.org/packages/org.proninyaroslav.libretorrent.
Google Play: https://play.google.com/store/apps/details?id=org.proninyaroslav.libretorrent.
GitHub: https://github.com/proninyaroslav/libretorrent.
GitLab: https://gitlab.com/proninyaroslav/libretorrent.
OpenApk: https://www.openapk.net/libretorrent/org.proninyaroslav.libretorrent.
APKMirror: https://www.apkmirror.com/apk/proninyaroslav/libretorrent.
Aptoide: https://libretorrent.en.aptoide.com/app.

Linux Command Library by Simon Schubert / SimonSchubert

F-Droid: https://f-droid.org/packages/com.inspiredandroid.linuxcommandbibliotheca.
Google Play: https://play.google.com/store/apps/details?id=com.inspiredandroid.linuxcommandbibliotheca.
GitHub: https://github.com/SimonSchubert/LinuxCommandLibrary.
Official website: https://linuxcommandlibrary.com.

Material Files / MaterialFiles by Hai Zhang / zhanghai

F-Droid: https://f-droid.org/packages/me.zhanghai.android.files.
Google Play: https://play.google.com/store/apps/details?id=me.zhanghai.android.files.
GitHub: https://github.com/zhanghai/MaterialFiles.

MyIP / IPCheck.ing by Jason Ng / jason5ng32

GitHub: https://github.com/jason5ng32/MyIP.
Official website: https://ipcheck.ing.

NetGuard by Marcel Bokhorst / M66B / Marcel Bokhorst, FairCode BV

F-Droid: https://f-droid.org/packages/eu.faircode.netguard.
GitHub: https://github.com/M66B/NetGuard.
Google Play: https://play.google.com/store/apps/details?id=eu.faircode.netguard.
Official website of NetGuard: https://netguard.me.
Official website of FairCode: https://www.faircode.eu.

NewPipe by Team NewPipe / TeamNewPipe

NewPipe F-Droid repo: https://archive.newpipe.net/fdroid/repo.
F-Droid: https://f-droid.org/packages/org.schabi.newpipe
GitHub: https://github.com/TeamNewPipe/NewPipe.
Official website: https://newpipe.net.

OpenSSH by OpenSSH / openssh

GitHub: https://github.com/openssh.
OpenBSD: http://cvsweb.openbsd.org/src/usr.bin/ssh.
Official website: https://www.openssh.com.

OpenSSL by OpenSSL / openssl

GitHub: https://github.com/openssl/openssl.
Official website: https://www.openssl.org.
Official doc: https://docs.openssl.org.

Phyphox by RWTH Aachen University / phyphox

F-Droid: https://f-droid.org/packages/de.rwth\_aachen.phyphox.
Google Play: https://play.google.com/store/apps/details?id=de.rwth\_aachen.phyphox.
GitHub: https://github.com/phyphox/phyphox-android.
Official website: http://phyphox.org.

PipePipe by InfinityLoop1309 / InfinityLoop1308

F-Droid: https://f-droid.org/packages/InfinityLoop1309.NewPipeEnhanced.
GitHub: https://github.com/InfinityLoop1308/PipePipe.

QEMU by Qemu Project / QEMU

GitLab: https://gitlab.com/qemu-project/qemu.
Official website: https://www.qemu.org.

Safe Space by aashishksahu

F-Droid: https://f-droid.org/packages/org.privacymatters.safespace.
GitHub: https://github.com/aashishksahu/SafeSpace.

SD Maid SE / SD Maid 2/SE - System Cleaner / sdmaid-se by d4rken / d4rken-org / darken / darken development

F-Droid: https://f-droid.org/packages/eu.darken.sdmse.
Google Play: https://play.google.com/store/apps/details?id=eu.darken.sdmse.
GitHub: https://github.com/d4rken-org/sdmaid-se.

Shizuku by Xingchen & Rikka / RikkaApps

Google Play: https://play.google.com/store/apps/details?id=moe.shizuku.privileged.api.
GitHub: https://github.com/RikkaApps/Shizuku.
Official website: https://shizuku.rikka.app.

SimplyTranslate Mobile by ManeraKai

F-Droid: https://f-droid.org/packages/com.simplytranslate_mobile.
GitHub: https://github.com/ManeraKai/simplytranslate_mobile.
Official website: https://simplytranslate.org.

SystemUI Tuner by Zachary Wander / zacharee

Google Play: https://play.google.com/store/apps/details?id=com.zacharee1.systemuituner.
GitHub: https://github.com/zacharee/Tweaker.

Tailscale by Tailscale / tailscale

F-Droid: https://f-droid.org/packages/com.tailscale.ipn.
Google Play: https://play.google.com/store/apps/details?id=com.tailscale.ipn.
Official website: https://tailscale.com.

Termux by Fredrik Fornwall / Termux / termux

F-Droid: https://f-droid.org/packages/com.termux.
GitHub of termux-app: https://github.com/termux/termux-app.
GitHub of x11-packages: https://github.com/termux/x11-packages.
Official wiki: https://wiki.termux.com.
Google Play (deprecated): https://play.google.com/store/apps/details?id=com.termux.

Termux:API by Fredrik Fornwall / Termux / termux

F-Droid: https://f-droid.org/packages/com.termux.api.
GitHub: https://github.com/termux/termux-api.
Official wiki: https://wiki.termux.com/wiki/Termux:API.

Termux:Boot by Fredrik Fornwall / Termux / termux

F-Droid: https://f-droid.org/packages/com.termux.boot.
GitHub: https://github.com/termux/termux-boot.
Official wiki: https://wiki.termux.com/wiki/Termux:Boot.

Termux:Float by Fredrik Fornwall / Termux / termux

F-Droid: https://f-droid.org/packages/com.termux.float.
GitHub: https://github.com/termux/termux-float.
Official wiki: https://wiki.termux.com/wiki/Termux:Float.

Termux:Styling by Fredrik Fornwall / Termux / termux

F-Droid: https://f-droid.org/packages/com.termux.styling.
GitHub: https://github.com/termux/termux-styling.
Official wiki: https://wiki.termux.com/wiki/Termux:Styling.

Termux:Widget by Fredrik Fornwall / Termux / termux

F-Droid: https://f-droid.org/packages/com.termux.widget.
GitHub: https://github.com/termux/termux-widget.
Official wiki: https://wiki.termux.com/wiki/Termux:Widget.

Termux-x11 by Fredrik Fornwall / Termux / termux

GitHub: https://github.com/termux/termux-x11.

TigerVNC or tigervnc by TigerVNC

GitHub: https://github.com/TigerVNC/tigervnc.
Official website: https://tigervnc.org.

Thunderbird or Thunderbird: Free Your Inbox by Mozilla Thunderbird / thunderbird / Mozilla

F-Droid: https://f-droid.org/packages/net.thunderbird.android.
Google Play: https://play.google.com/store/apps/details?id=net.thunderbird.android.
GitHub: https://github.com/thunderbird/fdroid-thunderbird.
Official website: https://www.thunderbird.net.

Tor and Tor Browser by The Tor Project

Google Play of Tor Browser: https://play.google.com/store/apps/details?id=org.torproject.torbrowser.
GitLab of Tor Browser: https://gitlab.torproject.org/tpo/applications/tor-browser.
GitLab of The Tor Project: https://gitlab.torproject.org/tpo.
GitLab of the Debian package tor: https://gitlab.torproject.org/tpo/core/debian/tor.
Official website: https://www.torproject.org.
Check Tor Project: https://check.torproject.org.

TrackerControl / TC by TrackerControl / Oxford HCC

F-Droid: https://f-droid.org/packages/net.kollnig.missioncontrol.fdroid.
GitHub: https://github.com/TrackerControl/tracker-control-android.
Official website: https://trackercontrol.org.
Google Play (incomplete): https://play.google.com/store/apps/details?id=net.kollnig.missioncontrol.play.

VLC for Android / vlc-android by Videolabs / VLC Mobile Team / VideoLAN / videolan

F-Droid: https://f-droid.org/packages/org.videolan.vlc.
Google Play: https://play.google.com/store/apps/details?id=org.videolan.vlc.
Amazon: https://www.amazon.com/VLC-Mobile-Team-for-Fire/dp/B00U65KQMQ.
AppGallery: https://appgallery.huawei.com/app/C101924579.
GitHub: https://github.com/videolan/vlc-android.
GitLab: https://code.videolan.org.
Official website: https://www.videolan.org.

Wireguard by Jason A. Donenfeld

Official website: https://www.wireguard.com.

Xtra by AndreyAsadchy or Andrey Asadchy and crackededed

F-Droid: https://f-droid.org/packages/com.github.andreyasadchy.xtra.
GitHub: https://github.com/crackededed/Xtra.

Others

awesome-shizuku by Tim Schneeberger / timschneeb: https://github.com/timschneeb/awesome-shizuku.
ChatGPT by OpenAI: https://openai.com/chatgpt.
DNS leak test: https://www.dnsleaktest.com.
FDroid-List-Repository by userkilled: https://github.com/userkilled/FDroid-List-Repository.
freshtermux by Miranda / cyb0rgdoll: https://github.com/cyb0rgdoll/freshtermux.
shizuku-apps by Souvik Bagchi (Mr HyperIon) / MrHyperlon101: https://github.com/MrHyperIon101/shizuku-apps.
What Is My IP Address: https://whatismyipaddress.com.
Wikipedia by Wikimedia Foundation: https://wikipedia.org.

Contribution

We welcome contributions to this project! Please fork the repository and submit a pull request for your contributions. For clarity and convenience, we recommend making one pull request per revised section or added feature.

License

This project is licensed under the terms of either:

GNU Free Documentation License, Version 1.3 (GFDL 1.3)
Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0)

GNU Free Documentation License, Version 1.3 (GFDL 1.3)

Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

You should have received a copy of the GNU Free Documentation License along with this document. If not, see https://www.gnu.org/licenses/fdl-1.3.html.

Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0)

You are free to:

Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material for any purpose, even commercially.

The licensor cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.

No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

You should have received a copy of the Creative Commons Attribution-ShareAlike 4.0 International License along with this program. If not, see https://creativecommons.org/licenses/by-sa/4.0.

Android Non Root

Table of Contents

Author Information

Global Note

F-Droid: Free Software Android Apps Repository and App Store

Install F-Droid

Introduction of F-Droid

F-Droid Repositories

Termux: A Powerful Terminal Emulation with an Extensive Linux Package Collection

Install Termux

Short Introduction of Termux

Termux App User Interface

Shortcuts in Termux

Types of Storage in Termux

Storage Related Utilities in Termux

Shell in Termux

Termux Chroot

Termux Fix Shebang

Environment Variables in Termux

Difference Between Linux and Termux

Termux-Properties

Termux PKG Package Manager

Debian Derivatives and Termux APT Package Manager

Termux Change Repo

Package Command Error

Command Solution

Manual Solution

Further Readings and References about Package Command Error

Process completed (signal 9) - press Enter Error

Graphical Fix

Command Line Fix

Further Readings and References about Process completed (signal 9) - press Enter error

POSIX References

Shell Reference

Shell Syntax

Shell Commands

Shell Functions

Shell Parameters

Shell Expansion

Shell Redirections

File and Directory Management

File Permissions and Ownership

File Viewing and Manipulation

Process and Job Management

Networking

Disk and System Information

Archiving and Compression

User Management

Miscellaneous

Termux:Styling, Termux:Widget, Termux:Boot, Termux:Float, and Termux:API

Termux:Styling

Termux:Widget

Termux:Boot

Termux:Float

Termux:API

TigerVNC, Termux-x11, Fluxbox, Openbox, XFCE, LXQt, and MATE: Termux VNC or X Server and Graphical Environment

Introduction of VNC (Virtual Network Computing)

Introduction of X Window System (X11, or X)

Termux X11 Repository

TigerVNC VNC Server in Termux

Install TigerVNC

Start a VNC Server

Kill a VNC Server

Termux-x11

Install Termux-x11 App

Install Termux-x11 Package

Start a Termux-x11 X Server

Connect to a Termux-x11 X Server

Fluxbox in Termux

Install Fluxbox

Xstartup Script

Openbox in Termux

Install Openbox

Xstartup Script

XFCE in Termux

Install XFCE

Xstartup Script

Additional Recommended Packages for Installation

LXQt in Termux

Install LXQt