I promised a few of you from privacy
I'll do this, so here it is. This write-up was initially intended for Galaxy S10/S20, but will more than likely apply for other devices as well. I say "use your judgement" several times here, and I'm serious for everywhere. Read the FULL write-up all the way through, pick what fits you/your threat model, and modify from there. If anybody has any suggestions or corrections (which I imagine there will be a few, as I'm writing this over the course of several days), do feel free to PM me or post them here. I hope this will be a pretty big thread, so if it's important, I'd prefer PM so i can edit this post.
With Android 10 out, we've got quite a few more options as far as customization, and maybe a few reduced options (tough root) to maintain some sort of level of privacy on a framework that relies on more than just a few levels of third party apps, and privacy statements we're basically forced into. Nevertheless, even without the new additions to the API
that DO respect privacy, there're a lot of tweaks we can do.
I'll focus on few main methods to gain more customization, beyond the most of the well known ones. We really don't need another one diving into tasker, MIUI-ify, KWGT, motorola like gestures, gallery/email/keyboard/browser alternatives etc...... This is more so on using and modifying system components, sandboxing, background app limiting, and a touch of networking. I'm not saying any of these are sercets or aren't already implemented from factory, but I am saying they aren't as well known as they should be considering the level of customization Android is capable of. In order to keep things somewhat clean and saving my lazy fingers, I'm going to aim at supplying you with some tools to advance privacy and customization, with hopes it's enough to advance you and your research.
As I mentioned, this was initially intended to be focused on a few select devices. For device focused parts, I'm focusing on the snapdragon variant of samsngs galaxy s10 or s20. Exynos will be able to do most of this, and likely a root in the future as well - then your capabilities will be enhanced. Some people prefer the exynos variant specifically for this reason. We will make do with what we've got for now, as a root is probably not in the near future for these devices.
: I'll do my best to address beginners as much as I can, but I'm not going to make this an introductory tutorial on how to secure an android device from the CIA. If you're not sure about something, google it. If you're already aware how to do something, skip it. This is in no way aimed at everybody Third note:
I will not dive into software exploitation. Maybe debugging, but not exploitation. Fourth
: I'm more serious here than anywhere else: Use your judgement before modifying your phone in any way. If your USB is farked up, fix it, or just don't bother proceeding. If you really are unsure what you're doing, either look into what I said (I'll intentionally use hot words) or just, again, don't. I want
you to use your own judgement. I want
you to understand what's happening, and why you're doing it. Most importantly, I don't
want you to do something that messed up your device. That being said, I'm not going to be responsible for your broken phone. Period. You will use your judgement in more than just exploring options I provide here for your device.
Moving on, nobody likes facebook, or golf clash on their device..... or any of the crap we get from the factory. So what do we do? With enough talk, we plug in and get started.
First thing's first, READ EVERYTHING BEFORE CONTINUING!
This is customization. Do what applies to YOU!
Bloatware and flashing.
Most hardware per your variaton (S20, S20+, S20Ultra) is going to be about the same. As mentioned before, your processor may differ depending on your location, but beyond that, they're the same.
This is important because it means that each are capable of handling the firmware provided by the other carriers. When you're on the samsung website choosing Verizon, ATT, Unlocked, the only thing you're doing is choosing firmware. You at any time can flash (copy) the firmware of ATT or Sprint, should you change carriers. I mention this because each variant comes with its own array of bloatware; with the samsung firmware having the least, but still running any SIM, the first start to confirming you have a decently clean phone is to start with the Samsung firmware.
Without going through too much of what has been already typed, you can find information and the procedure for flashing S20s via Odin here
. (XDA Forums)
Developer Options, Enabling ADB (and some other stuff)
This part is simple enough. Go into Settings > About Phone > Software Information, and then tap Build Number
until it says "You are now a developer". From there, go back twice into settings, and at the very bottom, you'll have a new section "Developer Options". Go into there, scroll down into the Debugging
section, and choose to enable USB Debugging
As a quick mini tip, if you want to make your device feel
a bit faster, scroll into the Drawing
section, and choose to turn off Window Animation Scale
, Transition Animation Scale
, and Animator Duration Scale
If you care for the animations, turn it to 0.5 maybe. Or, you can set it to something like 0.25 using adb shell settings put NAMESPACE VALUE. We'll talk more about this later, briefly.
Much of what we'll be doing here on out will require ADB.
For those that don't know, ADB (Android Debug Bridge) is a developers tool used to directly interface with their device. A full run down of tool can be found here
(Android Developers) with an install tutorial here
Once you install ADB, you'll be able to access your android directly via navigating to the folder adb is installed in, and typing adb shell in command prompt/terminal window (assuming you're in windows).
Linux people, you can quickly and easily install with: sudo apt-get install adb or sudo yum install android-tools
Once you're in shell, you'll get a blinking cursor followed after something like
You can type uname -a to print out device information, and further confirm you're on your phone. You'll return something like:
Linux localhost 4.19.81-18024814 #1 SMP PREEMPT [DATE] KST 2020 aarch64
Play around with this a bit. You're in a basic linux environment right now, and there's a lot
you can do. for example, try cmd statusbar expand-settings or service call statusbar 1 .
Generally the way it works is, you're first going to type the name of some program, and then options to follow. For those with experience: yes, it goes much deeper than that, but like i said before - I'm trying to address beginners the best i can without killing my fingers here.
exit will safely exit the shell. top will run a program which will basically be the linux version of Task Manager - information here
(adbshell.com) which you can exit with CTRL+C. While you're there, you may as well explore other interactions you can have with ADB as well, such as logcat, ps, getprop, settings, and pm, which we'll use with bloat removal.
As a final note within this section: most of my commands are with the assumption you're already in the android shell with adb shell and are presented with something like beyond2q:/ $ or z3q:/ $
at any point, if you're not in adb shell, a one liner can be added to the beginning of any command, such that you get something like adb shell list packages samsung
Now that you have an idea of what you're in, you can start pulling some of the garbage off your device.
This to me, is a biggy. Unfortunately, you can't TRULY remove everything, but we can for the user which, is, you. I'm not going into this deeply, as for most peoples threat model, it doesn't matter all that much. If you've got a deeper threat model, chances are, you aren't reading this, and know everything here I have to offer.
Anyway, let's get rid of those pesky crap apps that none of us touch. RIP Bixby
You're going to be entering your android shell via adb shell. Within there you're going to list
packages using package manager
: pm list packages pm
is a powerful package manager with a large set of options for you. check out everything you could do with pm using pm -h, and by exploring here
from there, you're going to get a long list that looks similar, but longer than the following. Obviously, they're your packages. Many of them are vital, so don't go willy nilly uninstalling what looks like it might just kinda almost maybe be crapish.
z3q:/ $ pm list packages
You have a couple options here. You can scroll through the packages and find the full name of the package you need to remove, or you can totally skip it this part, and use an app like Package List
to find it.
When you find an app you want to uninstall, depending on the package, you MIGHT be able to use pm uninstall PACKAGE_NAME. But, for a good amount of bloatware, you're going to have to use pm uninstall -k --user 0 *PACKAGE_NAME*. Always give it a shot without -k and --user 0
pm - "Package manager". Self explanatory.
-k - preserve cache/data - this is usually optional.
--user 0 - specify user 0 as the uninstaller. This is not always optional, and is required to get an actual uninstall as the device user ( user 0 ). This is different than how many people claim them being "hidden" or "disabled".
Now, which apps? Well to get started, here is a list
(XDA Link) for the Galaxy S10, just as an example. Of course, there's going to be a difference in apps between our S20 devices and last years S10.
Alternatively, when I first got my phone, the first thing i did was pm list packages | grep face
The pipe ( | ) basically says "Pass the output of the previous command, into the following program: grep"
What we're doing here is finding all packages that contain "face". pm
is nice to us though, and we could have just done pm list packages face; but i mention grep because we're going to use it extensively elsewhere. I explain later.
The output provided:
As you could imagine, I got rid of anything facebook first. You might be able to perform the command without --user 0, which will be preferred:
pm uninstall --user 0 com.facebook.services
pm uninstall --user 0 com.facebook.katana
pm uninstall --user 0 com.facebook.system
pm uninstall --user 0 com.facebook.appmanager
Following, was faceavatar. If you don't use the face service or smart face feature, you could probably get away with uninstalling the others. If you're hesitant, back the apk up so you can reinstall it if something breaks.
Next, for samsung devices, bixby. knowing there was more than one package, I used pm list packages | grep -e bx -e bix. The -e flag is the provides a pattern to search for. grep allows us to search for multiple patterns if we provide multiple -e flags. egrep could also be used, but let's not worry about it for now.
The output provided:
and another bx app I didn't save when i initially performed this. can't recall it; oh well.
Next I did the same for "kids" and "game", since I know I won't be using them.
Some of the apps I got rid of were the following. Not all, however.. I had to get rid 90% to fit this post into reddits 40k character limit.
There are plenty
of bloatware lists for you to find and utilize to your own judgement
. Look up the name of a package at any point if you aren't 100% CERTAIN of what it does. I don't want to see posts about how you lost your "aremoji" app, or need antservice.
App options through PM
Now, we must acknowledge modifying app permissions. Yes, android 10 has a rudimentary built in permissions manager for basic features, but that's it. It's very basic, and doesn't include some of the deeper permissions. There are
multiple ways to do this, yes..... I'll be going over the ADB method first, as we'll need to be using this later. This is a single shot method, and the most annoying, but sometimes necessary as certain permissions can only be granted via ADB. I usually modify more than a single permission per app, and so I don't usually use this method. I'll cover it anyway to increase your fluency, and so you know it's always an option. Again, we're going to be granting
some permissions later as well, so it's good to know.
First thing's first, we have to actually get
the name of the permission we want to revoke. There are several ways to do this, but the easiest would be to simply download an app to provide you the full permission name. By full, I mean something like android.permission.SET_TIME_ZONE. You can get a list of ALL the granted permissions via the shell with pm list permissions. To further that command, you can append the -g flag for grouping, and -d for a "dangerous" filter (I don't usually use this unless I'm looking for a particular permission I know exist within this group). So your command could be pm list permissions -g -d . You can get a list of everything pertaining to the command under the "list permissions" section of pm -h.
As for which app, PLENTY exist, but I would highly recommend the AppOps feature in Brevent
, as we'll be using them both later to automatically force stop apps, and it works well with other apps we'll be utilizing. Additionally, aSpotCat - Permission Checker
is also very good, and applies well to this section.Skit
is by far my favorite, as it does a great dive into the app nitty gritty. It's quite useful... Unlike Skit, aSpotCat only lists 3rd part apps - no system apps. Everything else we've spoken about will list both.
Once you've downloaded the app, it's pretty straight forward to figure out the interface.
If you're using aSpotCat, you'd simply choose an app, and it would give you the full name of the permission, but not the full app name. Again, you can get this with something similar to pm list packages | grep instagram
Let's look at a quick example with restricting Instagram camera starting with Skit.
The process would be to choose the Instagram app, and look at the permissions tab.. Scroll until you see something you don't like, and take note of it.... back out, go to the manifest tab, and scroll down a little bit until you see something like
When you see somethning like android.permission.CAMERA, that's what you're looking for. Conveniently, Skit also provides you with the full app name.
Finally, to revoke the app permission via ADB, you command would be:
pm revoke com.instagram.android android.permission.CAMERA
If you don't get an exception, you're good. If it spits something back out, either:
A) your package name is incorrect;
B) you typed your permission wrong (it's "COARSE" location, not "COURSE" :) )
C) (and this is the most unfortunate) "is not a changeable permission type"
In any case, it'll tell you. Don't skip over code because it looks complicating or scary - it actually tells you a lot of very useful information. Some you'll need, some you won't.
If you get C, no worries. We'll get to that shortly.
Similar to before, if you'd like to grant a permission:
pm revoke com.instagram.android android.permission.CAMERA
You can further your understanding by taking a look at all the permissions here
in the App Manifest
by that app.
Apps To Modify Permissions
Now that you've got an idea of what's going on with package manager, let's take look at some useful apps that will perform much of what we've done automatically. Some of these have a free version with ads, or a premium version without. If you can't take ads, go for it with the premium; you'll be supporting a developer, and probably get a few extra features as well. If you're fine with ads, so be it. Most of this won't change with/without the premium, though.
We've got a 5 apps I install before anything else on my device. I'm going to go through them in the order I install them, as I've a couple times (oddly) experienced a problem with Island. This works under the assumption that your device is not managed by any organization, and that you have permission to do as you want with the device
. None of this that I know of will void any warranty, but it's still important to follow all the warnings behind the software you install - Not just mine.
Island is great, as it allows a duplicate of an app to be installed in it's very own sandbox....or...well.... island
. Get it? Let's move on... With island installed apps, nothing will be able to interact with your personal goodies. A couple device bound permissions, yes, but you can take care of those later.
As mentioned on the Island Website
“Island” is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data (SMS, IMEI and etc) is still accessible.
Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked.
Further, here are the common use cases:
Common use cases
Freeze frequently woken apps. Clone it into Island and uninstall the original one outside. Then you can freeze it to fully block its background behaviors. Remember to create launch shortcut for quick de-freezing and launching.
Prevent permission-hungry apps from accessing your private data. Sometimes runtime-permission may not be the solution, especially if the app refuses to work without certain permissions. App clones running in Island cannot access your contacts, call logs and sniff other apps outside. But SMS and location are exceptions since they are bound to device.
Use two accounts of the same app parallel. Clone it into Island and login the other account inside.
Archive rarely used apps. Like the first case, keep them frozen until the next time you need it.
Hide your private apps.
There are two modes to using Island: normal mode (of course,) and the very much overused term, "God mode". The major difference is basically what control of apps you have inside, and outside the sandbox from within the app. The Island website issues a WARNING
for samsung users:
WARNING: Some Samsung users encountered boot failure after activating God mode. It’s advised NOT to use god mod on Samsung devices.
I've done manual setup for god mode on an Snapdragon S5, Snapdragon S10+ and Snapdragon S20 Ultra, thankfully without issue. Each time either when it was new, or after a factory reset. Your mileage may vary.
The setup is pretty straight forward, but can occasionally you might run in to problems. You're unfortunately required to TEMPORARILY
remove ALL accounts, from samsung, to google, to reddit, all of it that're on your device. Thus why I like to do this as one of the first things when I get a new phone.
The full setup can be found on the oasisfeng website here
, and I highly suggest going through it. I'm not going to type it, as the author did such an excellent job typing writing it up. A quick note though, because I've been asked about it more than once before:
For Step 4, in the Manual Setup for Island
section, there's a bit of a type error that some people got messed up on. Your command is seperatted into two lines, and should be something like: dpm set-profile-owner --user com.oasisfeng.island/.IslandDeviceAdminReceiver. Obviously, replace with the returned user ID in the first step, when you entered pm create-user --profileOf 0 --managed Island
Once you've got it all setup, you can open up island, install the app in your sandbox, and then remove it from your device without losing it in your sandbox. Many phones offer this standard out of the box with this feature or that feature....
Ice box is another cool app, not too much unlike island. Personally, I don't use island all that much, but I keep it around for if I do need it. Icebox, I use constantly.
Ice Box is fairly similar to all the other package disabler apps, with the exception that it's essentially seamless, and behaves like a folder from your app drawer or home-screen. Even better, you can store all your "not trusted" apps, such as instagram, Whatsapp (if you'll even allow that on your device), the play store, Ring, whatever in it. As far as the user experience goes, you click the app to open the ice box, click what you need, and you're in it. No losing your data, automatic freezing..... I've tried COUNTLESS apps for app control, and this took a quick rise to my favorites, right next to brevent. Take note later: To modify a frozen apps permissions, you'll have to defrost it first.
Setup is easy, as long as you still have all your accounts removed. Essentially, all you need to do is enter adb shell dpm set-device-owner com.catchingnow.icebox/.receiver.DPMReceiver into your adb shell, reset, and that's it. Further instructions on their website here%20Setup). Open her up, select the apps you want to freeze, set your freeze timeout, and you're done. Happy sailing without all that crap in your app drawer :)
Now, these apps are frozen, and literally Can't. Do. Anything. Don't believe me? Check netstat, later on in the writeup, or quickly pm list packages instagram and see your package isn't even in able to be handled by androids package manager anymore.
As the Github Page] (yes, it's open source! suggests:
Help normal apps uses system APIs directly with adb/root privileges with a Java process started with app_process. The setup here is simple, but unfortunately needs to be done every time you reset your phone. If you follow all the steps here in this tutorial, you shouldn't need to do that often...
All you're going to do is install the app, open it, and type the adb command it gives you. If you're already in your adb shell, you could just do:
linux people, I added an alias to my .bashrc file to make my life easier when i have to restart:
alias shizuku='adb shell sh /sdcard/Android/data/moe.shizuku.privileged.api/files/start.sh'
if all goes well, you'll quickly see "service is running" at the top.
Great, that's it for shizuku. Other apps that rely on the service can not utilize it appropriately.
[App Ops - Permission manager](https://play.google.com/store/apps/details?id=rikka.appops)
App Ops, made by the same developer as Shizuku, is another app I'm very fond of, as it provides ridiculously easy way to revoke permissions. It only needs to be set up once, and will maintain changes even after reboot or when not running (given how it revokes permissions).
When you install this app, you're going to want to figure out which working mode you're going to want. If you choose priveleged mode and have already set up shizuku, you're fine. Should you require Delegated device admin mode, you're going to have to execute two simple commands after choosing which app you'd like to designate as your admin app.
The command is simple. Open up your adb shell, and paste:
pm grant --user 0 rikka.appops android.permission.GET_APP_OPS_STATS
pm grant --user 0 rikka.appops android.permission.INTERACT_ACROSS_USERS
If you're having trouble, or something's not working, or prefer to read the full instructions, clicky here
The last major app I have a huge affinity for and recommend the most, would be brevent. In short, it's super similar to greenify, just with less bugs (from my experience). Brevent will force stop apps as you need, but also has a built in AppOps functionality, with a bit more functionality than the App Ops app itself. However, they both seem almost exactly the same as far as the interface goes.
Unfortunately, like shizuku, you have to start brevent server through adb anytime there's a change in USB settings or you restart. But, honestly, this has helped my battery life so much, I have no problem doing that every now and again.
Once you open up your adb shell, you're going to want to open up brevent, and execute the shell command in there:
linux users, i created an alias in my bashrc file to make my life easier:
alias brevent='adb -d shell sh /data/data/me.piebridge.brevent/brevent.sh'
As a bonus, Brevent allows you to execute commands within the app as if you were in your adb shell. Something I regularly utilize for one thing or another.
Tiles isn't anything crazy, but certainly a unique customization tool to add quick settings tiles to your drop down that you wouldn't have available elsewhere. You can view the Github Page Here.
Combined with Skit, which will allow you to view certain activities an app might perform, you can add "custom" activities to your quick settings drop down. Now I have yet to conceive of a useful case for this, but it is available should you need.
Surely you've all heard of this, but I'm just going to include it anyway. Basically, it's an advanced youtbe version, and [ad] free. thus, vanced. Yeah, punny. I love it.
Anyway, instructions are clear and straight forward on their site: https://vanced.app
If you plan on signing in to a youtube account, you'll need to install Micro G. If not, you'll be fine without micro g.
When you go to download the vanced app, you'll notice it's not an APK, but .APKS. It's a split apk file. basically, the APK split into a bunch of separated files, and then compressed. So install it, you're going to have to download and install a Split APK Installer, and install from there. It's not tough, and you'll be finished before you know it....but now, you can add com.google.android.youtube to the list of apps to pull off your phone.
Beyond APKs Personal VPN + Firewall, Followed by Commercial VPN.
VPNs are nice. Now I'm NOT going to go into which VPN you should use, but I am going to stress the features of it, and a good way to truly control the data your phone is sending. Kill switch if you need, Split Tunneling, etc...
Additionally, one thing some people do (me included, and I'm super thankful I did, but I don't utilize it constantly) is to set up their own VPN at their home with PiHole or something similar, and then redirect that traffic through a commercial VPN. The downside is you can't control "where" your masked location is using this route (unless you set something up, which is totally possible with a Pi). You can simply work around this by utilizing that particular VPN service directly on your phone (duh). The upside: you allow increased traffic control doing it this way. 10/10 a necessity.
For those that don't know, android at its root is a linux operating system, and has a significant portion of standard linux tools installed - microcom, ndc, netcat, linker, showmap, and many others (I would love to go into these if reddit didn't have a 40k char limit). Of those, there is a beautiful tool called iptables - a built in firewall. Now, you MIGHT be able to utilize iptables directly on your device via the shell with iptables, however, either your specified rules won't persist across reboots, or you won't be able to add any rules at all because you require root privileges. For those of you that have been able to utilize AFWall+, iptables is how it works its magic. Alternatively, if you configure a personal VPN, you can filter your traffic through secondary device which you have 100% control of. Or, instead of over complicating it with iptables - a tool that isn't necessarily all that easy for a beginner to learn - you can go ahead and install PiHole, and utilize the firewall in there. Additionally, an intrusion prevention system will be nice to have. That's a whole other thread.
To summarize, you can supplement the lack of firewall control you have access to on your phone by routing all your mobile traffic through a home VPN + Firewall. You can then route your traffic here through a commercial VPN. It's tough and requires a bit of manipulation, also taking a bit of speed away, but totally worth it.
If you don't go the route I mentioned in the previous section, you could at the very least change your dns. Some are faster than others for different locations.. Experiment and do what works for you. There are also numerous DNSFilters in the play store you can play with as well.
Firefox Chrome Tweaks
Removed to shorten. start with chrome://flags parallel downloading, smooth scrolling, "num-raster-threads" this page (malwaretips. com) is a good start.
More ADB Stuff A lot of this can become overwhelming very fast if you don't already have experience with the command line. To that, I'd say not to sweat it. There's never a shortage of linux resources out there. I will never hesitate to emphasize on the usefulness of purchasing a Linux Pocket Guide On Amazon. I've gone back to this book for years, and have gone through several of them because I'm always giving them to friends. If at any time you want to learn how to use a program further, you can always type -h or --help after the program name for usage. In a "normal" linux environment, you'd be able to say man PROGRAM_NAME of a manual. Unfortunately, this is stripped from android.
If at any point you want to output the full command to a text file, you can add > FILENAME.txt to the end of your command. for example, adb shell pm list packages -3 > ThirdPartyAPKs.txt
Most of this is not essential, but is beneficial in figuring out what's sucking up your battery life, running when it shouldn't, or phoning home when you don't want it to. If your threat model includes malicious software being installed because you don't trust your spouse, this will help with that.
Fist and foremost, grep.
Generally used for searching plain-text data. We used it before briefly, but I want to mention it first here, as it can save you from going through a thousand lines of crap down to 3 or 4. To use it to filter output of some previous command, you have to redirect the output of a command to grep using pipe ("|"). So, for example, the command pm list packages | grep instagram basically says "use grep to show me only lines containing instagram from the output provided by ps list packages "
ps - "Process Status"
Useful in seeing currently running processes. Start with ps -A, and use ps --help for a full list of command usage.
top - Top Processes
Similar to ps, but interactive. Usefull if you find your phone getting hot for no reason, and determining what's sucking up your juice. I use this far before ps if i don't know the name of a process.
Awesome tool to "dump" system information. This is a very, very powerful tool that you can spend a long time on.
dumpsys is a tool that runs on Android devices and provides information about system services. You can call dumpsys from the command line using the Android Debug Bridge (ADB) to get diagnostic output for all system services running on a connected device. This output is typically more verbose than you may want, so use the command line options described below to get output for only the system services you're interested in. This page also describes how to use dumpsys to accomplish common tasks, such as inspecting input, RAM, battery, or network diagnostics.
if you type just dumpsys, you're going to be overwhelmed with information. If it hangs, just give it a second - it's not done. start with dumpsys -l to provide a list of service types to start with, and then move into things like dumpsys activity services, dumpsys notification or dumpsys battery. dumpsys meminfo is also good to look at what's eating at memory and battery. Remember, you can always redirect output to a file with > by typing adb shell dumpsys meminfo > meminfoDumpsys.txt.
This will be useful for if you want to view the output in something other than your terminal, or just save it for viewing later.
I've gone through this more than any other tool, besides pm. A more advanced tool, no doubt, but probably the most useful in order to determine what's phoning home when you don't want it to (besides doing a MITM attack on your device). CTRL+C to stop/exit (pretty universal). you can start by looking at the routing table with netstat -r, and then move further into listening sockets with their PID useing netstat -l -p.
Modifying your netpolicy
If you know how to make an app debuggable, you can restrict its data usage by modifying the netpolicy. I'm not going to go in depth here, as I haven't used it much except when testing my own apps.
Modifying inaccessable settings
This is a major customization factor. Certain settings are programmable, but not accessible without some tool from the play store, or through the stock UI. Use settings tool to modify them. settings -h for tool usage. From here, you see you can list your available settings within 3 namespaces: Global, System, and Secure. You can then use something like settings list global for view. Now a lot of these you don't want to modify. But, there are some, and that I'll leave on you to modify. This is one of the places I want to really stress on you to use your judgement.
If you're going to modify anything, I highly suggest you make a backup of all your settings should something go wrong. Do something like adb shell settings list global > globalBackup.txt.
To modify, it's as simple as settings put secure long_press_timeout 400. Remember to always enter in the same unit as what was there. Don't put in something like 400.5 when there was not decimal initially provided.
Pull an APK from your device
adb shell pm path PACKAGE_NAME
/system/app/HiddenMenu/HiddenMenu.apk adb pull /system/app/HiddenMenu/HiddenMenu.apk
additionally, you can list all packages and their path with the -f flag:
adb shell pm list packages -f
So at this point, I've hitting the 40,000 character limit Reddit allows in their posts. I unfortunately am going to end it like this. There are PLENTY more ways to toy with your device via adb, and some settings apps. You can search around for things like exanding the status bar with adb shell cmd statusbar expand-notifications, or setting/getting valuable build.props settings with setprop/getprop (more for rooted devices). I'll save the last bit I've got so I can edit the post in the future with corrections or additions.