I was thinking about using graphene OS, but I’ve read some lemmy users dislike this OS due to perceived misleading advertising and the pixel 7a you’re supposed to install graphene on because it’s from google (an advertising company).
Another option would be lineage OS, but there is so much false information about this OS, namely compatible phones that simply don’t work with this OS and no support.
what works for you? I want a phone with no google, that doesn’t force me to use the manufacturer’s ecosystem and that won’t show the apps I don’t want or need (on an asus I own you cannot neither get rid nor hide bloatware)
You must log in or register to comment.
Not in my ideal spot but tolerating Android via LineageOS for microG on a Sony Xperia 5 III as their ROMs make microG painless & hardware-wise I get a fast-enough CPU, OLED, a headphone jack, & microSD.
I wish the modern xperia phones were more popular and got more love. Hardware-wise they are amazing, i just wish they had easily-replaceable batteries.
I just replaced the battery in mine. I had to get a heat gun to take off the back plate, as well as a new seal for the back plate. I’m not 100% convinced it is still water resistant, and I don’t plan on finding out.
The hardware is good & you can get phones under 6".
They have 2 big flaws: price & years of continued support. The catch 22 is you can get a good price on them after the support window (2 years, but looks like 5 will be going forward). Luckily LineageOS always picks up after the support window if willing to take on possible firmware vulnerabilities knowing software will continue to be updated—but the camera requires the proprietary apps/libs or it looks low-end.
I used to do that then I discovered that I didn’t need MicroG
Oh? I’ve been completely off Google services and apps for a decade but I still find that MicroG is nice to have for spoofing a few apps that checks for GSF to run. I’m curious how you managed to disentangle yourself to the point of not even needing MicroG.
Been using /e/OS on a OnePlus 6T for the last ~2 years and love it. The built-in ad tracker blocker works well. GoS works for the best part and if it doesnt, heading over to the website usually works.
PostmarketOS, pinephone, using phosh (sxmo is good too, but no support for dvorak keyboard :( :( :( ). Very jank, but I would never go back to Google/Android (or derivatives) after tasting what could be. Might try to switch to Void Linux or base Alpine since PostmarketOS is shipping systemd by default next release (“optionally, with openrc still being supported”, but we all know openrc is being pushed to the side, especially since it needs recompilation to switch back). Hope to boot OpenBSD on it some day.
Not next release, the one after. And even then probably not by default yet. And SXMO will not even support systemd at all. Yes OpenRC will remain an option.
systemd is good software and people should find proper reasons for disliking it for once instead of just following the hate train.
Went with lineage since I grew up on cyanogenmod.
I use proprietary AOSP because I require online banking :(
Couldn’t you use the website?
GrapheneOS is probably the best option out there.
As you said, it’s only for Pixels currently, because
- They are more secure than most other phones. They have some kind of chip built in that makes them superior. I don’t know the specifics, but other commentators might add some information if needed. Something with encryption if I remember correctly. The GrapheneOS team is a bit …picky… when it comes to security, and most other phones don’t reach their requirements for a secure device.
- Google is one major contributor to Android, and their phones are fine tuned to work perfectly with it. Other manufacturers’ phones feel less polished.
- It’s easier to maintain one line of devices that are very similar, instead of keeping hundred phones up to date and secure. Pixels are similar to iPhones, they get updated almost simultaneously and are similar. If you now add a phone from a different line, e.g. a Fairphone or Nothing Phone, things get more complicated. If you look at Calyx (more onto that later), the FP4 caused quite some headaches for the dev team.
Pixels are cheap(ish) for what you get, and I believe Google makes them so cheap because 99% of users don’t care which ROM/OS is installed. Those are the advertisment-cows that will get milked. If you buy a Pixel and install a custom ROM on it, they will loose money.
My experience with GrapheneOS has been great. My Pixel 5 hit EOL a while ago and still gets maintenance updates almost weekly.
Many security additions are overkill for me, but quite some make a lot of sense.I used CalyxOS for a year too, but now that I don’t get full updates anymore, I don’t feel safe anymore with it.
I think GrapheneOS is technically superior to Calyx, especially due to the sandboxing they do. MicroG has full root privileges and can do with your phone what it wants, while also breaking some apps due to missing dependencies. If you choose to enable Play Services on GrapheneOS, they are user level and heavily restricted, and only you decide how much access you want to give them.
Regarding Calyx, since they don’t limit themselves as much in terms of security, they also offer a ROM for the Fairphone. Maybe check that out too.
DivestOS also seems to be a good option. AFAIK it’s based on LineageOS and supports a lot of devices, while being more secure than LOS.
Regarding Linux phones, I don’t have any experience with them. I tried Phosh (Mobile Gnome) on an exhibition a while ago, and it felt great and interesting, but from what I’ve heard, they are nowhere as good as Android.
My personal ranking:
- GrapheneOS on a Pixel. Get an used/ refurbished device if you don’t want to support Google. Best price-performance ratio, great OS, and very good hardware (battery life, camera, etc.)
- CalyxOS on a Fairphobe. Modular device with good repairability. Nowhere near as good in terms of what you’ll get for your money. Better security than 95% of other phone ROMs, oh, and you can just swap your battery in seconds if you want that :D
- DivestOS on a random supported phone, e.g. a China device. Nowhere near as sustainable (short lived update support, no spare parts, etc.)
- Linux phone. Only a goof option for a tinkering device right now imo.
Same here, I have an old Pixel 4a that still gets security updates from GrapheneOS. Banking apps and Amazon don’t seem to like it, but I don’t mind just doing those on my laptop anyway.
The pixel 4a is end-of-life. I recommend switching to something newer.
Oh yeah I know. It’s just one of those money/time things I’ll get around to eventually.
Android is so secure, I guess 60% of users use insecure EOL devices.
They will get Pegasus, okay. But only if they are targeted.
Banking apps and Amazon don’t seem to like it
Try going into the app’s settings and toggle Exploit protection compatibility mode. That let me use my banking apps that didn’t work before.
That worked for banking, thanks!
- Linux phone. Only a goof option for a tinkering device right now imo.
Honestly not sure if you mean “good” or actually meant “goof” there lol
Typo, sorry. Corrected. Thanks for letting me know.
Also, as for reasoning for choosing a Pixel, Pixels are not really a product for Google but rather a device for Google employees to test things on but as a consequence can be sold as well. This makes them perfect for hacking
Great synopsis!
The cool thing about GrapheneOS: It provides basically all the comforts and usability as any Android (stock) ROM minus some compatibility issues with a portion of Google Apps and services (Google Pay doesn’t and probably will never work, for example) while providing state-of-the-art security and privacy if you choose to utilize those features. A modern Pixel with up-to-date GrapheneOS, configured the right way, is literally the most secure and private smartphone you can get today.
I’ve never tried it out but I want to install nethunter if I had a chance because it can run terminal emulators
Stock AOSP shipped on Pixel.
I use Calyx on a Fairphone 4. It’s not totally degooglified, since it comes with MicroG which is used to connect to Google services. I use Aurora Store and a couple of original Google Apps like Gboard too (none of my Google apps can access the internet, since they’re behind the built-in firewall). It works well except call functionality which can be wonky and there’s the issue that a lot of apps from Play don’t work well with MicroG. I only use a small selection of Play apps though, so it doesn’t bother me too much.
What about banking appss?
I was about to answer this, but decided I didn’t want that information in public.
However, the bank I use, which is a largish one, has an app that I’ve installed with the aurora store without microg or google play services on divestos and it complains that it won’t work without gsf, but it works fine after clicking ok.
This is what stops me from leaping to phone Foss.
My banking apps work fine on Calyx.
Banking apps normally check for rooted phones as the thing they don’t like. Because pixels come with an unlocked bootloader, you don’t need to root the phone to install a custom ROM, and so banking apps are still okay.
Calyx comes with microg right?
Depends on the bank’s app. I have CRDroid (LineageOS fork I think) and my local bank apps have either full support or no support for biometrics (everything else works).
I never bothered with banking apps. (Outside of the virtual debit card app from my bank. That one did install successfully. However, I never got try out in store because it deleted my virtual card after a few days and I didn’t care enough to set it up again.)
I use LineageOS because my phone is not a Pixel and it works fine for me. If you don’t want to pay Google for a Pixel, buy a used one. Other than that LOS is fine. It doesn’t have anonymization features like /e/OS or something like that but it doesn’t force nor promote any apps or ecosystems (except for Seedvault but it’s not a big deal) and it is FOSS
I have a Pixel and LineageOS is the best by far. Freedom to root, which I absolutely want… I want full control over my devices. I’m extremely picky about how every little thing runs and works in my phone and I can only get it with root. You can’t get root with GraphenOS without a huge pain in the ass with updates.
It’s hilarious people install GrapheneOS and think they are better off because Google services are installed as user apps instead of system. You lose as soon as you install them either way. They are getting the data they are after no matter if it’s installed as a user app or system app.
But anyway, I’ve been running LineagOS since it used to be Cynogenmod over 10 years ago. It’s the most established and reliable while remaining open to customization by far.
Unfortunately 90% of privacy-conscious people can’t live without Google services because Google Meet, banking apps and other Play Integrity needing stuff
That’s literally what MicroG is for, though. Spoof the Play store and GSF, no data in or out. I think a good part of that “90%” you mention knows about that solution?
But that’s what GrapheneOS uses afaik. The person I replied to said that LineageOS (a fully vanilla ROM) with root (which breaks banking apps) is a better solution. I agree but I added that the mentioned solution is really not for most people.
I don’t imagine that many privacy-conscious people are using Google Meet!
Trust me a lot of them do if it’s a requirement in their school or at work
Surely you wouldn’t have to use it on your phone then, just on a desktop browser?
What?
Why would school or work require you to specifically use Google meet on the phone app? Surely you’d use a school computer or your work-provided laptop, never needing to have play services on your personal device.
GrapheneOS on a Pixel 8 Pro. I’ve been super happy with it since I switched from iOS.
Graphene on Pixel 8 here, also pretty happy with it. Previously had a Pixel 3a with Graphene.
Calyx. It just works. I’ve honestly just used it like stock Android, using as many private apps as possible. It’s so fun seeing all the cool little projects not on iOS! I just recently discovered Petals, which helps with measuring THC intake.
GrapheneOS is fundamentally better, if CalyxOS didnt fix up their mess in the past months.
I also use calyx but I’ll agree that graphene is technologically superior of the two. I’m more comfortable with the idea of using MicroG as opposed to sandboxes google play but that’s not to slant the implementation in any way.
I also avoid sandboxed play like hell.
But note
- microG downloads official Google binaries. It is not some magical reverse engineered bundle. It is a reimplementation
- microG has privileged access to the system, and thus gives Google privileged access
- apps needing Google Play often include the binaries themselves and dont even rely on an “adapter”
- GrapheneOS sandboxed play has the same access as the apps, not more, not less
Sandboxed Play is better for privacy and may prevent a Pegasus/malware vector.
DivestOS has sandboxed microG but I didnt try it. Also note that microG could break any time and the Google binaries may be outdated.
Privileged android apps are a huge attack surface as so many devices have them. So outdated privileged microG binaries may be a target.
I appreciate the info. For my own learning, could you provide a link to some context around the types of official binaries leveraged by microG? The only firm info I have of its behaviour is that it will pseudonomise as much user information as possible.
I’m familiar with sandboxed google play on grapheneOS and have used it in the past.
No I dont know what they download. It should be in the scripts in their repo.
But they dont document that at all, instead giving the impression that it would be reverse engineered and open source.
I appreciate that you’re trying to inform me but if you make such a claim, you should be able to prove it.
A friend was able to provide some context, regardless:
-
The one binary I’m aware of microG downloading (assuming it still does) is the SafetyNet “DroidGuard” thing, which it only does if you explicitly enable SafetyNet, which is not on by default. There is no other way to provide it.
-
microG only has privileged access if you install it as a privileged app, which is up to you / your distribution, as microG works fine as a user app (provided signature spoofing is available to it). Also, being privileged itself really doesn’t mean giving privileges to “Google”.
-
Apps needing Google services may indeed contain all sorts of binaries, generally including Google ones, which doesn’t mean they contain Google services themselves. Anyway, they are proprietary apps and as such will certainly contain proprietary things, and it’s all to you to install them or not. It’s not like microG includes them.
-
Its also just a reimplementation of a small handful of useful Google services, such as push notifications, or the maps (not the spyware stuff like advertising) and each can be toggled on/off.
-
Also all apps on android are sandboxed
Also, SafetyNet is deprecated, and Google has said that app developers shouldn’t use it for a long time before that, so I’ve never had to use it. My experience of a blob-free microG has been really good, and I trust FOSS code a hell of a lot more than sandboxed proprietary code, because I can’t be sure what it does with the data I inevitably do provide it.
MicroG has also been very clear IMO about SafetyNet not being a reimplementation, but rather a sandbox when it was relevant.
-
Re-implementation means reverse-engineering and building new binaries. What’s the point of MicroG if it is just downloading google binaries? An app with privileged access is different than a remote access trojan. The whole point of a sandbox is not to have the same access as the original app.
What you are saying doesn’t make any sense.
Strong words here.
I couldnt find what is the correct definition of “reimplementation” but we can assume it either means “taking the binaries and bundling them in a different bundle” or “writing different code to do the same thing”.
The whole point of a sandbox
What sandbox? Not the Android app sandbox, as microG (when I used it) needed to be installed as system app i.e. flashed to the system partition.
microG may isolate the binaries or whatever code it runs in some way, but not via the Android App sandbox.
Now GrapheneOS uses a privileged app that channels the calls of the unprivileged to the OS. This is also possible for microG, so it can run unprivileged too. DivestOS does that.
The concept of signature spoofing and more is poorly pretty flawed.
I would really like if a fully open source rewrite of the core services could just work, but these apps are written for Google, contain the official proprietary code anyways, and signature spoofing only works if you dont use many hardware security features.
GrapheneOS can be extremely secure when degoogled, but it cannot securely fake to be a Google Android. And neither can microG Android.
You would need to change the apps to do that.
By what standards? Micay adding features risking lives of privacy users, like shutter sounds? Or the countless times he has lied about people and events? Or the dogmatic nonsense he and his community spreads in privacy community everyday? Or the crybullying and witch hunting he and his mods/members do? Or the outright bans delivered upon the slightest criticism or questions?
GrapheneOS is the worst thing a phone privacy user can use, outside of iOS.
Crdroid with microg is what I use Getting rid of google services altogether is a huge mess. Its hard for me tbh. Lineages for microg (lineageos4microg) is also something that I wanna checkout. Grapheneos is fine only if you want to pay for it.
i have calyx on a pixel 7a since it’s easy to use
GrapheneOS is nearly the worst custom ROM you could use to achieve privacy, and Google Pixels the worst phones you could use to get away from Google.
GrapheneOS officially supports and encourages the use of Google Play Services and a Google account for “security” purposes. Their “unofficial” members also spread propaganda advocating for the same.
https://i.imgur.com/bUdVCpH.jpg
They are also an embargo partner with Google for security patches, and add features that may threaten the lives of privacy users, or end up in jail or death in certain circumstances.
There are a lot of GrapheneOS astroturfers in this thread. They are not organic fans.
Graphene OS is about security, not privacy yeah?
Please read the paper by Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
Trusting unstable people and projects like GrapheneOS is a massive risk. Micay has lied more times than anyone in the history of privacy community, as far as “prominent” people go.
deleted by creator
