I was thinking about using graphene OS, but I’ve read some lemmy users dislike this OS due to perceived misleading advertising and the pixel 7a you’re supposed to install graphene on because it’s from google (an advertising company).
Another option would be lineage OS, but there is so much false information about this OS, namely compatible phones that simply don’t work with this OS and no support.
what works for you? I want a phone with no google, that doesn’t force me to use the manufacturer’s ecosystem and that won’t show the apps I don’t want or need (on an asus I own you cannot neither get rid nor hide bloatware)
You must log in or register to comment.
deleted by creator
deleted by creator
deleted by creator
That’s literally what MicroG is for, though. Spoof the Play store and GSF, no data in or out. I think a good part of that “90%” you mention knows about that solution?
deleted by creator
I don’t imagine that many privacy-conscious people are using Google Meet!
deleted by creator
Surely you wouldn’t have to use it on your phone then, just on a desktop browser?
deleted by creator
Why would school or work require you to specifically use Google meet on the phone app? Surely you’d use a school computer or your work-provided laptop, never needing to have play services on your personal device.
I use CRDroid /CRAndroid, because it was the only de-Googled ROM for my specific model of phone (S20 FE Exynos), also (I think) it’s a fork of LineageOS.
I’ve used LineageOS in the past, and have nothing to complain about it, but realistically I only root and change the OS of my phones after warranty is over and I could potentially lose it without being a problem.
Calyx. It just works. I’ve honestly just used it like stock Android, using as many private apps as possible. It’s so fun seeing all the cool little projects not on iOS! I just recently discovered Petals, which helps with measuring THC intake.
GrapheneOS is fundamentally better, if CalyxOS didnt fix up their mess in the past months.
By what standards? Micay adding features risking lives of privacy users, like shutter sounds? Or the countless times he has lied about people and events? Or the dogmatic nonsense he and his community spreads in privacy community everyday? Or the crybullying and witch hunting he and his mods/members do? Or the outright bans delivered upon the slightest criticism or questions?
GrapheneOS is the worst thing a phone privacy user can use, outside of iOS.
I also use calyx but I’ll agree that graphene is technologically superior of the two. I’m more comfortable with the idea of using MicroG as opposed to sandboxes google play but that’s not to slant the implementation in any way.
I also avoid sandboxed play like hell.
But note
- microG downloads official Google binaries. It is not some magical reverse engineered bundle. It is a reimplementation
- microG has privileged access to the system, and thus gives Google privileged access
- apps needing Google Play often include the binaries themselves and dont even rely on an “adapter”
- GrapheneOS sandboxed play has the same access as the apps, not more, not less
Sandboxed Play is better for privacy and may prevent a Pegasus/malware vector.
DivestOS has sandboxed microG but I didnt try it. Also note that microG could break any time and the Google binaries may be outdated.
Privileged android apps are a huge attack surface as so many devices have them. So outdated privileged microG binaries may be a target.
Re-implementation means reverse-engineering and building new binaries. What’s the point of MicroG if it is just downloading google binaries? An app with privileged access is different than a remote access trojan. The whole point of a sandbox is not to have the same access as the original app.
What you are saying doesn’t make any sense.
Strong words here.
I couldnt find what is the correct definition of “reimplementation” but we can assume it either means “taking the binaries and bundling them in a different bundle” or “writing different code to do the same thing”.
The whole point of a sandbox
What sandbox? Not the Android app sandbox, as microG (when I used it) needed to be installed as system app i.e. flashed to the system partition.
microG may isolate the binaries or whatever code it runs in some way, but not via the Android App sandbox.
Now GrapheneOS uses a privileged app that channels the calls of the unprivileged to the OS. This is also possible for microG, so it can run unprivileged too. DivestOS does that.
The concept of signature spoofing and more is poorly pretty flawed.
I would really like if a fully open source rewrite of the core services could just work, but these apps are written for Google, contain the official proprietary code anyways, and signature spoofing only works if you dont use many hardware security features.
GrapheneOS can be extremely secure when degoogled, but it cannot securely fake to be a Google Android. And neither can microG Android.
You would need to change the apps to do that.
I appreciate the info. For my own learning, could you provide a link to some context around the types of official binaries leveraged by microG? The only firm info I have of its behaviour is that it will pseudonomise as much user information as possible.
I’m familiar with sandboxed google play on grapheneOS and have used it in the past.
No I dont know what they download. It should be in the scripts in their repo.
But they dont document that at all, instead giving the impression that it would be reverse engineered and open source.
I appreciate that you’re trying to inform me but if you make such a claim, you should be able to prove it.
A friend was able to provide some context, regardless:
-
The one binary I’m aware of microG downloading (assuming it still does) is the SafetyNet “DroidGuard” thing, which it only does if you explicitly enable SafetyNet, which is not on by default. There is no other way to provide it.
-
microG only has privileged access if you install it as a privileged app, which is up to you / your distribution, as microG works fine as a user app (provided signature spoofing is available to it). Also, being privileged itself really doesn’t mean giving privileges to “Google”.
-
Apps needing Google services may indeed contain all sorts of binaries, generally including Google ones, which doesn’t mean they contain Google services themselves. Anyway, they are proprietary apps and as such will certainly contain proprietary things, and it’s all to you to install them or not. It’s not like microG includes them.
-
Its also just a reimplementation of a small handful of useful Google services, such as push notifications, or the maps (not the spyware stuff like advertising) and each can be toggled on/off.
-
Also all apps on android are sandboxed
Also, SafetyNet is deprecated, and Google has said that app developers shouldn’t use it for a long time before that, so I’ve never had to use it. My experience of a blob-free microG has been really good, and I trust FOSS code a hell of a lot more than sandboxed proprietary code, because I can’t be sure what it does with the data I inevitably do provide it.
MicroG has also been very clear IMO about SafetyNet not being a reimplementation, but rather a sandbox when it was relevant.
-
PostmarketOS, pinephone, using phosh (sxmo is good too, but no support for dvorak keyboard :( :( :( ). Very jank, but I would never go back to Google/Android (or derivatives) after tasting what could be. Might try to switch to Void Linux or base Alpine since PostmarketOS is shipping systemd by default next release (“optionally, with openrc still being supported”, but we all know openrc is being pushed to the side, especially since it needs recompilation to switch back). Hope to boot OpenBSD on it some day.
Not next release, the one after. And even then probably not by default yet. And SXMO will not even support systemd at all. Yes OpenRC will remain an option.
systemd is good software and people should find proper reasons for disliking it for once instead of just following the hate train.
systemd is good software and people should find proper reasons for disliking it for once instead of just following the hate train.
Are “breaking portability with non-linux unix systems (and even linux systems that don’t use systemd)” and “overly complex codebases inherently being more bug-prone and systemd having a poor security track record” good enough reasons for you?
While I really want the pinephone to be good, I just could not use it for daily use given its extremely poor battery life. I ended up getting a oneplus 6 and running postmarketOS before switching to DivestOS for camera support. I might switch back given that updating packages is much easier on linux compared to android.
I am on a pixel 7 with graphene OS. Been great. Ive been using this phone for about a year or so now.
Also posting from a Pixel 7 running Graphene for abouta year. No issues, I use Fdroid for most apps and Aurora when I have too. Only bummer is I haven’t found a good FOSS keyboard with swipe. Really miss gboard for that and gif insertion.
Have you tried Heliboard? You’ll need to download a (proprietary?) library for it though. https://github.com/Helium314/HeliBoard
Thanks for the rec! Typing on it now. Pretty decent so far. I dig the hover on the word as i swipe
Using GrapheneOS on a pixel 8 pro bought for this. Never used the stock OS. Coming from iOS it is a breeze of fresh air to feel “private”. I tried lineage some times ago but it isn’t as polished as graphene, and it feels like a classic android OS, I didn’t feel " private".
deleted by creator
My dear friend, can you elaborate ?
I am very happy with my moto g42 and Calix OS. The phone is reasonably priced (around 120.- euros).
Only downside is you have to register online to get full root access and I also had to wait like three days till everything unlocked. Otherwise I found the process very easy even for a caveman like me.
I put lineageos on my old OnePlus, which had started to lag so much that even the password prompt would take a minute to register my key presses. The moment I put lineage on it, it started working as if it was new and finally had security updates for the first time in 2 or so years. I now use it as a backup device, and also as a webcam for my pc using scrcpy.
There isn’t any Foss phone. Graphene os and everything else requires proprietary software for the modem to operate at a minimum.
If you are ok with some proprietary software go with Lineage OS.
For devices that support Lineage OS go here: https://wiki.lineageos.org/devices/
LineageOS is less proprietary than GrapheneOS.
deleted by creator
I personally prefer Lineage OS
I’ve been using Graphene since the pixel 4a, have never considered going back. It works wonderfully.
I use Graphene on my phone and DivestOS on my tablet
DivestOS on my tablet
Cool, there are supported tablets now?
I use Calyx on a Fairphone 4. It’s not totally degooglified, since it comes with MicroG which is used to connect to Google services. I use Aurora Store and a couple of original Google Apps like Gboard too (none of my Google apps can access the internet, since they’re behind the built-in firewall). It works well except call functionality which can be wonky and there’s the issue that a lot of apps from Play don’t work well with MicroG. I only use a small selection of Play apps though, so it doesn’t bother me too much.
What about banking appss?
Depends on the bank’s app. I have CRDroid (LineageOS fork I think) and my local bank apps have either full support or no support for biometrics (everything else works).
My banking apps work fine on Calyx.
Banking apps normally check for rooted phones as the thing they don’t like. Because pixels come with an unlocked bootloader, you don’t need to root the phone to install a custom ROM, and so banking apps are still okay.
Calyx comes with microg right?
Yes
I never bothered with banking apps. (Outside of the virtual debit card app from my bank. That one did install successfully. However, I never got try out in store because it deleted my virtual card after a few days and I didn’t care enough to set it up again.)
This is what stops me from leaping to phone Foss.
I was about to answer this, but decided I didn’t want that information in public.
However, the bank I use, which is a largish one, has an app that I’ve installed with the aurora store without microg or google play services on divestos and it complains that it won’t work without gsf, but it works fine after clicking ok.
I use GrapheneOS. Can’t go back!
