I hear many people say that the Google Pixel is good for privacy, but is it?
I’m asking this because I find it weird, of all the companies, Google having the most “privacy”.
Yes, it is. I mean, GrapheneOS is the gold standard for privacy&security, but even stock Pixel is a good step up. Think of it like this: on stock Pixel, only Google is tracking you, not Google + Samsung, or Google + Xiaomi. Just Google. It’s guaranteed to be a step up from all other Android phones, stock or not.
Wow the fact that this is considered good is depressing
Wait since when a monopoly is preferable to a duopoly? As far as I’m concerned if I can’t have 0 companies to spy on me I’d rather have them all fight each others in the data space…
In this case they don’t fight, they exploit your data in different ways and if one of the exploiters isn’t arsed to keep your data secure then everyone gets it and it’s not just corporate actors profiting from you but more harmful actors including scammers using your data.
You can install on it a lot of custom ROMs, including GrapheneOS and CalyxOS.
Installed GrapheneOS and adjusted my google settings to track everything they can, then I checked to see how much data that got collected, it is almost nothing.
This is gonna be a foolish and stupid question but how did you check how much data was being collected?
Google take out
Under GDPR you have the right to download the data they have about you, so google has a page where you can do that. That being said I doubt that is everything they track, I’m probably still getting fingerprinted and tracked by ip, but still thats a lot less info collected on me and most importantly that data is less valuable to sell.
additionally you don’t need to jump across several hops to flash custom roms on Pixel phones (or tablets)
it’s easy as using a web browsermeanwhile custom roms on Xiaomi or Samsung are a huge pita to setup and require almost shady looking korean or chinese (windows) applications
About how Pixel is more private… Pixel ‘only’ has Google’s tracking; other manufacturers have their own tracking, *on top/in addition* to Google’s tracking.
With GrapheneOS on it yes, except if the hardware secretly sends data .-. Without, no.
Yeah. I thought it was weird, but the stock Pixel is very secure, and if you install Graphene OS, it is even more so. Additionally, Graphene OS sandboxes The Playstore Apps, and gives you much more control over what the Apps you install are allowed access to. You have to go way out of your way to make it less private than the stock OS, and you pretty much can’t make it less secure than the stock OS.
You can get almost anything that works on the stock Pixel working on Graphene OS except for Google Wallet and the Android drive app. Banking Apps work, Google Apps work (but you might as well try to use alternatives).
I had an iphone for years, but after using Graphene OS for the past 3 months, I can honestly say I’ll do everything I can to not go back.
removed by mod
It’s one of the better options.
For a start, even if you run it stock, it’s somewhat on par with the iPhone (depending who you ask). You’re trusting one company with your data, Google. You’re not trusting Google AND Samsung, or Google AND Huawai. It’s just Google. Plus Google does offer good security, so your data/device is pretty secure. In comparison to Samsungs Knox… while better than a lot of other Android security stuff, is kinda bad.
Though, the real privacy win for the Pixel, is it DOES allow you to modify it. You can remove Google’s version of Android, and change to Calyx or Graphine OS. Both of which are fantastic options, that allow you to really lock things down.
pixels have the highest hardware security of all Android phones, which increases privacy potential. assuming you keep the stock os and default Google settings, though, it’s about the same as any other.
Google also has good support for alternative OS’/Android forks, which is likely where that claim is leading to.
Google One is the marketing people are probably referring to for privacy.
The pixel has the default function for DNS over HTTPS and their Google One offering has a VPN to “protect” your data. Both of those are sold as privacy measures.
I see a lot of responses here seem kinda out of touch with the actual functionality of the phone and what marketing pushes Google does.
GrapheneOS on a Pixel 7 is one of the best decisions I ever made. You can sandbox the shit out of all apps and granularly control the permissions in addition to outright cutting off network access to apps that would otherwise be doing background telemetry garbage all the time.
If you’re terminally online and just can’t imagine life without all the first party Google apps, you’ll disagree with me. But otherwise it is a great decision. F-droid and Aurora Store are awesome. (You can still manually install and use stuff like the Google camera app, Maps and others. Just never sign in to first party G Apps, be careful with your permissions etc. and you’ll retain 90% of the functionality while not having the privacy downsides.)
I’ve been using LineageOS+MicroG with very little google software (only maps) and it’s been working great. Any reason I should switch to Graphene? I noticed the main dev seemed to have some disputes and interesting personality characteristics, so I was a bit hesitant to adopt. I also had an irrational “I wouldn’t be surprised if 3 letter agencies are involved” vibe about Graphene, but nothing concrete.
deleted by creator
That’s quite a statement, are you sure about that? The Graphene team has done a considerable amount of work sandboxing the environment of Google Play, both in memory, permission structure, and IO access that MicroG completely blows past. Given how the Graphene sandboxing works, I actually can’t think of a scenario where the statement that MicroG is more private than Graphene sandboxed Google Play. In either scenario you don’t have to log in, so I’d much rather have an environment that has been isolated than tooling that still has tendrils reaching into the main OS itself (MicroG).
Yeah one important key is not logging in. If you use Aurora store to install apps, and don’t log into any Google apps, Google can’t be certain of your identity enough to tie it to your previous Google account. I guess they could probabilistically match you based on stuff like your location in Maps app vs. a previous normie device known to be “you”.
One thing I’d like to test is the implications if you log into Gmail on the hardened Vanadium browser and then log out. I would think it would still be pretty safe on Graphene because Google would have no access to other apps activities on the device and even location requests don’t get routed to Googles geolocation service unless the user specifically turns that back on.
Does the Gmail app work in grapheneOS?
Yes it should although you may not get notifications of emails. I’d use ProtonMail or Tutanota instead anyway.
Gmail will work fine, including push notifications, assuming you enable Google Play Services. Using either will of course come at the cost of privacy.
I sorely miss the hardware features from my previous phone, like a notification LED, MicroSD card slot and headphone jack, but I can’t go back to a phone where I can’t re-lock my bootloader after installing a custom ROM like CalyxOS or GrapheneOS.
MAC address randomisation is pretty neat too.
like a notification LED, MicroSD card slot and headphone jack
Ah, another Galaxy S9?
An Asus Zenfone 6. Still ended up being a regrettable purchase for other reasons.
I can’t go back to a phone where I can’t re-lock my bootloader after installing a custom ROM
Is this something that only certain models of phone are capable of doing? Or is it a new Android/hardware feature that only new phones have?
It’s specific to the bootloader of a given device. Most devices don’t seem to support being locked with custom OS images using self signed keys.
It requires a flashed rom with a valid (key signature? Crap, forget what it’s called).
If you flash an unsigned kernel and try to boot lock, it’ll brick.
I get from an absolute security perspective why this is deemed important, I just feel there’s a bit too much focus on it, as if an unlocked bootloader is really that insecure. It would still take tremendous effort to get the encryption key for storage, so it’s pretty effectively secure still.
With unlocked bootloader you can dump the data and brute force the password. With locked bootloader on pixel devices, you can’t even do that.
From what I’ve read, that doesn’t really work - you’d need the encryption key, not the pin/password, because of how the encryption platform works.
Again, it’s been a while, and this isn’t my field. I just remember being properly surprised at how little I understood - that the pin/password are merely keys to accessing the encryption key, and it’s all tied together in validating during hoot. Like you can’t image the system and drop it in another phone if it’s been encrypted, even if you have the pin - the encryption system on the different hardware would calculate things incorrectly (I did this once, dropped an encrypted image on a duplicate phone. That was fun trying to figure out why it wouldn’t work).
There’s more to the puzzle that’s frankly above my pay grade, but last time I read about how to get into an encrypted phone, (even boot unlocked) required the expertise and tools of certain types of folks. Not your average “haxxor”.
Granted, that expertise and those tools are getting closer to us every day…
I thought the security chip was being disabled when unlocking the bootloader but apparently it just skips image validation.
So basically you can flash anything (which kinda is what you want). You could theoretically also modify the system files to being able to bruteforce your pincode.
Unlocking the bootloader also makes your device less secure in other ways. When there’s a root exploit in Android verified boof safes you from it being exploited.
Good point about root exploit. It’s a potential.
Thing is, every Linux server and windows box suffers the same risk… But we don’t hear “the sky is falling” about those… Because it’s considered a measured risk and security is layered. As it should be.
Hell, people still run windows laptops unencrypted today - which is far worse than an unlocked bootloader on Android.
But you also don’t usually safe your whole identity to the cloud
A part of that is due to the fact that you now only have one company to worry about collecting data, rather than both the manufacturer(think Samsung) and then Google too.
They also play the best with options like Grapheneos or Calyxos
Install GrapheneOS on it and it will be. Remember, security and privacy are two different things. You can be very secure without being private, and you can be very private without being secure.
Google Pixels by default are pretty secure, but not private, at least not to Google.
Not the stock os. You need to flash something else and relock the bootloader to take advantage of the pixel
Google Pixel has the most support for security, which relates to privacy. It does “phone home,” but likely only to Google. Removing all the Google software and installing GrapheneOS further hardens the security and vastly improves the privacy by stopping the “phoning home.”
I LOVE GRAPHENEOS
