Hello there! This is my problem: I’m going to buy a new smartphone, and I’d really like to degoogle myself as much as possible. The idea would be to buy a device compatible with LineageOS, but… Supported devices are usually older models, and often there are newer devices with better specs for the same price, that does not support lineageOS. Is seems a shame to buy a device with lower specs than another one just because of software compatibility. So the alternative would be to buy an unsupported device, unlock the bootloader and debloat it as much as possible, flash privileged fdroid and aurora store on it, install microg, etc… What do you suggest me to do? Is the second alternative a viable option? What other steps should I do if I decide to go that way?
Thanks in advance folks!
Edit:
Thanks to anyone for the great answers! I finally decided to buy a pixel 6 (or 6 pro if I find a good deal) and install a custom ROM on it!
GrapheneOS will support it for “only” 3 more years, while other roms like lineageos or divestos will have longer support. What do you suggest? Graphene OS and when support ends switch to another one? O directly use the other one?
You must log in or register to comment.
Fairphone is the bomb diggity
Buying a pixel isn’t the end of the world, but it is still feeding the enshittification beast
A used pixel takes the brunt off of the moral compromise.
No it does not. You just end up manufacturing a whole market for cheapskate Pixel users.
Here you can filter the search for Custom ROMs by release year. A few current models are already available: https://www.sustaphones.com/ beside Pixels i.e. Xiaomi, 2023, redwood X5 Pro 5G, Teracube 2e, 2022, emerald, Motorola g32, g42, g52, …
If pixel/GrapheneOS is not an option I would recommend DivestOS which supports a very wide range of devices
The number of “GrapheneOS + pixel” astroturfers is astounding. The shills are persistent.
Just because a lot of people are saying it doesn’t mean they’re astroturfers, GrapheneOS isn’t even a company with an advertising budget, it’s just an open source project! Do you go to the Linux community and accuse the people using Arch of being shills?
I have investigated and covered the “security” cult in FOSS community and GrapheneOS for the past 5 years. They are the slimiest, dirtiest tech related group on the internet that projects and crybullies its way with everything.
https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/
A lot of you fall for the snake oil AOSP fork and preach their marketing.
Appreciate the very, very detailed response, but I’m just a guy who wants a secure device, I don’t really want to go down this red-string rabbit home or join anyone’s side in this shit-flinging match!
There is no rabbit hole, everything is presented with solid evidence and proper notes. And it should take a couple hours for all of this to be read, if you wanna spend a weekend or a night. I say that is reasonable for 5 years, and a very nice way to enlighten yourself with the danger “security zealots” present towards degoogling/decorping, whitewashing Big Tech evils, our privacy and tech freedom concerns. They are arguably the most prominent, yet covert Big Tech shills you will find in privacy community, and I am one such non-conspiratorial non-nutjob privacy person who took the pain to do this, because nobody else did.
I would like you to go through these parts in second link, it is very interesting regarding security claims.
GRAPHENEOS ALTS CLAIM CELLEBRITE KITS CANNOT EXFILTRATE DATA FROM PIXELS ON YOUTUBE COMMENTS
GRAPHENEOS MATRIX CHAT TELLING PEOPLE TO FLY TO OTHER COUNTRIES TO GET A PIXEL IF NOT AVAILABLE DOMESTICALLY
Also going through this comment chain might help regarding seeing if their security even means anything compared to other AOSP forks. Takes 10 minutes.
Wow, I didn’t expect you to be on lemmy. I was subscribed to your privatelife subreddit when I was on reddit. Do you have anything similar on lemmy?
c/privatelife, but it is a little inactive for now. My current goal is to get Lemmy’s momentum stronger than now. In the past 3 years, I silently helped crush raids, trolls, mod c/privacy and c/technology here on lemmy.ml, helped r/piracy and r/datahoarder migrate. Helped shape up rules and stuff, mostly the non- code development stuff to bolster Fediverse (someone sent me here back then) and to keep admins’ workload lighter.
While c/privacy is not made by me, I try to shape it up in similar ways as privatelife, so that all the privacy community problems and astroturfing that used to happen on reddit no longer happens here.
Regarding your edit and GrapheneOS support - they will definitely support the pixel for as long as Google are providing official support, though they have then continued support in the form of security patches for much longer than that for older devices. No guarantees of exactly what will happen in the future but you’re probably best of using GrapheneOS for now and then in three years time seeing what the state of things are. Things change quickly in technology, maybe you won’t need to move anything, maybe you’ll want a completely new phone by then!
Great, I’ll do this then! Thanks man
No worries, I’m by no means an expert but I’ve been using it for a couple of years and I’m happy to try and answer any questions!
Thanks to anyone for the great answers! I finally decided to buy a pixel 6 (or 6 pro if I find a good deal) and install a custom ROM on it! GrapheneOS will support it for “only” 3 more years, while other roms like lineageos or divestos will have longer support. What do you suggest? Graphene OS and when support ends switch to another one? O directly use the other one?
I have the P6. It’s an all around good phone. Don’t forget to look at GSI ROMs. All recent devices handle those. I can and eventually will install LineageOS on my Galaxy Tab S8 and have it on my old Tab low end tablet.
I’ve never heard of GSIs and it seems really interesting! I’ve found nothing about it on the LOS website, is it something “unofficial”?
Since devices that came with Android 10, all devices are expected to adhere to a standard Android interface. The GSI stands for generic system image.
Given a particular Hardware platform and drivers any GSI should run on any matching Hardware.
I know that Andy Yan’s LineageOS GSI works on my sm-t510 (a64 variant) and from user testimonials, it also runs on the sm-x720 (arm variant, TAB S8).
I linked the forum section that contains the thread for his and many other GSIs.
Thanks for the answer!
If you have the money and you care about not buying or owning a Google product, and / or you care about repairability, get a FairPhone: you can install
GrapheneOS orCalyxOS on them and they too support relocking the bootloader. It’s not just Pixel phones.Bonus: they have a SD card slot, unlike Pixel phones.
They’re not the speediest or sleekest devices, but that’s not where the interest lies with Fairphone cellphones: they’re mostly designed for long life and easy maintenance, and they’re made by a cool company I want to support personally. And they’re not made by Google, so buying one won’t support Google or the Pixel ecosystem in any way.
Fairphone is not supported by GrapheneOS, here’s a detailed explanation as to why
Ah yes you’re correct. I got confused.
It’s your money completely upto you choose what you think is best. Generally if you want to go the route of buying a unsupported device unlocking the bootloader etc. You gotta do your research and know what ya doing m8
Iirc, there are unofficial ports of LineageOS for newer devices. Also, I’ve been using another system, ArrowOS, in its vanilla form, on a Redmi Note 10 Pro phone I have, and it’s working fine so far, so maybe an alternative for your case if you don’t find a decent phone compatible with LineageOS?
Google Pixel with GrapheneOS. Nothing matches it.
I’m in pretty much the same boat as OP.
I’m seeing that buying a Pixel and then degoogle-ing it with Graphene OS is the way to go. Before I pull the trigger on that, can anyone point me to a good guide on how and when to load Graphene OS? Do I load it after activation with a carrier? Ok to do this before carrier activation?
And what functionality do I have with Graphene OS? Only Fdroid as a store? Can I sideload apps?
I’d really like to hear from some people that have actually done this about what to do and what their experience is with grapheneos. I’m leery of spending hundreds of dollars on a phone that may or may not work as I want.
I am seriously considering doing this but I’ll buy an iphone if I can’t really understand the pixel/graphene path well enough before dropping the $$.
Any YT vids about someone doing this?
I’d really like to hear from some people that have actually done this about what to do and what their experience is with grapheneos. I’m leery of spending hundreds of dollars on a phone that may or may not work as I want.
I’ve done this, here’s my takeaways:
On the install:
- The install guide is long and detailed, and it felt important to take my time and do every step exactly as it says.
- In spite of the length of the guide, I was done with my install in about 45 minutes. I spent about 30 of those minutes sipping coffee and reading on my Kindle while my phone applied updates automatically. -By the time the install finished, my feeling was “that was it? I feel like I clicked like 4 links and it did everything.”
On owning it:
- My $300 GrapheneOS Pixel 6 is substantially more responsive than my previous $1000 phone. I migrated to a 3 year old phone and if feels like a big upgrade.
- My camera opens quickly, snaps pictures quickly, and is ready to snap another picture, quickly. This shouldn’t be a big deal, but some of your with $1000 Android phones know what I’m talking about. I’ll die on the “this should never have been hard in the first place” hill. But in the meantime, the responsive camera is the most important quality of life upgrade I got from GrapheneOS.
- Installing apps from Aurora, with it’s privacy insights, was very eye-opening for me. I mention this mainly for context on my next point.
- App compatibility has not been an issue for me; but I quit using certain really invasive apps when I saw their tracking details in Aurora store. (Cough - Paramount Plus - cough)
- I’ve heard bank apps can be a challenge, but mine works perfectly. I now love GrapheneOS enough that I am realizing I will move my money if that changes.
I did a bit of searching, maybe used the wrong terms, but is there a list somewhere with Banking Apps compatible with Graphine or Lineage that you know of? It’s literally the only thing holding me back…
I, too, have searched for such a list and not found it.
https://grapheneos.org has a lot of info. Make sure to buy a phone with an unlocked bootloader. All carriers lock it so buy it used and make sure that its unlocked or buy it directly from Google. You can install all google apps through Aurora store, a Play Store fronrend. You can also install sandboxed Google Play services so your Play Store apps can run and have functionning notifications, as they usualy rely on Play services. Yes you can sideload apps like normal android. Its AOSP without the google stuff. Some videos/channels: https://www.youtube.com/watch?v=vh5xjsE4mU4 https://www.youtube.com/watch?v=igSUmfKTXqU https://www.youtube.com/channel/UCrG6IID2FX7-GxyKtavRhEA https://www.youtube.com/watch?v=L1KZWjZVnAw
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=vh5xjsE4mU4
https://www.piped.video/watch?v=igSUmfKTXqU
https://www.piped.video/channel/UCrG6IID2FX7-GxyKtavRhEA
https://www.piped.video/watch?v=L1KZWjZVnAw
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
I’m a GrapheneOS user. You can use whichever store you like. Sideloading works too if you want to get stuff directly from GitHub, for example.
If you use esim, probably better to activate before flashing GrapheneOS. Otherwise, doesn’t matter imo.
I’d suggest you take a look at the discussion forum. You can ask questions there or just browse and you can probably learn a lot about GrapheneOS there. Also the homepage has tons of info, of course.
The stores I have on my GrapheneOS pixel 7a: F-Droid + droidify, Aurora store, and the Google Play store as well for some official apps I cannot do without. Between these, there isn’t an app that I couldn’t find or install.
I bought my pixel second hand, to not put more money in Google’s pocket, and to avoid any carrier locking. Not sure how that will impact the installation, but it might. Best to investigate that matter.
I have to mention: I still cannot believe how easy that installation was. I rooted my previous phone and put lineageOS on it, which was such a tedious procedure back in the day, I really dreaded installing GrapheneOS. But that web interface, detecting everything and guiding me along was pure heaven. I hope that’ll become the default for any custom installs.
Interesting. Thanks for this info.
Google Play? So you degoogled and regoogled?
:)
At least it’s sandboxed now ;)
I too, degoogled and then regoogled.
The Google Play framework service is very sandboxed on GrapheneOS. Most stuff just works, and - as long as all went to plan, which it seems to - the invasive stuff fails silently or with a harmless error message.
It’s been a better experience than I expected!
For the most part, Google has no idea what apps I’m even installing, beacuse I get free apps without login through Aurora.
For the apps that are important enough to me to purchase through Google Play, Google knows I bought and installed them. But even those are talking to GrapheneOS’ sandboxes Google Services Framework. For the most part, nothing changes in how I use those apps, beacuse the sandboxes framework drops and reports ‘success’ on unsupported framework calls, and the vast majority of apps I have used just move on.
The exception has been anything that only supports Google’s auth layer. I like Google’s auth layer, but I don’t use it anymore. So those apps I can’t use at all. I don’t expect it to work well on GrapheneOS, but I haven’t honestly tried.
deleted by creator
I recommend you purchase a Google Pixel 6a or above (minimum security support ends July 2027) and flash GrapheneOS. (Pixel 8/pro preferred)
Aurora Store doesn’t avoid Google since a lot of the apps from the play store include Google’s SDK and libraries. microG also doesn’t avoid Google as it is still running proprietary Google code and has more privacy/security weaknesses
Sandboxed Google Mobile Services is a much better implementation which is featured in GrapheneOS. The services are not privileged and is treated like any other app. They don’t downgrade privacy or security unlike the other alternatives.
There are much more privacy and security benefits using GOS. Here is a 3rd party comparison between different mobile OS.
microG also doesn’t avoid Google as it is still running proprietary Google code
What proprietary code?
has more privacy/security weaknesses
Source?
microG runs Google Play code just like Aurora Store. It is not fully open source. Here’s more information.. It is still connecting to Googles propriety servers.
microG requires Signature Spoofing and alternative OSes usually ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.
Now you’re using a privileged component, which downloads and executes Google code in that privileged unprotected context, and which talks to Google servers because otherwise, how would FCM work for example?
Despite doing both of those things, MicroG doesn’t have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device. Even in some magical universe MicroG worked without talking to Google servers or running Google code (again, in a privileged context), the apps you’re actually using it with (the apps depending on Google Play) have Google code in them.
microG runs Google Play code just like Aurora Store. It is not fully open source.
Neither of them run “Google Play code”.
You can download proprietary apps through the Aurora Store and those on their own might include Google play libraries but that should be painfully obvious.
µG can optionally download and run the proprietary DroidGuard for implementing the proprietary SafetyNet. If you don’t want proprietary software, you should not explicitly enable SafetyNet (I don’t know what app you’d use it with anyways).
That’s a Twitter thread with no cited sources aka. the truthiest information known to man.
It is still connecting to Googles propriety servers.
If you ask it to, yes. That’s one of its explicit purposes.
It obviously must talk to Google servers in order to facilitate things like cloud messaging for example; there is no other way.
It does try to implement many APIs that would ordinarily talk to Google’s servers in regular GMS using alternative methods however and if it has to talk to Google, it does so with the least amount of data possible.
microG requires Signature Spoofing
This is usually only enabled for the µG app itself and nothing else.
ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.
This does increase the attack surface a little. In a world where blindly trusting gigabytes of privileged vendor blobs is the norm however, I don’t think it’s all that significant.
Compared to the hundreds of MiB of regular proprietary GMS code that ships on Android devices, it pales in comparison.
downloads and executes Google code in that privileged unprotected context
As opposed to …running running the entire GMS in a privileged context?
MicroG doesn’t have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device.
You’re comparing apples to oranges. µG replaces GMS, not the tool used to sandbox GMS. You could sandbox it in the same way.
There is no “extra access” that µG has compared to regular GMS.
[if] MicroG worked without talking to Google servers
I don’t know why you keep mentioning this, it was never up to debate.
the apps you’re actually using it with (the apps depending on Google Play) have Google code in them.
Apps that bundle Google Play code have Google Play code inside?!
Start the presses! Notify the President!
A wild revelation, the world must know it!
thanks for the answer! I would gladly do this if only pixel phones had an SD card… Sadly they don’t, and I really need it, so no pixel for me :(
Perhaps you should add this criterion to the start post? Otherwise ten more people will recommend GrapheneOS…
You can always connect a USB stick or card reader with an SD card via USB-OTG
I will recommend you do use a phone that still receives security updates (Not EoL) because I don’t want you to lose out on security just to deGoogle.
If you are strict on having an SD card slot and your phone is still receiving support, you should use StockOS to receive firmware updates as soon as possible. If the phone you decide to get is EoL, the least bad option would be DivestOS (fork of LineageOS)
Is there a reason you need SD storage? Some Pixel devices have onboard storage of 256GB+, so unless the storage needs to be removable, they could still be a good option.
Pine phone
I so, so wish this were a real option, but sadly the software support just really isn’t there yet.
For that to become reality I think it would either need a ‘Proton for Android Apps’ or some sort of killer app that I can’t even imagine.
Ironically, the best devices for degoogling are Pixels. You can unlock the bootloader very easily and then flash something like GrapheneOS or CalyxOS, and finally even relock the bootloader afterwards for security. Graphene can run google services in a sandboxed mode and Calyx has microG by default iirc.
Thanks for the answer! Sadly pixel devices have no SD card, and it is a quite important feature for me
Out of interest what specifically do you use an SD card for?
probably storing files
