A question as old as time, I know.
I’m getting away from Google and I’ve done the easy stuff: CoMaps, Proton mail (I know, not the best move), aveslibre, etc. I currently don’t have the time (or the knowledge base) to learn how to self host, but hopefully that will replace Drive and such in the future.
But I digress. I’m looking at a new OS for my phone. I’m currently in a contract with a phone that is incompatible with alternative OSs. Graphene needs a Pixel. Used, they’re $150-400. /e/OS will run on a Motorola or whatever and those are like $80.
There’s also the option of going full Fairphone with /e/os and I like that idea in the future.
The internet people tell me that Graphene is the best due to ease of installation, privacy, and security.
I don’t need a lot of security. I just want Google to stop suckling all that sweet, sweet data from my teat.
What are your thoughts?
Why do you say not the best move for Proton?
Their CEO tried to cozy up to Trump when he re-entered office
Ahh yes, I remember the whole controversy. I still think Proton as an ecosystem, and a product are still great for what they are, and for promoting privacy regardless of what Andy said using the official Proton account. (negative IQ play).
Regardless, GrapheneOS is still the staple in terms of limiting, or out right removing Google from your phone.
Check my post history if you want as I did post quite a few times about my journey there but basically :
- used Android a long time ago
- switched to iOS due to discussions with security experts at Mozilla
- bought and used sporadically Linux proper phones (PinePhone and PinePhone Pro) with different distributions
- tired of iOS restrictions as a developer, switched to /e/OS last year
The main appeal of /e/OS for me wasn’t security or privacy but rather being able to purchase a phone with the OS installed. I wanted to buy a phone, put the SIM in and be pretty much done with it. I also wanted banking apps to keep on working. I bought the cheapest /e/OS phone namely https://murena.com/shop/smartphones/brand-new/murena-cmf-phone-1/ then and basically I’ve been using daily since.
Few clarifications that I believe are misunderstandings :
- on security, yes /e/OS lags behind GrapheneOS for Android updates. If you are worried of 0-days because you are a political dissident you should probably NOT use /e/OS but get your setup reviewed by experts. You should definitely not trust randoms strangers on the Internet on that topic. It’s important to put an emphasis on the fact that even with the latest Android updates, a phone is still not entirely secure, does not matter if it’s with Googled Android, GrapheneOS, iOS or whatever other OS. It’s only the least worst known state, in theory. It’s better to follow best practices but without being either naive or paranoid.
- on privacy, /e/OS has some defaults you might not like but they are JUST that, namely default settings. If you do not want to use a Murena account, simply do not create one. That’s it. You won’t have any call to any API, even proxied one like OpenAI. AFAICT this is also only for paid accounts so it can’t happen by mistake. Feel free to check my post/comment history on that. Again if your threat model is any information leak, might be better to use GrapheneOS but if you are fine with just avoiding the downside of surveillance capitalism, IMHO /e/OS is good enough, namely you don’t share usage data to Google, even with default settings.
To be fair, GOS install is extremely user-friendly. Absolutely no contest with Lineage OS on my Samsung tablet, which initially failed and required some wizardry. My old phone and tablet are still stuck on 18.1 while 22.2 is available.
I have no doubt. In fact I bet that as soon as you have done it once, it’s entirely obviously. I’m mostly taking the perspective here of somebody who needs a phone and doesn’t even properly understand what an OS even is.
Also self-hosting is not trivial but it got way easier over the years IMHO thanks to Docker/Podman. Also I’d recommend investing time in it because… it will still be worth it in a decade!
If you are up for it I could write few “challenges” for you and see where it leads.
Resurrect divestOS is my thoughts on this
Did you check out Jolla phone? It’s an Android/iOS alternative
My stocks aren’t great 😭
/e/OS is not Google free (several calls, integrations and so on are connecting to Google). It makes use of OpenAI as well, uses tracking ids for updates. It is far behind regarding updates and thus risking privacy due to lack of security. They ignore any sort or critique.
Graphene: You have to buy a Google device. Even second hand is support as it increases the value of their devices (or stabilize) and you walk arround with their name.
Advice: Have a look at Iode.
Pick a device that is not meant to be used for many years as Graphene plans to support a non Google device in coorporation with an unknown manufacturer.
(Written from a Fairphone using /e/)
Have a look at Iode.
Its the same as /e/
Linaegeos fork with no updates and its only „security” is a literal subscription for a DNS blocker
Graphene is the best by a long shot, security wise and degoogling wise. In fact, you can use GrapheneOS with absolutely zero Google services running on your phone. /e/OS uses MicroG which while better than your usual Android phone, still runs with privileged access to your device. This is in contrast to GrapheneOS’ optional sandboxed Google services implementation which gives Google the same privileges any other app on your phone would have.
Thank you for detailing in one paragraph what I was unable to understand after reading articles about it all last evening.
It is also largely questionable.
/e/OS has MicroG, and that runs as a system service. You can disable most of it, and if you’re not using any App that needs Google services, I doubt it really does much.
It is possible to use Graphene without using any Google at all. However… Doing so will break almost every app out there. Anything that needs push notifications, AndroidAuto, a thousands more things. So you end up using Graphene with Sandboxed Google services.
And we get into the debate. Is it better to take the official Google Play Services, which we all consider malicious, and run it in a sandbox, or take an open source private, and trusted implementation (MicroG) and run it as a system service?
It is at the very least largely debatable.
It is best to run GOS or Lineage OS completely Google-free.
It is best from many points of view but, as far as I understand, this community is about providing knowledge and tools, and leaving it up to the individual users to asses their threat modeling and determine the extent of the acceptable compromise?
Edit: in every use of connected technologies there are privacy trade-offs, and privacy may not be the only concern on a user’s plate.
The Fairphone mentioned in the opening has the more ethical production and spare parts support, that can be a concern for many users. Ultimately it’s for them to decide. Maybe we bore them and they just get a third hand iPhone, which is still largely a privacy improvement over stock Android.
“Best” only in the context of this thread.
If it’s only about degoogling, they can very well use /e/OS and remove the network permission from microG. Yes, it’s possible.
You can delete MicroG with Android Debloater. You will not be able to do most transactions afterwards.
I came to GrapheneOS for privacy and security, but stayed for the features.
-
Per application network toggle: I found this incredibly useful in cases where the application is fully functional without internet, yet still asks for internet permission, and I do not want it to phone home (e.g. Google Photos). It is helpful for when you are using a VPN, and do not want the slot to be taken by an application like NetGuard. Although, I believe you can replicate this functionality with (Split Tunneling) + (Block connections without VPN).
-
Storage Scopes: This is a another highly useful feature. Say you took a bunch of pictures on a trip, and want to show the pictures to a friend. Normally, you’d fear them snooping around pictures that you don’t want to show them. However, with GrapheneOS, you can just download a separate Gallery application, only expose the photos (or the photo directory) that you want to show via Storage Scopes, pin the application, and safely hand the phone over to them.
I found this feature very helpful when shortlisting ~10 photos from a gallery of 500 photos. I downloaded PhotoSwooper (which lets you keep/delete photos by swiping right/left) from F-Droid, exposed the 500 photos directory to it, and started swiping. I iterated this a couple of times, and got my perfect 10.
-
Contact Scopes: This is for the cases when you don’t want to expose your contacts to the application for whatever reason (e.g. you don’t want them to graph your connections or you just want to protect the privacy of your friends). You can just selectively share contact(s) instead of handing your entire phonebook to the application.
-
Sandboxed Google Play: Some applications require the extremely invasive Google Play Services (because it operates with elevated system-level privileges). However, with GrapheneOS, you can just install the sandboxed play services, which acts as a regular user level application. You can then revoke network access within Sandboxed Google Play Services, and use your play services dependant application as usual.
So, basically, if you can afford it, go for GrapheneOS. I wanted privacy and security; but now that I tried GrapheneOS’s features, a lot of these are now nonnegotiable to me.
I wondered, is the per application network toggle grapheneOS specific? I also recently discovered it and its so nice. Was a bit shocked when I red some indications online that its not a normal android feature?
Almost every firewall app on F-Droid has it. What Graphene brings to the take is that you don’t need root for that.
LineageOS has it too.
it’s not
-
Just abit of encouragement
Self hosting is easier than you think. I didn’t know anything about Linux prior to setting up a server. I’m faaaaaar from an expert but even a noobie like me was able to set up a truenas system by watching tutorials and reading. It’s definitely alot of problem solving in the beginning but it gets easier.
In terms of storage. Mega is great value for money and all E2E
Thanks, I really appreciate the encouragement.
You got this!
Personally I am using /e/is, but I think GrapheneOS is technically superior. I would first research whether the apps you need (EG banking) work on either one and then decide
Oh man, I didn’t even think about banking and credit card apps.
Phones have this neat thing called a web browser that you can use to access your bank and if you can’t use a web browser to access it then honestly you should switch banks because that just shows that your bank doesn’t give a fuck about you and that you are the product because they have proprietary shitware on your phone
IMHO if you only care about Google sucking your data and not other privacy/security, the most important question isn’t between OSes as much as it’s between:
-
No Google apps (GAPPS); honestly good ol’ LineageOS is just fine. If you don’t install Google spyware you don’t have Google spyware, just the connectivity check and dns. Which you can probably change. Major con, many applications installed from Play store (through Aurora store, apk, whatever) and practically all notifications you’d receive from them stop working.
-
MicroG; open source GAPPS replacement that tries to send as little data as possible to Google, while keeping Play store apps & push notifications working. /e/, iodé, Lineage for MicroG, Lineage but add microG manually during installation, formerly CalyxOS…
-
Add GAPPS but try to handicap it somehow (incl. GrapheneOS work profile isolation); I don’t remember if it’s eg. possible to block them from accessing the Internet on non-GrapheneOS phones, by app permissions or eg. NetGuard?
If we’re taking into account other privacy and security, then GrapheneOS by a mile.
block them from accessing the Internet on non-GrapheneOS phones
This is an important feature in GrapheneOS. You can deny network access for any app.
Yeah, /e/OS too, and so I assume also LineageOS and the rest.
Is it only Graphene? I vaguely recall having had it on DivestOS (RIP), which was a Lineage fork.Edit: Any app, duh, yes, silly me. Don’t remember if it was possible for all of them.
Not all built-in apps had that option but for everything else you can.
-
GrapheneOS by far. From a security perspective, GrapheneOS is miles ahead because they are quick to update and they have the Android OEM security updates, which lets them update as soon as the update is released, instead of having to wait for the Android public security release with happen every quarter. Have also heard that /e/ OS is extremely slow to release security updates (when available) but i could not find anything about it.
https://eylenburg.github.io/android_comparison.htm
This is a great table of comparisons between the different Android alternatives.
I love my graphene phone, and also installed lineage on my old motorola phone , works great , i used that one as a backup
did you buy it with graphene preinstalled? i’m thinking of doing it this way through murena because i also need a new phone, but hesitating on network coverage in the united states.
My daughter installed both just by reading the manual on internet .
It was more like a fun project for her , she has to learn sometime, it takes less than 1 hours to install.
Youre phone must be OEM unlocked.
Iam more in to linux .
Greatings from Belgium ,stay safe .
I have /e/os. I decided on that pretty early on in my degoogling journey. Main reason being that I believe any privacy venture will come with tradeoffs, but I went with the “most things will work” approach. They have this neat privacy manager that tells you which trackers come from where, and I think that covers my needs. There has been exactly zero apps that haven’t worked so far, and most people that use my phone just think it’s a standard pixel.
The app lounge kind of blows though. I use the F-Droid app for updating F-Droid apps instead of it, since there was some weird stuff about where they were getting open source apps from. I use it for the play store, and it does what it needs to, although there is some weirdness with it like not being able to tell which apps have recently updated and when. I like the idea of joining app repositories together, but it needs work.
