A question as old as time, I know.
I’m getting away from Google and I’ve done the easy stuff: CoMaps, Proton mail (I know, not the best move), aveslibre, etc. I currently don’t have the time (or the knowledge base) to learn how to self host, but hopefully that will replace Drive and such in the future.
But I digress. I’m looking at a new OS for my phone. I’m currently in a contract with a phone that is incompatible with alternative OSs. Graphene needs a Pixel. Used, they’re $150-400. /e/OS will run on a Motorola or whatever and those are like $80.
There’s also the option of going full Fairphone with /e/os and I like that idea in the future.
The internet people tell me that Graphene is the best due to ease of installation, privacy, and security.
I don’t need a lot of security. I just want Google to stop suckling all that sweet, sweet data from my teat.
What are your thoughts?
It depends on what phone you have and what you’re looking for.
For me, personally, I went for e/OS as it allowed me to buy a fairphone and support a hardware manufacturer without putting money in Google’s pocket for a pixel.
A modular repairable phone was more important than which ROM i used. Though i do wish e/OS had some features graphine has
That is absolutely a conundrum. I’d rather support repairable hardware than even getting a used Pixel. By GOS seems like a great OS. I’m at least a couple months out from making the switch so I have a lot of time to agonize over it at least.
When I switched to Graphene a month ago, I was expecting to make a lot of concession for privacy, security and to get rid of Google.
But honestly, it just works great and while it is meant to be used without google, WhatsApp and all those spywares.
You still have the ability to use them if needed but sandboxed and in a different profile. It makes it so that the switch is easier and not a all or nothing.
The only thing I struggled with was using something else than Google Maps and Obtainium at first.
Check out iodeOS Its a LineageOS fork but more privacy friendly. They support many phones and deliver security updates much faster thab /e/os
/e/, lineage, Jolla/sailfish, they are all bad for security and really not that great for privacy. grapheneOS really is the best without question especially if you value the best security.
/e/ and lineage:
- https://grapheneos.social/@GrapheneOS/114235397501611300
- https://xcancel.com/GrapheneOS/status/2026368443071582346#m
Sailfish:
I see the Graphene bois still like shittalking other ROMs. Not exactly the kind of behaviour that builds trust, but we’re used to it by now.
Yes, other ROMs make compromises, as do the people using them. Saying that all others are “bad for privacy” is just bullshit. Anything is better than stock Android.
I’m not a dev, I just use the os. Personally I had issues that prevented me from using it, but they have added great compatibility for Android Auto and for RCS.
To clarify since you’re mincing my words, I said:
- Others are bad for security
- Others are not really that great for privacy
Yes grapheneOS increases privacy compared to stock and so do other custom OS, but the key is that grapheneOS does not compromise security but instead increases it compared to stock OS.
Other custom OS lag behind with patches, and grapheneOS is the only custom OS I have heard of where their security patches are actually added back into stock Android.
This is such a soft response and I’ve seen it in a lot of places. People cry and call it shit talking because the devs point out flaws in other operating systems.
Why do you say not the best move for Proton?
Mostly it’s accusations of vibe coding a supposedly secure ecosystem. The Trump thing wasn’t great, but I think it was largely blown out of proportion.
At the time I was looking for a Google replacement, which Proton kind of is. It’s got mail, calendar, and a drive, all that stuff. Since then, I’ve learned or realized that I would prefer to be invested in individual services like mailbox.org, mullvad, keepass, etc. So that if one service fails, I can just divest myself from that individual service not an entire ecosystem.
I agree with the Trump thing kinda being blown out of proportion, but I haven’t heard about the vibe coding part? I know there was one point where they used ChatGPT for something and were called out for the irony of it, but I don’t think they are majorly vibe coded. Because everything is open source, and they routinely get audited, I trust them enough to use their products. I do agree however, that not having all your eggs in one basket is a better ideology from a security standpoint. From a convenience standpoint (and wife factor), I pay for everything Proton :P.
Their CEO tried to cozy up to Trump when he re-entered office
Ahh yes, I remember the whole controversy. I still think Proton as an ecosystem, and a product are still great for what they are, and for promoting privacy regardless of what Andy said using the official Proton account. (negative IQ play).
Regardless, GrapheneOS is still the staple in terms of limiting, or out right removing Google from your phone.
Resurrect divestOS is my thoughts on this
Did you check out Jolla phone? It’s an Android/iOS alternative
My stocks aren’t great 😭
Check my post history if you want as I did post quite a few times about my journey there but basically :
- used Android a long time ago
- switched to iOS due to discussions with security experts at Mozilla
- bought and used sporadically Linux proper phones (PinePhone and PinePhone Pro) with different distributions
- tired of iOS restrictions as a developer, switched to /e/OS last year
The main appeal of /e/OS for me wasn’t security or privacy but rather being able to purchase a phone with the OS installed. I wanted to buy a phone, put the SIM in and be pretty much done with it. I also wanted banking apps to keep on working. I bought the cheapest /e/OS phone namely https://murena.com/shop/smartphones/brand-new/murena-cmf-phone-1/ then and basically I’ve been using daily since.
Few clarifications that I believe are misunderstandings :
- on security, yes /e/OS lags behind GrapheneOS for Android updates. If you are worried of 0-days because you are a political dissident you should probably NOT use /e/OS but get your setup reviewed by experts. You should definitely not trust randoms strangers on the Internet on that topic. It’s important to put an emphasis on the fact that even with the latest Android updates, a phone is still not entirely secure, does not matter if it’s with Googled Android, GrapheneOS, iOS or whatever other OS. It’s only the least worst known state, in theory. It’s better to follow best practices but without being either naive or paranoid.
- on privacy, /e/OS has some defaults you might not like but they are JUST that, namely default settings. If you do not want to use a Murena account, simply do not create one. That’s it. You won’t have any call to any API, even proxied one like OpenAI. AFAICT this is also only for paid accounts so it can’t happen by mistake. Feel free to check my post/comment history on that. Again if your threat model is any information leak, might be better to use GrapheneOS but if you are fine with just avoiding the downside of surveillance capitalism, IMHO /e/OS is good enough, namely you don’t share usage data to Google, even with default settings.
To be fair, GOS install is extremely user-friendly. Absolutely no contest with Lineage OS on my Samsung tablet, which initially failed and required some wizardry. My old phone and tablet are still stuck on 18.1 while 22.2 is available.
I have no doubt. In fact I bet that as soon as you have done it once, it’s entirely obviously. I’m mostly taking the perspective here of somebody who needs a phone and doesn’t even properly understand what an OS even is.
Also self-hosting is not trivial but it got way easier over the years IMHO thanks to Docker/Podman. Also I’d recommend investing time in it because… it will still be worth it in a decade!
If you are up for it I could write few “challenges” for you and see where it leads.
/e/OS is not Google free (several calls, integrations and so on are connecting to Google). It makes use of OpenAI as well, uses tracking ids for updates. It is far behind regarding updates and thus risking privacy due to lack of security. They ignore any sort or critique.
Graphene: You have to buy a Google device. Even second hand is support as it increases the value of their devices (or stabilize) and you walk arround with their name.
Advice: Have a look at Iode.
Pick a device that is not meant to be used for many years as Graphene plans to support a non Google device in coorporation with an unknown manufacturer.
(Written from a Fairphone using /e/)
Have a look at Iode.
Its the same as /e/
Linaegeos fork with no updates and its only „security” is a literal subscription for a DNS blocker
Just abit of encouragement
Self hosting is easier than you think. I didn’t know anything about Linux prior to setting up a server. I’m faaaaaar from an expert but even a noobie like me was able to set up a truenas system by watching tutorials and reading. It’s definitely alot of problem solving in the beginning but it gets easier.
In terms of storage. Mega is great value for money and all E2E
Thanks, I really appreciate the encouragement.
You got this!
https://eylenburg.github.io/android_comparison.htm
This is a great table of comparisons between the different Android alternatives.
Personally I am using /e/os, but I think GrapheneOS is technically superior. I would first research whether the apps you need (EG banking) work on either one and then decide
Oh man, I didn’t even think about banking and credit card apps.
Phones have this neat thing called a web browser that you can use to access your bank and if you can’t use a web browser to access it then honestly you should switch banks because that just shows that your bank doesn’t give a fuck about you and that you are the product because they have proprietary shitware on your phone
GrapheneOS by far. From a security perspective, GrapheneOS is miles ahead because they are quick to update and they have the Android OEM security updates, which lets them update as soon as the update is released, instead of having to wait for the Android public security release with happen every quarter. Have also heard that /e/ OS is extremely slow to release security updates (when available) but i could not find anything about it.
I came to GrapheneOS for privacy and security, but stayed for the features.
-
Per application network toggle: I found this incredibly useful in cases where the application is fully functional without internet, yet still asks for internet permission, and I do not want it to phone home (e.g. Google Photos). It is helpful for when you are using a VPN, and do not want the slot to be taken by an application like NetGuard. Although, I believe you can replicate this functionality with (Split Tunneling) + (Block connections without VPN).
-
Storage Scopes: This is a another highly useful feature. Say you took a bunch of pictures on a trip, and want to show the pictures to a friend. Normally, you’d fear them snooping around pictures that you don’t want to show them. However, with GrapheneOS, you can just download a separate Gallery application, only expose the photos (or the photo directory) that you want to show via Storage Scopes, pin the application, and safely hand the phone over to them.
I found this feature very helpful when shortlisting ~10 photos from a gallery of 500 photos. I downloaded PhotoSwooper (which lets you keep/delete photos by swiping right/left) from F-Droid, exposed the 500 photos directory to it, and started swiping. I iterated this a couple of times, and got my perfect 10.
-
Contact Scopes: This is for the cases when you don’t want to expose your contacts to the application for whatever reason (e.g. you don’t want them to graph your connections or you just want to protect the privacy of your friends). You can just selectively share contact(s) instead of handing your entire phonebook to the application.
-
Sandboxed Google Play: Some applications require the extremely invasive Google Play Services (because it operates with elevated system-level privileges). However, with GrapheneOS, you can just install the sandboxed play services, which acts as a regular user level application. You can then revoke network access within Sandboxed Google Play Services, and use your play services dependant application as usual.
So, basically, if you can afford it, go for GrapheneOS. I wanted privacy and security; but now that I tried GrapheneOS’s features, a lot of these are now nonnegotiable to me.
On Graphene now, I dearly miss simple Lineage features I used 10 times a day: the network speed indicator and long press power button for flashlight. I just assumed GOS would have them.
I browsed the forums and they’re not interested in implementing it. One answer was “buy a flashlight”
Even after a few months I still feel like going back.
I personally do not use long press power for flashlight, but your requirement got me curious, and I tried to replicate it.
This is doable, but seems to require more permissions. I downloaded KeyMapper from F-Droid (https://f-droid.org/packages/io.github.sds100.keymapper/), and added a new key map with Long press Power trigger and Toggle flashlight action. However, this application requires Accessibility permissions (because you are overriding system maps ig), Camera (for flashlight), Network (I think it sends an adb command via wireless debugging to do the toggle) and unrestricted battery usage.
As for the speed data, from a surface level search, I found these two apps:
-
NetUpDown (https://apt.izzysoft.de/fdroid/index/apk/com.by_syk.netupdown): This shows a floating window (instead of the notifications bar) with the network speed.
-
Traffic Light (https://f-droid.org/packages/com.leekleak.trafficlight/): This displays the network speed as a notification, but shows the incorrect data for me for some reason.
Theoretically, it should be possible to just mash the functionality (/code) of these two to get what you want (thanks to open source).
A big thanks for doing all that research!
I had kind of a fix for the flashlight, but this is much better. KeyMapper is really polished, the icon doesn’t do it justice (I’m superficial like that).
I could customize the press duration, vibration, all good stuff. Only thing missing is a timeout.
I did have a bit of a weird behavior, with actions sometimes launched during button press and sometimes only after release. It seems to be fixed for now. For other users: I did grant root to the app but don’t know if it was required for this function.Traffic Light is again a well made app, but it updates too often and I don’t like persistent app notification in the drop down window. I’ll give it a try though.
-
I wondered, is the per application network toggle grapheneOS specific? I also recently discovered it and its so nice. Was a bit shocked when I red some indications online that its not a normal android feature?
I thought it was, but now that I looked into it, it is not. I know that you can use firewall apps to restrict internet access (which I hinted in my original answer), but now that I checked my LineageOS phone again, I see some toggles under Settings → Apps → YourApp → Mobile data usage. I am not sure how this differs from the GOS implementation (apart from the UX), but you do have the toggle.
Almost every firewall app on F-Droid has it. What Graphene brings to the take is that you don’t need root for that.
Graphene brings to the take is that you don’t need root for that.
this isn’t correct, on LineageOS you can do that without root
How? I’m on LOS right now.
App info --> data usage
Oh wow holy shit after all these years I learned this. Thank you!
LineageOS has it too.
CalyxOS did/does too
e/OS does this too
it’s not
-
I have /e/os. I decided on that pretty early on in my degoogling journey. Main reason being that I believe any privacy venture will come with tradeoffs, but I went with the “most things will work” approach. They have this neat privacy manager that tells you which trackers come from where, and I think that covers my needs. There has been exactly zero apps that haven’t worked so far, and most people that use my phone just think it’s a standard pixel.
The app lounge kind of blows though. I use the F-Droid app for updating F-Droid apps instead of it, since there was some weird stuff about where they were getting open source apps from. I use it for the play store, and it does what it needs to, although there is some weirdness with it like not being able to tell which apps have recently updated and when. I like the idea of joining app repositories together, but it needs work.
