It's not the OS that is transmitting the data over to Google, but rather OpenGapps (ie. Google Play). OpenGapps is software that can be optionally installed after the initial installation of LineageOS (but before first boot). A user can still use LineageOS without OpenGapps, though they just won't have the benefits (and drawbacks) that come with it (such as being able to use apps that require GSF). The user can instead opt for an app manager like F-droid or possibly Aurora Store.
In addition, there exists an alternative to OpenGapps called MicroG. This is like Google Play but allows users the option to anonymize themselves. One can find custom LineageOS builds that include MicroG from the MicroG website (as the members of the LineageOS project do not advocate for its use, instead giving preference to OpenGapps). Keep in mind, however, that there are fewer devices supported by those builds.
Technically, the Internet Connectivity Check on LineageOS also sends your position/IP to Google, and also avoids a VPN tunnel because it's lower down the stack.
I can recommend LineageOS, however be aware that lots of malware infected builds have made it to xda dev in the past, so you should build it yourself if possible (or use the official downloads).
Regarding the Connectivity Check: You can add all google related domains to /system/etc/hosts if you have root/sudo access.
Additionally I'd recommend everyone to use RethinkDNS as a DNS adblocker and app firewall - and AppWarden to patch out the Analytics parts of proprietary Apps.
Looking through the GrapheneOS source, the servers may not be Google servers but the system is still designed to phone home. As such, have they solved the problem or is this just another case of "Dont' trust them, trust us instead."
Has anyone succeeded in running multiboot on "smartphone" hardware, i.e., where the user can boot into a choice of kernel/userland. One choice might be Android, another might be GrapheneOS/LineageOS, another might be an OS that does not rely on any third parties whatsoever (no conveniences, "app stores", "connectivity checks", etc.) and is fully controlled by the user. In other words, the third choice lets the pocket-sized computer be used more like a pre-smartphone era desktop/laptop OS. Basic functionality.
Eh, if you want an airgapped phone, use it in airplane mode. Obviously, the phone needs some network infra for things like updates or timekeeping. You can route it over vpn if you want and you can build everything yourself and host all the servers yourself too if you so prefer. This type of pedantry is more harmful than useful to casual users who would be far better served with grapheneos than some non-existent ideal phone.
"...if you want an airgapped phone, use it in airplane mode."
Right, that's what I do. In fact this post comes from a smartphone sans SIM with airplane mode on, with a firewall against apps phoning home, no Google or Gmail account, all Google Gapps nuked including playstore - in fact all Gapps have been completely removed - not to mention that most replacement apps come via F-Droid.
Yes, technically it's not fully airgapped but it is against Google and that's my main aim.
Of course there's a penalty: I also carry around both a pocket router with WiFi and SIM to which the smartphone connects as well as the dumbest of dumb phones just for phone calls.
Yes, it's a little inconvenient in that the combined paraphernalia is about equivalent to two normal smartphones (both the router and dumb phone being somewhat smaller). Next step is to upgrade to a Fairphone or equivalent. (I've often wondered where I'd fit on a percentage scale of users who'd go to such lengths - somewhere between 0.1 and 0.001% I suspect.)
You may well ask why I've gone to such lenghts. It's more principle than privacy really. It's because governments around the world completely abrogated their responsibility when they deregulated the once-private telephone networks in the 1980s, when they did they let the Wild West take over. This 'vacuum' then led to a depreciation in the value of privacy on telephone networks. The ultimate insult came when the vacuum was filled by the likes of Google and others who usurped the last vestiges of our telephone privacy for good - and these damn governments just stood by and let it happen without so much as whimper. Remember, we telephone users were never first consulted about our privacy - governments just let Google and Apple et al take over the whole damn caboodle without question. (In the future after all the world has finally woken up to the disaster then we'll have dozens of historians trying to figure out what the hell happened and why. When realization finally dawns everyone will be flabbergasted.)
Now, long after the horses have bolted and without so much as an apology, governments are trying to reign in the likes of Google and Facebook. Right, our governance is a fucking farce - it has to be when governments simply allow Big Tech to not only effectively overrule longstanding law but also to go on and do whatever they damned well feel like with impunity.
Is the pocket router battery powered. Really we need an suitable open source, easily compiled OS to run on a suitable "smartphone" that can be re-purposed into a "pocket router". This to function as the gateway through which our "phones" reach the internet.
The router/modern is battery powered or it will run continuously off a USB charger. The one I'm using currently is a Vodafone (Huawei) R216. Here are the specs: https://wirelessgear.com.au/vodafone-pocket-wifi-4g-r216-mod....
That link is the first one I found, if it doesn't work for you just search the modem's model number.
The R216 lasts for at least 6 hours on battery, often much longer (and the battery is removable, so you can have spares to extended its operational life). Whilst this modem is principally an ISP one (Vodafone) it comes unlocked. I note that that link says it's locked but it's likely not - as most assume ISP-supplied stuff is but to be sure you'd better check that's so where you are. Also, if you aren't using a Vodafone SIM then first just check that it works even if it's guaranteed unlocked (some other SIMs may need setting up).
If the R216 isn't available or its locked in your country - or you have that common aversion to using Huawei equipment - then there are several other brands that are essentially equivalent. If you want the details I'll provide them.
Note this is a real router/modem and it'll run up to five smartphones/PCs at a time (which can be very handy). Some others that are a little more expensive can connect 10 devices to each other by their WiFi LAN and or to the SIM's mobile network. Also the R216 will take a micro SD card (one's mobile NAS so to speak :-)). Given its small size size and usefulness I'd never be without one (I've three of this model and several earlier types).
That Mudi GL.iNet router/modem combination seems a very substantial device with excellent specs. I've not seen it previously (but I've not been looking of late either), with specs like that I'd certainly consider it when deciding my next purchase.
Here, it seems to me the key issue of whether to buy that one in preference to, say, a somewhat lesser model with fewer features will depend on how you use it. Right, that's stating the damn obvious but from experience I've found it's very important when it comes to mobile stuff, all too often I (and others) have glanced over this important portability factor.
If your intended use is to, say, carry it in your luggage and only use it after you arrive in your hotel or conference room then I'd reckon there'd be nothing better than to buy the Mudi GL.iNet device. On the other hand, if you intend to use it like I use my Huawei R216 router/modem, that being as part of my kit to replace a normal default-type Android phone (as per my previous posts to 1tSlEv and 1vuio0pswjnm7), then a physically smaller device would seem preferable.
As mentioned, carrying around three devices instead of a single smartphone is rather inconvenient in that there's more bulk to carry around, also there's more chance of losing one of the devices. I'm pretty adept at doing so now but when I first started some years back I'd sometimes only take the smart and dumb phones and forget the router/modem—thus I'd have phone access but no internet (right, being Don Quixote and always tilting at windmills isn't necessarily the easiest way to run one's life) :-)
My 'combo phone' isn't the only stuff that I carry around, it has to share my pockets with other junk like screwdrivers, pliers, thumbdrives, multimeters, etc. so physical size is major consideration. From the specs, I've noticed the size of the Mudi GL.iNet router/modem is 145 x 77.5 x 23.5mm and weighs 285 grams; by contrast, my R216 is 95 x 58 x 11mm and weighs only 77 grams. Thus my R216 is only about 22.9% the volume of the Mudi unit and weighs just a nudge over a quarter of its weight. This difference is very significant if one is trying to carry it in, say, one's jeans' pocket along with both a dumb and smart phone.
This brings me to one of my pet peeves; that being the ongoing and progressive decrease in the depth of men's trouser pockets over recent decades. This is no joke or trivial matter; I lost an almost brand new HTC smartphone after going to a concert and sitting in laidback seating, it just slid out of my pocket without me noticing its loss, by the time I had then it was too late. If I were a conspiracy theorist rather than someone who understands that such negative occurrences are 95% the consequence of fuckups then I'd believe there was a conspiracy between phone and clothes manufactures to sell more phones! I cannot understand why the average guy isn't up in arms over the continual withering of his pockets; after all, surely the cost of extra cloth necessary to correct the problem would hardly be measurable in the overall schema of things (BTW, this pocket problem even extends to coveralls/overalls). Anyway, as someone who's been sartorially challenged from birth, I've largely overcome the problem by ignoring fashion altogether and taken to wearing ex-military BDs or equivalent cargo pants. Penny-pinching accountants haven't yet sufficiently infiltrated their manufacturing to have made much difference.
The upshot of this is that I keep the smartphone in one of my trousers side pockets and the dumb phone in the other whilst the R216 router/modem I put into one of my shirt pockets. The caveat here is that it's important to have shirts whose front pockets can be buttoned or zipped up to stop the device falling out whenever one leans over. Given the average size of shirt pockets—and they too have been shrinking in recent years—then there's no way the Mudi GL.iNet router/modem would fit in them.
Which goal gets served by the separate router? I've been thinking here for a while, but the only thing that comes to mind is a very restrictive "allow-list only" firewall.
Which dumbphone are you using? The majority thereof seem to be KaiOS based, which frankly is not sufficiently dumb for me to warrant the switch.
First, the dumb phone is just that—voice and SMS only sans internet but more on that in a moment.
The router was designed to serve three purposes and I use all three of them: (a) to simultaneously connect up to five devices (smartphones/PCs etc.) to the internet via normal WiFi connection which it then routes to the internet via a mobile SIM card; (b) it's also a WiFi LAN switch in that it will allow local interconnection between the five connected devices; and (c), it has provision for an onboard SD card to which the five devices have access (i.e.: it acts as one's local mobile mini NAS). You'll see reference to detailed specs of the Hauwei R216 that I use in my previous post in reply to 1vuio0pswjnm7.
In my case, I use a fully-fledged reasonably current Android smartphone operated without SIM card and set to airplane mode for normal app usage, location and maps when needed, as well as internet browsing and non-Google email (POP/IMAP)—thus, the phone's only internet access is by either WiFi (to the router—my usual way) or Bluetooth—to another phone's internet connection (normally off).
Note: the phone is never used for telephone calls and it cannot be used as such as the router's SIM is a data-only type (that's to say one has a mobile phone number that cannot be used to make normal phone calls). Moreover my ISP, as many do, differentiates a data-only SIM/service from a normal one that does both. (In data-only services, one trades normal voice phone for extra data/cheaper data rates—you know, the usual ISP con job of artificially inflating a mobile phone's data charges. Nuking phone/voice access in data SIMs somehow—as if by magic—justifies ISPs to sell you data at a much cheaper rate. Furthermore, normal SIMs often won't work in routers for similar nefarious reasons).
As mentioned, I deliberately avoid Google services but using a phone this manner doesn't preclude one from doing so. I've found that if you use Google services, etc. then there's an added privacy advantage of disconnecting the phone from the actual telephone number as that now belongs to the router, moreover any app that that reads the phone's IMSI number will not be able to find a corresponding telephone number. I've several phones that I connect to the internet in this manner and every one of them has never had a SIM in it so Google is unable to link the phone's current ISMI-only configuration to any former IMSI/telephone number combination as there's never been one. Furthermore, in one instance when rooting one of my phones I accidentally formatted the partition containing the IMSI information, etc. and whilst I had the means of putting the info back I decided not to—thus apps no longer have even an IMSI number as an ID reference. Incidentally, this is still legal as far as regulations are concerned as the router and router SIM now provide the IMSI/phone number combination.
My phones also gain extra privacy from the fact that they're rooted, one can use the many Xposed Framework tools and such to improve privacy, nuke ads etc.
On the matter of firewalls, I normally use one on the smartphone itself rather than say installed in the router for purely practical reasons in that it's easy. The drawback of course is that if the firewall stops for any reason, which on occasions does happen (especially so after a full restart), then any apps that have a collection of data will use the opportunity to send it (my default is that no apps have internet access unless it's specifically needed as part of the app's function and the firewall is set accordingly—this also acts as extra method of nuking ads although I mostly use F-Droid's ad-free apps). This risk can be essentially eliminated with a rooted phone but I've not time to go into that here. BTW, I use several Android firewalls apps (not on the same phone of course) but I've found the easiest to use is Karma Firewall.
Re my dumb phone, I've been using an Aspera F28: https://asperamobile.com/phones/easy-phones/aspera-f28/ and its later incarnation the R30 but I'd not recommend them and they're unlikely to be available in many places. Their batteries are too small and of inferior quality and have to be replaced often (at least they're removable). Nor would I recommend other Aspera phones for similar reasons. I doubt that they use KaiOS, if they do then I've seen no sign of it. I reckon you're right to be worried about KaiOS especially so since Google has invested millions into the project.
Incidentally, I've other better flip phones such as Motorola ones that I can no longer use as they're only 2G (which is ideal for dumb phones) but unfortunately where I live they've now killed 2G. Doro dumb/feature phones may be worth considering as they've have always had a reasonable reputation (in the past I've thought about getting one but I've no practical experience of them). I know that Doro used to use their own OS but I cannot tell you much more than that except to say they do use KaiOS on at least some of their phones, the 7050/7060 for instance.
Of course, much depends on what you actually want to do. As I've mentioned in my previous post to 1vuio0pswjnm7 that carrying three devices instead of one can be rather inconvenient as there's more bulk to carry around and also the chances of losing one of the devices is potentially higher—one needs sufficiently large pockets to carry them thus size and bulk matters. As a person who's always carrying around lots of technical junk this is a hobbyhorse of mine and I'll address it in more detail when I reply to Iolaum.
"Network time can be disabled with the toggle at Settings System Date & time Use network-provided time."
Connectivity checks are enabled by default but can be disabled.
"Connectivity checks designed to mimic a web browser user agent are performed by using HTTP and HTTPS to fetch standard URLs generating an HTTP 204 status code."
"You can change the connectivity check URLs via the Settings Network & internet Advanced Internet connectivity check setting. At the moment, it can be toggled between the GrapheneOS servers (default), the standard Google servers used by billions of other Android devices or disabled."
Why these are enabled by default, i.e., opt-out instead of opt-in, is strange considering this OS is aimed at technical, security and privacy-conscious users. Users who would surely know what services they want and be capable of enabling them.
Yeah I agree, these settings should be disabled by default and require explicit opt-in. That said, I am impressed by how privacy/security-conscious the OS seems to be otherwise!
You can't really get rid of connectivity check, because it is a part of public API. Applications use it to check whether a network has internet access. Android itself uses it to detect captive portals and prompt user to authenticate when network requires authentication/payment via a web page.
I'm not suggesting they get rid of connectivity check. They already provide the option to disable it. All I'm suggesting is that it's not enabled until the user indicates they want it to be. This could be asked during a "first time" setup flow like most smartphones have.
* Usability: An OS without network connectivity checks and time sync might not be usable by non-geeks
* Obscurity: The threat from these pings is low. The threat of having a phone that behaves differently than "billions of other Android devices", indicating that it's GrapheneOS or some other security-oriented OS, is arguably higher.
I'm a little confused: GrapheneOS is the exception; almost every OS successfully implements connectivity checks. Also, the answer to the problem seems obvious: check again. Check every second or every 30 seconds, etc. It's just a ping.
Did you actually find any examples of GrapheneOS phoning home?
GrapheneOS doesn't rely on any third-parties I'm aware of. The only service provided is over-the-air security updates. It doesn't even come with an app store (although you can install F-Droid).
For that reason, GrapheneOS alone fits all three categories you mentioned: It is Android, it is GrapheneOS, and it is fully controllable / doesn't ship bloatware.
It is not controllable at all: It still enforces any app author's will against the user's. Root is not offered, and the grapheneos maintainer seems to be personally offended by the thought that root could be helpful.
What I mean: I cannot see the app's files, I cannot edit them, I cannot backup the app locally, only by uploading data unencrypted to googles cloud. Adb backup was unreliable in the past, could be switched off by the app against my will, an is deprecated anyway. I cannot screenshot an app if the app doesn't want me to. I cannot block ads properly, only via some fake VPN app, but then I cannot use an actual VPN at the same time. I cannot firewall an app, except with a hack using another fake VPN app. I cannot disable an app into background. I cannot give a fake GPS to an app.
I cannot have f-droid auto-update my apps. All of these things I should be able to do, but the anti-user "security" enforces this against me, actually hurting my security in order to make googles and shady app vendor's business models possible. And then they claim it's for my own good.
A lot of the "root is bad mkay" is fueled by this more or less hidden agenda. That it helps to idiot-proof devices is a nice side effect only. Historical proof of this hypothesis is: When TCPA was first introduced it was explicitly made for DRM. People fought it a lot, so today they are introducing it disguised as security measure.
For your later linked examples, those can be changed.
But as for the microG/GApps question, GrapheneOS provides a sandbox for the actual GApps, so that almost everything can run properly, with very strong control over what is seen by Google.
How is Pinephone coming along toward this year's end?
I check in every now and then, but I need it to be where current Lineage/Graphene are. I don't need trivial software (games et al), but I need it to be automatic enough* that I don't have to spend an evening or weekend unbreaking things – and reliable all the same.
* barring basic things like package manager updates
And nowhere near the security of even stock Android, unfortunately. Every app is free to spy on everything else on the system, just like most desktops.
"Unlike AOSP or the stock OS on the supported devices, GrapheneOS stops making network time connections when using network time is disabled rather than just not setting the clock based on it."
"... rather than just not setting the clock based on it."
Wow, that is really sneaky and deceptive. The user thinks she has disabled the constant connections to the tech company time servers but in truth the connections persist.
The time checks are equally as annoying as the connectivity checks.
Back in the days I was maintaining the driver support for Cyanogen for the MSM7227 based models and I found some builds on xda dev that came preinstalled with some RATs.
I only found out by coincidence of another dev asking me to verify the build. The nature of how Android is built (with all its hundreds of repositories) isn't made for verifiable builds, so it's really hard to prove or audit.
From what I've found usually the builds with custom UIs or skins on top are infected with stuff either the person packaging it doesn't know about (benefit of the doubt) or do, but it comes out a year later when someone skeptical checks for it.
Verification is especially hard because everybody on xda dev is using some paid adfly links or some google storage or dropbox links that will change in intervals (depending on how much traffic they produce they'll get blocked quickly).
So yeah, I think the need for a hash based end to end verification tool is kind of there.
But honestly I have no idea how to build it because even the partition setup of old flash storage using devices is so messed up that there can be side effects when an apk is put in /emulated storage folders.
I think the only future proof way to do this is going mainline like the postmarketOS devs try to do. But until we're there I'm probably dead of old age already. I don't believe in the Android ecosystem anymore, because this is a governance coordination problem that's not easily fixable. Hosting all outdated kernels alone with all the custom drivers is way too much traffic for any open source project to pay for.
I can't recall the exact settings to push via ADB, but the Internet Connectivity Check is "easy" to fix. Create a server that's always up that responds with a 301 (or whatever the check expects), and push the address to the phone. Done.
It's a shame that Google's servers are the default, and I wish it were at least called out by Lineage. That said, I doubt they want to cover hosting costs of such a service (although I'd think they'd be fairly minimal).
This internet connection check actually caused problems for us when we started having users in China on android. Our code was checking for a connection before transmitting data and android thought the device was disconnected due to the great firewall. I think there’s just a hack around it for now that disabled the android connection check for those users.
the last (stock) android phone i touched had an option to change the url used for the check. i was pleasently surprised - comments here suggest this is not "normal"?
> or use the official downloads
ime the meaning of the word "official" has been severely diluted esp. in the android community
Yep MicroG is the route I'm going on Pixel3a I just bought. You don't need to sign into any Google services to use them. For now I'm just using maps. I found a nice Reddit article on de-googling even more as well. If you install OpenGapps you might as well forget it-
I'm using LineageOS with neither OpenGapps nor MicroG, and can confirm that Aurora works without. There are numerous apps available from Aurora that will not function, of course, and many other inconveniences of varying severity, but it's overall a good experience.
I am using Lineage without Gapps, and every app on my phone came from F-Droid.
I assume that my carrier sees location data on my device, but as I have learned to live within F-Droid on my daily driver, I assume that I am immune from this Google intrusion.
I do have an older stock phone that keeps my Google login for when I need access to Google services. If it is powered down for a month, I am assuming that I am free of Google for that month.
Google is a destructive force upon their customer base. Abandoning Google is always the correct action.
> I am using Lineage without Gapps, and every app on my phone came from F-Droid.
Did you transition or quit cold turkey? I switched to Lineage OS with micog. Actually, now that I look through what I installed via Aurora, I'm surprised how few apps there are. 3 required for work. I guess I could reduce that to one with some effort. A few financial / shopping apps that are nice to have vs using their website. Google maps (not sure the replacement to that is).
OsmAnd has been real hit or miss for me. It definitely has a lot more friction than Google Maps, and sometimes I'm not able to find a destination even with the full address. I want to use it, and I want to support the ecosystem, but damn if it doesn't make it difficult.
I agree. I'm trying to switch to OsmAnd from Here and even that is tough when it comes to finding an address on the map. You can find place names if they have been added to OpenStreetMap, which is mostly in big cities but that doesn't cover everything.
I uses a separate app called GPS Coordinates. I give it an address and it gives me lat/long which I paste into OSM. I'm sure there's gotta be a better way.
For the average end user however, this is a distinction without a difference. A Galaxy S21 you buy from the store has Google Play and will be sending info of 99.99% of users to Google
I use GraphineOS and LineageOS without Google Play Services. They are great and are suitable replacements for Apple and Google.
- Osmand(FOSS) for maps (supports being fully offline!)
- Signal and Discord for messaging (Discord is sandboxed)
- Newpipe(FOSS) for Youtube
- F-droid(FOSS) for my FOSS appstore
- APKmirror for the few non-free apps I need
- Libretorrent(FOSS) and VLC(FOSS) for watching movies
- Firefox(FOSS) and Vanadium(FOSS) for browser
- K9 Mail(FOSS) for email
- Infinity(FOSS) for Reddit
- Secur(FOSS) for 2FA
- Taskkeeper(FOSS) for reminders
Almost everything you need is in the F-droid FOSS app repository. It all works, and it works well. You can buy a used Pixel 3a for around $80 on Ebay and have a better experience in every category than iOS, hardware and software.
The only limitation is push notifications, which isn't a problem because FOSS apps like Signal bundle their own notification system that does not use Google Play Services. Discord however, does not get push notifications (which I wouldn't want anyway)
There's an app available on f-droid called Aurora Store that lets you download apks from the Play Store directly, avoiding the need for stuff like APKMirror (where you don't know where or what happens to the apk you're downloading). On desktop you can use the program Raccoon for the same.
> ...and have a better experience in every category than iOS, hardware and software.
Really? I tried GrapheneOS on a Pixel 4A, and without exaggerating or trying to come off sensationalist the experience was really tepid compared to iOS, and even "normal" Android. Stuttering and jerky UI (which often also wanted to take a brief nap), very poor GPU hardware acceleration support, notably worse battery life, loads of things that just didn't work well (or at all) without Gapps, and trying to get Play Services shoe-horned into GrapheneOS was still quite the bug-ridden hassle. Additionally, the Open Camera app produced rubbish results compared to Google's native Android camera app, which matters a lot to me.
I'm surprised to hear you say that. I've played the most demanding Android games on the Pixel 3a with no issues. I've never experienced anything but a butter smooth UI on Graphine or Lineage to be honest. The battery life has been all day for me even when using GBA emulators for multiple hours a day.
I agree the default camera app of Graphine isn't great, but it's picture quality better than the iPhone I came from (iPhone SE gen1)
Can you install GCam as apk from somewhere? Will it work? I use GCam on the default Android (8) on my Nexus 6P and it works well. I am thinking of upgrading to Pixel 2XL or 3A and install Lineage OS with GCam, so I believe it would be a much better experience than the default ROM on a Pixel. But I have no idea whether GCam would work in LOS.
You should be able to get GCam via Aurora Store by setting the spoofing to a Pixel device, but newer versions of GCam check for something that cannot be spoofed with an app (issue #22 in above github) so you have to get a modded GCam app if you want to user newer versions and use an android rom that does not spoof this.
The mid-level processor on the Pixel 4a may just not be performing to your expectations. A phone with a high-end processor would perform better. For GrapheneOS, the fastest compatible phone available (used/refurbished) right now is the Pixel 4 (or Pixel 4 XL).
Also, if you are using a Pixel phone with a non-default flavor of Android, the Google Camera app still works if you download it manually. APKMirror is a trustworthy app source run by Android Police:
Pixel 4 running graphene. I'm sure it's fine by android standards, but if you're used to iOS, it is unbearable.
Going back to iPhone as soon as I've got some free time to get everything set up again.
Unrelated, but I'm still very surprised there's no standard way of doing live photos on Android. They really do add a lot to the experience of reviewing old memories and Google has had at least 5 years to catch up.
On my Nexus 6P I use GCam v. 5.2.019.188906351 and it performs really great! It is quite slow with HDR+ (but usable), and almost on par with the default camera without HDR+ (still producing great camera quality). I am curious whether the experience is similar on a Pixel line, with Lineage OS (or any other custom ROM).
This in fact sounds quite exaggerated. I've had nothing like this experience with the Pixel 4a. Battery life has been exceptional, UI works fine, Play Services work with about 90% of the apps I tried. Google Camera worked also with Play Services so you don't have to use Open Camera.
I run GrapheneOS on a 4A with TMobile and the frequent reports of people trying to call me telling me my line is out of service and days where calls won't initiate from my phone at all makes me want to run back to my iPhone.
The tethering seems to be pretty flakey as well with me often having to reboot the phone.
I've been using GrapheneOS on a 4A with TMobile as my daily driver for over a year and have had none of these issues. Never had an out-of-service notice from someone calling me, never had a call not initiate, and tethering works great.
Maybe it's something to do with OpenGapps? I never installed it or microG, I'm perfectly happy with just Fdroid.
I'm running GrapheneOS on a 4a right now and it's smooth like butter - maybe you needed to wait for a few updates. The camera has improved a lot as well but is still not close to the stock google camera.
It seems like what you're looking for is CalixOS + microG.
Do banking applications work? I mean as in "I buy X online. It requires me to login to my bank application and press 'confirm'. I perform this sequence, and online purchase is completed. "?
I switched to /e/ rather recently, and it also just happen that I am in the process of switching banks, which means I currently have two banking apps on my phone.
Both are rather strict on having a clean, non rooted, non modified phone. Currently, they both work without any caveats, but I had to install magisk, add them to magisk hide, and use the magisk renaming feature to have them work.
I recently had a bank detect Magisk Hide. Since on principle, I don't think it's their business what I do with my phone, especially once added Magisk Hide, I went into my branch, told them just that and asked for everything in cash to move to a different bank. These are the same banks that only have SMS for 2FA and it's required.
Most banks in EU require phone app based confirmations for transfers and other operations (according to PDS2 directive).
Visa and Mastercard also introduced 3DSecrue system which piggybacks on the same system of confirmations. Vendors are incentivised to adopt it by lower rates.
In essence when paying with card or making a wire transfer (or using some instant transfer method, for example Blik in Poland), you get notification on you phone asking you to confirm operation, even if you initiate it from your account in the browser.
In essence Bank apps became 2FA devices.
The only way to avoid it is to opt-out of the App 2FA and use paper one-time code pad.
You regularly then get sent a list of codes by snail mail, which you have to type to confirm operations.
It depends per bank; mine discontinued the paper OTP pad as well as the SMS codes, and gave me a separate 2FA device when I didn't want to use their app. I don't think banks can force you to have a smartphone yet.
Does nobody in the EU do computers ? How do they pass asinine laws like this ? I mean, from the outside, it always appears as though the EU is much better than the US when it comes to consumer rights, but it always feels like they don't have a very good grip on technology.
Where I live, the authentication systems implemented by banks are also used for verifying user identity to various other services, including governmental ones.
Basically, there's a common (government-backed) user identification system which hooks up to interfaces that banks provide. When you're logging in to an online service that requires strict identification of the user (such as ones that would require an official id document if done in person), you first pick the bank you're using, and the service forwards you to the bank's website. Once you log in with your bank credentials, the original requesting website gets informed that you've provided valid login information, and the identity that the login matches with.
I don't know the exact technical details of how that works, but essentially the bank also acts as a user identification service for various official and governmental online services. It's treated as similar to proving your identity with a document, or to signing a document with your signature.
I don't know if this is a common thing in other European countries, but if it is, that might be a reason why the EU has an interest in enforcing 2FA.
You're not strictly required to use a smartphone, as at least my bank has other means of 2FA that satisfy the regulatory requirements, but they are more cumbersome.
I don't think this was driven by law, but by an appropriate wish to increase transaction security (you really shouldn't use SMS for this anymore).
There are some rules here that are nonsense, such as know-your-customer laws that force me to enter my home address even when the product or service (say, a concert or train ticket) is delivered to me entirely electronically.
Most of the move to purely electronic payment is driven by the market and the large banks; e.g. in the Netherlands we actually never had laws that force shops to accept cash as payment.
I agree that you shouldn't use SMS. My point was that unless the law (if there is one), requires that 2FA be enabled in an accessible way, the banks will do their own thing with the phone push notification system. The 2FA situation is quite bad in the US too, but a small no. of banks do offer TOTP.
FYI in New Zealand a few banks can provide a device (e.g. RSA SecurID) for proper non-bank 2 factor auth with consumer accounts. However some major banks only use phones for 2FA (app or SMS).
The norms seem to vary considerably depending on country.
Didn't know this was driven by PDS2. As much as I appreciate the convenience, I still find the whole drive fucking annoying - especially that, with all the talk about data portability, I still can't get a simple API endpoint I could point a script at to fetch me my account's balance.
Yes, I'm bitter. If there's ever a bank that puts end-user automation first, I'll switch in a second.
From all the banks I've tried over the years I always check for this feature, sometimes asked and never got what I wanted. "No the API is only available for our 100k a month or more users" is the closest I got.
However when I really wanted a solution i build a small service that receives the confirmation SMS most banks offers and pushes my balance in a small API.
also not very safe. Attacker can duplicate your sim. This way he can call the bank and use the mobile numer as to restore bank account details. At least in Poland
The number one reason to use a banking app on your phone is to deposit a paper check by taking a photo of it. I am not aware of a bank that lets you do that from a webpage.
Vanguard works on my completely google-free phone, although I had to change the OS language to English because w/ Android set to French their app would force the use of commas as the cents separator, then complain that commas are not a valid character. Another fun thing was it uses its own internal camera app, which would focus the preview, then completely ignore the focus setting and take a blurry photo of the check. Eventually I figured out the camera's default focus length and take the photo from that distance.
Most in EU do this or will do - it’s part of EU bank regulation (PSD2). SMS isn’t considered safe anymore and debit/credit card payments are confirmed through banking apps (you get a push and confirm).
Wait, but smartphones are less safe than SMS. The attack surface of SMS is your surrounding, the attack surface of a smartphone is entire world, and virus infections happen much more regularly than sim copies.
That's not the issue though. I can log in to my cell account and see the content of every sms i send and receive. an app establishes an encrypted connection between your phone and the bank. sms is open to the public.
in addition, you don't need to copy a sim. you can copy a cell tower. which the authorities do all the time, without any warrants, and capture data en-masse. The fake cell tower fits in a backpack.
But it's not just the cops capturing your cell data. It's anyone, they've been doing it for over a decade, and it's cheap and easily accessible.
Online purchases with UK bank accounts often require this. Some banks use an OAuth-style redirect instead. I think the merchants get lower rates if they enable this feature (called "3D secure") because it lowers the risk of fraud.
It's basically 2FA for online transactions, which seems very sensible to me.
Reading the comment I was confused as well - it sounds as if the user provides his banking login to the merchant as part of the checkout process. However they mean that the transaction has to be approved via banking app, not unlike a 2FA authenticator app.
I think it's called 3D-Secure for debit/credit cards. In Ukraine for example it is pretty much a normal path for online payments. Also our "credit" cards aren't the same your "credit" cards. Ours are basically the same as debit cards but with added overdraft amount and different service fees. They are created by the same banks as debit cards, not by a separate corporations.
It usually happens when someone pays with a credit or debit card. If the confirmation is not given in the app within a certain time limit, the bank rejects the card transaction.
Edit: to clarify, my comment is about the UK, and it does not happen with most card transactions; "usually" here refers instead to card transactions being the usual trigger (in my experience) for this app-based authentication flow.
"Usually" is a bit of sticky word here. Your usual is not my usual, hence my questioning of it. My experience is US centric, so I'm assuming non-US but non-US is a really big place.
On /e/OS with microG, I successfully use the apps for Starling Bank and Hargreaves Lansdowne. Nationwide and Nivo also both work. (these are all UK services, not sure how far they are known elsewhere)
> I mean as in "I buy X online. It requires me to login to my bank application and press 'confirm'. I perform this sequence, and online purchase is completed. "
I use the exact same setup, works like a charm. I can definitely recommend it for anyone concerned with the privacy issues of current mobile OSes. Furthermore, it never feels limited after getting used to this suit of apps, which may take up to a week at most.
Both Shelter and Insular are effective for isolating your files, contacts, and phone logs in each profile. If you are using a VPN, it is limited to the profile that the VPN app is installed on, and you need to install and run it again on the other profile to cover the apps in that profile.
Organic maps isn't there yet IMO. OSMand is huge, but it's the only app to match Google Maps features.
I can also recommend BRouter (with OSMand) for bike navigation. It's ugly and hacky, but once it works, bike navigation is much, much better than Gmaps'. E.g. it's not sending you down cobblestone roads all the time.
Fun, I guess this is just a question of habit. Nowadays I use OSMAnd mostly, and when I have to use Google's Maps (OSMAnd's search isn't great, and public transportation isn't there), I'm lost, and the app never shows the information I want.
It's happened to me a lot of times with Google's Maps (with regard to how frequent I use Google's Maps) that I'm looking for something, I KNOW it's there, I'm searching for it (like "groceries" for a grocery store), and the only way Google's Maps would ever show it to me is by zooming it until the ONLY thing on screen is building, and then it does display it.
You mentioned Signal and Discord for "messaging". Can you or someone else confirm that video calls work with GrapheneOS or LineageOS. I am getting ready to try these but I am still not sure video calling works. When reading about them I cannot find much discussion of this particular application.
According to Plexus, WhatsApp works perfectly on Android without Google Play Services, whether or not you have microG installed.[1] I think they implement their own push notification system if you download directly from them,[2] though I haven't confirmed this.
Discord works perfectly with microG, and has a 3/4 rating without it since notifications will only work if you have microG.
If you are looking for a hosted service to back up your photos, Stingle is an end-to-end encrypted photo hosting service. Alternatively, you can use Nextcloud to self-host. Both are FOSS on the client side, and Nextcloud is also FOSS on the server side.
I've tried Osmand and found it way too slow/janky for everyday use (since it has to render the tiles locally and doesn't seem to pre-render for scrolling).
Newpipe loads videos much slower than the official app and occasionally fails completely (likely because YouTube changed something).
F-droid (regular, non-root install) shows me notifications to update apps, then when I tap them, I get a "there was a problem parsing the package" - this is a bug that has remained unfixed for over 5 years (https://gitlab.com/fdroid/fdroidclient/-/issues/669).
It's not impossible to use a FOSS phone, but it's truly painful.
If you don't like Newpipe you can use Youtube Vanced which is basically a pwned version of the native Youtube app. I've had some stutters with Newpipe but overall I like it.
Osmand really isn't bad, sure it's a little bit slower to render but we're talking maybe 500-1000ms on a Pixel 3a.
Regarding F-Droid you're right it is quite buggy, but thankfully once you've got the apps you want you don't really need to use it except to update.
Yes they will work, however to get notifications when the apps are closed you would need to have to some form of Google Play Services. I suggest MicroG if you are intending to do this since it seems to be the least invasive.
In my personal case though, I would still not use MicroG, and would just leave the app open until I am done using it. This is easier on Android because apps are not suspended in the same manner iOS apps are.
What about when the phone locks? My phone is set to autolock after 1 minute. Leaving an app open just to receive notifications seems like a waste of battery.
If your phone is locked you will most likely not get the notifications, it just depends on the app. I do agree it can waste battery.
It's important to remember this is only a concern on non-free apps. The FOSS apps have very low power background services that check for notifications without the app running.
I use /e/os. It is based on LineageOS, is completely de-googled and has MicroG integrated. MicroG means push notifications with apps like WhatsApp will work. https://e.foundation/
Last I checked the default keyboard samsung installs on their phones was collecting what you typed and sharing/selling that data with third parties. I try not to store or access any personal information on my cell phones when i can avoid it, but at a certain point, just having one is enough to seriously compromise your privacy. Strong regulation with real sharp teeth is the only thing that can fix this situation.
I'm glad they let people know it's possible, a keyboard isn't something you should install without some careful consideration because they can be used as keyloggers. I just wish they'd been as clear about that with the keyboard already installed on the phones when they ship. Anyone seeing that warning might easily think it's safer not to replace their stock keyboard even though it's already doing the very thing they fear a new keyboard might do.
> a keyboard isn't something you should install without some careful consideration because they can be used as keyloggers
To be frank, Android should not allow input methods access to internet/filesystem in the first place. But that would have hindered Google's own keylogger, so...
I use Google Pinyin Input. (Which seems to have been deprioritized or something, but still...)
The general shape of input methods that let you produce 汉字 is that you provide some type of input that hints at the character(s) you want, the input method displays a menu of options that match your input, and you select the correct option from the menu. For example, if I'm using pinyin entry and I type `shi`, I can choose from 是, 时, 事, 使, 试, 世, 市, 十, 式, 师, 石, 室, ......, which are all pronounced shi. (And heck, those are just the top 12 suggestions. They mean things like "ten", "be", or "stone". The `shi`s go on for several pages.)
You can enter more than one character at once. If I type `bhys`, I'll see the suggestion 不好意思 ("sorry").
The presented options are chosen based on what the input method predicts I'm most likely to want. They are context-sensitive -- the order of suggestions will change depending on what I typed just beforehand -- and the likelihoods and the phrases are collected from what people elsewhere in the world type. Suggestions can be quite current! Without an internet connection, this would be a much worse experience; the predictions would be wrong or useless much, much more often.
It wouldn't be as bad as you might think without prediction - back in the days with "dumb" input method, the word choices would be listed by frequency of use, and you'd remember which choice the word you want would be.
So you'd type shi and click the first choice for 是, second choice for 时, etc without even needing to read the options since they'll always be in that slot. If there's a word you use frequently but is listed late in the list you can change that in the settings file. Same for shortcuts like bhys and you can always add your own shortcut.
The Chinese keyboard I use does not have internet access and only does prediction based on set phrases - eg if you type 时 it'd offer 間, 代, 事, 空 etc; if you type tmd it'd give you you-know-what, and I prefer it over the Google keyboard since my muscle memory can do most of the work instead of my eyes.
One may replace the keyboard, but the underlying "input method" framework is still under OEM's (in this case, Samsung's) control: That is (afaik), they could key-log just fine regardless of whatever keyboard one may install / use.
I've tried both anysoftkeyboard and openboard, and liked openboard layout better but wanted swiftkey like support from anysoftkeyboard. Looking at reddit fossdroid I discovered the one fitted me better as a closer to openboard with swiftkey support : FlorisBoard
I was also a long-time fan of Swiftkey, and switched to OpenBoard a few months ago. The main differences are lack of swipe input which I miss dearly, and slightly less intuitive correction. I think since switching I've put a little more effort into being more accurate which has helped.
FlorisBoard is another open source keyboard project that has experimental support for gesture/swipe typing. It requires a bit more accuracy than spyware keyboards but might be worth a try.
Hi! I have a Samsung and I looked around online and couldn't find any real info on this topic. I don't doubt it's quite possible, but where is your source from? It's been hard for me to confirm. A good point, though, I'll look at the open source options....
Samsung's own privacy policy and those of the 3rd parties they use. It's been over a year and checking now some things have already changed, but if you click on the gear icon from within the keyboard you can select "about sumsung keyboard" which should give you a list of policies including gify and tenor (both used for gifs I guess) but i didn't even check those. The one you want is the legal info which tells you that in addition to samsung's privacy policy (which outright says it's collecting and selling everything it can get their hands on (see https://www.computerworld.com/article/3514999/samsung-sellin...) you also have to accept the policy of a 3rd party called Nuance which they use for "language data".
The wall of legal text there eventually links to their privacy privacy which opens in the browser. They collect and store things like "your choice of words, speech and writing patters, how you use your keyboard, custom words you add, the number of charters you type, your typing speed, etc. and they share (read sell) that data to affiliates, subsidiaries, vendors, subcontractors, etc (pretty much anyone they feel like). They specifically state they use this data to draw inferences reflecting your characteristics, behavior, abilities, preferences and aptitudes all of which they can sell to anyone at any time without even telling you about it because what they learn about you by going over all your data is their data and they don't have to tell you anything at all about what they do with their data.
This is super brilliant thank you. I have never personally done that much searching through the EULA / Privacy Policy. I'll take a deep dive and look for alternatives.
Samsung could really make some advances on Apple by just being more clear on these aspects of their data collection. Even if they just said "We want to collect your data, but it's YOUR data, so we will always ask for your permission, and in case you are wondering what we collect, you can find it all here..."
Samsung's own privacy policy and those of the 3rd parties they use. It's been over a year and checking now some things have already changed, but if you click on the gear icon from within the keyboard you can select "about sumsung keyboard" which should give you a list of policies including gify and tenor (both used for gifs I guess) but i didn't even check those. The one you want is the legal info which tells you that in addition to samsung's privacy policy (which outright says it's collecting and selling everything it can get their hands on (see https://www.computerworld.com/article/3514999/samsung-sellin...) you also have to accept the policy of a 3rd party called Nuance which they use for "language data".
The wall of legal text there eventually links to their privacy privacy which opens in the browser. They collect and store things like "your choice of words, speech and writing patters, how you use your keyboard, custom words you add, the number of charters you type, your typing speed, etc. and they share (read sell) that data to affiliates, subsidiaries, vendors, subcontractors, etc (pretty much anyone they feel like). They specifically state they use this data to draw inferences reflecting your characteristics, behavior, abilities, preferences and aptitudes all of which they can sell to anyone at any time without even telling you about it because what they learn about you by going over all your data is their data and they don't have to tell you anything at all about what they do with their data.
Strong regulation by whom? The organization that brought us the CIA, NSA, FBI, and the rest of the alphabet soup of “security” bureaucracies that spy on us arbitrarily?
Strong regulation could easily worsen the problem, as it can lead to a ratcheting up of the regulatory burden until only mega corps like Apple and Google could afford to make phones, and upstarts like Purism and Pinephone get squeezed out.
How about before getting so gung ho with pointing the government gun at everyone’s head, we consider the option of rolling back the unjust regulations that already exist which give the mega corps undue government privilege (patents are a good place to start), and encouraging (by voting with our wallets) organic alternatives to emerge, like they already are doing.
> The organization that brought us the CIA, NSA, FBI, and the rest of the alphabet soup of “security” bureaucracies that spy on us arbitrarily?
Which origination do you think that is? you think they all came from the same place? Every one of these agencies came into existence under very different circumstances at different times and they fall under different branches and operate in different areas. Do you mean "government" in general?
Yes, it's a horrible thing that these agencies are being used to spy on all American citizens in violation of our freedoms, but that fact doesn't mean that we shouldn't allow any government agency anywhere enforce regulations. How that does that make any sense at all? You could say the same for literally anything. "Who should regulate the amount of lead in our drinking water? The organization that brought us the CIA, NSA, FBI, and the rest of the alphabet soup of “security” bureaucracies that spy on us arbitrarily?"
> Strong regulation could easily worsen the problem, as it can lead to a ratcheting up of the regulatory burden until only mega corps like Apple and Google could afford to make phones, and upstarts like Purism and Pinephone get squeezed out.
It literally couldn't worsen the problem of our privacy being violated and used against us by cell phone companies. If it's illegal for Google to do it, and we had regular independent verification that they were not violating those laws, than it wouldn't matter if the only cell phones that existed on the whole of Earth were made by Google. Google still wouldn't be doing the bad thing we're trying to stop.
Yes, I'd prefer to have more choices but there's zero requirement that regulations make it prohibitively expensive for any company even an upstart. In fact, because this would be regulation against collecting, securing, maintaining, analyzing, marketing, and selling our personal data it'd actually save companies tons of money since they'd no longer be dong any of those things. Established companies who are currently exploiting consumers won't get to profit off of them as they are currently, but they will still save a lot of time and money not exploiting the public.
> How about before getting so gung ho with pointing the government gun at everyone’s head, we consider the option of rolling back the unjust regulations that already exist which give the mega corps undue government privilege (patents are a good place to start)
This isn't an either/or type of thing. There's a lot of great and important things we should be doing. This is one of them. Let's do them all.
> and encouraging (by voting with our wallets) organic alternatives to emerge, like they already are doing.
If "the market" were going to solve this problem, if it were capable of solving this problem, it would have been solved already. It's not. Until strong regulations are in place there will continue to be a very very strong perverse incentive to not solve this problem. We're coming up on 50 years of mobile phone technology and at present there are no comparable options for cell phones and mobile networks that preserve privacy. None. It's not regulations forcing Google and Apple to collect our personal data. They are choosing to do it. They could stop tomorrow if they wanted to. They don't want to. They won't stop until they are forced to stop.
Android takes snapshots (screenshots) of apps as soon as you switch to another app. When you view the app list, it already has the last view of each app.
But the Xiaomi/MIUI Android sends over those screenshots back to the company is new information.
I had a Pixel. That it took a screenshot when I switched apps makes sense. It allows the task switcher to open immediately and show the most recent state of all my apps. A screenshot of some sort is mandatory for the OCR functionality that allowed me to select text from these tiles in the task switcher (super handy!).
I’m now on iOS 15 on an iPhone 12 Pro Max. I think I’ve seen movement on the tiles in its task switcher, so I’m not clear if it takes screenshots. But the fact that the task switcher opens with no delay suggests that screenshots might be used?
I’m only defending taking screenshots. Transmitting them to other parties is problematic.
> I think I’ve seen movement on the tiles in its task switcher, so I’m not clear if it takes screenshots.
In my experience, it seems like only the app you were in when you brought up the task switcher continues to update the screen. If you go somewhere else, like just back to the home screen, it goes static like all the rest.
This is correct. iOS snapshots the app as soon as it's moved into the background, and that snapshot is what you see. When you bring up the switcher, the foreground app isn't backgrounded yet — that only happens if you go to the home screen or actually switch apps.
If the app is using the Background App Refresh entitlements [1] (Background fetch / background processing) then it is possible for iOS to update the screenshot for the app switcher periodically even when the app is in the background
Messages does this, as you will notice that an active conversation tends to be up-to-date in the app switcher
As I understand it, each iOS application is sort of like its own 3D plane within a larger environment, hence why the launcher shows up without any lag.
I hope someone can do the work of pasting the original Aqua framework overview that’s probably still hiding somewhere on the Apple website. The manner in which the combination of OpenGL (Metal?) and PDF work to render UI and elements on OS X and iOS is really quite remarkable. I think even now, 20 years later, there isn’t anything comparable being done by Android/Linux or Windows. I would love to be proven wrong, however (I haven’t followed this closely for the past few years).
Yeah the iOS multitasking view tracks all the way back to windows in OS X 10.5 Exposé being actual windows instead of snapshots, and the parlor trick of QuickTime player windows continuing to play video when minimized to the dock all the way back in 10.0 (and perhaps the 10.0 public beta, I forget). It’s the kind of thing that family of operating systems has handled well for a long time.
Compiz and all subsequent compositing managers do the same thing for Linux (each app has its own surface in the GPU and can be composited in 3D), and I believe the compositing in Windows Vista and later is similar.
This is close. There was something that introduced Aqua to the world and played up the combo of PDF and OpenGL... Probably also explained in some WWDC 2001-ish video.
How have you found the transition to iOS? For me, the task switcher OCR feature is absolutely killer, one of the main things still keeping me on Android. Does iOS have anything similar?
I find the Pixel experience to be superior. But I took each of the areas where Pixel is better, item by item, and scored their value, and came out with a score recommending I keep the iPhone: https://www.arencambre.com/iphones-are-inferior-to-android-p...
Context: I made that right after I got an iPhone 12 Pro Max. It was running iOS 14. iOS 15 may bias the score towards Apple even more with the current phone, and iPhone 13 biases it a bit more.
I guess. You have to hit the screenshot combo and then tap the screenshot, versus hitting the app-switcher button. Are you doing this often enough for that 1 extra step to be a big deal?
I’m increasingly finding great value in reducing complexity of simple tasks. I thought the push button rear door closer on my minivan was silly, but it came with it, so (shrug). I’ve grown to like it!
Reducing from a few steps plus a major context switch to just one step is valuable.
For me, yeah this would be a much different experience. I use this feature all the time, to select anything from the title of a song on Spotify to a phone number embedded in an image on the web.
> System apps on several handsets upload details of user interactions with the apps on the handset (what apps are used and when, what app screens are viewed, when and for how long).
I am too far away from Android development to make any claim about what "app screens" are. Is that android-lingo? Could someone please clarify?
Sounds like an attempt at phrasing for the general public.
Android apps have zero or more activities, each of which may be thought of as a single screen and a single Intent, which is a bit like a URL (and sometimes very much like a URL). A messenger or email app will typically have a main activity, an activity to view a single message, an activity to view a conversation with someone, perhaps an activity to view a single attached image, probably an activity to view and edit the application's settings, and so on.
What is sent is perhaps the app's name and a class name within the app for each activity that's started.
Exactly right. And you don't have to be a system app to access this information. Any app with sufficient permissions granted explicitly by a user can access these data (no root needed), and it may have legitimate reasons for doing it.
It sounds a lot like the screen events Firebase reports (a library by Google for analytics, among other things)
It allows you to know which screens a user views, but not the data on the screen. A pseudo-example would be like "User opened LoginScreen/LoginActivity at yyyy-mm-dd and stayed on that screen for X seconds"
I use GraphineOS and LineageOS without Google Play Services. They are great and are suitable replacements for Apple and Google.
- Osmand(FOSS) for maps (supports being fully offline!)
- Signal and Discord for messaging (Discord is sandboxed)
- Newpipe(FOSS) for Youtube
- F-droid(FOSS) for my FOSS appstore
- APKmirror for the few non-free apps I need
- Libretorrent(FOSS) and VLC(FOSS) for watching movies
- Firefox(FOSS) and Vanadium(FOSS) for browser
- K9 Mail(FOSS) for email
- Infinity(FOSS) for Reddit
- Secur(FOSS) for 2FA
- Taskkeeper(FOSS) for reminders
Almost everything you need is in the F-droid FOSS app repository. It all works, and it works well. You can buy a used Pixel 3a for around $80 on Ebay and have a better experience in every category than iOS, hardware and software.
Consider Fennec instead of Firefox -- I just switched yesterday, and I think the only difference is that Fennec is usually a couple of versions behind because it removes some Mozilla crapware.
Fennec also lets you install any add-on from addons.mozilla.org through a tedious process,* which is still an improvement over Firefox release/beta on Android. The only channel of Firefox that supports this process on Android is the nightly channel.
What about Firefox Focus? It's private by default and VERY unbloated. The ephemeral nature of sessions also forces me to not leave a hundred tabs open.
There's a workaround to support pretty much any FF extension at this point -- but you have to create a "collection" with your firefox account and then point your Android FF install at that collection. Not too hard, but a little bit of a PITA. If you're like me and maintain the same couple dozen extensions on every FF install, though, it actually works pretty well.
FairEmail is really great, almost as fully featured as Thunderbird with the best support for multiple accounts/identities that I've seen on Android so far. The developer asks for a small donation to unlock a few advanced features,* which I recommend doing.
I tried to switch myself from iPhone and almost everything was OK but these were the worst to get right... I ended up using suite from Tibor Kaputa (Simple Dialer etc) but I ran into some rather annoying issues.
Also, do you use phone recoding? This was actually my breaking point, because i have an iPhone w/ jailbreak that enables me to record phone conversations (for my use only, not trying to get into the legal discussion). I did not find anything for GrapheneOS (or Android in general) - just some info that I need to root my phone to get this working and with that I just reverted to my jailbroken iPhone.
To use this app, you'll need to root your phone using Magisk[1] and the install the Magisk module for Axet's Call Recorder.[2] Then, upgrade the Call Recorder app to the latest version in F-Droid. Note: do not enable "System Mixer Incall Recording" in Call Recorder, since it is not needed and may cause issues with recording.
The default dialer and contact apps are both FOSS and functional, so I never felt the need to replace them. Signal can take over as the default SMS/MMS app, and there are alternatives with more features such as QKSMS:
Just bought a pixel to test lineageOS out. Worth mentioning that if you want less Google and still want to use normal Android services in the OS you need to install the MicroG lineageOS ROM. Otherwise, you're still sending Google a lot of info through Gapps or MindTheGapps.
Graphene or lineage without any of those is also an option but you'll be missing a lot of the normal everyday apps you use. IMO if you're going that far though you might as well just go back to a flip phone.
I don't agree regarding your flip phone comment, that's silly. I don't use any form of Google Play Services (No OpenGapps or MicroG even) and my phone works completely fine.
The only thing that doesn't work is push notifications, which isn't a problem because FOSS apps like Signal bundle their own notification system that does not use Google Play Services. Discord however, does not get push notifications (which I wouldn't want anyway)
Regardless of what software you put on the phone it is a tracking device. It has gps, audio, cameras, and web browsers that are all vulnerable to being hacked or used for tracking. I signed into gmail via the Bromite browser on my Pixe3a. I immediately received an email from google about my new Pixel device. They now know what device I use, what browser etc.
I don't care how locked down and FOSS you make your smart phone it's not going to be as secure as a dumb phone. There's a reason criminals don't use smart phones.
If you think Google is adversarial then don't use Gmail; It seems strange to avoid using their 'apps' but continuing to use their products? I think you just handed them that information when you logged into their website.
>I think you just handed them that information when you logged into their website.
Obviously and that's my point. You are not going to avoid Google if you use the web. The best you can do is limit exposure.
>Google is adversarial then don't use Gmail
This is ignorant and unhelpful. Do you think I just decided not to consider that option? I don't have an option. I have to use it for work. This is the problem with the "don't use it" crowd. Most people are not going to get away from the major email provider options. The best I can do is sign in via browser or a 3rd party app.
> Obviously and that's my point. You are not going to avoid Google if you use the web. The best you can do is limit exposure.
That couldn't have been your point. It's very easy to avoid having a gmail account.
> This is ignorant and unhelpful.
People here don't know you personally, or your needs. Most people don't need gmail for work. If your job requires you to use google products, it's going to be difficult for you to avoid google. But, again, your situation is not representative of the vast majority of people.
>That couldn't have been your point. It's very easy to avoid having a gmail account.
Did you miss the part where I told you we have Google Workspace (GSuite) and I have to use it for work? What part of getting rid of that is easy? I cannot stop using it end of story.
>People here don't know you personally, or your needs. Most people don't need gmail for work.
I feel like you're not aware of the fact that Gmail is used in corporate environments through Google Workspace. You need to research before spouting off stuff that's obviously misinformed. It's a direct competitor to Office 365 and MS Outlook servers.
Depends on your administrator. If they allow IMAP to be turned on for your gmail account then yes. However, your email is still going through Google's servers and this is still only a partial mitigation. You get the gmail app off your phone but that's about it.
A lot of admins won't enable IMAP for security purposes though.
I don't think it's fair to say I was ignorant when you only now mention need it for work. You could use a second handset, or try asking your employer to move away from Google products, or even find a new employer. There's plenty of options here.
If you say that the best you can do is limit exposure, then do that!
GraphineOS constantly spoofs the device's MAC so that argument is not valid (I also don't know how a website based email client is getting your MAC). It's also extremely easy to spoof the device's name. The way they are getting that is simply your browser's User Agent, or if it's an app, your phones root properties. There may be some other identifying properties about the device they can collect though, I agree with you on that.
Also, I agree with your argument about phones being tracking devices. Anything with a radio that connects to cell towers is going to be logged and tracked in perfect detail.
It's unbelievable that I'm getting downvoted for asking people to pay for software on a platform where a large % of users are involved with technology. No wonder opensource based businesses are dissatisfied with how they are treated.
At a guess, it may have something to do with how rude the original comment was and how you doubled down on that rudeness with this one. If you toned it down a little and actually spoke to other people as human beings it might help you with this problem.
How does "I hope you at least pay for these apps" adds anything even remotely relevant to the thread about what apps someone uses as part of their de-googled phone?
Yeah, developers do need to eat, but this (IMO) snarky comment is hardly relevant to the OP.
1. Google is tracking you. They track you because they need this data to target better ads, this is how they make money.
2. The OP for this comment, says they use FOSS apps to get around Google’s tracking.
My comment is about - if you are against the idea of being tracked from profit, it would be a good idea to vote with your wallet to help open source developers get paid and to show that there is a viable business model for other individual developers.
I think it's a bit misleading to say Lineage OS sends data, because it doesn't. It's just the GApps installed with Lineage OS that sends data to Google. But you don't need to install GApps, then it doesn't send anything just like /e/OS does...
This is the exact thing I was wondering about. As far as I understood, they flashed GApps, even though GApps is not part of the default installation. I wonder what the findings would've been like on LineageOS without the GApps.
Companies like Google hold a lot of power over their users.
It's all-or-nothing, and not being part of the Google ecosystem is extremely inconvenient as more and more services depend on it.
Only legislation can give power back to the users. It shouldn't be necessary to put up with this level of surveillance by big corps in order to function in society.
>Only legislation can give power back to the users. It shouldn't be necessary to put up with this level of surveillance by big corps in order to function in society.
Don't worry, after about 7 years there will be a low key class action suit and we'll miss the $7 payout and lawyers will collect the leftover millions for the sake of symbolic justice. Then perhaps big industry won't ever learn it's lesson again.
Congress has already proven that they're the Rip Van Winkle of IT awareness unless it pertains to boosting their personal investments.
I would go further and say that this describes the ineffectiveness (I’d say corruption) of Congress and the justice system across all industries. This is just the one you notice because you’re well acquainted with it. If you have a strong stomach go look up Steven Donziger.
you mean the legislation that forced banks to use google safety nets create hindrance in rooting the phone? I really find myself in hopeless position these days when Google can do anything freely because they have enough cash to lobby anything.
How far are we from a phone that: ships fully formed - no flashing and stuff, has reliable supply chain and production, is open source only, usable on a daily basis (stable, normal battery life, all basic apps, easy upgrades) and ideally repairable / recyclable as much as possible?
I would leave "high-end" specs and price constraints out of scope to make this a reality sooner than later.
There are several contenders and combos /e/, lineageOS, pinephone, fairphone etc and I wish them all godspeed (also other small efforts out there I am not aware of), but its not clear which one is ready for just the simple, honest, society and environment friendly mobile computing that we should have had all along and it is really a crime that we don't.
Why is there no money to be made? I would at least pay to buy the hardware and possibly for ongoing software support as well (depending on how they structure such support or any other "soft" features). E.g. I think its a jolly good idea if somebody really checked for a living all those open source apps.
In any case if there is really no viable business model for private mainstream mobile computing we have been duped big time: This is not a consumer device, it is track-and-trace machinery.
In order to have a reasonable, stable supply chain at all, you need quite large scale; and even then your phone would have much smaller scale than the mainstream competitors and so would be be significantly more expensive than their models with similar hardware, both because it's targeting a niche and also because all this tracking&targeting does result in some revenue stream for the manufacturers.
It indeed is a jolly good idea if somebody really checked for a living all those open source apps, however the math works out only if you allocate the salary of those people over a million phones, not if you have only 10000 customers.
Perhaps you would actually be willing to pay a large premium for that, but the vast majority people are not. Perhaps a meaningful number of people would be willing to pay a small premium like 10-20%? But that's not what's reasonably achievable, the differences are much larger as soon as you go off mass market production or start needing software modifications which are a large fixed cost that is cost-effective only if you're distributing it over very many phones.
There have been many companies in the past which have found out the hard way that few people really care about privacy that much (or they care but can't really afford much, which has the same effect), but for a recent example, you can look at the troubles of Librem 5; IMHO it's trying to do similar things, but its price/performance is suffering because of that and you be the judge whether their business model looks viable. And if you want a trustworthy supply chain, then your (already high) costs literally double, again, Librem 5 "USA" model is an example of that - a $2k phone where the core functionality (excluding the privacy) is essentially the same or worse as a $200 phone from a Chinese brand.
you sketch a good frame to help think about this challenge holistically. the list of failed initiatives is by now so large it almost gives you a statistical sample of factors to take into account (I contributed a data point once - one of the <10K firefox-os/zte users :-(
but somehow the numbers could/should add up at some point. If you think (ballpark) a billion devices in circulation and assume that 1-in-1000 people has a combination of awareness and ability to afford a private / open source device, that is your 1M right there.
this should be a very conservative estimate. it assumes that people (more precisely those who claim to represent their best interests) will continue with the inexcusable practice of governments "not interfering" with the "market" (in quotes because it not a real market when you have two options). While some governments slowly take legislative steps in the data privacy space, I have never seen any actual warning from official lips about privacy (the way they warn about assuming financial risk, being overweight, drunk driving, not getting vaccinated etc).
maybe the current business model only stands due to the "subsidy through silence"?
Not enough people care to use cut rate hardware that actually conforms to the 'wholly open' philosophy. Even Stallman couldn't maintain using fully open hardware. He had to switch to a Thinkpad with Coreboot.
People have expectations when using devices as complex as a phone or laptop to where, compared to even a desktop with Linux, having a smartphone that is fully open comes with serious drawbacks.
You could always get a LibrePhone or a Pinephone but you probably won't enjoy the experience.
well, "fully open" is just an ideal. I think I could live with proprietary bits that are not involved in the private data trade.
it doesn't have to be "cut rate". I left the specs/price point open for that reason. But indeed thinking of it as a tool, not as a trend-following gadget with 12 cameras and the screen size of a laptop.
Just interested to see whether this approach is viable.
> Just interested to see whether this approach is viable.
Spoiler alert: It's not. The better SOCs end up becoming more proprietary because it's the companies' own implementations that make them perform better. That leads to proprietary drivers/software.
Because we don't really know how much hardware costs anymore. Most hardware you buy is subsidized in one way or another through data collection, from phones to TVs. Building stuff is very capital intensive, and the world changes very rapidly. And most people don't really care about data collection because they don't understand the consequences, or they don't care at all (which I find baffling). This means you'll be always facing cheaper competition. It's very hard to keep a company like that afloat.
this is plausible (and very worrisome if really true). We are not talking about an aspirational consumer device, it is already the case that you are being cutoff from regular life / the economy without one.
Incidentaly, I don't buy the "people don't care" argument. First of all, people do care. There is massive legislation in the EU (which represents half a billion people) towards data privacy. They are not freaks - well informed people obviously care about privacy. This touches also companies / commercial privacy and states (data sovereignty etc). But it is true that large numbers around the world are dazed and confused ("don't care") as nobody credible (and holding a large mouthpiece) is actually warning them.
But if you are right and its not viable (e.g why did blackberry not survive given companies at least should appreciate privacy) it is a baffling state to have degenerated into.
A lot of very informed people do really sincerely not care. A coworker of mine (IT professional) literally told me that the fact that his phone is constantly tracking him and that he could show me his whereabouts during the last week/month on google maps was a feature.
A lot of people really, truly don’t care. Is as baffling to me as it is to you.
ime fairphone is good enough hardware, but the software and experience is a trainwrek despite their best to emulate the iphone feeling. given they only sold a few thousand of each series, i would still count them very much as "small effort"
there was a mass market sailfish phone in India but it was a flop. ofcourse it has Android emulator that used to send just as much crap out as tthe original... but atleast you could stop that.
It seems worth talking about the fact that it appears to be the vendor of the phone putting this kind of snooping in place. Blaming Android is missing the real culprit. Like they say in the article, we need stronger controls on people's data for whoever happens to make the phone's OS.
For practical purposes Android is not just the open source codebase but also the economic institution, where various middlemen get to do sketchy and low-rent stuff in between the trusted brand and the consumer. That is the “openness” that sets it apart from its competitor.
There’s still data sent to Google as part of Android except for currently obscure ones like /e/ and Graphene.
It’s like a combination of the desktop Windows of the 90s (malware preinstalled by vendors) and today (increasing surveillance by the OS developers) with Apple (you need to basically risk breaking the device and void the warranty to get away from it)
Definitely on this boat. CalyxOS feels like it strikes a good balance between security/privacy and practical usability--the locked bootloader and app-specific firewall options are a huge plus, while MicroG ensures that I can still use every app I used to with the old Pixel-specific OS without ceding all of my data to Google Play Services.
Invariably people bring up the signature spoofing needed for MicroG as some huge security hole, but from what I've seen it's really a non-issue--CalyxOS has tight restrictions to specifically allow only MicroG to use this, it's disabled for any other app.
Same. It feels like the "have the cake and eat it" situation for me who switched over from iOS.
I was worried that some apps might not work but that is not the case. Everything from banking apps to password managers just works fine with the only exception being NPR One (which is hilarious).
They are really doing an outstanding job and I do not miss anything on here besides a Apple/Google Pay NFC solution. But that is quite ok.
Can I expect CalyxOS to support the Pixel 6 rather soon? Is e.g. camera performance dependent on closed source Google code/firmware? What are the limitations there?
I was going for GrapheneOS, but tbh seeing that one main developer's personality issues turned me off big time. I don't care about technical advantages, if I have to trust in that guy's impulse control. Too small a project for that.
You can expect a dedicated team to start working on it once they're able to get their hands on some Pixel 6 devices. They don't get them early from Google you know, there's no cooperation there. They buy them when they're released just like we do, and it hasn't been released yet so work hasn't started.
The general attitude towards GCam seems to be... Calyx isn't going to ship it but it's generally understood most people will be using it. The recommendation I got when I switched was to install the apk and disable all network access via Datura before I launched it for the first time. That works well, the pictures look great too. A recommendation I heard after I did that which I will be following next time is to extract the gcam apk from your new phone before you flash calyx and install that one (to avoid apkmirror or whatever).
GrapheneOS’s main dev can come across as paranoid, but it is sort of understandable given the history of the project. Nonetheless, they are doing a spectacular job and I think using GCam with properly set permissions is the best of both words.
Paranoia is not the problem. The problem is general hostility and not being open to other viewpoints and ideas. Also I feel some kind of power hunger, which makes me feel really uncomfortable surrendering basically full control over my phone to these people.
From what I’ve seen, he gets summoned, and angry when things like “Calyx pays great attention to usability, while GrapheneOS gives more focus to security at the price of usability” gets mentioned, which is just false.
Also, do note that it is indeed a dangerous business — false sense of security is the worst. And there are plenty of companies taking advantage of people wanting something “privacy-oriented”.
Nah, it's not about having strong options. I've been around nerds forever, that doesn't bother me. Yours might be the impression on recent HN, but if you look around he is all over the place, attacking people on various platforms, while promoting some conspiracy narrative; derailing, gaslighting and manipulation. Whatever is going on with that guy, something is definitely going on. He doesn't inspire trust, he probably needs therapy.
Micay started working on the project and got some funding from copperhead os, with the plan being that the company could provide paid support and the like.
But copperhead os broke its promises and basically hijacked the project - but Micay being a professional, he invalidated the validation keys so that existing users would not get served code not associated with him.
Afterwards he continued working on the open source project without any partnership, while copperhead os continues to take the code, add some questionable modifications to it and sell it, while badmouthing GrapheneOS.
I wouldn’t go as far as to make psychological advice on someone based on a few interactions, but seeing how people in the industry can burn out from some rude comments, being totally backstabbed does explain his behavior. Also, do note that he is a professional security expert (the upstream android project routinely takes commits from his project) and unfortunately even with the best intentions, one can create absolutely shitty distros regarding security. Being critical of them may look “competitive”, but he only wants end users safe.
That's what I believed until I had a direct (online) conversation, which got unpleasant very quickly. Maybe there is a grain of truth in there, but I am more inclined to think it might at least be exaggerated by a lot.
The issue with Android is it's extremely restrictive from a firewall perspective, I guess exactly as designed.
I cannot dictate what apps chat over the internet or to what IP's (say, a setting to only allow EU-only addresses).
Of course this means - rightfully or wrongly - you have to move this to another layer - probably PiHole or router level, but even then there could be gaps (can it use mobile data with you unaware?).
I am surprised major OS' still don't allow users to configure this yet. it's pretty basic stuff.
Custom ROMs like LineageOS which is in this study does have an inbuilt firewall. Long press an app and you can deny internet access entirely, deny VPN access, etc.
To the people collecting the data that can sell it, it is useful only in that someone will buy it. Once it is sold, they don't care one bit about how/where/why it is used.
I'm not sure why you'd think it's not useful to someone somewhere.
Game devs see how much time you play games, what type of games, if you purchase IAPs, etc. News feed apps sell what kind of news stories you read/follow/subscribe. Commerce apps sell what kind of things you buy, the prices you pay, the items you look at but don't buy etc.
From all of that "metadata", one can build up a profile about you that's pretty accurate. If you can't imagine why that is useful to someone, then I'd posit you're not trying hard enough.
Do yourself a favour and and disable the Google Play Services on your Android Phone.
Almost all apps will keep on working, the power consumption will decrease dramatically, your battery lifetime will be about 3days on one full charge. (My observations on a Samsung Galaxy A41).
I assume that the Google Play Services are the culprit that phones home all the time.
I don't think this is accurate. Microsoft acquired Nokia in 2014, but then spun off the brand to HMD Global (a new Finnish company) in 2017. HMD and Foxconn have a partnership in which both companies co-design the Nokia phones that are then manufactured by Foxconn in Taiwan.
In the book Post Corona, Scott Galloway talks about red vs blue companies. Blue companies (e.g. Apple) charge a premium for their product and offer you some level of privacy, while red companies give you their product (the Android OS and Google Apps) for "free" and then collect lots of data on you (and use that to make money). Amazon is clearly going this route too with the ridiculous number of ads they have started putting on their Echo Speakers.
He predicts that over time there will be paid versions of a lot more products for people who want (and can afford) privacy. I know there is a lot of hate for Galloway, and I take everything he says with a grain of salt, but this struck me as pretty astute.
Privacy is an illusion and premiumification of items is selling the sizzle not the steak.
"Therefore whatsoever ye have spoken in darkness shall be heard in the light; and that which ye have spoken in the ear in closets shall be proclaimed upon the housetops."
I purchased a Samsung Galaxy S9 (in the US) from them. My first impression: Everything works. Apps (if it's not on their store, which is a mix of F-Droid and other APKs, it's on Aurora), Google services works without signing (MicroG), GPS works, OTA updates work (with one click).
My biggest complaint is that their App store isn't just F-Droid, and their APKs are often out of date by 1-2 weeks. My biggest compliment (besides everything just working to the point I could recommend it to a relative), is that they are active and engaged in their community, regularly reading their forum, soliciting feedback, and posting weekly updates.
Yes, I've been using /e/ in daily use for over a year now.
It's pretty good most of the time. It will not satisfy people who want/need a truly "hardened" device, but if you are just a normal person who wants to feed less data to the ad-tech monsters, then it works well.
The default /e/ app store has both FLOSS apps from F-Droid and free-as-in-beer proprietary apps mirrored from Google Play store. Whether an individual app works well or not depends on how tightly coupled it is to Google Play Services
It's rather good and at some point they managed to have release for my previous phone model when the lineageos stopped!
I used it without their cloud services. Some of the pre-installed apps cannot be removed (like email, pdf readers) which is slightly annoying. They have their own launcher/desktop but it's not that good, it even crashes time to time.
Last time I checked, it was not super transparent which non-FOSS store they used.
Overall I think the experience with LineageOS is better but /e/ comes with MicroG so it's practical if you need a few proprietary apps.
> Last time I checked, it was not super transparent which non-FOSS store they used
I'm pretty sure that's deliberately opaque because mirroring APKs from Play store breaks some ToS somewhere and they don't want everyone getting their Google accounts banned.
It definitely helps--the vast majority of snooping comes from Google Play Services, so options like GrapheneOS + microG or CalyxOS resolve that issue quite nicely. They also have app-specific firewall abilities, so you can disable background or foreground network connectivity on any app you're suspicious of.
Thanks! I'm still using an old iPhone SE (2016) as my daily driver, but sooner or later iOS support is going to drop and I'll have to find a decent upgrade path. Considering my size, headphone jack, and fingerprint reader preferences, I think the Pixel 4a is the only device that seems viable to me on the market today... hopefully I'll still be able to pick one up in a year or two and slap GrapheneOS on it.
Based on your comment I have installed it and enabled notifications.. immediately it told me that Facebook attempted internet access. I have 432 other apps so it will be interesting to see what else is phoning home.
> immediately it told me that Facebook attempted internet access.
I am not sure how that information is useful to you or anyone else, not trying to be snarky, but an internet app wanting internet access...is the expected behavior?
Most apps and operating systems communicate over the internet for any number of reasons, heck, apps can even check if you have internet access or not (and respond accordingly, such as caching content to send later on).
To check for notifications? I’m fairly sure they haven’t implemented a complex AI model to determine that “you are using it rarely”, so the check it out each n minutes is a constant thing.
On Android, most notifications are handled by Google Cloud Messaging. The app/site developer pushes a notification to GCM, which then puts up the notification on your device.
The ugly white elephant in the room is that Google sees the text of the notification; it's not e2ee'd. Some more privacy-oriented apps implement GCM such that it just "pokes" the app on your phone to say "hey, check in with us" and the app then fetches the notification text etc. directly. But Google still knows that you got an event from what app.
I was wondering if you could expand on your comment because I am confused. How is seeing what IP addresses an app communicates with a violation of GDPR? If I can't see the content of the data it's sending but just where it's going, that is not exactly a violation.
It's not illegal to communicate with an IP address, there could be many reasons $app sends a request via a US server.
Like a postman with an address and an envelope isn't enough to just assume a crime has been committed it works the same digitally...
Skimming through the article, they compare a few ROMs from significant phone manufacturers, LineageOS with Google Play, /e/, and Stock Android.
It seems that LineageOS has GApps installed and /e/ does not (presumably since they use MicroG?), so it is looking like for LineageOS, it's really Google Play leaking this data.
It doesn't come with GApps installed, you need to flash those packages manually. That said, LOS also comes without an app store whereas /e/ has a custom F-Droid-compatible store pre-installed.
Combining LineageOS and MicroG is kind of hard (relatively), because LineageOS enforces signature validation, which MicroG needs disabled to properly fake the proper Google APIs. There are non-enforcing builds and build instructions available, but that's not the default. /e/ seems to have the necessary patches enabled by default, which makes using popular apps without flashing GApps a lot easier.
No budget restrictions although I’d like the ability for Bluetooth to run in the background and not go to sleep , and ideally ip67 or ip68 water protection.
All of the LineageOS phones I've ever used have been able to maintain a Bluetooth connection in the background.
If you're fine with a used phone, the OnePlus 8 has a high-end Snapdragon 865 processor and 8 GB RAM.[1] The carrier models have IP68, and unlocked models are manufactured similarly but don't have an official IP rating.[2] If you're getting the T-Mobile carrier model (which may be carrier unlocked at sale), you'll need to request a code and wait a week to unlock the bootloader before you can flash LineageOS.[3] Used models go for $200-300 on eBay depending on condition, and a new factory unlocked model is $399.
If you're looking for a new phone, you may want to consider the Pixel 5a which manages to have both IP67 and a headphone jack for $449 new, but uses a mid-level Snapdragon 765G processor paired with 6 GB RAM.[4] The OnePlus 9 Pro is also available with a high-end Snapdragon 888 processor, 12 GB RAM, and IP68 for $969 new or about $600-800 used.[5]
Unlocking a phone is a pain* (at least in the US), so I recommend buying one that is already unlocked. For example, a listing that says both "T-Mobile" and "unlocked" is for a phone that was originally locked by T-Mobile when it was sold as a new phone, but was then unlocked by T-Mobile before it was listed for sale as a used phone. For this type of phone (carrier unlocked), you'll just need to request a bootloader unlock code from OnePlus, which takes a week.
(Not all manufacturers require a bootloader unlock code, but having this option is still better than not being able to unlock the bootloader at all.)
And yes, the OnePlus 8 is faster than any Pixel phone released so far. It's only a year old after all.
I've been using the Pixel 4a 5G for about 6 months with MicroG and Lineage. Works really well. Other than Whatsapp and Google Maps I don't miss anything, but those apps have alternatives too.
So is the data collected by Google from Huawei phones a function of their OS based on Android 10? I thought Huawei was prevented from talking to Google.
it's always amazing to me that a typical android user tells me they hate iOS because it's locked down and android is much more open -- whenever i follow up with what apps they've actually side loaded they don't know what i'm talking about, never mind about whether their phone is rooted and they're running a rom.
yet a majority of them use very expensive handsets that compete in a premium space to iOS devices and ciphen data not only back to google to to their respective manufacturers and anyone else that puts bloat on their phone -- bloat that they can't remove on their "much more open devices".
what was the silly movie that had the quote "the greatest trick the devil made was to convince the world that he didn't exist.".
> whenever i follow up with what apps they've actually side loaded they don't know what i'm talking about, never mind about whether their phone is rooted and they're running a rom.
An android phone is more open even without side-loading or rooting because Google's play store much less restrictive than Apple's app store.
Of course anecdotal here too, but it seems highly unlikely that that's a typical android user perspective. Even among fellow nerds that argument is not that overwhelming, and they are a tiny group of people.
can i see this "exfiltration" out of an android using a pi-hole?
i have multiple androids at home and a etwork wide pi-hole so i would love to see if there is something i can see and maybe block
I've made a complaint to the police and my local privacy regulator (in France) more than a year ago, regarding blatant and widespread illegal data collection by Google on probably most Android devices on Earth. I have not yet heard back from them and I doubt they'll even consider this report. Here it is in a nutshell.
1. set up a brand new phone (Pixel, OnePlus or else)
2. do not connect to a Google account at first or if it is required, log out and remove the account as soon as possible
3. create a contact on your phone with any Contact application (with a name, email address and phone number). Do no enable sync for this application.
4. open the Play Store to download any application (e.g one from your government). You'll be asked to connect to a Google account at this stage, of course
5. now, try to log into your Google account to download the application but *not have Google automatically collect all your contacts' details* (stored locally).
You can't!
This is not possible because:
1. by default, adding the Google account will enable the automatic synchronization for all Google-related apps and services (incl. Contacts). You can disable this before login.
2. You cannot stop the sync of these Contacts while connecting Google Play to your account. It is done in the background and by the time you switch from Google Play (or the login page) to the Settings menu of your device, the sync will have started (if not completed already).
3. You cannot do all this in airplane mode obviously, as it it's impossible to log into a Google account without an Internet connection.
This is illegal per GDPR, because at no point you consent to have your data collected by Google. Also, Android does not inform you of this collection so it's up to you to discover this by browsing your device's settings, down a a sub-levels.
It is a massive collection (and fraud) because most people have probably a hundreds contacts or more on their mobile device. Most mobile devices run Android. Google Play is almost impossible to avoid nowadays (Twitter, Facebook, Youtube, Whatsapp, Signal, Firefox, your bank's app, your employers' apps... they all require Google Play and Services to work correctly). Worst, your contacts' information isn't yours, but your contacts' too. Google simply helps themselves.
With 73% of mobile OS market share, around 99% of Android users being probably logged in just to access the Play Store, Google probably has collected the names, email addresses, phone numbers and lots of private information (birthday dates, home and work addresses, employers' names, job titles, digicodes, etc) of every person on Earth, and probably more than once. Without asking for permission.
This is easy to reproduce, 100% illegal (at least per GDPR), everyone is affected and yet, _crickets_.
If you're in the US and believe this is illegal there too, please contact a privacy organization or any entity that might do something about it, at least if you don't like having all your contact details collected by Google without consent.
And yet we have articles that say iOS is similar if not worse and people pile in to “both sides” it (1). Why is it I feel it’s clear that fundamentally iOS favors privacy (for profit) and Android eschews it (for profit) yet it’s somehow debatable still?
Do you have any evidence the iOS operating system is better in any significant way? The article you linked focused on the apps available in the store, not the phone OS itself (which is what this article is about).
Apps draft off what the OS allows, iOS keeps adding features at the OS level (do not track, “app tracking health” metrics, advertising opt out, etc). At best Android grudgingly offers some of this after the fact, at worst does what this article offers.
Nevermind that iOS provides an extensive list of system-level data collection toggles. Don't want to contribute traffic data? Done. Don't want to contribute cellular/wifi location data? Done. Don't want your phone collecting data about what stores you visit and when? Done.
With Android, you don't have a choice for any of that. It just does it. Google Maps constantly slurps up every bit of location related information it can, whether you like it or not.
iOS even allows for forcing apps to only have access to coarse location data - it's off by a few miles - as well as only granting location data when the app is actually in use. Also options you don't get with Android.
The only thing I miss after switching: Android allowed for controlling not just cellular data but background data.
What the OS allows for third-party apps and what the OS allows for the software of the manufacturer are completely different.
This article is about Samsung's OS sending data to Samsung, Google's OS sending data to Google, etc. All of this data is fairly above and beyond what would be available to an app on any of the mentioned operating systems. Just because iOS disallows apps from collecting certain classes of data, does not mean it does not collect that same data to send to Apple.
Is it possible the feeling is at least in part the result of marketing? Not trying to be inflammatory, but apple does spend a lot of money running excellent ads about how iPhones are private.
iOS collects and transmits all MAC addresses on the local network even with location services off, there is no way to disable this:
> iOS shares with Apple
the handset Bluetooth UniqueChipID, the Secure Element ID
(associated with the Secure Element used for Apple Pay and
contactless payment) and the Wifi MAC addresses of nearby
devices e.g. of other devices in a household of the home
gateway. When the handset location setting is enabled these
MAC addresses are also tagged with the GPS location.[0]
So the answer is clearly that while they are both bad for privacy with the default configuration, some Android devices provide more control over the device and thus options for disabling telemetry.
One area that iOS can improve on is the linking of app downloads to Apple IDs. I don't want every app I've ever downloaded on iOS to be permanently recorded in my Apple ID. With Android, I can use Aurora Store or sideload apps that were originally published on the Play Store without needing a Google account at all. Apple should implement a way to anonymously download free apps, whether from the App Store or from elsewhere.
I don't think this is news to anyone (in general), but it is increasingly becoming the differentiating factor between Android and iOS.
Apple is all-in on customer privacy and Google hasn't really been able to respond on that front since their business model depends on targeted advertising based on data collected about their users.
The question is whether regular people really care about privacy more than they do about the price of a phone. And so far it seems that the lower priced phones are winning.
They recently added a systematic scan, compare and report routine to all your pictures.
They forces you to tie your phone to an Apple account just to use it. My android phone doesn't have an account, or even an email linked to it.
Apple now has an entire mesh network of BT devices constantly looking up each others, even if some of them are not connected to internet.
The microphone on the Apple device is always on, to answer to hey siri.
Finally, you can't install a real alternative browser on iOS, so no real privacy addons.
They make big claims about privacy nobody can check because everything is closed source. So you have to just trust them.
"But apple doesn't have an ad business"
Oh but they do. And they don't have to play by their own rules in the app store, and have the right to track users, gather device informations, location, etc. Fun thing is, they start the list of information they collect (https://www.apple.com/legal/privacy/data/en/apple-advertisin...) by stating "Apple-delivered advertising helps people discover apps, products, and services while respecting user privacy".
I don't think they are any better, just different. And better at PR.
Price and privacy are hardly the only differentiating factors between the two. And even if they were, those who care most about privacy have more options on Android at the extreme end.
> The question is whether regular people really care about privacy more than they do about the price of a phone. And so far it seems that the lower priced phones are winning.
To find that out, the privacy intrusions would have to be advertised as prominently as the price.
In the cited paper (https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pd...), the device used to test LineageOS was a Google Pixel 2 running LineageOS 17.1 which also included an installation of OpenGapps 10.0 nano.
It's not the OS that is transmitting the data over to Google, but rather OpenGapps (ie. Google Play). OpenGapps is software that can be optionally installed after the initial installation of LineageOS (but before first boot). A user can still use LineageOS without OpenGapps, though they just won't have the benefits (and drawbacks) that come with it (such as being able to use apps that require GSF). The user can instead opt for an app manager like F-droid or possibly Aurora Store.
In addition, there exists an alternative to OpenGapps called MicroG. This is like Google Play but allows users the option to anonymize themselves. One can find custom LineageOS builds that include MicroG from the MicroG website (as the members of the LineageOS project do not advocate for its use, instead giving preference to OpenGapps). Keep in mind, however, that there are fewer devices supported by those builds.