The only acceptable phone for me has been a Pixel phone, with GrapheneOS installed. I do wish the permission to install/uninstall were separated for something like this (I may be naive). I have everything installed to a work profile in Android (using the Shelter app). I can globally pause all work-profile apps. It's not the best, because when unpaused I'm not getting some notifications. I need to figure that out.
Graphene is not acceptable either, since it requires putting trust in someone who does not exibit enough stability or rationality to justify that kind of trust. I mean it's only the keys to your whole life, no big.
"I mean it's only the keys to your whole life, no big."
It's a telephone, with a computer on it in your pocket with a shit load of sensors. The computer part involves components from many parts of the world, with many opaque subsystems. The OS is sort of Linux with knobs on and a lot of opaque parts - the first layer "belongs" to a prolific ad slinger hell bent on knowing everything about you. Then if it isn't a Google jobbie, it will have another layer of software, lots more shiny and a lot more data gathering (eg Xiomi/Samsung/whatevs). Then your "TSP" gets to put their spin on it. All three layers can sell out to eg MS for yet more data gathering and ads and profiling and so on.
Apple does the same but manages to be layers 1 and 2 and be a bit cooler about the whole thing.
You worry about Graphene?
I don't advocate for full Luddite (I run an IT company) but please get some perspective. If you are concerned about Graphene, I suggest a burner feature phone or smoke signals.
EDIT: I have F-Droid and KDE Connect wired up to both of my Arch (actually) boxes on my Samsung Invasive Intruder ... sorry Galaxy S23. I'll try switching out the Play version of Connect for the F-Droid one and see what happens.
The fact that other things like the carrier are bad, does not somehow make any other thing like graphene good. (not that it's bad exactly just that there is a problem, which is not no problem, even if it's a problem you personally have just decided to be ok with)
Someone else said that the head guy isn't the head guy any more so the biggest problem may not be a problem any more. The idea, stated ideal, design, & construction (as far as one can tell honestly) of the os are all fine.
But the point was, you don't need any more reason than his behavior to avoid granting him such a priviledged place in your phone, which holds such a priviledged place in your life. Just on basic principle. You don't need to justify that to anyone and he or the project does need to justify why one should trust them. The usual justification is merely the utterly flimsy weak one of benefit of the doubt. It's more or less impractical to actually vet strangers, and so you just grant benefit of the doubt until there is some reason to question. But that goes out the window the instant there IS any reason to question.
People have different tolerance for risk, and so, you might be fine with saying "that guy is acting a little weird in this way, but whatever, probably he can still be counted on in this other way.", but no one else is obligated to. And this example of "weird" was not just neutral irrelevant non-conformity.
There have been countless examples of people in positions of responsibility and trust going off the rails and taking a bunch of users down with them. There is no reason not to use your nose for what it's meant for in this way.
But like I said, maybe the problem is resolved now by the fact that we don't actually have to trust that guy any more. In which case, ok.
Why? There are other equally open source os's I can just run instead, that don't require me to excuse or verify anything?
Even if there were something special about graphene that made it more desirable, the real way to deal with an open source project with something unacceptable about it's production or management, is to fork it. But I already have something else to do all day, and am happy to run lineage or calyx or or others. If I did need a fork, I'd need someone else to do it, and I'd have to trust them.
Fork it or help someone else who is forking it or work towards changing the original (which is what seems to have happened actually, so this is all a bit academic now), or just use anything else, are all more reasonable responses than "the people producing this thing with access to all my communications have shown themselves to be off the rails, so what I'll do is keep using it, but personally read all the code in an entire android os."
The point is, you don't have to trust Micay about a darn thing. The code is open. That's the whole point. Dismissing open source software because you don't trust the developer is absurd.
If Micay says, "The code does X," anyone who can read it can review it and say, "No it doesn't. It does Y." It's right there. You don't have to trust him. He's shown it to you.
It doesn't matter what the code actually is, or that you can see it, you still have to trust people because there is simply too much of it, even if you happen to be a coder, which 99% of people should not be required to be. This is a FUCKING MORONIC thing to have to spell out, but I guess here we are.
I go into F-Droid and search for "connect". The product page says I updated it 15 days ago and offers an Uninstall option. It shows 1.29.0 as the latest version. So far it looks like a second package manager working properly.
I hit Uninstall and within a few seconds the button switches to Install.
I hit install and the app is installed from F-Droid. I open it and pair my phone to my laptop.
One data point. Perhaps a knob has been twiddled in the Chocolate Factory in response to this article. There are a lot of Googlers here.
(EDIT: formatting)
EDIT2:
I've gone into the Play app and got Play Protect to scan apps: "No harmful apps found". KDE Connect is still working
Oh, that actually changes things, assuming whoever steers things these days isn't more or less the same.
No denying the guy isn't a no-joke developer, so, his code and work would be valuable, but only if the bigger picture didn't depend on his judgement.
It's not that I have a specic scenario of a particular bad thing he might do, like make a backdoor for the government or secretly collect & sell data, or even something like somehow ban you from using as an individual he didn't like because you criticized him or something. It's that once someone is shown to be that irrational, then all bets are off. You don't have to have a specific proposal of what they might do, because they might do anything.
Anyone might do anything, and the only way you can function is you just have to trust other people, and the only thing you have to go on is very little in most cases. So you have to give strangers the benefit of the doubt until there is some reason to doubt. And this guy acting this way is more than enough to avoid. It's not like there haven't been countless examples of people who seemed good at first going off the rails and taking a bunch of users down with them. It is entirely valid to see this guy and go "Nope. Avoid.", and that would not be a case of just ignorant discrimination against non-conformity, it would be using your nose for what it's for.
But if we don't actually have to trust him as much as before, that changes things.
I agree. He attacked me once out of the blue here because I said something good about CalyxOS, and said I was part of a CalyxOS-inspired conspiracy against him. For the record I've neither used CalyxOS nor GrapheneOS because I've never had a pixel phone.
I was following CalyxOS' progress at the time because they were working on enabling support for some OnePlus models but right around that moment OnePlus came out with an update that made it impossible to do change the bootloader signing keys and they abandoned the project (which I understand). I'm also a huge fan of MicroG and really prefer this open-source approach over the sandboxed google play approach. And I'm critical about some of Graphene's stances, around SafetyNet in particular ("We don't lie about security features" - I don't agree attestation is a security feature but in my opinion it's more about control/DRM). So yeah if I had a choice I probably would have gone for CalyxOS. But I'd never even heard of the guy before this happened. I had nothing to do with any hate campaign (which I doubt even exists).
But no, I don't want someone like that deciding what code goes on my phone.
