A question as old as time, I know.
I’m getting away from Google and I’ve done the easy stuff: CoMaps, Proton mail (I know, not the best move), aveslibre, etc. I currently don’t have the time (or the knowledge base) to learn how to self host, but hopefully that will replace Drive and such in the future.
But I digress. I’m looking at a new OS for my phone. I’m currently in a contract with a phone that is incompatible with alternative OSs. Graphene needs a Pixel. Used, they’re $150-400. /e/OS will run on a Motorola or whatever and those are like $80.
There’s also the option of going full Fairphone with /e/os and I like that idea in the future.
The internet people tell me that Graphene is the best due to ease of installation, privacy, and security.
I don’t need a lot of security. I just want Google to stop suckling all that sweet, sweet data from my teat.
What are your thoughts?
/e/OS is not Google free (several calls, integrations and so on are connecting to Google). It makes use of OpenAI as well, uses tracking ids for updates. It is far behind regarding updates and thus risking privacy due to lack of security. They ignore any sort or critique.
Graphene: You have to buy a Google device. Even second hand is support as it increases the value of their devices (or stabilize) and you walk arround with their name.
Advice: Have a look at Iode.
Pick a device that is not meant to be used for many years as Graphene plans to support a non Google device in coorporation with an unknown manufacturer.
(Written from a Fairphone using /e/)
Just abit of encouragement
Self hosting is easier than you think. I didn’t know anything about Linux prior to setting up a server. I’m faaaaaar from an expert but even a noobie like me was able to set up a truenas system by watching tutorials and reading. It’s definitely alot of problem solving in the beginning but it gets easier.
In terms of storage. Mega is great value for money and all E2E
Thanks, I really appreciate the encouragement.
You got this!
Graphene is the best by a long shot, security wise and degoogling wise. In fact, you can use GrapheneOS with absolutely zero Google services running on your phone. /e/OS uses MicroG which while better than your usual Android phone, still runs with privileged access to your device. This is in contrast to GrapheneOS’ optional sandboxed Google services implementation which gives Google the same privileges any other app on your phone would have.
Thank you for detailing in one paragraph what I was unable to understand after reading articles about it all last evening.
It is also largely questionable.
/e/OS has MicroG, and that runs as a system service. You can disable most of it, and if you’re not using any App that needs Google services, I doubt it really does much.
It is possible to use Graphene without using any Google at all. However… Doing so will break almost every app out there. Anything that needs push notifications, AndroidAuto, a thousands more things. So you end up using Graphene with Sandboxed Google services.
And we get into the debate. Is it better to take the official Google Play Services, which we all consider malicious, and run it in a sandbox, or take an open source private, and trusted implementation (MicroG) and run it as a system service?
It is at the very least largely debatable.
You can delete MicroG with Android Debloater. You will not be able to do most transactions afterwards.
I came to GrapheneOS for privacy and security, but stayed for the features.
-
Per application network toggle: I found this incredibly useful in cases where the application is fully functional without internet, yet still asks for internet permission, and I do not want it to phone home (e.g. Google Photos). It is helpful for when you are using a VPN, and do not want the slot to be taken by an application like NetGuard. Although, I believe you can replicate this functionality with (Split Tunneling) + (Block connections without VPN).
-
Storage Scopes: This is a another highly useful feature. Say you took a bunch of pictures on a trip, and want to show the pictures to a friend. Normally, you’d fear them snooping around pictures that you don’t want to show them. However, with GrapheneOS, you can just download a separate Gallery application, only expose the photos (or the photo directory) that you want to show via Storage Scopes, pin the application, and safely hand the phone over to them.
I found this feature very helpful when shortlisting ~10 photos from a gallery of 500 photos. I downloaded PhotoSwooper (which lets you keep/delete photos by swiping right/left) from F-Droid, exposed the 500 photos directory to it, and started swiping. I iterated this a couple of times, and got my perfect 10.
-
Contact Scopes: This is for the cases when you don’t want to expose your contacts to the application for whatever reason (e.g. you don’t want them to graph your connections or you just want to protect the privacy of your friends). You can just selectively share contact(s) instead of handing your entire phonebook to the application.
-
Sandboxed Google Play: Some applications require the extremely invasive Google Play Services (because it operates with elevated system-level privileges). However, with GrapheneOS, you can just install the sandboxed play services, which acts as a regular user level application. You can then revoke network access within Sandboxed Google Play Services, and use your play services dependant application as usual.
So, basically, if you can afford it, go for GrapheneOS. I wanted privacy and security; but now that I tried GrapheneOS’s features, a lot of these are now nonnegotiable to me.
I wondered, is the per application network toggle grapheneOS specific? I also recently discovered it and its so nice. Was a bit shocked when I red some indications online that its not a normal android feature?
it’s not
-
Personally I am using /e/is, but I think GrapheneOS is technically superior. I would first research whether the apps you need (EG banking) work on either one and then decide
Oh man, I didn’t even think about banking and credit card apps.
Phones have this neat thing called a web browser that you can use to access your bank and if you can’t use a web browser to access it then honestly you should switch banks because that just shows that your bank doesn’t give a fuck about you and that you are the product because they have proprietary shitware on your phone
https://eylenburg.github.io/android_comparison.htm
This is a great table of comparisons between the different Android alternatives.
GrapheneOS by far. From a security perspective, GrapheneOS is miles ahead because they are quick to update and they have the Android OEM security updates, which lets them update as soon as the update is released, instead of having to wait for the Android public security release with happen every quarter. Have also heard that /e/ OS is extremely slow to release security updates (when available) but i could not find anything about it.
IMHO if you only care about Google sucking your data and not other privacy/security, the most important question isn’t between OSes as much as it’s between:
-
No Google apps (GAPPS); honestly good ol’ LineageOS is just fine. If you don’t install Google spyware you don’t have Google spyware, just the connectivity check and dns. Which you can probably change. Major con, many applications installed from Play store (through Aurora store, apk, whatever) and practically all notifications you’d receive from them stop working.
-
MicroG; open source GAPPS replacement that tries to send as little data as possible to Google, while keeping Play store apps & push notifications working. /e/, iodé, Lineage for MicroG, Lineage but add microG manually during installation, formerly CalyxOS…
-
Add GAPPS but try to handicap it somehow (incl. GrapheneOS work profile isolation); I don’t remember if it’s eg. possible to block them from accessing the Internet on non-GrapheneOS phones, by app permissions or eg. NetGuard?
If we’re taking into account other privacy and security, then GrapheneOS by a mile.
block them from accessing the Internet on non-GrapheneOS phones
This is an important feature in GrapheneOS. You can deny network access for any app.
Yeah, /e/OS too, and so I assume also LineageOS and the rest.
Is it only Graphene? I vaguely recall having had it on DivestOS (RIP), which was a Lineage fork.Edit: Any app, duh, yes, silly me. Don’t remember if it was possible for all of them.
Not all built-in apps had that option but for everything else you can.
-
I love my graphene phone, and also installed lineage on my old motorola phone , works great , i used that one as a backup
did you buy it with graphene preinstalled? i’m thinking of doing it this way through murena because i also need a new phone, but hesitating on network coverage in the united states.
My daughter installed both just by reading the manual on internet .
It was more like a fun project for her , she has to learn sometime, it takes less than 1 hours to install.
Youre phone must be OEM unlocked.
Iam more in to linux .
Greatings from Belgium ,stay safe .
I have /e/os. I decided on that pretty early on in my degoogling journey. Main reason being that I believe any privacy venture will come with tradeoffs, but I went with the “most things will work” approach. They have this neat privacy manager that tells you which trackers come from where, and I think that covers my needs. There has been exactly zero apps that haven’t worked so far, and most people that use my phone just think it’s a standard pixel.
The app lounge kind of blows though. I use the F-Droid app for updating F-Droid apps instead of it, since there was some weird stuff about where they were getting open source apps from. I use it for the play store, and it does what it needs to, although there is some weirdness with it like not being able to tell which apps have recently updated and when. I like the idea of joining app repositories together, but it needs work.
