Trying to escape the 🍎 walled garden

Hello, fellas, my questions is how to do the initial android set up in a privacy oriented manner when switching from an ios device?

I have been an ios user for a long while now and whenever i tried to switch and do a basic set up of a pixel 2 that i’ve had for a couple of years - i would be so annoyed at the amount of features that google collects that i’d quit half way through the set up and just go back to ios.
I used the ios mainly for the reason that i’m used to it, I’m not really invested in the ecosystem, as i try to use the apps that are available on both platforms, so that doesn’t really matter.
I have been always privacy oriented and initial logic for going ios vs android was the privacy that was advertised for such a long time, and I have no illusions that apple still collects a ton of our data, same as google, the upside was always that apple doesn’t sell it, unlike google.
Lately apple seems to be aiming to get into the ad business as well, so that kinda negates the main difference in the long (and not so long) run…
I guess the main question is what are your takes on android vs ios when privacy is concerned and the actual recommendations on setting up an android phone.
So i’d like to set up my pixel 2 and test it out anyways, but I’d like to do that in the most privacy oriented manner, would really appreciate the input and recommendations, thanks a lot!

My first suggestion would be graphene OS. I think the pixel 2 is EOL, but you might be able to find the last update to give it a test drive. Calyx OS might be a good alternative too.

I build my own rom, but that’s not the first choice for most people.


If you want privacy of any sort your only real option is a linux phone - something like a PINE64 PinePhone Pro | PINE64

Linux phones, as nice as I want them to be, cannot be reasonably be daily driven by any stretch of the word. It just is too broken and is not even at par with most dumb phone’s battery life.

I agree with @gee_one regarding Graphene OS but your relationship with your phone will drastically change. Without a corporate overlord providing a proper backend (Firebase Cloud Messaging), you will be “pulling” for content on your terms (vs the backend “pushing stuff” onto you).

This means you wont get notifications for the vast majority of apps, except a few (Signal has its own backend). Keep that in mind if you want to do Graphene. There is an option to sandbox apps with notifications but I have not fully explored its potential because I’d rather not have Google with me on the device.

Also, the reason you have to have a more recent device is that Google have stopped releasing firmware security updates with your Pixel 2 and you would be left with some serious vulnerabilities even with Pixel phones. The previous Pixel 6A is cheaper and promises a 5 year firmware support from Google. You could still flash something like a Divest OS with your current phone and enjoy it as a media consumption device or any other non-important use case.

I have a librem 5 too, but it’s not really daily driver material.

For my custom rom, the only google apps I chose to install are gcam and maps. Both of these can work without the playstore or other google services. I don’t have the playstore or anything that I don’t want to have on my phone.

It did take me a few years to get to this point. I used stock-ish android for a few phones but as google started to get more aggressive, I started using less and less google services. I transition from stock to rooted stock to lineage to custom builds. For someone making the switch today, the transition will probably be more jarring and disruptive.

1 Like

Pixel + GrapheneOS. GrapheneOS is security oriented though, so they stop supporting Pixel devices as soon as Google does which is ~3yr for older phones, and ~5yr for Pixel 6 or newer.

Louis Rossman has a good video on why GrapheneOS is a good idea GrapheneOS; the greatest mobile OS of all time. Common usability misconceptions DEBUNKED! - YouTube


I’m on the based @w.meri theme and I did not see the apple logo lmao


It still doesn’t solve the fundamental privacy problem all phones have - they connect to a cellular network and operators can and will easily track your movement, what IMEIs your phone number was associated with, who you talk to, who you text, where your internet traffic goes…

I’d say privacy oriented Android variant would be a happy medium, maybe even a bit more private than Linux phones. OK, OK, hear me out… on Android you can have multiple fully functional end-to end encrypted calling and messaging solutions, and on Linux phone it’s a clusterfuck if it works at all.

I love to tinker with tech, but for me a phone must work without too much intervention on my part.

Contrary to popular belief Google doesn’t sell your data, it monetizes some of the data learned from your online behavior, by matching your interests with what advertisers are looking for internally within Google, and probably the most egregious example being Google’s participation in various ad exchanges where the matching is done externally. Our individual activity online results in an ad request being posted on an exchange with a ton of tags, like whether you’re into snorkeling or into guns. (I kind of work in that area - your email or your search query history, or your voiceprint are definitely not leaving the Google datacenter).

Here’s an nice animated explanation:

If you’re sticking with stock Android and want more privacy, rent a smallest VM you can somewhere for like $5 a month, and run pihole filtering there - that way you get to prevent apps and websites from making callouts to gazillion user tracking services while your out and about - or do it from home… or both. Wireguard and/or Tailscale work really well for that.

The point is you can’t run DNS filtering on your phone :frowning:

I don’t think your ISP or a VPN service gathering your browsing habits is as valuable on the market these days with everything being behind a CDN, some still do it, not sure.

Second thing, on Pixel phones with stock Android you have “Settings → Google → Ads” and you have a thing called “Advertising ID” aka device id, which is basically a cookie, you can disable that.

Third thing, there’s various other settings and basic things, for example, never ever connect to an open wifi access point, if you have in the past just prune it from your wifi network list and prune all wifi networks from distant past that were passed down through upgrades from your list. Otherwise, in combination with other settings you’re just advertising your identity as you’re walking around the city and your phone is yelling “own me with a zero day please” - it’s just stupid . There’s also infrasound detection of nearby devices, which is how e.g. your phone knows it can cast stuff to your TV even when not paired. You can turn this off too. There’s other similar settings that generally apply on windows/linux/android/ios that prevent your phone actively reaching out with anything identifiable around you.

Fourth thing is apps and services - this is tough as most alternatives to Google search and Gmail suck in various ways and self hosting everything is super hard. Good stuff for free is just hard, there’s various other posts on the forum that list things like osmand for maps and duck duck go for search and fastmail for gmail. It’s an uphill battle.

Daamn, an overwhelming amount of responses, I’m very grateful!

Will get in after work and answer to everyone, thanks a ton for the comments and suggestions!

the og pinephone is very dailyable, if your a terminally online person thou it wont work for you, the battery is ok but not 3 hours of video playback good. Because of suspend it can last a hole day of non use. The pro is not close to dailyable yet also. So in reality the only thing your missing on the og is apps but a web browser can supplement that

lol you cant fix it only improve on the rest of it, minimization is the name of the game imo at least

Not on stock, but on custom roms and rooted phones, you can blocks ad via the hosts file. I do exactly this on my custom rom.

After looking up everything that was suggested grapheneOS is the clear choice, thank you for the recommendation!
I confused the model that i have and turned out to be a pixel 3 - which os awesome as it was still supported and i installed it, wanted to set it up with aurora store, however wasn’t able to find a direct download for it that has a sha256 or smth like that, the fdroid has a pgp key, but i don’t really need the fdroid itself, just the aurora store.
Did a bit of reading and found out that graphene recently adopted ‘out of the box’ sandboxed google play, which overall seems like it is an even better experience than aurora store - without much downside.
Librem and custom roms seem to be quite far away for now, but i’m very happy that my pixel 3 finaly found its purpose with graphene os.
Will slowly transition and test it for a month afterewards, to give it a proper shot:)

i’ve heard about it, for now at least settled on graphene os - using the hardware that i have but trying smth new and better at the same time:)
thanks for the suggestion though:)

  • the idea here is to try and use the existing hardware, though i should have checked what exact hardware i had before posting lol, turns out it is pixel 3 and it is still supported by the official installe.
  • as far as i understand - the mainly fixed that with the battery section settings on a per app basis, i still went with google for now though…

no luck finding the aurora store verifiable download to install directly from the online, only through the fdroid - and i don’t really need it except for the aurora store download, so went with google - cause you can install it directly from the graphene os.

  • for testing and before comiting and buying smth new even an EOL device should be fine for a couple of months, if i can find the balance - i’ll simply switch with the new pixel version next year.

  • thanks for you point and multiple points!

video was quite interesting and i was lucky enough - as i was confused and the phone that i have is pixel 3, rather than 2 - switched to GrapheneOS, gonna be exploring:)
Thanks for the link!

Set it up and tinker with it but having it fully functional afterwards is nowadays a commodity that i doubt i’d be able to give up, so i agree, privacy oriented android would be the best option, as long as i learn how to set it up so:)

I went with GrapheneOS for now, which should solve the abhorrent tracking that google exercise, i have pfsense set up, so i wouldn’t need a vm, jsut a proper set of rules, however i have it set up at a very basic lvl - because i understand how important it is, but i haven’t had time to deep dive how to properly set up rules or anything else except pfblocker (which blocks a lot, but not to the extent i’d want it to), my understanding was that it is very similar to pihole, so i have that taken care of to a certain degree i guess;)

  • basic device hygiene i am familiar and conscious about, so in this regard i’m actually covered pretty well - haven’t had a targeted ad in as long as i can remember;)
  • it is just the commodity of the iphone that sucked me in and stock android seemed even worse in comparison, so i never tried anything else…
    Thanks for so many thorough options, it makes the effort of transition much easier and the info discovery as well, cheers:)
1 Like

Would you run the sand boxed version of google play or the aurora store on GrapheneOS?

  • i do have an app or two that i’d need to donwload from the google store, i’d like to have them but they’re not required
  • does any one know where to find a signed file for the aurora store?
    • i have found a signed pgp file for the fdroid, but i’m not sure that i need it except for the aurora store, however i wasn’t able to find a signed aurora apk as of yet, any pointers would be greatly appreciated!

Hey, if you remmember post back after a month or so, I’m curious to learn what you like and don’t like about it, from a real user perspective not some poser who installed it for YT review.

1 Like

sure thing, it’s gonna take me a little bit to figure out how to set it up to my liking but afterwards i’ll start the monthly experiment.

And I’ll do a post on how it went and if I’m able to comfortably make the switch when I’m done:)


I switched to aurora store. To reduce the amount apps track, I use shelter (work profile sandbox for gmail and gmaps) and netguard (firewall)

Do the profiles require like the equivalent of logging out from a desktop and relogging to the sandboxed account? I have seen something like this but even though the switch is reasonably quick, will I get notifications from the default profile? Can you run the sandbox concurrent with your default profile?

Work profile doesn’t require relogin

1 Like