Trying to escape the šŸŽ walled garden

Hello, fellas, my questions is how to do the initial android set up in a privacy oriented manner when switching from an ios device?

I have been an ios user for a long while now and whenever i tried to switch and do a basic set up of a pixel 2 that iā€™ve had for a couple of years - i would be so annoyed at the amount of features that google collects that iā€™d quit half way through the set up and just go back to ios.
I used the ios mainly for the reason that iā€™m used to it, Iā€™m not really invested in the ecosystem, as i try to use the apps that are available on both platforms, so that doesnā€™t really matter.
I have been always privacy oriented and initial logic for going ios vs android was the privacy that was advertised for such a long time, and I have no illusions that apple still collects a ton of our data, same as google, the upside was always that apple doesnā€™t sell it, unlike google.
Lately apple seems to be aiming to get into the ad business as well, so that kinda negates the main difference in the long (and not so long) runā€¦
I guess the main question is what are your takes on android vs ios when privacy is concerned and the actual recommendations on setting up an android phone.
So iā€™d like to set up my pixel 2 and test it out anyways, but Iā€™d like to do that in the most privacy oriented manner, would really appreciate the input and recommendations, thanks a lot!

My first suggestion would be graphene OS. I think the pixel 2 is EOL, but you might be able to find the last update to give it a test drive. Calyx OS might be a good alternative too.

https://calyxos.org/

I build my own rom, but thatā€™s not the first choice for most people.

5 Likes

If you want privacy of any sort your only real option is a linux phone - something like a PINE64 PinePhone Pro | PINE64

Linux phones, as nice as I want them to be, cannot be reasonably be daily driven by any stretch of the word. It just is too broken and is not even at par with most dumb phoneā€™s battery life.

I agree with @gee_one regarding Graphene OS but your relationship with your phone will drastically change. Without a corporate overlord providing a proper backend (Firebase Cloud Messaging), you will be ā€œpullingā€ for content on your terms (vs the backend ā€œpushing stuffā€ onto you).

This means you wont get notifications for the vast majority of apps, except a few (Signal has its own backend). Keep that in mind if you want to do Graphene. There is an option to sandbox apps with notifications but I have not fully explored its potential because Iā€™d rather not have Google with me on the device.

Also, the reason you have to have a more recent device is that Google have stopped releasing firmware security updates with your Pixel 2 and you would be left with some serious vulnerabilities even with Pixel phones. The previous Pixel 6A is cheaper and promises a 5 year firmware support from Google. You could still flash something like a Divest OS with your current phone and enjoy it as a media consumption device or any other non-important use case.

I have a librem 5 too, but itā€™s not really daily driver material.

For my custom rom, the only google apps I chose to install are gcam and maps. Both of these can work without the playstore or other google services. I donā€™t have the playstore or anything that I donā€™t want to have on my phone.

It did take me a few years to get to this point. I used stock-ish android for a few phones but as google started to get more aggressive, I started using less and less google services. I transition from stock to rooted stock to lineage to custom builds. For someone making the switch today, the transition will probably be more jarring and disruptive.

1 Like

Pixel + GrapheneOS. GrapheneOS is security oriented though, so they stop supporting Pixel devices as soon as Google does which is ~3yr for older phones, and ~5yr for Pixel 6 or newer.

Louis Rossman has a good video on why GrapheneOS is a good idea GrapheneOS; the greatest mobile OS of all time. Common usability misconceptions DEBUNKED! - YouTube

4 Likes

Iā€™m on the based @w.meri theme and I did not see the apple logo lmao

2 Likes

It still doesnā€™t solve the fundamental privacy problem all phones have - they connect to a cellular network and operators can and will easily track your movement, what IMEIs your phone number was associated with, who you talk to, who you text, where your internet traffic goesā€¦

Iā€™d say privacy oriented Android variant would be a happy medium, maybe even a bit more private than Linux phones. OK, OK, hear me outā€¦ on Android you can have multiple fully functional end-to end encrypted calling and messaging solutions, and on Linux phone itā€™s a clusterfuck if it works at all.

I love to tinker with tech, but for me a phone must work without too much intervention on my part.

Contrary to popular belief Google doesnā€™t sell your data, it monetizes some of the data learned from your online behavior, by matching your interests with what advertisers are looking for internally within Google, and probably the most egregious example being Googleā€™s participation in various ad exchanges where the matching is done externally. Our individual activity online results in an ad request being posted on an exchange with a ton of tags, like whether youā€™re into snorkeling or into guns. (I kind of work in that area - your email or your search query history, or your voiceprint are definitely not leaving the Google datacenter).

Hereā€™s an nice animated explanation:


If youā€™re sticking with stock Android and want more privacy, rent a smallest VM you can somewhere for like $5 a month, and run pihole filtering there - that way you get to prevent apps and websites from making callouts to gazillion user tracking services while your out and about - or do it from homeā€¦ or both. Wireguard and/or Tailscale work really well for that.

The point is you canā€™t run DNS filtering on your phone :frowning:

I donā€™t think your ISP or a VPN service gathering your browsing habits is as valuable on the market these days with everything being behind a CDN, some still do it, not sure.


Second thing, on Pixel phones with stock Android you have ā€œSettings ā†’ Google ā†’ Adsā€ and you have a thing called ā€œAdvertising IDā€ aka device id, which is basically a cookie, you can disable that.


Third thing, thereā€™s various other settings and basic things, for example, never ever connect to an open wifi access point, if you have in the past just prune it from your wifi network list and prune all wifi networks from distant past that were passed down through upgrades from your list. Otherwise, in combination with other settings youā€™re just advertising your identity as youā€™re walking around the city and your phone is yelling ā€œown me with a zero day pleaseā€ - itā€™s just stupid . Thereā€™s also infrasound detection of nearby devices, which is how e.g. your phone knows it can cast stuff to your TV even when not paired. You can turn this off too. Thereā€™s other similar settings that generally apply on windows/linux/android/ios that prevent your phone actively reaching out with anything identifiable around you.


Fourth thing is apps and services - this is tough as most alternatives to Google search and Gmail suck in various ways and self hosting everything is super hard. Good stuff for free is just hard, thereā€™s various other posts on the forum that list things like osmand for maps and duck duck go for search and fastmail for gmail. Itā€™s an uphill battle.

Daamn, an overwhelming amount of responses, Iā€™m very grateful!

Will get in after work and answer to everyone, thanks a ton for the comments and suggestions!

the og pinephone is very dailyable, if your a terminally online person thou it wont work for you, the battery is ok but not 3 hours of video playback good. Because of suspend it can last a hole day of non use. The pro is not close to dailyable yet also. So in reality the only thing your missing on the og is apps but a web browser can supplement that

lol you cant fix it only improve on the rest of it, minimization is the name of the game imo at least

Not on stock, but on custom roms and rooted phones, you can blocks ad via the hosts file. I do exactly this on my custom rom.

After looking up everything that was suggested grapheneOS is the clear choice, thank you for the recommendation!
I confused the model that i have and turned out to be a pixel 3 - which os awesome as it was still supported and i installed it, wanted to set it up with aurora store, however wasnā€™t able to find a direct download for it that has a sha256 or smth like that, the fdroid has a pgp key, but i donā€™t really need the fdroid itself, just the aurora store.
Did a bit of reading and found out that graphene recently adopted ā€˜out of the boxā€™ sandboxed google play, which overall seems like it is an even better experience than aurora store - without much downside.
Librem and custom roms seem to be quite far away for now, but iā€™m very happy that my pixel 3 finaly found its purpose with graphene os.
Will slowly transition and test it for a month afterewards, to give it a proper shot:)

iā€™ve heard about it, for now at least settled on graphene os - using the hardware that i have but trying smth new and better at the same time:)
thanks for the suggestion though:)

  • the idea here is to try and use the existing hardware, though i should have checked what exact hardware i had before posting lol, turns out it is pixel 3 and it is still supported by the official installe.
  • as far as i understand - the mainly fixed that with the battery section settings on a per app basis, i still went with google for now thoughā€¦

no luck finding the aurora store verifiable download to install directly from the online, only through the fdroid - and i donā€™t really need it except for the aurora store download, so went with google - cause you can install it directly from the graphene os.

  • for testing and before comiting and buying smth new even an EOL device should be fine for a couple of months, if i can find the balance - iā€™ll simply switch with the new pixel version next year.

  • thanks for you point and multiple points!

video was quite interesting and i was lucky enough - as i was confused and the phone that i have is pixel 3, rather than 2 - switched to GrapheneOS, gonna be exploring:)
Thanks for the link!

Set it up and tinker with it but having it fully functional afterwards is nowadays a commodity that i doubt iā€™d be able to give up, so i agree, privacy oriented android would be the best option, as long as i learn how to set it up so:)

I went with GrapheneOS for now, which should solve the abhorrent tracking that google exercise, i have pfsense set up, so i wouldnā€™t need a vm, jsut a proper set of rules, however i have it set up at a very basic lvl - because i understand how important it is, but i havenā€™t had time to deep dive how to properly set up rules or anything else except pfblocker (which blocks a lot, but not to the extent iā€™d want it to), my understanding was that it is very similar to pihole, so i have that taken care of to a certain degree i guess;)

  • basic device hygiene i am familiar and conscious about, so in this regard iā€™m actually covered pretty well - havenā€™t had a targeted ad in as long as i can remember;)
  • it is just the commodity of the iphone that sucked me in and stock android seemed even worse in comparison, so i never tried anything elseā€¦
    Thanks for so many thorough options, it makes the effort of transition much easier and the info discovery as well, cheers:)
1 Like

Would you run the sand boxed version of google play or the aurora store on GrapheneOS?

  • i do have an app or two that iā€™d need to donwload from the google store, iā€™d like to have them but theyā€™re not required
  • does any one know where to find a signed file for the aurora store?
    • i have found a signed pgp file for the fdroid, but iā€™m not sure that i need it except for the aurora store, however i wasnā€™t able to find a signed aurora apk as of yet, any pointers would be greatly appreciated!

Hey, if you remmember post back after a month or so, Iā€™m curious to learn what you like and donā€™t like about it, from a real user perspective not some poser who installed it for YT review.

1 Like

sure thing, itā€™s gonna take me a little bit to figure out how to set it up to my liking but afterwards iā€™ll start the monthly experiment.

And Iā€™ll do a post on how it went and if Iā€™m able to comfortably make the switch when Iā€™m done:)

3 Likes

I switched to aurora store. To reduce the amount apps track, I use shelter (work profile sandbox for gmail and gmaps) and netguard (firewall)

Do the profiles require like the equivalent of logging out from a desktop and relogging to the sandboxed account? I have seen something like this but even though the switch is reasonably quick, will I get notifications from the default profile? Can you run the sandbox concurrent with your default profile?

Work profile doesnā€™t require relogin

1 Like