Hello, fellas, my questions is how to do the initial android set up in a privacy oriented manner when switching from an ios device?
I have been an ios user for a long while now and whenever i tried to switch and do a basic set up of a pixel 2 that iāve had for a couple of years - i would be so annoyed at the amount of features that google collects that iād quit half way through the set up and just go back to ios.
I used the ios mainly for the reason that iām used to it, Iām not really invested in the ecosystem, as i try to use the apps that are available on both platforms, so that doesnāt really matter.
I have been always privacy oriented and initial logic for going ios vs android was the privacy that was advertised for such a long time, and I have no illusions that apple still collects a ton of our data, same as google, the upside was always that apple doesnāt sell it, unlike google.
Lately apple seems to be aiming to get into the ad business as well, so that kinda negates the main difference in the long (and not so long) runā¦
I guess the main question is what are your takes on android vs ios when privacy is concerned and the actual recommendations on setting up an android phone.
So iād like to set up my pixel 2 and test it out anyways, but Iād like to do that in the most privacy oriented manner, would really appreciate the input and recommendations, thanks a lot!
My first suggestion would be graphene OS. I think the pixel 2 is EOL, but you might be able to find the last update to give it a test drive. Calyx OS might be a good alternative too.
Linux phones, as nice as I want them to be, cannot be reasonably be daily driven by any stretch of the word. It just is too broken and is not even at par with most dumb phoneās battery life.
I agree with @gee_one regarding Graphene OS but your relationship with your phone will drastically change. Without a corporate overlord providing a proper backend (Firebase Cloud Messaging), you will be āpullingā for content on your terms (vs the backend āpushing stuffā onto you).
This means you wont get notifications for the vast majority of apps, except a few (Signal has its own backend). Keep that in mind if you want to do Graphene. There is an option to sandbox apps with notifications but I have not fully explored its potential because Iād rather not have Google with me on the device.
Also, the reason you have to have a more recent device is that Google have stopped releasing firmware security updates with your Pixel 2 and you would be left with some serious vulnerabilities even with Pixel phones. The previous Pixel 6A is cheaper and promises a 5 year firmware support from Google. You could still flash something like a Divest OS with your current phone and enjoy it as a media consumption device or any other non-important use case.
I have a librem 5 too, but itās not really daily driver material.
For my custom rom, the only google apps I chose to install are gcam and maps. Both of these can work without the playstore or other google services. I donāt have the playstore or anything that I donāt want to have on my phone.
It did take me a few years to get to this point. I used stock-ish android for a few phones but as google started to get more aggressive, I started using less and less google services. I transition from stock to rooted stock to lineage to custom builds. For someone making the switch today, the transition will probably be more jarring and disruptive.
Pixel + GrapheneOS. GrapheneOS is security oriented though, so they stop supporting Pixel devices as soon as Google does which is ~3yr for older phones, and ~5yr for Pixel 6 or newer.
It still doesnāt solve the fundamental privacy problem all phones have - they connect to a cellular network and operators can and will easily track your movement, what IMEIs your phone number was associated with, who you talk to, who you text, where your internet traffic goesā¦
Iād say privacy oriented Android variant would be a happy medium, maybe even a bit more private than Linux phones. OK, OK, hear me outā¦ on Android you can have multiple fully functional end-to end encrypted calling and messaging solutions, and on Linux phone itās a clusterfuck if it works at all.
I love to tinker with tech, but for me a phone must work without too much intervention on my part.
Contrary to popular belief Google doesnāt sell your data, it monetizes some of the data learned from your online behavior, by matching your interests with what advertisers are looking for internally within Google, and probably the most egregious example being Googleās participation in various ad exchanges where the matching is done externally. Our individual activity online results in an ad request being posted on an exchange with a ton of tags, like whether youāre into snorkeling or into guns. (I kind of work in that area - your email or your search query history, or your voiceprint are definitely not leaving the Google datacenter).
Hereās an nice animated explanation:
If youāre sticking with stock Android and want more privacy, rent a smallest VM you can somewhere for like $5 a month, and run pihole filtering there - that way you get to prevent apps and websites from making callouts to gazillion user tracking services while your out and about - or do it from homeā¦ or both. Wireguard and/or Tailscale work really well for that.
The point is you canāt run DNS filtering on your phone
I donāt think your ISP or a VPN service gathering your browsing habits is as valuable on the market these days with everything being behind a CDN, some still do it, not sure.
Second thing, on Pixel phones with stock Android you have āSettings ā Google ā Adsā and you have a thing called āAdvertising IDā aka device id, which is basically a cookie, you can disable that.
Third thing, thereās various other settings and basic things, for example, never ever connect to an open wifi access point, if you have in the past just prune it from your wifi network list and prune all wifi networks from distant past that were passed down through upgrades from your list. Otherwise, in combination with other settings youāre just advertising your identity as youāre walking around the city and your phone is yelling āown me with a zero day pleaseā - itās just stupid . Thereās also infrasound detection of nearby devices, which is how e.g. your phone knows it can cast stuff to your TV even when not paired. You can turn this off too. Thereās other similar settings that generally apply on windows/linux/android/ios that prevent your phone actively reaching out with anything identifiable around you.
Fourth thing is apps and services - this is tough as most alternatives to Google search and Gmail suck in various ways and self hosting everything is super hard. Good stuff for free is just hard, thereās various other posts on the forum that list things like osmand for maps and duck duck go for search and fastmail for gmail. Itās an uphill battle.
the og pinephone is very dailyable, if your a terminally online person thou it wont work for you, the battery is ok but not 3 hours of video playback good. Because of suspend it can last a hole day of non use. The pro is not close to dailyable yet also. So in reality the only thing your missing on the og is apps but a web browser can supplement that
After looking up everything that was suggested grapheneOS is the clear choice, thank you for the recommendation!
I confused the model that i have and turned out to be a pixel 3 - which os awesome as it was still supported and i installed it, wanted to set it up with aurora store, however wasnāt able to find a direct download for it that has a sha256 or smth like that, the fdroid has a pgp key, but i donāt really need the fdroid itself, just the aurora store.
Did a bit of reading and found out that graphene recently adopted āout of the boxā sandboxed google play, which overall seems like it is an even better experience than aurora store - without much downside.
Librem and custom roms seem to be quite far away for now, but iām very happy that my pixel 3 finaly found its purpose with graphene os.
Will slowly transition and test it for a month afterewards, to give it a proper shot:)
iāve heard about it, for now at least settled on graphene os - using the hardware that i have but trying smth new and better at the same time:)
thanks for the suggestion though:)
the idea here is to try and use the existing hardware, though i should have checked what exact hardware i had before posting lol, turns out it is pixel 3 and it is still supported by the official installe.
as far as i understand - the mainly fixed that with the battery section settings on a per app basis, i still went with google for now thoughā¦
no luck finding the aurora store verifiable download to install directly from the online, only through the fdroid - and i donāt really need it except for the aurora store download, so went with google - cause you can install it directly from the graphene os.
for testing and before comiting and buying smth new even an EOL device should be fine for a couple of months, if i can find the balance - iāll simply switch with the new pixel version next year.
thanks for you point and multiple points!
video was quite interesting and i was lucky enough - as i was confused and the phone that i have is pixel 3, rather than 2 - switched to GrapheneOS, gonna be exploring:)
Thanks for the link!
Set it up and tinker with it but having it fully functional afterwards is nowadays a commodity that i doubt iād be able to give up, so i agree, privacy oriented android would be the best option, as long as i learn how to set it up so:)
I went with GrapheneOS for now, which should solve the abhorrent tracking that google exercise, i have pfsense set up, so i wouldnāt need a vm, jsut a proper set of rules, however i have it set up at a very basic lvl - because i understand how important it is, but i havenāt had time to deep dive how to properly set up rules or anything else except pfblocker (which blocks a lot, but not to the extent iād want it to), my understanding was that it is very similar to pihole, so i have that taken care of to a certain degree i guess;)
basic device hygiene i am familiar and conscious about, so in this regard iām actually covered pretty well - havenāt had a targeted ad in as long as i can remember;)
it is just the commodity of the iphone that sucked me in and stock android seemed even worse in comparison, so i never tried anything elseā¦
Thanks for so many thorough options, it makes the effort of transition much easier and the info discovery as well, cheers:)
Would you run the sand boxed version of google play or the aurora store on GrapheneOS?
i do have an app or two that iād need to donwload from the google store, iād like to have them but theyāre not required
does any one know where to find a signed file for the aurora store?
i have found a signed pgp file for the fdroid, but iām not sure that i need it except for the aurora store, however i wasnāt able to find a signed aurora apk as of yet, any pointers would be greatly appreciated!
Hey, if you remmember post back after a month or so, Iām curious to learn what you like and donāt like about it, from a real user perspective not some poser who installed it for YT review.
Do the profiles require like the equivalent of logging out from a desktop and relogging to the sandboxed account? I have seen something like this but even though the switch is reasonably quick, will I get notifications from the default profile? Can you run the sandbox concurrent with your default profile?