from someacnt@sh.itjust.works to privacy@lemmy.ml on 24 May 04:09
https://sh.itjust.works/post/38599241
My current phone is 7 years old, does not support recent android versions, and battery life is becoming atrocious. This feels like right time to change my phone.
Currently, I know of & am considering 3 options:
- Google Pixel
- iPhone
- Samsung Galaxy
I heard that Pixel is the best choice for privacy, despite it being Google^TM. Should I go with it, and install Graphene OS or similar options? The very fact that the name “Google” is attached makes me nervous. Also, I don’t think I can trust android, so I would have to install Graphene OS or the like. In the case, app support would be lacking, though.
I am considering iPhone as well, since it has “reputation” of being secure. Of course, Apple can access my data, but that might be a good enough compromise? Honestly, I don’t know. It’s the best supported option as well - lots of apps support iPhone.
Galaxy is just the one that I am the most familiar with (my current one is Galaxy S8). I don’t trust it, though. Do they even make good hardware nowadays?
EDIT: Turns out, Pixel phones are poorly supported by local telecomm companies. It is relatively cheap though. Still worth it?
EDIT2: I heard that data & message is fine, but the call quality is impacted by lack of VoLTE compatibility.
threaded - newest
In my opinion, the Google Pixel with GrapheneOS is considered the gold standard in terms of security and privacy. While I am not fully knowledgeable about its capabilities, it offers a comprehensive suite of security features.
The iPhone is also a viable option. Users can easily swap between iCloud to a more secure encrypted provider for both cloud storage and photo backups. Additionally, any notes application can be replaced with a more secure alternative.
Samsung phones can support a range of operating system images that can be flashed, including LineageOS. However, I am not fully aware of all the available options.
🤭
lol idk what you find amusing about that but okay
iPhone 15 (the most recent model without AI) is perfectly adequate for most people.
Por que no los e/OS with a Morena phone?
e/OS is miles behind GrapheneOS and even CalyxOS. I see no reason to go that route if you’ll be much better served by any modestly modern Pixel phone and GrapheneOS.
e/OS/ is often behind on Android monthly security patches by a month or more. Insecure and not very deblobbed of proprietary blobs, especially when compared to GrapheneOS.
Does GrapheneOS support inTune Company Portal and work profiles? I would love to switch but my work requires these to install teams and outlook
The best solution in that situation is to have a work phone and a personal phone. If your own private phone cannot install the work apps then it’s up to your employer to ensure you have the tools you need for your work.
From an IT Security perspective that is what your employer should want too as that allows them to confiscate the phone if letting you go.
Tell me you don’t work in a non-union job in the USA without telling me you don’t work in a non-union job in the USA.
Well, you couldn’t pay me to be in the USA
<img alt="" src="https://lemmy.world/pictrs/image/85230cda-43e3-4dc6-b35f-72eb09121887.jpeg">
Edit: salty, aren’t we.
What’s this about salt? O_o
<img alt="" src="https://sopuli.xyz/pictrs/image/efef5b34-139a-4e9f-a3a8-a6b3f2e970d7.webp">
You’re not salty; the downvotes are. I’m at a -1 and I think it was worse earlier.
.
<img alt="" src="https://lemmy.world/pictrs/image/80ce28c6-b81f-42b0-896d-2ca82fad4be2.jpeg">
GrapheneOS affords you the ability to have completely isolated and distinct phone profiles, where you can install all your required work apps. They are installed separate from your main profile, kind of like second or third phone. No need for a completely different device.
GrapheneOS instantiates an improved version of this feature that Android already offers. It’s a great way to keep things separate. I do the same. Who wants to stuff their pockets or bags with more phones?
You can read about that here.
Idk if it’s company dependent but mine would not. Ended up getting a second work phone because of it.
I didn’t realize that Purism phones don’t have internationally compatible modems. As someone who travels a lot, that’s unfortunately a dealbreaker.
I am surprised Google still allows to open the bootloader, with all the bitching they have been doing towards sideloading apps, play integrity BS and making android more similar to iOS in general terms…
Googles devices have always been able to have custom ROMs, I even had a Nexus 2 long ago and that was moddable.
Yeah, but you need to concede that their efforts to block “unofficial” users have strengthened as of lately… That’s why I think they might do a Xiaomi move sooner or later.
Please note: You must buy the “Unlocked - Works with any carrier” version of the Pixel via Googles website (or from a reputable source that ensures it is/was not carrier locked). Anything else will have a permanently locked boot loader and no way to install Graphene.
Oh my, that sounds difficult. What does “permanently locked bootloader” mean? I was just going to buy at local phone shop…
EDIT: Turns out, local phone shop does not sell Google Pixel. Gotta buy from official google store…
Actually, if you buy a Pixel, you need to get the “google edition” version, which google sells directly. If you’re buying used, specifically search for the “google edition” version. I have a Pixel 6 Pro running Graphine OS and I love it. It’s not difficult to install.
I usually just buy them used.
You have to look for the unlocked version though. They usually sell for a little bit more but it’s worth paying the extra.
Where can the seller check if it is the unlocked one?
Setting --> About Phone --> Software information --> Tap Build Number 7 times, type pin if prompted. --> Back to Main Settings menu --> Developer Options --> Look for a “Allow Bootloader to be Unlocked” or similar wording. If you can check the box, it should be bootloader unlockable. (I’ve never tried it myself, I just dig around settings a lot through curiosity)
“Permanently locked bootloader” means you can’t unlock the bootloader so you can flash a different OS. If you can’t unlock the bootloader, you can’t flash. A lot of phones are like this, like Samsung’s galaxy series. I got really fucked by Samsung with the S10 because of this. You need to buy a specific type of phone and security patch if you want to flash. I went with the Pixel bought unlocked from Google so I could use GrapheneOS. It was very easy to unlock the bootloader and then relock it back. I noticed you said the pixel does not have good reception in your country, I would look more into this before going with it if this is the case.
I got my Pixel 7 from T-Mobile… The OEM unlocking toggle shows up in developer settings. An internet search implies I have a unicorn.
Depends on the carrier and the specific deal. I have a Pixel 7 Pro from T-Mobile. And it was able to be unlocked after one year of service in good standing. T-Mobile has traditionally been pretty good about that, though that kind of thing often shifts once companies have major mergers. And the Sprint merger screwed them up in a lot of ways that are still working their way down to customers losing services and features.
Rotary
🍌
Telegraph with One Time Pad
Just to let you know, GrapheneOS uses AOSP (the base Android system) and sandboxed Google Play Services, making it compatible with 90% of all Android applications. From what I’ve heard (don’t take my word for it), the apps that have the least compatibility / more breakage are banking ones.
Yeah, the problem is with the one banking app I frequent.
While this tends to be true, the vast majority of the banking app incompatibilities are overcome with a simple app-specific toggle.
Which toggle is that and does it work with cash app?
Exploit Protection Compatibility Mode. It’s a setting that relaxes this particular security enhancement for a given app.
It’s worth knowing that NFC payments do not work with Graphene currently.
Oh I didn’t know NFC payments were not working. No workaround?
Not currently. It will require Google to’allow’ tap-to-pay on Graphene. Other NFC functions work fine.
For my use, it’s not a big deal. Tapping my card is easy enough
Thanks for the explanation. Unfortunately this is a major feature for me. I just don’t carry cards anymore
That’s fair. Privacy and security generally come at some cost of convenience. Everyone has their own personal balance.
Oh shit, this is working.
The other answers are correct but I have not gotten cashapp to work. I use an old phone connected to my current phone via hotspot on the rare occasion I need cashapp.
I still recommend GrapheneOS regardless, almost everything else works with nothing more than minor tweaks. If you want something that “just works”, you’ll run into some hangups. Privacy unfortunately has a cost.
Yeah I’ve been using graphene for about a year without many issues, cash app is the only one I still can’t get working.
Dude the exploit protection compatibility mode worked. I’m logged in
Great! 👍
It does not “use” AOSP, it’s built on AOSP, like every Android device.
AOSP is like the foundation of any Android OS.
Yes, that was a poor choice of words on my part; I do apologize about that.
The banking app thing is unfortunate, but then I kinda realized that I don’t really need them anyway. I have all the features I need in browser, and text notifications set up for when I spend money.
The wallet not working REALLY sucks, but if I look on the bright side that’s one less thing Google knows about me and my spending.
Sunbeam f1
Pixel unlocked and install grapheneOS or lineageOS
.
GrapheneOS tested and I ended up going back to Apple.
It’s good in concept but in reality you’re just forced to used play services because most apps require it, but you lose mobile payment and access to some apps because you’re not running a whitelisted OS. App makers don’t give a fuck because custom ROM users are fewer than Linux users, and we all know most software and games don’t give a fuck about Linux users.
Stock GrapheneOS also feels like a jump in the past in terms of UI and accessibility. I felt like I was always going out of my way to make it somewhat usable.
The Pixel also has a battery that doesn’t last long and poor charge retention on idle (Android phones do be like that though). I found out that many tasks cause it to heat a lot. Something like updating an app takes ages and shows visual bugs, like no progress indicator.
I hate Apple but at least I trust that they don’t sell my data to everyone, and they have a good UI.
If the end it’s about how much you’re willing to trade your convenience for privacy. I realized I wasn’t ready.
The same corporation that donated money to a fascist?
🤔
What? Who?
You prefer Google, a company that actively works with Israel for military purposes, against Palestinians, by offering them their cloud services, and then firing the employees that were protesting? It must feel good to purchase a Pixel from them, heh?
I never said to buy a pixel, I merely refuted your claim of apple being “the good guys”
How does Google being evil make Apple any better? Google, Apple, its both the same. Same genocide. You are being hypocritical by accusing others of being pro-genocide while you yourself are supporting genocide yourself. Get off your high horse, you are just a Pro-Apple Pro-Israel supporter that hate Palestinians, you literally cannot claim to have the “moral high ground”.
Me, critical about Google because they passed a deal with Israel against Palestinians
You:
Ok buddy
Apart from that, where did I say that would make Apple better? I asked for proof that Apple donated money to a fascist. I’m still waiting for that, because afaik it did not.
Plus about you original comment, I don’t see any link with them not selling my data and being able to donate to a so-called fascist.
I’ve never said they were. I was just saying what was my preferred phone for privacy and convenience. I also said I hated them. That’s straw man fallacy.
pigeon with paper that lights itself on fire when human skin touches it
What apps do you need? Do you know that app support is lacking on GOS or just think it? I would go with Pixel8a and GOS.
In EU, I would recommend a xiaomi. Cheap, bootloader unlockable (which breaks security a little since you cant relock), but they are a gamble in terms of reliability.
I think you’re mixing privacy with security, iPhone is secure but it’s not private, it’s slighty more private than Google Android but not what would you call private.
Samsung can soft brick your phone so basically backdoor.
Google Pixel with custom ROM like GrapheneOS or CalyxOS is considered to be best in terms of privacy.
Another cheaper alternative if you don’t want to give money to Google or spend too much is Motorola G32, G42, G52 with CalyxOS but to unlock bootloader you have to make account on their website.
I’m currently testing lineageos on a oneplus 6t since it is dirt cheap (from 50€$) ob ebay.
So far my track record has been:
As with all custom roms, you need to unlock the bootloader and if you dont encrypt, you should not do anything on the phone that cant ever be found by a third party, say law enforcement. I would argue that the majority of phones with a locked bootloader arent any better but apparently, if you want that extra security, graphene on a pixel seems to be much more fitting. I have heard of issues with reliability so I’ll stick with lineage.
I do develop for and did try postmarketos (actual linux) and I love it. But its absolutely not end user ready from last time i used it. If you tinker and want to help, postmarketos deserves your help but please dont use it as a daily and expect more than 80% reliability. Its for people who love linux and want it to become the real deal and who can manage their frustrations.
Privacy finished with the first Smartphone
I bought a Fairphone 3 and put LineageOS on it a few years back and can recommend it. LineageOS is less secure than GrapheneOS as far as I can tell but the privacy aspect is there, as you have a completely degoogled phone. I have some friends that have the same setup on the newer Fairphones and they are also very happy and have a smoother experience than me, because it is a newer phone.
Fairphone is an European country that has a move to open source (www.fairphone.com/en/open-source/).
To the compatibility and functionality:
In general you will find an replacement for every app you now use that is from a big company. Open Source came a long way and most alternatives are even better in my opinion.
Use Galaxy with debloater (you can also remove Google Play Services) + AdGuard DNS + TrackerControl (you can get with droidify)
You can also dual boot Linux desktop distro on it also.
This way you get best performance and all the choices.
Fixed URL to universal-android-debloater
Somehow Lemmy in the browser was able to deal with the URL formatting, but the app I use wasn’t.
Thanks, edited, hopefully it’s fixed for everyone
Disentangling privacy and security, and potentially other priorities, e.g. secrecy, anonymity, etc might be important before making suggestion.
Another way to help deciding what is the best choice for you, not necessarily anybody else, is what is your threat model?
An analogy I thought recently is “Are you putting a very tough lock on your door but leaving the windows opened?” or “Are you locking your car but walking outside naked?”. The point here is not to imply that people do obvious mistakes but rather that, truly there are people who go to parades naked AND lock their cars. The concerns can be orthogonal and thus must be considered individually. For that I believe thinking about “who the enemy is” as a way to discover your threat model is interesting, namely :
Are you worried by :
The answer to those questions will then provide you a more limited set of options. Basically I would argue only the 3rd option ties tightly with security but that’s up to a certain extent and companies like Pegasus shows that it can also be done at scale, for profit. Still, AFAICT it wasn’t done for a random person BUT that was few years ago.
Anyway one you go through options, e.g. iPhone vs Android vs deGoogled Android vs Linux phone vs dumb phone you will see your usage itself will have to change. This is not necessarily a bad thing but it is not something most people will think about initially.
I suggest then to… try. I know it’s not the answer you want but what you are asking for, I believe, is genuine change. It is about the technology, yes, but it also is about your habits. Consequently it is a process with some success, failures, cascading changes and thus IMHO must be iterated on.
It is worth it though.
Using a Pixel 6 with Graphene here with google services in their sandbox. It’s pretty neat, especially with apps like Firefox+uBlock and GrayJay, which let me also block 99% of ads, which was very important to me. I have not had trouble with any banking apps either.
I’ve been rocking a Pixel 8 pro with Graphene OS for a year and change and it was a great experience after being an iPhone user for 8 years aproximately.
The install process is great, automatic and foolproof, you just need the phone, usb cable (probably came with your phone) and a computer with a Chromium-based browser.
App support hasn’t been a problem for me, you can reach for Aurora Store (anonymous Play Store client) if you really need something from there. Otherwise you have F-droid and the usual suspects and also Accrescent, which Graphene offers through its own app store, but barely has anything as of today.
I setup Shelter to have some apps more isolated and being able to just not see them if I want, namely some Microsoft apps I need for work and some that depend o Google’s services. Shelter is recommended by privacyguides.org, so you should be fine using it.
I think Pixel/Graphene is probably your best option for security if you need it. Privacy I guess you can achieve many other ways.
Any inconveniences you’ve noticed with Graphene? For example I’ve heard tap to pay functionality doesn’t work.
I guess there are some tradeoffs, for sure. I’ve encountered a couple things:
I think that’s it, really. I found the actual user experience to be quite breezy.
Tanks for your clarification!
Which doesn’t mean private.
Pixel+Graphene is a common suggestion.
For real privacy you can’t beat these.
You should consider buying a flip phone and only put in SIM card when you need it, assuming you can acquire SIM card without your name on it where you live
Flipphones are just less feature, same spying.
These flip phones dont have anything other than a SIM card
For the vast majority of flip phones currently available on the market, if they’re not running some version of KiaOS, they’re running stock Android - with all the Google spying that entails - under the hood.
No end to end encryption, it’s plaintext for the service provider
Yes and that shouldnt matter because you are not supposed to use these phones for anything other than calling when you need someone
Ah, well I never need voice chat so…
I owned 4 Samsungs: S8, S10e, S22 and S24 Ultra. Their products got worse. An example is the recent One Ui 7 update, it is just terrible: My notification area that works perfectly fine before, is now changed; my battery life got worse…etc.
Even if I ignore the update, Samsung products are just not great anymore. Remember when a Galaxy can take really great photos? Those days are gone. My S24 Ultra takes the worst pictures in comparison to a Xiaomi or Huawei. Heck, even the controversial Asus Zenfone 10 takes better picture. Sure the Galaxy has better Megapixels, but the AI bullshit makes it so the colors are all wrong.
With that said, you want to go for Pixel + GrapheneOS. Anything that is close to stock Android should be ok. Oh, and stay away from anything with a lot of AI.
This! I even installed an AOSP Rom to get rid of this shit.
On a Samsung Galaxy? I have one and am also similarly frustrated with the changes, but it seems like the support for custom roms is poor.
Yes. Support is poor. However there are two good ones with only minor issues. The Pixel on and the Voltage OS Rom. Both can be found at XDA.
If you swipe down on the notifs twice, you can edit them to be similar to the previous style.
On topic of your post, fuuuuck everything about their forcing AI, but my biggest gripe is how they moved the audio display (from, like, Spotify or audiobook readers/podcast apps) to the bottom of the lock screen as a tiny bar on the bottom instead of showing me all the info as it did before. It’s super annoying when I swipe to unlock and pause what I’m listening to.
yeh the other day I accidentally swiped down and touched the Media section. It automatically played my music, eventhough the music app was off lol. Luckily it didnt play any “videos”…
Lol, could’ve been bad. I hate the new UI.
.
Pinephone. It is what I use.
Out of the options you mentioned, Pixel with a custom rom (GrapheneOS, CalyxOS, etc.) is probably the best bet. Seconded by any Samsung that could run a custom rom, though I agree with others here that the hardware is better on the Pixels. Plus they have extra security hardware features that will be better. Of course, if things are weird with your telecom, that might effect things (trust me, been there with an Ubuntu Touch phone before.)
Another option you could look at depending on where you are is Murena’s phones. They have a bunch of options pre-flashed with their de-Googled rom /e/ os. Not my favorite rom, but still not bad! And of course those can be flashed with another rom if you want as well!
My old phone is on its last leg, but I’m holding out for a Huawei or VIVO with HarmonyNextOS. I so want to end everything Google.
shift
Yes. Google’s framework service seems to be spyware.
GrapheneOS does seem to be the best way to address the privacy concerns with Android. There’s also LineageOS and others.
Uh…Android is the single most popular operating system in the history of operating systems. The app support is quite good.
If you mean because many apps require Google Farmwork Services, and GrapheneOS replaces it - I find that to be a largely solved problem. The GrapheneOS neutered rebuild of Google Framework Services now fools most apps into working.
It’s been years since I encountered an app that actually couldn’t run on GrapheneOS, unless the app was aggressively trying to spy on me.
The remaining issue tends to be bank and credit union apps, which aggressively spy on their users “for security”. I work around this by using my credit union’s mobile website, instead. It has all of the same features without the spying, anyway.
Just for clarity, Graphene doesn’t provide a “neutered” version of play services - the version of play services which runs is the same code as provided by Google, with the only difference being that it runs in a sandbox which only grants it the same level of permission as normal apps (which you can choose to grant or not) rather than running as effectively root on your device like it does on most android phones.
Docs: grapheneos.org/usage#sandboxed-google-play
Nokia 3310