DeGoogle Yourself @lemmy.ml tubbadu @lemmy.kde.social 12 mo. ago

My internal fight over what device to buy

Hello there! This is my problem: I'm going to buy a new smartphone, and I'd really like to degoogle myself as much as possible. The idea would be to buy a device compatible with LineageOS, but... Supported devices are usually older models, and often there are newer devices with better specs for the same price, that does not support lineageOS. Is seems a shame to buy a device with lower specs than another one just because of software compatibility. So the alternative would be to buy an unsupported device, unlock the bootloader and debloat it as much as possible, flash privileged fdroid and aurora store on it, install microg, etc... What do you suggest me to do? Is the second alternative a viable option? What other steps should I do if I decide to go that way?

Thanks in advance folks!

Edit:
Thanks to anyone for the great answers! I finally decided to buy a pixel 6 (or 6 pro if I find a good deal) and install a custom ROM on it! GrapheneOS will support it for "only" 3 more years, while other roms like lineageos or divestos will have longer support. What do you suggest? Graphene OS and when support ends switch to another one? O directly use the other one?

63 comments

Ironically, the best devices for degoogling are Pixels. You can unlock the bootloader very easily and then flash something like GrapheneOS or CalyxOS, and finally even relock the bootloader afterwards for security. Graphene can run google services in a sandboxed mode and Calyx has microG by default iirc.
- Thanks for the answer! Sadly pixel devices have no SD card, and it is a quite important feature for me
  
  Why not just buy a usb-c to sd card reader for $8 on amazon? Wouldn't it be better to comprimise a bit of convenience then installing a less secure / private rom
  
  Out of interest what specifically do you use an SD card for?
  
  Permanently Deleted
The best option would be a Pixel running GrapheneOS. If you don't want a Pixel, a well supported device with DivestOS (look for a recent one with a relockable bootloader) would be your best option. Debloating a stock OS isn't recommended since those apps will come back anyway should the system update. Leaving your bootloader unlocked and rooting your phone as well is detrimental to Android security. Please don't do that. See a third party OS comparison Also see:

DivestOS golden devices page

DivesrOS FAQ

DivestOS explanation on patch levels
- thanks for the answer!
  
  Debloating a stock OS isn’t recommended since those apps will come back anyway should the system update
  
  really? at every OS update they will be brought back? there is no way to prevent that?
  
  Leaving your bootloader unlocked and rooting your phone as well is detrimental to Android security. Please don’t do that.
  
  my option #2 was to unlock the bootloader only to debloat and to flash privileged apps like fdroid, and then lock it again. Would this still be dangerous?
  
  Unfortunately, yeah, see this discussion on stock Android debloating . As for 2, I don't think you even need that anymore, the new F-Droid basic apps can do automatic update out of the box.
  
  I think system apps are basically baked into the OS/ROM image (probably not the right term, but you know what I mean) which is why you can often only disable them - that's how they're there in the first place, they need to still exist somewhere so they come back on a factor reset. Don't know if a system update would necessarily bring them back though.
  
  Unlocking the bootloader to install a ROM and then re-locking it is fine (I believe that's what GrapheneOS does at least), just don't leave it unlocked when you're done. Root is the big security vulnerability so best not to have it unless you really really need it and are willing to take the risk. I don't think you need a bootloader unlock for installing any apps though, isn't fdroid just a normal app install?
I am dismayed at the current scenario of basically nothing but the pixels being supported for rooting (not the fault of the community). Also a bit saddened by how easily everyone has accepted it.

If I don't go the pixel route, I will probably purchase a cheap OnePlus mobile next year with at least kernel version 5.10. By next year, KernelSU should be more mature, and if you know about KernelSU, you know that passing SafetyNet is not a problem. I'd run microG in the work profile and put my apps there, and also debloat the pathetic excuse of ColourOS (or whatever Oppo uses). Fuckwads couldn't even keep the damn tool open to unbrick devices (which is why development stopped). By next year I just need to figure out how to install patches with a modded kernel.

Sorry that doesn't answer your question since you need a mobile now. I'm just quite annoyed at the state we are in. I really hope linux mobiles take off in the near future and I don't have to deal with such nonsense.
- I am dismayed at the current scenario of basically nothing but the pixels being supported for rooting (not the fault of the community). Also a bit saddened by how easily everyone has accepted it.
  
  Serious question, what the the community not accepting it look like?
  
  More outrage at OnePlus maybe. More discourse in general. I'm astonished at how nobody seems to be batting an eyelid at the Pixel being the only real mobile which can be rooted (and if that's the case, what's the point of all the projects? Would you run anything other than Graphene OS on a pixel?)
  
  I dearly wanted the FP5 in the US but they didn't do it. Quite disappointing. I'm just waiting for KernelSU to mature a bit more and learn how to install security patches on top of a custom kernel. Once I get to that point, I'll just shut up.
  
  Hopefully like https://mobian-project.org/
- nothing but the pixels being supported for rooting
  
  Your observation is incredibly US-centric and bullshit. Rest of the world gets to have OnePlus, Motorola, Xiaomi and other phonemakers that allow unlocking/rooting.
Here you can filter the search for Custom ROMs by release year. A few current models are already available: https://www.sustaphones.com/ beside Pixels i.e. Xiaomi, 2023, redwood X5 Pro 5G, Teracube 2e, 2022, emerald, Motorola g32, g42, g52, ...
- this is a very cool website, thanks for sharing!
If pixel/GrapheneOS is not an option I would recommend DivestOS which supports a very wide range of devices

https://divestos.org/pages/devices
Google Pixel with GrapheneOS. Nothing matches it.
Fairphone is the bomb diggity

Buying a pixel isn't the end of the world, but it is still feeding the enshittification beast
- A used pixel takes the brunt off of the moral compromise.
  
  No it does not. You just end up manufacturing a whole market for cheapskate Pixel users.
If you have the money and you care about not buying or owning a Google product, and / or you care about repairability, get a FairPhone: you can install ~~GrapheneOS or~~ CalyxOS on them and they too support relocking the bootloader. It's not just Pixel phones.

Bonus: they have a SD card slot, unlike Pixel phones.

They're not the speediest or sleekest devices, but that's not where the interest lies with Fairphone cellphones: they're mostly designed for long life and easy maintenance, and they're made by a cool company I want to support personally. And they're not made by Google, so buying one won't support Google or the Pixel ecosystem in any way.
- Fairphone is not supported by GrapheneOS, here's a detailed explanation as to why
  
  Ah yes you're correct. I got confused.
- If you have the money
  
  here's the problem XD I'm willing to pay around 350€, 400 at most, and the fairphone 4 starts from over 500€
  
  Yeah they're not cheap 🙁 It's too bad because they're really decent cellphones. But they're twice the price of anything equivalent from any of the big manufacturers.
I recommend you purchase a Google Pixel 6a or above (minimum security support ends July 2027) and flash GrapheneOS. (Pixel 8/pro preferred)

Aurora Store doesn't avoid Google since a lot of the apps from the play store include Google's SDK and libraries. microG also doesn't avoid Google as it is still running proprietary Google code and has more privacy/security weaknesses

Sandboxed Google Mobile Services is a much better implementation which is featured in GrapheneOS. The services are not privileged and is treated like any other app. They don't downgrade privacy or security unlike the other alternatives.

There are much more privacy and security benefits using GOS. Here is a 3rd party comparison between different mobile OS.
- microG also doesn’t avoid Google as it is still running proprietary Google code
  
  What proprietary code?
  
  has more privacy/security weaknesses
  
  Source?
  
  microG runs Google Play code just like Aurora Store. It is not fully open source. Here's more information.. It is still connecting to Googles propriety servers.
  
  microG requires Signature Spoofing and alternative OSes usually ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.
  
  Now you're using a privileged component, which downloads and executes Google code in that privileged unprotected context, and which talks to Google servers because otherwise, how would FCM work for example?
  
  Despite doing both of those things, MicroG doesn't have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device. Even in some magical universe MicroG worked without talking to Google servers or running Google code (again, in a privileged context), the apps you're actually using it with (the apps depending on Google Play) have Google code in them.
- thanks for the answer! I would gladly do this if only pixel phones had an SD card... Sadly they don't, and I really need it, so no pixel for me :(
  
  Perhaps you should add this criterion to the start post? Otherwise ten more people will recommend GrapheneOS...
  
  You can always connect a USB stick or card reader with an SD card via USB-OTG
  
  I will recommend you do use a phone that still receives security updates (Not EoL) because I don't want you to lose out on security just to deGoogle.
  
  If you are strict on having an SD card slot and your phone is still receiving support, you should use StockOS to receive firmware updates as soon as possible. If the phone you decide to get is EoL, the least bad option would be DivestOS (fork of LineageOS)
  
  Again, I would advise not using an EoL phone.
  
  Is there a reason you need SD storage? Some Pixel devices have onboard storage of 256GB+, so unless the storage needs to be removable, they could still be a good option.
I'm in pretty much the same boat as OP.

I'm seeing that buying a Pixel and then degoogle-ing it with Graphene OS is the way to go. Before I pull the trigger on that, can anyone point me to a good guide on how and when to load Graphene OS? Do I load it after activation with a carrier? Ok to do this before carrier activation?

And what functionality do I have with Graphene OS? Only Fdroid as a store? Can I sideload apps?

I'd really like to hear from some people that have actually done this about what to do and what their experience is with grapheneos. I'm leery of spending hundreds of dollars on a phone that may or may not work as I want.

I am seriously considering doing this but I'll buy an iphone if I can't really understand the pixel/graphene path well enough before dropping the $$.

Any YT vids about someone doing this?
- https://grapheneos.org has a lot of info. Make sure to buy a phone with an unlocked bootloader. All carriers lock it so buy it used and make sure that its unlocked or buy it directly from Google. You can install all google apps through Aurora store, a Play Store fronrend. You can also install sandboxed Google Play services so your Play Store apps can run and have functionning notifications, as they usualy rely on Play services. Yes you can sideload apps like normal android. Its AOSP without the google stuff. Some videos/channels: https://www.youtube.com/watch?v=vh5xjsE4mU4 https://www.youtube.com/watch?v=igSUmfKTXqU https://www.youtube.com/channel/UCrG6IID2FX7-GxyKtavRhEA https://www.youtube.com/watch?v=L1KZWjZVnAw
  
  Here is an alternative Piped link(s):
  
  https://www.piped.video/watch?v=vh5xjsE4mU4
  
  https://www.piped.video/watch?v=igSUmfKTXqU
  
  https://www.piped.video/channel/UCrG6IID2FX7-GxyKtavRhEA
  
  https://www.piped.video/watch?v=L1KZWjZVnAw
  
  Piped is a privacy-respecting open-source alternative frontend to YouTube.
  
  I'm open-source; check me out at GitHub.
- I'd really like to hear from some people that have actually done this about what to do and what their experience is with grapheneos. I'm leery of spending hundreds of dollars on a phone that may or may not work as I want.
  
  I've done this, here's my takeaways:
  
  On the install:
  
  The install guide is long and detailed, and it felt important to take my time and do every step exactly as it says.
  
  In spite of the length of the guide, I was done with my install in about 45 minutes. I spent about 30 of those minutes sipping coffee and reading on my Kindle while my phone applied updates automatically. -By the time the install finished, my feeling was "that was it? I feel like I clicked like 4 links and it did everything."
  
  On owning it:
  
  My $300 GrapheneOS Pixel 6 is substantially more responsive than my previous $1000 phone. I migrated to a 3 year old phone and if feels like a big upgrade.
  
  My camera opens quickly, snaps pictures quickly, and is ready to snap another picture, quickly. This shouldn't be a big deal, but some of your with $1000 Android phones know what I'm talking about. I'll die on the "this should never have been hard in the first place" hill. But in the meantime, the responsive camera is the most important quality of life upgrade I got from GrapheneOS.
  
  Installing apps from Aurora, with it's privacy insights, was very eye-opening for me. I mention this mainly for context on my next point.
  
  App compatibility has not been an issue for me; but I quit using certain really invasive apps when I saw their tracking details in Aurora store. (Cough - Paramount Plus - cough)
  
  I've heard bank apps can be a challenge, but mine works perfectly. I now love GrapheneOS enough that I am realizing I will move my money if that changes.
  
  I did a bit of searching, maybe used the wrong terms, but is there a list somewhere with Banking Apps compatible with Graphine or Lineage that you know of? It's literally the only thing holding me back...
- The stores I have on my GrapheneOS pixel 7a: F-Droid + droidify, Aurora store, and the Google Play store as well for some official apps I cannot do without. Between these, there isn't an app that I couldn't find or install.
  
  I bought my pixel second hand, to not put more money in Google's pocket, and to avoid any carrier locking. Not sure how that will impact the installation, but it might. Best to investigate that matter.
  
  I have to mention: I still cannot believe how easy that installation was. I rooted my previous phone and put lineageOS on it, which was such a tedious procedure back in the day, I really dreaded installing GrapheneOS. But that web interface, detecting everything and guiding me along was pure heaven. I hope that'll become the default for any custom installs.
  
  Interesting. Thanks for this info.
  
  Google Play? So you degoogled and regoogled?
  
  :)
- I'm a GrapheneOS user. You can use whichever store you like. Sideloading works too if you want to get stuff directly from GitHub, for example.
  
  If you use esim, probably better to activate before flashing GrapheneOS. Otherwise, doesn't matter imo.
  
  I'd suggest you take a look at the discussion forum. You can ask questions there or just browse and you can probably learn a lot about GrapheneOS there. Also the homepage has tons of info, of course.
- Permanently Deleted
Iirc, there are unofficial ports of LineageOS for newer devices. Also, I've been using another system, ArrowOS, in its vanilla form, on a Redmi Note 10 Pro phone I have, and it's working fine so far, so maybe an alternative for your case if you don't find a decent phone compatible with LineageOS?
Thanks to anyone for the great answers! I finally decided to buy a pixel 6 (or 6 pro if I find a good deal) and install a custom ROM on it! GrapheneOS will support it for "only" 3 more years, while other roms like lineageos or divestos will have longer support. What do you suggest? Graphene OS and when support ends switch to another one? O directly use the other one?
- I have the P6. It's an all around good phone. Don't forget to look at GSI ROMs. All recent devices handle those. I can and eventually will install LineageOS on my Galaxy Tab S8 and have it on my old Tab low end tablet.
  
  I've never heard of GSIs and it seems really interesting! I've found nothing about it on the LOS website, is it something "unofficial"?
Regarding your edit and GrapheneOS support - they will definitely support the pixel for as long as Google are providing official support, though they have then continued support in the form of security patches for much longer than that for older devices. No guarantees of exactly what will happen in the future but you're probably best of using GrapheneOS for now and then in three years time seeing what the state of things are. Things change quickly in technology, maybe you won't need to move anything, maybe you'll want a completely new phone by then!
- Great, I'll do this then! Thanks man
  
  No worries, I'm by no means an expert but I've been using it for a couple of years and I'm happy to try and answer any questions!
The number of "GrapheneOS + pixel" astroturfers is astounding. The shills are persistent.
- Wow, I didn't expect you to be on lemmy. I was subscribed to your privatelife subreddit when I was on reddit. Do you have anything similar on lemmy?
  
  c/privatelife, but it is a little inactive for now. My current goal is to get Lemmy's momentum stronger than now. In the past 3 years, I silently helped crush raids, trolls, mod c/privacy and c/technology here on lemmy.ml, helped r/piracy and r/datahoarder migrate. Helped shape up rules and stuff, mostly the non- code development stuff to bolster Fediverse (someone sent me here back then) and to keep admins' workload lighter.
  
  While c/privacy is not made by me, I try to shape it up in similar ways as privatelife, so that all the privacy community problems and astroturfing that used to happen on reddit no longer happens here.
- Just because a lot of people are saying it doesn't mean they're astroturfers, GrapheneOS isn't even a company with an advertising budget, it's just an open source project! Do you go to the Linux community and accuse the people using Arch of being shills?
  
  I have investigated and covered the "security" cult in FOSS community and GrapheneOS for the past 5 years. They are the slimiest, dirtiest tech related group on the internet that projects and crybullies its way with everything.
  
  https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/
  
  https://old.reddit.com/r/privatelife/comments/13teoo9/grapheneos_corporate_foss_loving_witch_hunting/
  
  A lot of you fall for the snake oil AOSP fork and preach their marketing.
Pine phone
- I so, so wish this were a real option, but sadly the software support just really isn't there yet.
  
  For that to become reality I think it would either need a 'Proton for Android Apps' or some sort of killer app that I can't even imagine.
It's your money completely upto you choose what you think is best. Generally if you want to go the route of buying a unsupported device unlocking the bootloader etc. You gotta do your research and know what ya doing m8

You've viewed 63 comments.