this post was submitted on 05 Jan 2024
44 points (100.0% liked)

Free and Open Source Software

17926 readers
7 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Hi everyone, I’m looking to possibly simply my smartphone setup. I would really love to keep it as a utility: phone, text, camera, GPS, web browser, notes, email, music player. Im think of switching to local NextCloud backup system as well. I currently have an iPhone but used to flash ROMs on Android phones, so I would be willing to do that again for more privacy options and less unnecessary changes to the OS.

I have looked a little into it, and I’m wondering about getting a couple year old Pixel and putting GrapheneOS on it. I also searched a little and came across the Purism Librem 5 that has physical kill switches and sounds neat; a little pricy but I’d be willing to pay if it lasts a while and has good privacy options.

What are your thoughts? Are there other hardware suggestions or setups that you like? The idea of FOSS is appealing because it seems like the money aspect seems to skew the priority of smartphones.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 10 months ago (2 children)

I would let your wallet decide.

phone, text, camera, GPS, web browser, notes, email, music player

GrapheneOS and the Librem 5 can handle this. If I hadn't bought a phone at the end of 2022 I'd likely go for the Librem 5 unless a used Pixel could be acquired.

I think the only thing you will lose with GrapheneOS is tap-to-pay, if you even use that. Beyond that, if you don't install GSF or even microG on the device you're already doing a lot in terms of privacy. You have to look into whether things like Uber would work without GSF (I don't use Uber so I can't check).

Are there other hardware suggestions or setups that you like?

I was going to set up a Nextcloud server, but ended up just using Syncthing. I thought I would need that full suite of services, but it turns out my workflow just needs a few directories. I use Markor to take notes and write drafts. Before, I did editing on my phone, but now I wait until I am sat down in front of a computer. Syncthing can run on an old Raspberry Pi and requires very little upkeep.

Another suggestion is to use something like UAD to debloat most any Android phone. It is a bit of a preview of what to expect from many alternative ROMs. You need to switch to OSM and use a different calendar app and possibly a different camera app, contacts, keyboard, etc. and you'll notice very quickly that...nothing really changes except maybe battery life.

[–] [email protected] 5 points 10 months ago (1 children)

I think the only thing you will lose with GrapheneOS is tap-to-pay

If you want any banking apps, they can also refuse to run without at least microG and some Magisk trickery. Some will go as far as refuse to run if they barely find a sudo binary on an otherwise locked non-rooted phone.

[–] [email protected] 3 points 10 months ago (1 children)

Don't root your GrapheneOS system. This site offers a great summary why it's bad. Root and Magisk are huge increases in attack surface and microG isn't recommended either, as it requires root for basic functionality. GrapheneOS has created Sandboxed Google Play services, which takes the official Google Play services binary and runs them in the normal Android application sandbox. This is more private and secure than both the implementation on the Stock OS and microG. Most banking apps work on GrapheneOS with Sandboxed Google Play services, no need for root. In fact, root decreases your chances of getting banking apps to work, because a rooted device can't pass Google Play device integrity checks (previously known as SafetyNet).

[–] [email protected] 2 points 10 months ago (1 children)

I've been pretty meh on GrapheneOS, haven't actually used it, usually lean towards LineageOS, but the sandboxed Google Play feature sounds pretty interesting.

[–] [email protected] 1 points 10 months ago (1 children)

Unfortunately, LineageOS is pretty insecure. Worse than stock Android. https://madaidans-insecurities.github.io/android.html#lineageos

Does Lineage actually have any advantages over Graphene?

[–] [email protected] 1 points 10 months ago (1 children)

Well, it works on more than 10 phone models. The criticisms in the post are valid, certainly, but that doesn't help much if my device isn't supported.

[–] [email protected] 1 points 10 months ago

Honestly, the stock ROM on most phones is probably better than LineageOS. I would stick to that, maybe use the Universal Android Debloater to remove some of the crap and eventually get a Pixel with GrapheneOS.

[–] [email protected] 2 points 10 months ago (2 children)
[–] [email protected] 1 points 10 months ago* (last edited 10 months ago) (1 children)

Obviously these phones aren't as good as megacorp-backed Androids yet, they're much newer and the software is being developed by the community for fucks sake. And the manufacturers haven't had so many design revisions to recognise and fix all the issues.

They're development/early adopter devices. And the killswitches aren't pointless, because while you can enable airplane mode, that's a software mechanism which can be maliciously changed, either by the manufacturer or an attacker. A kill switch will 100% cut you off.

[–] [email protected] 1 points 10 months ago

Airplane mode exists because it is mandated by law that every handheld cellular device needs a reliable way of disabling the cellular modem to prevent interference with airplanes. When airplane mode is turned on, the cellular modem actually needs to be turned off. Otherwise, the device is not compliant with regulations and can't be sold. Obviously, this is not a 100% guarantee, but the chances that the cellular modem randomly turns on while in airplane mode are very slim. And the Wi-Fi switch isn't really useful, because GrapheneOS and even Stock Android use Wi-Fi MAC address randomization. On GrapheneOS you can also fully disable Wi-Fi scanning.

[–] [email protected] 1 points 10 months ago (1 children)
[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

No, but the guy publishes some great articles in regards to privacy and security. privsec.dev is another one I recommend.