(Please when answering, assume I’m not a beginner at privacy/programming :) I know where the good stuff at)
First off, shameful confession: I’m writing this on a dying yellow iPhone XR I bought second-hand three years ago (189€). I absolutely love the look of it: the screen, build quality, are all amazing. The only problem was the locked ecosystem (sideloading Spotify/Torrent client was sooo hard).
I saw the android phone of my mother dying really fast. She currently has a Xiaomi phone that’s ridiculously big for my hands, there’s advertisements in the stocks apps (?!!), the UX is janky and everything. It looks like a bloat, privacy nightmare.
So… because it’s impossible to find a jailbreakable phone nowadays I need to buy an android and ideally I would want:
- Good screen (vivid colors)
- Good build quality (not shitty plastic)
- Don’t care about the camera (I don’t want those ridiculously big cameras they make nowadays)
- Would want to install either GrapheneOS/LineageOS
The things that scare me off:
- I really need my bank app and I need it updated so I have to use Google Play Services but I don’t want it to plague my phone with privacy bullshit (I want to be degoogled)
The things that excite me:
- Customization possibilities
- Learning experience
- Even more privacy than a de-googled IOS phone :)
- F-Droid!! (Maybe I’ll find a beautiful IRC client)
- More choices for Mastodon & Lemmy clients
- Freedom of free software.
- client for open-source git providers :)
But to get all of that, I don’t want Google, I need shitty apps (non-free software) I have to install:
- Instagram (for non-technical friends)
- GitHub (job & open-source)
- No-Ad Modded Spotify from Balatan
- Discord (gamer friends)
- Telegram (cryptobros friends)
- Steam (because I still love gaming)
Any advices? Phone ideas? I’m so lost in this ocean of choice (freedom ✨)
My current phone:
I should really get around to putting grapheneos on my pixel but I’m lazy.
https://wiki.lineageos.org/devices/ and make sure to double-check that unlocking the bootloader isn’t too much bother (ie. read the installation instructions)
Lineage IS for MicroG: https://lineage.microg.org/
Also keep in mind that Lineage OS is not designed to relock the bootloader.
This project makes it so much less painful to get microG up & running. It all just works. If only they were the default for these unofficial LineageOS builds as it would seem like the tinkering types are more likely to be interested in takinga privacy step with microG than those that want Google Play.
Lineage OS is not designed to relock the bootloader.
I don’t understand why so many people worry about that… doesn’t it only ensure that data is wiped if some agent secretly installs a rootkit or sorts on your phone before giving back the device to you?
To me, bootloader locking is mostly a way for phone manufacturers to make it harder to run anything but the ROM they have chosen (and it’s a PITA and the most laborious part of installing a ROM).
It prevents a random guy from picking up your phone and flashing a different (probably more malicious) custom rom
Why not use most of the web versions of the non-free apps you mentioned? No Google needed.
- push notifications
- websites that tell you “use our app”
- better UX
Take a look at Nitro Key. They’re like Yubikey, but they sell pixel phones with a security and privacy focused custom grapheneOS.
Is it any different than installing grapheneos on pixel phone yourself?
Not everyone wants to mess with loading custom roms and configuring systems.
In the case of GOS in particular, it is made ridiculously easy by the web installer though.
They’re really overpriced though. Flashing GrapheneOS is really easy thanks to their Web-based installer, and there are countless tutorials on YouTube.
Buy unlocked. It’ll cost more and you won’t have the option of doing the carrier/manufacturers no interest payment system, but that’s what it costs to actually not be locked into a particular carrier for the foreseeable future.
My actual advice about phone choice is to learn the unjailbroken ios way of doing things because what you’re asking for in your post knocks out a lot of the more specific things people recommend on android devices and pushes you to smaller or not privacy focused roms.
You’re not auditing the code so you need the most eyes on it that you can get so running smaller or less privacy oriented software becomes more of an issue.
If you haven’t already, make a threat model and see if/how that changes your requirements and desires.
You sound like the ideal candidate for a refurbished Pixel 7 / 8 from amazon.
Test its hardware thoroughly on the stock os in case you need to return it.
Install GrapheneOS using the Web installer.
Install Droid-ify into your main profile from the f-droid web page. It looks much better than the official f-droid client and actually has a working auto-update
Create a work profile. I use an app called Shelter as the work profile admin app. This allows you to auto freeze your big-tech apps to help with battery life / privacy. Install google services from the built-in GrapheneOS app store.
Enjoy.
Google services shouldn’t even be needed for the apps OP listed above. Instagram works just fine without Google services, just like Discord, Telegram and Steam. I don’t know about GitHub, but there are FOSS alternatives for it on F-Droid. Spotify (xManager) also works just fine.
Generally agreed, I would actually try using as many services with their progressive web apps.
The main reason I think they may need google services is the banking app. Mine will refuse to launch without google services installed.
Probably an unpopular opinion, but I’ve never seen the point of PWAs. I don’t want a crappy website as an icon on my homescreen, I want a proper native app. If the app is privacy-invasive, I will either find a FOSS alternatives, or isolate it in a separate user profile.
The main reason I think they may need google services is the banking app. Mine will refuse to launch without google services installed.
That’s true, I also need Play services for mine, but I have a special user profile for it.
A pixel phone with GrapheneOs?
This is crazy. I’m in exactly the same situation and have been thinking about getting a mobile plan with a Pixel 8 (where I would install GrapheneOS on) as those are getting cheaper with the Pixel 9 out not.
Graphene OS only works on Pixel Phones. They’re really the gold standard. Pick one from the supported list on the graphene os website that suits your needs.
i wish i knew about graphene when i got a pixel 6 pro. i got rid of it only after a year because it was such a buggy POS.
Check lineage’s list of supported devices.
Though after 15 years of flashing phones, I’m now on the Pixel train. I love the plastic back on mine. Makes it lighter while also making it stronger. Plastic doesn’t crack like glass or ceramic.
If you use a Pixel, why don’t you go with GrapheneOS? It is much more secure and private than LineageOS.
Buy a used Pixel that fits your budget. The Pixel 6 sometimes has problems with the battery so maybe rather choose between 7, 8 or 9. But you could send it to Google to get a new one but then you have to deal with them so yeah. Ifixit also has first party replacement batteries if you would choose the Pixel 6 and you would get this problem. Still I would recommend 7 lineup. Just take a look at grapheneos.org for length of support. Also 9 will be hard to find 2nd-hand I recon ;^)
Google phone for Graphene is mandatory therefore not my suggestion.
Lineage should not be your alternative as it is not privacy orientated. Take a look at Divest or /e/. There are many supported devices and in terms of privacy much better than Lineage. But in terms of security it is: Divest >> Lineage > /e/
You can check what devices are supported and which suits your needs best
The Divest developer has close ties to the Graphene team. Also he is pretty determined to be a one man team and some people have complained. Calyx OS might be a better choice as it is maintained by the Calyx Institute.
Get a Pixel 7 or newer and put Graphene OS on it. Pixels are excellent phones and have good support for custom ROMs. The Pixel 6 has a lot of weird issues that the others don’t have, so avoid it. Graphene is the best ROM for privacy AND security, and it is also relatively user-friendly.
Or, if you want an older phone, try a Pixel 3, 4 or 5. They are good phones with an older design style that may appeal to you.
/e/OS (also known as Murena) is also a good ROM for privacy, and supports a broader range of devices.
Typing this up on /e/os on OnePlus6t. Love it for ~2 years now. Signed up and support the project now with their ecosystem (64gb option).
Obligatory reply since that’s exactly my specs too :P
Or, if you want an older phone, try a Pixel 3, 4 or 5
These are outdated and don’t get security updates anymore, and thus shouldn’t be used anymore. The Pixel 6a is supported until 2028, the Pixel 8 even gets 7 years of security updates (until 2030), the Pixel 8a and 9 are supported until 2031.
/e/OS (also known as Murena) is also a good ROM for privacy
/e/OS is unfortunately highly insecure and shouldn’t be compared to GrapheneOS or recommended. Graphene is really the better choice here.
They can recieve security updates if you use an alternative ROM such as Lineage or /e/OS.
Can you please explain how e/OS/ is insecure?
They can not recieve firmware updates. They are always provided by the OEM
They can recieve security updates if you use an alternative ROM such as Lineage or /e/OS.
They can only receive OS updates, but firmware updates are just as important for maintaining the security of a device. These can only be provided by the device manufacturer.
Can you please explain how e/OS/ is insecure?
Sure. It’s based on the already insecure LineageOS, you can read more about that here: https://madaidans-insecurities.github.io/android.html#lineageos
On top of that, the /e/OS devs don’t release updates in a timely manner, often taking 1-3 months to releases even simple but important Android Security Bulletin patches.
What issues does 6 have? My experience has been great, but I have nothing to compare it to.
I’ve heard a lot of people complain about software glitches and minor hardware issues. These issues may be due to the fact that the Pixel 6 was the first Pixel to use Google’s own Tensor chips.
Google Pixel of some kind.
One of the only phone lineups with easy bootloader unlock, and also the only ones supported by GrapheneOS.
You can also use it as-is if needed without going crazy from ads and notifications everywhere like other brands tend to have.
You can also use it as-is if needed without going crazy from ads and notifications everywhere like other brands tend to have.
Isn’t it bad since Google == Far from privacy?
Sure. But at least it doesn’t come with tiktok and facebook
Pixels are great, but definitely make sure to install GrapheneOS to increase your privacy and security
GrapheneOS
Google Pixels are the only options with this one.
No-Ad Modded Spotify from Balatan
Have you tried Spotube? It is a no ads YouTube Music client, that fetches your library from Spotify.
I can’t recommend you a specific device, but can suggest a Bootloader Unlock: Wall of Shame, which can help you choose a device, as you are planning to install a custom ROM, like Lineage. Best of luck with your device search!
Missing from the list: ASUS lost a lawsuit in the UK after lying about saying their unlock servers being down would come back up for Zenfones. While they have a headphone jack, offer good price/performance, & used to fall in the ‘small phone’ category, you can no longer unlock bootloaders with final statement being they won’t be allowing it going forward.
(I would contribute to the upstream, but I only use proprietary Microsoft GitHub when absolutely required—keep this in mind Privacy fam when setting up any unmirrored Git repository)
That Bootloader unlock link is an awesome idea!
eh, it equates region lock with racism and feels more like an anti-corpo rant than a comprehensive view of locked/unlocked devices.
A better link would be the lineageOS devices page, or the postmarketOS devices page. These will tell you explicitly which chipsets and models are open and worth getting
can suggest a Bootloader Unlock: Wall of Shame
Unfortunately it only mentions unlocking. Re-locking the bootloader is just as important, and strictly necessary for Android Verified Boot to work.
Among modern devices, only Google Pixels support re-locking on custom ROMs, IIRC.
EDIT: Looks like, modern OnePlus devices can be re-locked too.
EDIT 1: Same goes for SHIFT6mq.
