Hi everyone, I’m looking to possibly simply my smartphone setup. I would really love to keep it as a utility: phone, text, camera, GPS, web browser, notes, email, music player. Im think of switching to local NextCloud backup system as well. I currently have an iPhone but used to flash ROMs on Android phones, so I would be willing to do that again for more privacy options and less unnecessary changes to the OS.
I have looked a little into it, and I’m wondering about getting a couple year old Pixel and putting GrapheneOS on it. I also searched a little and came across the Purism Librem 5 that has physical kill switches and sounds neat; a little pricy but I’d be willing to pay if it lasts a while and has good privacy options.
What are your thoughts? Are there other hardware suggestions or setups that you like? The idea of FOSS is appealing because it seems like the money aspect seems to skew the priority of smartphones.
For me, the key aspects for selecting the right hardware are the camera and the comunity support. All the other capabillities you listed are available on any phone that has a relatively recent ROM available.
Let’s start with the camera quality: If you want to use your phone without GSF or microG, you could use the camera app that comes with the ROM you flashed. Sometimes, the picture quallity is decent, but often times its lacking. Instead, I would recommend using a modded GCam App together with fake GSF. This way, you can use googles powerful camera app without sacrificing your privacy. So when I’m looking for hardware, I always check, if there is a modded GCam version available.
Aside from that, I would check if there are recent stable versions of the ROM I want, available for the hardware. The last thing I would check is, how active and how big the modding community for that device is. If you can’t find a lot of support on XDA, it’s probably not the best hardware choice to begin with.
When it comes to software, there are a lot of privacy-friendly replacements to choose from, but here is my setup:
- Syncing Contacts and Todos: selfhosted baikal + DavX5 + Simple Contacts + Tasks
- Syncing Photos: selfhosted NextCloud AIO + nextcloud app
- Syncing Notes: selfhosted webdav + Joplin
- Find My Phone functionality: FindMyDevice
- Maps: OrganicMaps
- Speach to text: FUTO Voice
- Synced Music: Selfhosted JellyFin + FinAmp
- browser bookmark sync: selfhosted webdav + floccus
EDIT: GCam and FUTO are not Open Source, but they are free and don’t collect or require any user data
Thank you for the list of suggestions; that’s really helpful. I haven’t been on Android in a while, is the Gcam app noticeably better than a stock camera app? What sorts of things would it do better? Low lighting or blur reduction?
I agree about the ROM. I’d really like to have something that is simple and looks to have continued support when necessary for security and other major updates. I also agree about the camera. It seems to be a deciding factor for smartphones. The last I checked the Pixels had excellent sensors but had some camera software issues that I believe were eventually resolved. I’m hoping that isn’t an issue if I’m just using a basic OS.
is the Gcam app noticeably better than a stock camera app?
Yes, there’s a very noticable difference.
What sorts of things would it do better?
It uses the custom ML chip in the Google Tensor processor for post processing. This makes the photos and videos look amazing.
Low lighting or blur reduction?
Both, and a lot more.
In my other comment, I outlined a solution for easily installing the Google Camera app.
is the GCam app noticeably better than a stock camera app? What sorts of things would it do better?
As I mentioned in my first comment: “Sometimes, the picture quality is decent, but often times it’s lacking” when it comes to the ROM camera app. How well a camera does, depends on the app (which is supplied by the ROM) and the driver (usually supplied by the manufacturer). The quality can, therefore, vary from device to device. A few years ago I would’ve definitely said that GCam is a step above ROM camera apps, but in more and more cases, those have become almost comparable in quality. One aspect where GCam still actually makes a difference is long exposure modes (low light and night photography) as well as offering special modes like panorama or photo-sphere.
The last I checked, the Pixels had excellent sensors but had some camera software issues that I believe were eventually resolved. I’m hoping that isn’t an issue if I’m just using a basic OS.
From my experience, older oneplus devices (e.g. oneplus 7/oneplus 7 pro) and pixel devices (pixel 5 and upwards) have excellent community support, so you should be golden.
Simple mobile tools has been sold to a company that buys apps to put ads and trackers in them. They likely wont be open source in the future either anymore. Consider changing the links out for the fossify versions, that’s a fork
On GrapheneOS there’s a much simpler solution. Install the Google Camera app from the Play Store (perhaps use the Aurora Store to stay anonymous), install Sandboxed Google Play services from the GrapheneOS apps repository and revoke the network permission for all of those. Also, I tried the Gcam-Services-Provider app you mentioned on GrapheneOS and it didn’t work. microG doesn’t work on GrapheneOS either. Sandboxed Play services is the easiest and best solution.
A used Pixel with GrapheneOS is a great option. The install is very barebones, and it’s basically the most privacy you’ll get with a modern smartphone without restricting its ability to be a smartphone.
A colleague of mine is very happy with the Punkt phone.
Punkt is neat, but in the end it is Android (if you can believe it). So, it has Signal (or Pigeon, as they’ve branded it) but it is also vulnerable the same way any Android phone can be. There are some baked-in apps that track and whatnot.
I would let your wallet decide.
phone, text, camera, GPS, web browser, notes, email, music player
GrapheneOS and the Librem 5 can handle this. If I hadn’t bought a phone at the end of 2022 I’d likely go for the Librem 5 unless a used Pixel could be acquired.
I think the only thing you will lose with GrapheneOS is tap-to-pay, if you even use that. Beyond that, if you don’t install GSF or even microG on the device you’re already doing a lot in terms of privacy. You have to look into whether things like Uber would work without GSF (I don’t use Uber so I can’t check).
Are there other hardware suggestions or setups that you like?
I was going to set up a Nextcloud server, but ended up just using Syncthing. I thought I would need that full suite of services, but it turns out my workflow just needs a few directories. I use Markor to take notes and write drafts. Before, I did editing on my phone, but now I wait until I am sat down in front of a computer. Syncthing can run on an old Raspberry Pi and requires very little upkeep.
Another suggestion is to use something like UAD to debloat most any Android phone. It is a bit of a preview of what to expect from many alternative ROMs. You need to switch to OSM and use a different calendar app and possibly a different camera app, contacts, keyboard, etc. and you’ll notice very quickly that…nothing really changes except maybe battery life.
I think the only thing you will lose with GrapheneOS is tap-to-pay
If you want any banking apps, they can also refuse to run without at least microG and some Magisk trickery. Some will go as far as refuse to run if they barely find a sudo binary on an otherwise locked non-rooted phone.
Don’t root your GrapheneOS system. This site offers a great summary why it’s bad. Root and Magisk are huge increases in attack surface and microG isn’t recommended either, as it requires root for basic functionality. GrapheneOS has created Sandboxed Google Play services, which takes the official Google Play services binary and runs them in the normal Android application sandbox. This is more private and secure than both the implementation on the Stock OS and microG. Most banking apps work on GrapheneOS with Sandboxed Google Play services, no need for root. In fact, root decreases your chances of getting banking apps to work, because a rooted device can’t pass Google Play device integrity checks (previously known as SafetyNet).
I’ve been pretty meh on GrapheneOS, haven’t actually used it, usually lean towards LineageOS, but the sandboxed Google Play feature sounds pretty interesting.
Linux phones like the Librem 5 are fundamentally insecure. It’s also outdated and overpriced, I really wouldn’t recommend it.
No, but the guy publishes some great articles in regards to privacy and security. privsec.dev is another one I recommend.
Obviously these phones aren’t as good as megacorp-backed Androids yet, they’re much newer and the software is being developed by the community for fucks sake. And the manufacturers haven’t had so many design revisions to recognise and fix all the issues.
They’re development/early adopter devices. And the killswitches aren’t pointless, because while you can enable airplane mode, that’s a software mechanism which can be maliciously changed, either by the manufacturer or an attacker. A kill switch will 100% cut you off.
Airplane mode exists because it is mandated by law that every handheld cellular device needs a reliable way of disabling the cellular modem to prevent interference with airplanes. When airplane mode is turned on, the cellular modem actually needs to be turned off. Otherwise, the device is not compliant with regulations and can’t be sold. Obviously, this is not a 100% guarantee, but the chances that the cellular modem randomly turns on while in airplane mode are very slim. And the Wi-Fi switch isn’t really useful, because GrapheneOS and even Stock Android use Wi-Fi MAC address randomization. On GrapheneOS you can also fully disable Wi-Fi scanning.
GrapheneOS and a Pixel. Sounds exactly like what you want.
Alternatively, a Fairphone with CalyxOS.
Both are more secure and private than a stock Android phone.
GrapheneOS would be my recommendation.
I used Calyx for a year and recently switched over to Graphene. Calyx was great for the time being, as it focused more on usability, when GrapheneOS didn’t even provide push notifications and was needlessly secure for my threat model.
But now, GrapheneOS is even more compatible and complete than Calyx, while more secure.
It’s very barebones by default and Google services are optional and sandboxed + strongly restricted.
I would get a newer Pixel model in your case. I bought the Pixel 5 and somewhat regret it, since it hit end of support.
Or, you could buy a Fairphone.
That would be more sustainable, since you can modify and repair it easily yourself, and it has a super long warranty and support.
GrapheneOS sadly does only support Pixels, but Calyx the Fairphone too.
