123
submitted 4 days ago* (last edited 3 days ago) by m4th1337@lemmy.world to c/privacy@lemmy.ml

So which on of these are better for my pixel 7a if we consider these:

i dont care about leaving the bootloader unlocked

i want customization to my os as long as this is possible

i hate google so i dont want any google things or google spyware (i dont use any google service)

i need push notifications for some apps (maybe microg or sandboxed google play services? idk)

i don't use esim or google pay so idc about these

i need A LOT of privacy and security to my data to the point that i want to block trackers for any app i use

i wanna use google camera as it is in stock rom but i dont want google spy shit. if i use a firewall would that be ok?

Note: i can sacrifice locking the bootloader and customization for my privacy/security/not having spyware on my phone

Thanks in advance!

Edit: i just saw that there is iodé (which sees app trackers and i found it interesting) plus CopperheadOS

Edit 2: THANK YOU ALL A LOT, your answers are the best, imma go with grapheneos and donate them also cause their job is the best

also i found this matrix for oses that helped me: https://eylenburg.github.io/android_comparison.htm !!!

Edit 3: Deleted CopperheadOS from the title - no need to compare cause it's garbage (see comments)

top 48 comments
sorted by: hot top controversial new old
[-] kchr@lemmy.sdf.org 35 points 4 days ago

For those that are looking to install GrapheneOS and want to ensure that their banking apps work as intended, here is a curated list of supported apps per country:

https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/

[-] Danitos@reddthat.com 6 points 4 days ago

Note that anyone can contribute to the list, just open an issue un the repo.

[-] m4th1337@lemmy.world 4 points 4 days ago

do you mean that these apps work on graphene os with or without the sandboxed google play?

[-] franklin@lemmy.world 3 points 4 days ago

absolute hero thanks

[-] autonomoususer@lemmy.world 51 points 4 days ago* (last edited 4 days ago)

CopperheadOS is anti-libre software, extremely dangerous. We do not control it. It fails to include a libre software licence text file, like GPL. 🚩

[-] StanislavP@lemmy.world 2 points 3 days ago

I thought CopperheadOS was just the former name for GrapheneOS? At least that's how I understood the statement on their page.

[-] jaypatelani@lemmy.ml 33 points 4 days ago
[-] DollarColonial@lemmy.ml 18 points 4 days ago

GrapheneOS for modern Pixels DivestOS for any other phone

[-] ReakDuck@lemmy.ml 4 points 4 days ago

I still got a Pixel 5 with Graphene OS. Its 3 Years Old. Is it bad because its not a new phone?

[-] jrgd@lemm.ee 10 points 4 days ago

GrapheneOS only publishes updates for devices with active security updates. Your device is EOL and therefore won't receive any further mainline updates. It still will receive extended support from the Android 14 legacy branch with whatever security patches arrive in upstream AOSP, but unlikely to see device-specific patches nor firmware patches. Your device isn't getting the same care and attention that active devices are receiving nor will it receive any future versions of Android through GrapheneOS.

[-] jet@hackertalks.com 3 points 4 days ago

It's not bad, but it has less of the newer security features.

Also the longer a device exists, the more known exploits will be found.

Like a good lock, phones will never keep someone out forever, they will just delay (for years)

[-] bloopenguin@lemmy.world 24 points 4 days ago* (last edited 4 days ago)

I've personally tried Lineage, CalyxOS and Graphene. I'm currently on Graphene because it has the most app compatability and at least has higher security claims than Calyx which is more FOSS/privacy focused with microg vs graphenes sandboxed Google play.

What really got me to switch was once banking apps started failing to work due to microg compatibility. That may or may not have been resolved by now.

If Privacy and avoiding sending any data to Google is your priority I would do Calyx since you can get push notifications through microg without signing into Google and you can get apps anonymously through the aurora store.

However if you want a better user experience I would suggest GrapheneOS with Sanboxed Google Play. It's very solid and I haven't had any issues getting any apps to work thus far.

[-] scrooge101@lemmy.ml 6 points 4 days ago

I use 4 different European banking apps without issues on CalyxOS.

[-] bappity@lemmy.world 4 points 4 days ago* (last edited 4 days ago)

do you have an alternative to Google wallet/other contactless apps not working on grapheneos for some dumb safetynet reason?

[-] bloopenguin@lemmy.world 2 points 3 days ago

I do not at least here in the US where I'm located only Google pay and Apple pay are supported. I have heard some Europeans mention their banking apps natively support their own contactless payment when I'm pretty jealous of

[-] andrew0@lemmy.dbzer0.com 4 points 4 days ago

I haven't tried it myself, but you could get a Garmin watch and add your cards there. I believe you don't need the phone connected afterwards to make payments.

[-] drascus@sh.itjust.works 4 points 3 days ago

It's very hard to say. Based on your use case I would say either grapheneOS or calyxOS. I personally have a bit of a soft spot in my heart for CalyxOS but technically speaking graphene likely meets your usecase better.

[-] j4k3@lemmy.world 17 points 4 days ago

I use Graphene. I like the Auditor app and the ability to verify that the ROM is unaltered because you can never trust an orphan kernel like all mobile devices. If I ever give up possession of my device, I can verify if it was altered. I also have a way to wipe the device on locked login with no indication that the ROM is being wiped as provided by Graphene.

[-] pH3ra@lemmy.ml 13 points 4 days ago* (last edited 4 days ago)

This is my second iteration of CalyxOS, I used to rock a Pixel 4a and now I'm on a Fairphone 5, and I love it. It's rock solid and never had a compatibility issue, although I heard that some banking apps might misbehave with microg, but not in my experience.
Graphene has pretty much the same approach but instead of supporting microg, has decided to take the route of sandboxing Google Services, which is a better route for compatibility at the expense of letting some of your data leak through once in a while.
/e/OS is a wonderful project on paper, but in my experience it was the one with more issues and bugs: they try to support as many devices and services as possible, providing a full environment that's easy to setup for any user, but having to deal with so may things makes them a little hit or miss sometimes. Nonetheless I still believe they're a great project that brings privacy to the less techy people with a (mostly) working ecosystem.
LineageOS isn't focused on privacy but in extending the life cycle of devices after they've been discontinued, so if your concern is to be private I'd go with something else.

Don't underestimate the bootloader locking feature: once your whole life is connected to one device, you don't want a guy with a USB cable be able to access it in case of loss/theft. DON'T ASK ME HOW I KNOW IT.

[-] zergtoshi@lemmy.world 1 points 3 days ago

May I please ask whether an unlocked bootloader is still bad for privacy and the risk of data loss/theft, if the phone is enrypted?
My understanding is that while being able to mess with the phone (e.g. including installing a new OS) in the presence of an unlocked bootloader, a properly encrypted phone at least protects the data on it.
Did I get that wrong?

[-] m4th1337@lemmy.world 2 points 4 days ago

basically, i underestimate it cause in my country the thieves or anyone don't even know what is the bootloader lol

they are so uneducated cause our educational system is very old

[-] ivn@jlai.lu 8 points 4 days ago

And what about the person the thieves sells it to?

[-] pH3ra@lemmy.ml 6 points 4 days ago

Yeah, but usually thieves sell the stolen phones to people that are slightly smarter and better organized

[-] VintageGenious@sh.itjust.works 3 points 4 days ago

The state knows

[-] codenul@lemmy.ml 3 points 3 days ago

Both /e/os and Iode have built in tracker blockers that do a pretty good job at blocking most trackers. Used /e/os with my OnePlus 6t and liked it a lot. Probably the reason I have used these l.

Upgraded to a OnePlus 9 pro and trying out Iode OS. Havent decided if I like it more, or just getting used to it.

Is there a standalone tracker blocker that can be a similar to these that can be ran on any Android OS?

[-] HappyFrog@lemmy.blahaj.zone 1 points 1 day ago

I've got iode, and to be honest, I think that just getting a custom dns will block more than enough trackers.

[-] jet@hackertalks.com 11 points 4 days ago
[-] proceduralnightshade@lemmy.ml 8 points 4 days ago

There's this article in a German IT sec blog which compares the more well-known privacy focused ROMs. If you have any way to translate it, you should check it out. It is a really nice addition to the Eylenburg comparison.

i want customization to my os as long as this is possible

I was rocking Ressurection Remix and Xposed on my old Note 4 and customized the hell out of it. I'm on Graphene now and I don't miss it a bit. Maybe a little.

Graphene can be installed on your phone via a web browser on a PC on laptop. You should install it and try it out, it's very easy.

[-] WhyJiffie@sh.itjust.works 3 points 3 days ago

Graphene can be installed on your phone via a web browser

sorry but that's misleading. it only works with chrome (and honestly better keep it that way). do we really expect in the privacy community that people use chrome?

[-] proceduralnightshade@lemmy.ml 1 points 3 days ago

it only works with chrome

You're correct, thanks for pointing out.

If you find any relevant information, please use it to improve https://www.privacyguides.org/en/android/distributions/

[-] fireshell@lemmy.ml 2 points 4 days ago

Ubuntu – few applications, unstable: over time, some problems with the volume were, cured only reboot; there is no normal application Telegram (web client that the battery eats).

CalyxOS is subjectively more convenient, F-Droid and RuStore download by machine, F-Droid installs an update machine, RuStore downloads and asks for /e/OS RuStore to download forcibly. Also on both MicroG systems, but on /e/OS, SBPay bent and didn't work, on CalyxOS - no problem. Similar to applications, for example, for renting scooters: on /e/OS some problems, on CalyxOS - no problems. There are fewer problems with CalyxOS.

With Sber, Rosselkhozbank and Unicredit, there are no problems there or there. Russian mail application does not work on any platform.

The only plus/e/OS is what is in GooglePlay, but not in RuStore, it is easier to put: AuroraStore on CalyxOS makes you go out and log in all the time to update the installed applications; on /e/OS, what is installed in your home store, including with Google PlayStore applications is updated without problems by automaton.

[-] VintageGenious@sh.itjust.works 2 points 4 days ago

Unfortunately pixel phones are too expensive for a phone. I went with a Galaxy A34 which is good, but no graphene os for me

[-] BearOfaTime@lemm.ee 4 points 4 days ago

Paid $150 for a Pixel 5. Pixel 7 is $200.

I don't waste money on new phones, or new cars.

[-] WhyJiffie@sh.itjust.works 3 points 3 days ago

not just too expensive, but designed to be hard to repair too. just look up the ifixit disassembly guide, it's horrible

[-] eleitl@lemm.ee 4 points 4 days ago

Bought Pixel 7 a new for 335 EUR. Refurbished is another option.

[-] VintageGenious@sh.itjust.works 1 points 4 days ago* (last edited 4 days ago)

Interesting, I paid the same for my phone. But I will keep it five years so it will be a less cheap pixel then

[-] eleitl@lemm.ee 3 points 4 days ago

GrapheneOS supports the 7 a until May 2028 with extended support 5 years https://grapheneos.org/faq#device-lifetime

[-] UnfortunateShort@lemmy.world 1 points 4 days ago

Pixel 8a was <400€ on black friday. I know not everyone can afford this, but even 5 years ago that wouldn't have been that much for a phone

[-] Fusty@lemmy.ml 2 points 4 days ago

Only consider CalyxOS and GrapheneOS. Ideologues will push you exclusively towards GrapheneOS but it's not th be-all solution for all people that they think it is. My current and previous phone are GrapheneOS. It's fine. It does what I want. I don't find it amazing only because it's a phone, not a new discovery. I use GrapheneOS with F-Droid with all anti-features disabled in F-Droid settings and I have all the apps I need.

Lineage will likely wirk with random phones, that dosn't mean it's quality. I say, if a phone OS works on LG, Samaung, Nokia, and a Chinese company phone, I don't trust the stability of the OS.

I see the name e/OS around, I don't hear it ever mentioned in public discussions, I think it's for Fairphone or one of those gimmick name phones.

I've never heard of DivestOS before you mentioning it.

[-] WhyJiffie@sh.itjust.works 2 points 3 days ago

Lineage will likely wirk with random phones, that dosn't mean it's quality. I say, if a phone OS works on LG, Samaung, Nokia, and a Chinese company phone, I don't trust the stability of the OS.

that's just plain bullshit with at most zero backing knowledge. supporting various brands really won't make the software that complicated. the software you install won't need to include compatibility patches of all the supported brands and models, it's routine that system images are customized for the phone, with patches specifically for that phone.

I mean yeah LOS is not the best in quality, but the remaining part does not make sense

[-] Undertaker@feddit.org 4 points 4 days ago* (last edited 4 days ago)

There is no reason for considering Calyx at all. Graphene and Divest are better in terms of security and privacy.

If one want's easy and convenient privacy, /e/ might be a valide option. No need for Calyx, Lineage or Iode

[-] degen@midwest.social 4 points 4 days ago

DivestOS has my attention as a graphene user. Not to switch, unless I ever get fed up with the pixel.

Divested is behind the Mull and Mulch browsers, for what it's worth. I never looked deeper than using Mull, but apparently Divested is one person.

[-] kchr@lemmy.sdf.org 5 points 4 days ago

DivestOS sounds interesting but I am wary of any "mission-critical" software project (such as the firmware for my primary phone) that relies on a single person, for multiple reasons. Burnout and potential for social engineering by malicious actors being two of them.

[-] foxitixation@lemmy.zip 3 points 4 days ago

Why don't you trust the stability of the OS if it works with LG, Samsung, Nokia, and a Chinese company phone?

[-] kchr@lemmy.sdf.org 5 points 4 days ago

GP:s comment made me curious as well. Usually, if multiple hardware vendors are supported there are separate branches with different maintainers. It doesn't necessarily mean that the main codebase is bloated as a result.

[-] sugoidogo@discuss.online 3 points 4 days ago

What's wrong with GrapheneOS?

[-] jet@hackertalks.com 0 points 4 days ago

Nothing, the grand parents said "it's fine"

this post was submitted on 22 Dec 2024
123 points (99.2% liked)

Privacy

32177 readers
234 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS