I'm using microg's lineage, and something I was wondering when choosing a rom was, how secure are all those roms in terms of supply chain/developpers. There are many, with no big reassuring name behind, and it's hard to trust that what looks like a random rom from the internet is not just a full trojan horse.
It would be nice to have just the one or two options, with app store and some kind of official entities backing (say, states, or universities, or distros).
Sad to hear.
It feels like the EU could fund some entity to manage, develop and distribute such a degoogled android with only a very small fraction of its other spendings, and that would help a lot with reducing google/apple's hold on the european market… A cheap deal.
Android is a Google project through and through, so I'm not sure if basing the result would actually be "reducing google hold on european market". For that you'd have to actually have a product that isn't developed by one of those corps.
Degoogling is a misnomer imo. It's not about not using anything from Google or Apple at all. They both contribute to Linux, clang/llvm and other core open software tooling after all. It's about not using unaudited closed source code which cannot be proven to be secure or private, as well as getting away from the online services Google/Apple bake into their operating systems that spy on and tell on users as a requirement to boot the device at all. There's also some cool features that are blocked by both. Since AOSP is open source and the API is easy to target by 3rd party app stores, it's perfectly legitimate to use it as a starting point. There may come a day where Google stops releasing it in such a usable way though, and a more complete fork will be necessary to maintain OS sovereignty.
> It's about not using unaudited closed source code which cannot be proven to be secure or private [..]
Degoogling is not deblobbing and Lineage or /e/ use plenty of closed source software during runtime. The top parent and DivestOS author really is deblobbing* to some degree, but forks of LineageOS that introduce measures of "degoogling" hold onto vendor firmware blobs on androids /vendor partition for functionality. Those aren't known for connecting to the Google hivemind though.
My interpretation of the term degoogling fits the second part of your sentence, "getting away from online services": it is user agency in what network connections can occur, so either by default or optionally users can stop any signaling coming from the device they use. They don't have that freedom with the software the device came with.
Sadly it's pretty hard. I have had a great experience with Lineage OS for several years now. Installing a custom ROM is not that hard imo, but it is scary to most and few flagship devices allow it. But I think more competition will be the key to more freedom and openness, and that is coming: Google is being pressured to embrace 3rd party app stores, and Apple is being pressured to allow side loading in Europe. Also things like RISC-V and the growing open source hardware movement are shaking things up. The death of Moore's law will also bring more competition into chip design in the coming decade which could help to establish more open standards and options in the market.
I mean, it would be a step in a better direction, wouldn't it?
One might start with something like aosp/lineage and potentially fork from there if needs be, or ask of companies to support this alternative rom, etc.
GrapheneOS is by far the most secure option. Unfortunately, it’s only for pixels (as the former “director” (in my opinion rightly) claims that there is not much point to “extreme” security if the hardware itself is already vulnerable, and most android phones have very shitty hardware security)
> not much point to “extreme” security if the hardware itself is already vulnerable
What I don't get about this is that a lot of people who install custom ROMs do so, to ungoogle their devices, and just plainly get rid of Google. So why exactly is Google deemed to be a safe hardware vendor?
They have a secure boot chain and they allow users to use their own signing keys. Samsung for instance also has verified boot, but doesn't allow users to use their own keys. Thus, the boot process is as secure using GrapheneOS as it would be using stock Android, but this just isn't the case for any other device manufacturer.
Yeah but that's still SW, if we talk about HW then using Google-HW to get rid of Google seems a bit weird. I know that Google is not manufacturing these parts, but they're probably not open-source either.
I don't care that deeply about privacy/security, just being a bit devils-advocat-y.
It depends on why you want to de-google. Running Android means that you're plugged into their ad-analytics data collection. Firmware layers are extremely unlikely to be reporting personalized analytics into that engine.
On the other hand if you're trying to avoid an oppressive state, you probably want to avoid any potential for a sub-poena to a big corp yielding information on you; in which case considering fully open firmware makes much more sense.
There is basically no production-ready free hardware on the market, the pinephone (which is in the toy category, let’s be honest) is also full of proprietary firmware.
I even got one of these and all I did with it was install a couple of different distros, since then it's collecting dust as it's unbelievably slow and the battery lasts for about 2 hours.
There is no such thing as a safe hardware vendor at this time unfortunately. The good thing about Google is they are the only company that actually lets you swap out the software to at least improve your privacy (but they penalize you by blocking payment and auto integration), so it's far better than everyone else, but far from perfect, mainly since the baseband processors are universally closed off.
I'm having a great experience using microG, which lets me selectively enable and disable cloud messaging for every app that attempts to use Google Play Services. microG does not implement the ads and tracking (Google Analytics) APIs of Google Play Services. microG also lets me use Mozilla Location Services to replace Google Location Services, which obtains a location much faster than GPS alone. With microG being free and open source, I trust it much more than the proprietary Google Play Services, even with sandboxing applied.
It's weird that the article doesn't mention microG even once, since it's what /e/ uses instead of the Google Play Services client.
There are no real answers to this, taking trust out of the equation, the only way to be sure is to inspect the source code and build it yourself. On a side note, it's always possible to hook dns to a remote piehole setup, and monitor connections. Aside from the security issues related to roms, there are still the binary blobs from OEMs.
My DivestOS supports decade+ old devices and provides monthly security updates for seven versions of Android, no other project does this.
GrapheneOS has good reason to only support Pixel devices, they consistently do the right thing with regards to relocking, verified boot, CFI/SCS support, strongbox support, and even now MTE support.
For me bank and finance apps are very important and they all stop working without Google services. One of the reasons I am stuck on iOS. Not to me mention with every patch and release there's a risk of doing the whole flashing/setup again. Also, if there's a need for service some OEMs just refuse to even entertain you if there's another ROM installed.
I used to use CalyxOS till GrapheneOS got Google Place Sandbox working. Now there is nothing I can't get working on GrapheneOS. Everything works including Google Pay. I just have a user profile for when I need to use an app that needs Google and otherwise my main user profile is just apps that work without Google.
To me this is leagues ahead of any other degoogled experience because at any time I can temporarily turn on Google when I need it (and I often do). But it doesn't defeat the purpose because for the most part you can just turn it off
Probleme about grapheneOS is it only supports newest Pixel phones. They recommend a minimum of Pixel 6 which most people can't afford, even in the second hand market unless they have a broken screen or are in a sorry state while I can get a Samsung Galaxy S9+ in very good shape for the price of a new entry level smartphone and install it with /e/, iodé or divestOS.
So I would say they are not targetting the same users and you can't really compare them equally.
Using old devices that no longer receive security updates, like the Galaxy S9+ you mentioned, is unsecure. It makes sense that GrapheneOS, a security-oriented OS, only recommends devices that are still getting security updates both for the OS itself but also for hardware firmware, which only the manufacturer of the hardware can provide.
There are old versions of GrapheneOS for older devices, and some devices are still in extended support, like the Pixel 4a (although not for long I expect). So if you are OK with the compromised Galaxy S9+, you could also be OK with the compromised Pixel 3a, which received the June 2022 security patch in GrapheneOS[1], while the S9+ received the March 2022 security patch[2]
I think it would be nice for GrapheneOS to have two sorts of distributions, the normal one and another one which could be called "lite" or "legacy" and could support an extended range of devices even if the hardware guarantees aren't as good.
There's tons of value on the software side on GrapheneOS and those legacy devices could benefit from it.
Even if older devices are less secure, it’s a shame that GrapheneOS doesn’t support them. I have a Pixel 3XL that runs great with the latest Android, but to run latest I’ve had to opt for Pixel Experience since most other Android distros leave the 3XL with only old versions.
Well, if you want to be whatanalboutist about security, GrapheneOS running pixels aren't either because the Graphene project do not write, audit and provide the firmwares either.
The problem is that Google doesn't support older pixel devices. If the older devices don't get security updates, GrapheneOS can't in good faith support said devices.
Unfortunately GrapheneOS only supports Pixel phones.
So I'm running CalyxOS on Fairphone and I've gotten almost all play store apps to work via MicroG and anonymous login on Aurora store (in-app purchases don't work).
Agree, GrapheneOS is probably the best I've used. The sandboxed Google play works perfectly for me.
I actually bought a second hand pixel 6 to install calx or graphene, tried both and found graphene much better.
The only things that don't work that I've noticed are android auto (I don't use it anyway), Google passive / offline music recognition, and Google pay.
I thought Google pay not working was a known issue, so I'm surprised you say it works for you?
It is certainly not perfect but it certainly way faster and seamless than rebooting into another OS.
If you don't mind the battery drain and having both profiles running it is just a menu drop down + single button and ~1 second wait and you have your other profile.
Personally I hate the battery drain so the process for me is a menu drop + single button and ~3 second wait and then unlock pin and I am in my other profile (not ideal, but far better than anything else if you want degoogled).
You can even get notifications from other user profile(s). This is absolutely impossible with dual boot.
You can use a work profile via Shelter/Insular instead which makes this entirely seamless, simply swipe right on your launcher to launch work apps. They even get their own VPN slot too!
It's way more seamless, especially if keeping the google apps in a work profile. Every UI component on android where an app or activity can be chosen (e.g. the share menu) already has a small toggle to toggle between these profiles.
The work profile filesystem can also be mounted and is then visible in the file explorer. The only issue is that it's only possible to have one additional work profile. Otherwise full user profiles must be used which are less convenient.
I use user profiles since I figured I wanted more than just 2 profiles. Am thinking the increased privacy is not worth the decreased convenience and I'd advise others to start using work profiles and only start using user profiles once you have a third use case you're sure you need
clarification: NFC payments in Google Pay. For example my bank app has mobile payments implemented and they work on GrapheneOS.
AFAIK the only reason why Google Pay NFC payments don't work is because Google Pay keeps a list of hardware and OS that's allowed to use that feature, and GrapheneOS is not in that list. It's not an OS limitation.
There was an open issue to spoof this data so that Google Pay NFC payments, among other Google features behind this check, would work. But it looks like it got discarded 2 days ago: https://github.com/GrapheneOS/os-issue-tracker/issues/1986
I think Graphene spoofs the most basic level of Google's security thing but they never wanted to spoof anything higher because it would just turn into a cat and mouse game that they would eventually lose.
They recommend that app developers adopt the much stronger and vendor-neutral Android hardware attestation API instead.
Quote:"“This feature is based on tracker detection. Facebook/WhatsApp technically don’t use trackers so they are green flagged regarding privacy,” Murena offered when we queried the high score for the Facebook app, adding: “We will improve this score by adding more information about personal data collection that can be found in apps Terms of Services.”"
Oh, OK then. Hard pass from me for this little experiment. Coming from a former communist country this is the equivalent of "I guess if the neighbor is not using video to rat you to state police he's a good guy and you can trust him with your anti-communist ideas" attitude. The river bed of Danube-Black Sea channel is ridden with the bones of people who trusted their neighbors.
Have these folks done any sort of actual audit on the Android code base to ensure they’ve removed _all_ of the “phoning home”? Not so much doubting their claims, more so just curious to see what they found. Is it possible google has baked in some tracking features deep in the OS, outside of gapps? Things you wouldn’t see with a mitm proxy? I’d be interested to know
Not entirely. With GrapheneOS, google play services and any other google apps have the same level of control over permissions as any other app. So you can deny access to any features that you don't want it to have access to. Others in this thread have recommended using a separate profile for google apps so it's not even running when you're not using it.
> Your @murena.io account is at the center of the your private digital life, allowing you to store, back up and retrieve your data safely on remote servers.
Google is an advertising company. I expect them to serve ads based on their reading of any Gmail emails, Drive documents, or image analysis of Google Photos, any Google Search/Maps queries, any Chrome browsing, and notifications/app usage/other entries in Googleified Android.
That makes storing documents in Google's cloud significantly not private.
Murena's whole reason for being is privacy, if it came out through whistleblowing or user analysis that Murena was analyzing and selling user data... that would (I hope, though I have less faith than I used to) that would sink the company.
I'm not paranoid enough to think that Google or the FBI is attacking the CalyxOS supply chain with rootkits that analyze/upload data on Murena phones in the same way they do on regular Android phones because that data is not useful to them. If they can't show ads in your murena.io email, why would they go to great lengths to read it?
I do think that the only option left for those who are individual targets of investigation from a nation-state or international mega corporation is to not use cloud services and smartphones.
They've already leaked user data once and never published a follow up like they said they would, just told users to delete files/contacts/calendars that weren't their own.
> The encryption app does not protect your data if your Nextcloud server is compromised, and it does not prevent Nextcloud administrators from reading user’s files. It encrypts only the contents of files, and not filenames and directory structures.
> deMicrosofted windows isn't a thing for a reason
About this part, I'm not sure I understand.
"deMicrosoft" was, and is a thing. See "windows 7 umattended edition" or "windows 10 reclaim scripts". Same with android and custom roms.
Corporate greed bloats up perfectly fine operating systems for as long as I can remember, and de-bloating them has and is still a thing.
Stock android is not so bad (2023); android has to cater to a broader ecosystem of vendors and hardware, hence the heterogenity and the overall not streamlined experience that comes with it, that much is certainly true.
Projects like that exist for sure, but they don't have widespread use. I mean, there is even ReactOS and Wine but none of those suceedes as an alternate OS like even one Linux distro alone like Ubuntu.
If you like android though deGoogled alternatives are good but they're a niche
Please see this independent comparison table: https://eylenburg.github.io/android_comparison.htm
And additionally the reviews by Kuketz: https://www.kuketz-blog.de/android-grapheneos-calyxos-und-co...
See also my table that shows historical release dates for monthly Android Security Bulletins: https://divestos.org/misc/a-dates.txt
and the Chromium (WebView): https://divestos.org/misc/ch-dates.txt