Hi everyone, I’m looking to possibly simply my smartphone setup. I would really love to keep it as a utility: phone, text, camera, GPS, web browser, notes, email, music player. Im think of switching to local NextCloud backup system as well. I currently have an iPhone but used to flash ROMs on Android phones, so I would be willing to do that again for more privacy options and less unnecessary changes to the OS.
I have looked a little into it, and I’m wondering about getting a couple year old Pixel and putting GrapheneOS on it. I also searched a little and came across the Purism Librem 5 that has physical kill switches and sounds neat; a little pricy but I’d be willing to pay if it lasts a while and has good privacy options.
What are your thoughts? Are there other hardware suggestions or setups that you like? The idea of FOSS is appealing because it seems like the money aspect seems to skew the priority of smartphones.
Great to see people care about their privacy, especially on their mobile devices, as these are often the worst in regards to privacy. GrapheneOS is definitely the best choice, other options are not worth considering. I absolutely recommend against the Librem 5 (or any Linux phone), as these are not really usable, lack essentially every important app and have far worse security than Android or GrapheneOS. There’s a great article about Linux phones: https://madaidans-insecurities.github.io/linux-phones.html
If you want to use GrapheneOS, get a Pixel 6 or newer, because the older models don’t get security updates anymore. The Pixel 6 will be supported until 2026, the 6a until 2027, you can check out the full list out on this site: https://grapheneos.org/faq#device-lifetime
GrapheneOS doesn’t ship any unnecessary bloatware by default, it only comes with stock AOSP applications and no Google services at all. You can install Sandboxed Google Play services from the GrapheneOS Apps repository. For all the other things you need, I recommend searching on F-Droid. It’s a repository of FOSS Android apps that don’t spy on you.
I would really love to keep it as a utility: phone, text, camera, GPS, web browser, notes, email, music player. Im think of switching to local NextCloud backup system as well.
For your use cases I recommend the following apps:
-
GrapheneOS includes their own ‘Secure Camera’ app, but it can’t make use of the post processing in the Google Pixel. You can install the normal Google Camera app from the Play Store through Aurora Store (an anonymous way to download apps from Google Play) and revoke it’s network permission in the settings. The network toggle is a feature unique to GrapheneOS.
-
For maps and navigation I recommend the following solutions: OsmAnd, Organic Maps and Magic Earth. Magic Earth isn’t open source, but they have a good privacy policy and at least in my experience it’s better than the other solutions.
-
GrapheneOS ships with the Vanadium browser, which is a hardened version of Chromium. Vanadium is also used in the WebView API, which other apps use to display web content. If you don’t like to a Chromium-based browser, I recommend Mull which is hardened Firefox.
-
For Notes, I really like Notesnook. It’s open-source, available on F-Droid and if you use their cloud sync feature, it’s end to end encrypted. You can also use it locally and revoke it’s network access, so it never connects to the internet, if that’s what you prefer. Standard Notes is another option. It also encrypts you notes database locally. There’s also Simple Notes, which has less features and it’s fully offline.
-
K-9 Mail is probably the best FOSS email client. There’s also FairEmail, but the user interface isn’t great.
-
Retro Music is an amazing, good looking open source music app. Simple Music is an alternative.
-
If you’re into self hosting, I recommend Immich for syncing photos.
If you find these apps useful, consider donating to their developers. They deserve a tip for making all of this great software available to everyone.
Hope you find this useful.
instead of the simple mobile tools, consider changing them out for fossify versions. Simple mobile tools recently got sold to a company that buys up apps to put ads and trackers in them, Fossify is a fork
I know, but if they add any weird shit to their apps, it won’t be accepted on F-Droid anyway. Also, most of the Fossify apps aren’t available on F-Droid right now. I can only find the gallery app at the moment. Once the Fossify forks of the Simple Mobile Apps I mentioned are available on F-Droid, I will edit my comment.
I thank you for your effort in this post, and I appreciate anyone who try to give real and complete answer to this kind of question, but I’d like to point out that madaidan “guides” aren’t reliable, and shouldn’t be linked as useful source of information, since he usually just spread FUD. Nothing he even wrote is actually useful to real users and common people, and even if I understand he know what he’s talking about this doesn’t mean his interpretation is correct. Security isn’t absolute, and safety from any ideal danger that at this time no one even know how to exploit shouldn’t be the ultimate goal for everyone. Sorry for my bad English, I hope I made myself clear
For me, the key aspects for selecting the right hardware are the camera and the comunity support. All the other capabillities you listed are available on any phone that has a relatively recent ROM available.
Let’s start with the camera quality: If you want to use your phone without GSF or microG, you could use the camera app that comes with the ROM you flashed. Sometimes, the picture quallity is decent, but often times its lacking. Instead, I would recommend using a modded GCam App together with fake GSF. This way, you can use googles powerful camera app without sacrificing your privacy. So when I’m looking for hardware, I always check, if there is a modded GCam version available.
Aside from that, I would check if there are recent stable versions of the ROM I want, available for the hardware. The last thing I would check is, how active and how big the modding community for that device is. If you can’t find a lot of support on XDA, it’s probably not the best hardware choice to begin with.
When it comes to software, there are a lot of privacy-friendly replacements to choose from, but here is my setup:
- Syncing Contacts and Todos: selfhosted baikal + DavX5 + Simple Contacts + Tasks
- Syncing Photos: selfhosted NextCloud AIO + nextcloud app
- Syncing Notes: selfhosted webdav + Joplin
- Find My Phone functionality: FindMyDevice
- Maps: OrganicMaps
- Speach to text: FUTO Voice
- Synced Music: Selfhosted JellyFin + FinAmp
- browser bookmark sync: selfhosted webdav + floccus
EDIT: GCam and FUTO are not Open Source, but they are free and don’t collect or require any user data
Thank you for the list of suggestions; that’s really helpful. I haven’t been on Android in a while, is the Gcam app noticeably better than a stock camera app? What sorts of things would it do better? Low lighting or blur reduction?
I agree about the ROM. I’d really like to have something that is simple and looks to have continued support when necessary for security and other major updates. I also agree about the camera. It seems to be a deciding factor for smartphones. The last I checked the Pixels had excellent sensors but had some camera software issues that I believe were eventually resolved. I’m hoping that isn’t an issue if I’m just using a basic OS.
is the Gcam app noticeably better than a stock camera app?
Yes, there’s a very noticable difference.
What sorts of things would it do better?
It uses the custom ML chip in the Google Tensor processor for post processing. This makes the photos and videos look amazing.
Low lighting or blur reduction?
Both, and a lot more.
In my other comment, I outlined a solution for easily installing the Google Camera app.
Another thing you might want to consider is the repairability. If you want to swap the battery years down the line, this can become a really important metric as well. iFixit is your friend here: you can just look up a device and check what the repairability score is.
is the GCam app noticeably better than a stock camera app? What sorts of things would it do better?
As I mentioned in my first comment: “Sometimes, the picture quality is decent, but often times it’s lacking” when it comes to the ROM camera app. How well a camera does, depends on the app (which is supplied by the ROM) and the driver (usually supplied by the manufacturer). The quality can, therefore, vary from device to device. A few years ago I would’ve definitely said that GCam is a step above ROM camera apps, but in more and more cases, those have become almost comparable in quality. One aspect where GCam still actually makes a difference is long exposure modes (low light and night photography) as well as offering special modes like panorama or photo-sphere.
The last I checked, the Pixels had excellent sensors but had some camera software issues that I believe were eventually resolved. I’m hoping that isn’t an issue if I’m just using a basic OS.
From my experience, older oneplus devices (e.g. oneplus 7/oneplus 7 pro) and pixel devices (pixel 5 and upwards) have excellent community support, so you should be golden.
Simple mobile tools has been sold to a company that buys apps to put ads and trackers in them. They likely wont be open source in the future either anymore. Consider changing the links out for the fossify versions, that’s a fork
Thanks for the info, I changed it.
On GrapheneOS there’s a much simpler solution. Install the Google Camera app from the Play Store (perhaps use the Aurora Store to stay anonymous), install Sandboxed Google Play services from the GrapheneOS apps repository and revoke the network permission for all of those. Also, I tried the Gcam-Services-Provider app you mentioned on GrapheneOS and it didn’t work. microG doesn’t work on GrapheneOS either. Sandboxed Play services is the easiest and best solution.
Pixel with GrapheneOS - no contest. Been my daily driver for ages and I have no complaints in the slightest
+1
First choice: Get a used new(ish) Pixel and flash Graphene OS. Second choice: Get a used older Pixel and flash Lineage OS.
Second choice should be something like DivestOS. It’s definitely not as good as GrapheneOS, but far better than Lineage.
It’s a fork of LineageOS. Not sure how excited about it I’d be. Willing to give it a try tho.
Yes, but it’s far better than LineageOS because it works with a locked bootloader and can make use of Android Verified Boot. LineageOS lacks this fundamental security feature.
DivestOS developer (yep, just one guy) is awesome. Give it a try when you have time
A colleague of mine is very happy with the Punkt phone.
Punkt is neat, but in the end it is Android (if you can believe it). So, it has Signal (or Pigeon, as they’ve branded it) but it is also vulnerable the same way any Android phone can be. There are some baked-in apps that track and whatnot.
Nice info. Thanks!
I think the route will be:
- Switch to services that work across many systems
- Switch to an Android phone that has support for CalyxOS/GrapheneOS/LineageOS/DivestOS (note that last two can be more or less polished depending on device)
- Switch to open source apps on Android
- Switch to open source ROM
This is to not get a total shock in amount of learning after which would get you immediatly back.
I can recommend some first of second hand Google Pixel devices, OnePlus up to 8T and Fairphone(s).
As far as I love the idea of mobile Linux like with Librem phone, right now you need to be very tech saavy and take many sacrifices above just switching services you use.
Nextcloud doesn’t have e2ee. Use something better.
It doesn’t matter if you host it yourself. You should still have full disk encryption (LUKS on Linux) enabled on your server though.
It does matter if someone can break into your House
That’s why I recommend full disk encryption. If someone steals your hard drives, the data is inaccessible without your password.
That doesn’t apply to servers. Unless you turn off the server every time you leave the room.
If physical security concern you, you should encrypt your disk, but e2e isn’t really useful if you host your instance and use a VPN to connect (it’s not necessary even if you trust the 3rd party that host your data, actually)
By e2e I mean client side. Someone who gets physical access to the server should not be able to view your files.
Mmm… I still think you mean server side: if someone seize your server shouldn’t be able to read your file. If someone have physical access to your server while it is still turn on and not rebooted, it will have access to your files even with e2e turned on. E2e encrypt data while it is transfered from client to server (in case of nextcloud)
If someone have physical access to your server while it is still turn on and not rebooted, it will have access to your files even with e2e turned on
Thats not true. For it to be e2e the encryption must be done client side, by definition. The keys are stored on the client. The server cannot decrypt the data.
Nextcloud does not offer e2ee.
You’re right, I’m dumb. Nextcloud has a e2e plugin, but you have to lose a lot of functionality, and I still think it isn’t worth it if you host your own instance
If someone breaks into my house they have a lot more to worry about than me hosting pirated content to myself. Hope they can dodge supersonic rocks!
I would let your wallet decide.
phone, text, camera, GPS, web browser, notes, email, music player
GrapheneOS and the Librem 5 can handle this. If I hadn’t bought a phone at the end of 2022 I’d likely go for the Librem 5 unless a used Pixel could be acquired.
I think the only thing you will lose with GrapheneOS is tap-to-pay, if you even use that. Beyond that, if you don’t install GSF or even microG on the device you’re already doing a lot in terms of privacy. You have to look into whether things like Uber would work without GSF (I don’t use Uber so I can’t check).
Are there other hardware suggestions or setups that you like?
I was going to set up a Nextcloud server, but ended up just using Syncthing. I thought I would need that full suite of services, but it turns out my workflow just needs a few directories. I use Markor to take notes and write drafts. Before, I did editing on my phone, but now I wait until I am sat down in front of a computer. Syncthing can run on an old Raspberry Pi and requires very little upkeep.
Another suggestion is to use something like UAD to debloat most any Android phone. It is a bit of a preview of what to expect from many alternative ROMs. You need to switch to OSM and use a different calendar app and possibly a different camera app, contacts, keyboard, etc. and you’ll notice very quickly that…nothing really changes except maybe battery life.
I think the only thing you will lose with GrapheneOS is tap-to-pay
If you want any banking apps, they can also refuse to run without at least microG and some Magisk trickery. Some will go as far as refuse to run if they barely find a sudo binary on an otherwise locked non-rooted phone.
Don’t root your GrapheneOS system. This site offers a great summary why it’s bad. Root and Magisk are huge increases in attack surface and microG isn’t recommended either, as it requires root for basic functionality. GrapheneOS has created Sandboxed Google Play services, which takes the official Google Play services binary and runs them in the normal Android application sandbox. This is more private and secure than both the implementation on the Stock OS and microG. Most banking apps work on GrapheneOS with Sandboxed Google Play services, no need for root. In fact, root decreases your chances of getting banking apps to work, because a rooted device can’t pass Google Play device integrity checks (previously known as SafetyNet).
I’ve been pretty meh on GrapheneOS, haven’t actually used it, usually lean towards LineageOS, but the sandboxed Google Play feature sounds pretty interesting.
Unfortunately, LineageOS is pretty insecure. Worse than stock Android. https://madaidans-insecurities.github.io/android.html#lineageos
Does Lineage actually have any advantages over Graphene?
Well, it works on more than 10 phone models. The criticisms in the post are valid, certainly, but that doesn’t help much if my device isn’t supported.
Honestly, the stock ROM on most phones is probably better than LineageOS. I would stick to that, maybe use the Universal Android Debloater to remove some of the crap and eventually get a Pixel with GrapheneOS.
Linux phones like the Librem 5 are fundamentally insecure. It’s also outdated and overpriced, I really wouldn’t recommend it.
Obviously these phones aren’t as good as megacorp-backed Androids yet, they’re much newer and the software is being developed by the community for fucks sake. And the manufacturers haven’t had so many design revisions to recognise and fix all the issues.
They’re development/early adopter devices. And the killswitches aren’t pointless, because while you can enable airplane mode, that’s a software mechanism which can be maliciously changed, either by the manufacturer or an attacker. A kill switch will 100% cut you off.
Airplane mode exists because it is mandated by law that every handheld cellular device needs a reliable way of disabling the cellular modem to prevent interference with airplanes. When airplane mode is turned on, the cellular modem actually needs to be turned off. Otherwise, the device is not compliant with regulations and can’t be sold. Obviously, this is not a 100% guarantee, but the chances that the cellular modem randomly turns on while in airplane mode are very slim. And the Wi-Fi switch isn’t really useful, because GrapheneOS and even Stock Android use Wi-Fi MAC address randomization. On GrapheneOS you can also fully disable Wi-Fi scanning.
Is this your blog?
No, but the guy publishes some great articles in regards to privacy and security. privsec.dev is another one I recommend.
GrapheneOS and a Pixel. Sounds exactly like what you want.
Alternatively, a Fairphone with CalyxOS.Both are more secure and private than a stock Android phone.
GrapheneOS would be my recommendation.I used Calyx for a year and recently switched over to Graphene. Calyx was great for the time being, as it focused more on usability, when GrapheneOS didn’t even provide push notifications and was needlessly secure for my threat model.
But now, GrapheneOS is even more compatible and complete than Calyx, while more secure.
It’s very barebones by default and Google services are optional and sandboxed + strongly restricted.I would get a newer Pixel model in your case. I bought the Pixel 5 and somewhat regret it, since it hit end of support.
Or, you could buy a Fairphone. That would be more sustainable, since you can modify and repair it easily yourself, and it has a super long warranty and support.
GrapheneOS sadly does only support Pixels, but Calyx the Fairphone too.