So I jumped straight to GrapheneOS, which was way easier and less extreme than I had been warned. So beautifully minimal, with no crap. Now my phone feels like a simple Linux (Void/Arch) PC. So wonderful.
Be careful, apps can still communicate with other apps, e.g. revoking the network permission doesn't stop apps from fetching and displaying ads over the network. I don't know enough about Android internals to understand the mechanisms behind it, but clearly there are ways for apps to exfiltrate data.
> Trying to use Network as a complete data exfiltration toggle isn't the intended purpose, and you should always consider apps within the profile being able to communicate for ALL data and access including permissions. It is not something only relevant to Network.
https://discuss.grapheneos.org/d/4024-in-what-extent-can-app...
There has been talk of developing 'IPC scopes', similar to how there are contact scopes.
Another example relating to tracking ad targets, also known as "users":
"Around September 2024, Meta developed a creative solution to evade Androids sandboxing restrictions. (Id. 4849, 52.) Devices have localhost ports, which simulate a communications channel by allowing applications or services running on the device to communicate with each other... without those communications leaving the device. (Id. 53.) Meta modified its Pixel code (the Modified Pixel) so that it would send the _fbp cookies contents to a designated localhost port. (Id. 55.) In turn, Meta modified its Facebook and Instagram apps to listen to that localhost port for incoming data. (Id.) The Facebook and Instagram apps combined any incoming localhost data with personal information and identifiers, and subsequently shipped that combined data from the users Android device to its own servers. (Id.) As a result, even though Meta would typically have a harder time identifying Android users, Meta was now able to perfectly deanonymize Android users browsing activity if they used its apps. (Id.)
Meta's conduct was unknown until a group of internet security researchers disclosed it on June 3, 2025. (Id. 4; Dkt. No. 104-3.)
Shortly after the researchers public disclosure, Meta announced that it decided to pause use of this tracking method. (Id. 69; Dkt. No. 104-4 at 5.)
In this consolidated action, Plaintiffs assert nine claims against Meta: ... (3) violation of the Wiretap Act, 18 U.S.C. 2511(1); (4) violation of the California Invasion of Privacy Acts (CIPA) wiretapping provisions, Cal. Penal Code 631; (5) violation of CIPAs eavesdropping provisions, Cal. Penal Code 632; (6) violation of CIPAs eavesdropping device provisions, Cal. Penal Code 635; ... Plaintiffs assert an additional two claims against Google: negligence and negligent misrepresentation.
Plaintiffs CIPA pen register, unjust enrichment, and negligent misrepresentation claims are DISMISSED. Dismissal is with LEAVE TO AMEND because the Court cannot conclude on the current record that amendment would be futile. All other claims survive dismissal."
The above is an excerpt from In re Meta Android Privacy Litigation (3:25-cv-04674, N.D. Cal., June 3, 2025)
https://dn711508.ca.archive.org/0/items/gov.uscourts.cand.45...
https://dn711508.ca.archive.org/0/items/gov.uscourts.cand.45...
Of course Meta will eventually settle, like Google did in Brown v Google, in Google's case on the eve of trial. The wiretapping claims would be catastrophic for these companies
But the Court's observations are interesting
"At this early stage in the case, and given the undeniably significant portion of mobile phones using Apples iOS, it is reasonable to infer an industry custom of placing tight controls on communications between apps based on Apples restrictions."
I mainly use native camera (good in most cases, can be brought up immediately with double power button press, from locked), Google camera (rarely), BlackMagic for when I need control over videos and ProShot when I need control over images (the last one might be hard to install - it's a paid app (I'm a paid user, this is how I got it), but not long time ago the moron of the developer made the app "incompatible" with devices without Google surveillance buttplug claiming it will prevent people pirating it form opening support cases....???).
So you can have multiple camera apps. Thankfully Google is not Samsung or Sony, and all the apps have full access to the cameras.
Edit: Apparently Motorola is doing just that.
Otherwise Huawei would have already jumped into that gap. They have their own Google-independent OS now so they could have marketed it to privacy enthusiasts where the lack of Google services would have been a positive not a negative.
Xiaomi? Privacy?
Apple didn't "cash in", their marketing dept made sure privacy/security engineering got just enough budget to pull off miracles & then spend even more to successfully make the public forget about the very nasty Celebgate.
That was a phishing campaign, not a breach.
Source you can't compile or install onto the device wouldn't be very useful.
The Linux kernel developers see what Tivo did as a "feature" rather than a "flaw" and refuse GPLv3.
Linux is no longer the community-driven choice. It's big business with billions hanging on the line. The grassroots origins are long over.
While I agree with your general sentiment, I feel necessary to acknowledge that it's just not there (yet?). GrapheneOS is a great option if you want to have a fully working and secure device.
In the end I just opted out of the android ecosystem altogether and went with a flip phone that I used as a hotspot for an iPod touch (we only used over VPN with locked down DNS and nothing google related).
My privacy lasted about two weeks, because unfortunately Spotify was able to fingerprint that device to Facebook.
At the time? They still are the only devices officially supported.
Having your freedom be tied to a handful of devices from Google, is a massive supply chain risk.
Your provider can run arbitrary code there.
Its just a matter of time before this cesspool will leak into the rest of the OS, AppStore shows us the temptation is too big for Apple. When my iPhone 12 mini dies it’s /e/OS or GrapheneOS for me. My devices should serve me and my thoughts are my own.
I don’t think it will leak. After the U2 debacle, Apple might have learned not to push too hard on this front.
Some of them have ridiculous secur... compliance rules.
Other banks that I use are there. Almost perfect...
Most banking apps work, but Google Pay/NFC payments won't work.
You bought a phone from an advertising company?
This is how users learn to not update anything.
I was sad that I had to go through the OOBE setup on the stock image to unlock the bootloader. At least it doesn't force an internet connection and login, unlike Windows.
*It doesn't actually wipe your data; it just destroys the symmetric key, making the data permanently unreadable.
so it's kinda pointless to wipe data prior wiping them again during the bootloader unlocking process
My understanding is that it is impossible to unlock the bootloader on a new recent (Android 7+ at least; possiblt earlier) Android phone until it has connected to the Internet. After that, the ability to unlock the bootloader is permanent.
On the Nexus 5, you could just `fastboot oem unlock` right out of the box, install TWRP (custom "recovery") and install CyanogenMod/LienageOS, without ever booting the stock ROM.
On my Moto G4 Play and Moto X4, you had to get an unlock code from the Motorola website (based on the phone serial number I think) and waive some warranty terms, but once retrieved at least the phone didn't need to be online to unlock the bootloader.
The process on the newer Pixels is disappointingly intrusive, like basically everything Google has done for the last decade.
I'm not looking to fully de-Google but I want Google as apps and not my OS.
The Owner profile itself doesn't run Google Play Services, so when that Private Space is locked and dormant it's effectively a degoogled stack.
Some will invariably argue that an old pocket-sized Linux PC with a cellular modem is a superior experience, and for some specific things it may well be, but GrapheneOS is the only viable option for someone looking for a user-respecting modern phone with very few limitations.
Biggest caveats that I've encountered: tap to pay via Google Wallet is a no go, Android Auto can be flaky, MDM managed work profiles don't work at the moment, and some apps that use the Google Play integrity API fail to validate and refuse to work (I've only encountered one app that fails, and plenty others that work.)
In general, I'm moving towards a de-Googled life and GrapheneOS is a great entrypoint towards that.
Google Wallet bans using anything other than an unmodified Google Mobile Services stock OS but there are alternatives in certain regions. In Europe, there are a lot of banking apps with tap-to-pay compatible with GrapheneOS and also Curve Pay. PayPal also has a limited tap-to-pay launch in Germany.
Do you mean actual employer-spyware MDM work profiles? I suppose I never expected those to work.
Or do you mean things like Shelter, which uses work profiles and which I use to quarantine certain less-trusted apps?
Its all fun and games until the company gets hit with a lawsuit and discovery hits your phone and ALL your accounts, corporate and personal.
I'm hopeful that an OEM Motorola device will get certified for Google Pay.
So I get to use contactless payment at maybe 50% of the stores, which is annoying, because it's sometimes hard tot tell ahead of time.
I had a very weird (bad) experience with Curve support so I couldn't recommend it.
NFC payments work, it's only Google who claims a phone not patched for 8 years is safe and secure, but phone with working hardware attestation and patched 6 months ahead of everyone else is insecure.
Edit: Apparently that's Europe only? I'm in Europe so yeah. I didn't know that.
This is entirely possible as other posters have explained. But I think it kind of defeats the point of Graphene, at least somewhat. Google is already profiling every aspect of your life by reading your emails, files, calendar, location, etc? In that case, OS access becomes moot.
I think that GrapheneOS makes most sense as part of a broader move towards privacy-respecting alternatives. I see the sandboxed Play Services as something useful perhaps in a secondary user profile, for the odd commercial app required and only available from the Play Store.
Not really.
1. A non-Google OS can shut off background running access to Google apps, as well as supply Google apps with mock location data and other data
2. Google does other things to the OS that drive me nuts. Like allowing apps to restrict screenshots. I own the phone. If I want a screenshot, it should screenshot. This is not something for apps or Google to determine, and if the OS listens to me (not the app) it should allow screenshotting the display 100% of the time regardless of what the app cries about.
PREACH!
I hate this.
Maybe for cars Google is better but I don't use those. But even there I see really detailed stats.
OSMAnd is a really great full featured mapping app. A real tool that you can configure in detail. And Organic maps is more simple and quick like Google maps.
There's just two things I still need Google for: most businesses don't bother keeping their opening hours etc updated on other mapping services, and in my city they have live data on the public transport network. This should really be mandated to be offered to open street map too.
I actually find that it blows Google Maps out of the water for cycling (which is why/how I discovered it). I haven't really used it for driving much because my own car has a builtin nav, so can't really comment on that.
YMMV of course.
Left from Maps.me to OM because of drama and intrusive features, do I need to leave OM for CM?
edit: seems CM shouldnt have that annoying gift icon
edit 2: CoMaps doesn't display (colored) hiking trails, so completely useless compared to Organic Maps, also can't even display tram lines after tapping on tram stop in Prague
I personally also need hiking trails on my map, but I know people who don't and happily use CoMaps.
https://www.here.com/products/wego
LOL Bruh... this has a 1.7 rating on Android based on 42k reviews
https://play.google.com/store/apps/details?id=com.generalmag...
You can install nonprivileged google stuff on the main account.
Alternatively you can setup a private space (accessible to the main user but mostly separate from the main system) with a few clicks in the settings.
If you prefer more friction / isolation you can setup a separate user where you can install the google stuff.
My understanding is that even with pseudo-D2D (device-to-device) transfers Seedvault doesn't backup everything[1].
Are there more-functional, non-root, local (non-cloud) alternatives?
[1]: https://github.com/seedvault-app/seedvault/wiki/FAQ#why-do-s...
Ever since seedvault implemented local D2D API for app data availability and changed their repository format (inspired by restic's hashing) I've grown to trust seedvault enough that it's my sole phone backup.
Seems to schedule/backup/restore just fine, even cross-device. Gets all the apps and files I care about. Incremental runs are slow but efficient (<1MB transferred).
I have some UX gripes and would prefer if key and snapshot management was more flexible but the sentiment I see seems to be rooted in the earlier days when seedvault was more naive.
Look forward to a GOS-native solution all the same.
Small point of critique: it would be nice if it was a little bit easier to switch between personas, for example by simply scrolling to a different workspace. Because now the feature is mostly unused on my phone.
However, some apps that I need for work, like Microsoft Authenticator, no longer work under GrapheneOS.
https://www.theregister.com/on-prem/2026/03/10/microsoft-tig...
Compliance =!= Security
You want me to have email and teams/slack on my phone? Sorry, I won't install the spyware. Want to pay for me to have a second phone with it? Okay. No? Well then, I just won't have email on my phone.
It needs to be made illegal imo. The company should provide you a device if you need one for the job.
Scenario: Your account gets compromised somehow. It's signed in to your personal phone. Company data gets leaked or ransomed.
Your phone and its contents are now evidence.
Is this an antithesis to Don't Be Evil?
The vast vast majority of apps (99%+) are compatible and those that are broken is due to bugs in the apps which GOS catches, but these exploit protections can be disabled, and apps that use the monopolistic play integrity api.
The only apps that are permanently broken are those using the strongest play integrity api which is security theatre.
Here's a community created list of banking applications and their current status on GOS.
https://privsec.dev/posts/android/banking-applications-compa...
Again, this isn't about me. I'm fine giving up some convenience, but I know other people aren't. The average person is just going to simply install the app. Part of me asking this questions is gauging average user experience.
Authenticators should work normally, as far as I know (unless Google Authenticator does anything special). Can’t say anything about Google Wallet. There might be more lists/forums where people share which setups are (not) working well for them.
In general, I had these concerns as well until a few months ago. But I am much more optimistic these days that things will just work well out of the box (have read many positive sentiments in blog posts and here on Hacker News).
GrapheneOS is often better for testing apps due to it being trivial to test with and without google services, most of the hardening options can be used for debugging and provide a crash log to determine what failed, and there is an easily accessible log viewer available in app info.
There are alternatives for payments (scroll the thread, maybe look up on GOS discussion site).
If you live in the EU then you can use curve pay which can tap to pay.
Why is no tap to pay significant enough to stop you from switching to a phone that is private and secure? You can just carry a card and tap—they're tiny.