Hi,
I am (very, very early) in the process of degoogling. I am definitely not a high risk as far as needing to be completely locked down. It’s more about trying to have a little more control over how my data is used.
I am looking at Graphene OS, but I am a little confused how certain apps (that rely on Google services) work. I have a Pixel 8 and will have it for the foreseeable future.
The apps I currently use that I would still need (or their equivalents) are:
- Clash Royale (Supercell)
- Notion (Notion Labs)
- Clickup (Mango Technologies)
- Business Calendar 2 (Appgenix)
-
If I installed these exact apps “sandboxed”, what exactly does that mean from a user standpoint? Will I have to use a separate account, reboot my phone, etc, or is it a quick process to use the app?
-
Is there a list of apps that I could browse to find equivalents to the above? Recommendations here are also ok.
-
I saw that Firefox isn’t exactly private(?) and that Vanadium is better in that aspect but I don’t understand why. Can someone ELI5, and help me see if this is a relevant concern for me?
Thank you! 😁
So, the point here is to degoogle, yet you need certain apps that require google services.
What I and many others do is have a clean (i.e. no google services) main profile and a dirty (has google services) secondary profile. Put your needed apps in the secondary, live in main, and it’s two swipes and a tap to get to your apps in secondary. Best of both worlds. Over time find replacements that work in your main, congratulations, you’re now degoogled on your phone.
I do the two profiles on mine as well. The Google profile isn’t allowed to run in the background so it’s only active when I’m using an app that really needs it. Down to just a single app now that needs it.
So you don’t even have sandboxed GPlay Services on your main profile?
I do like how all profiles have all their own data, so if you logout another (not main) profile then that second profile data is encrypted again until you enter the password.
Yeah, main is for google-less.
Is there a faster way to switch profile than going into the settings? Sounds like you’ve got a much better way than what I’ve been doing
Swipe into notifications, swipe down on the quick access thingies (bluetooth, aeroplane mode etc), at the bottom is three circular buttons, leftmost brings up select user (swipe, swipe, tap, tap, sorry, missed one.)
You can also swipe down with 2 fingers and bring up the full quick settings thing with just one swipe
Cool!!!
Must say I hate the lack of a manual / help these days. “It’s intuitive”, no it’s fucking not, you just don’t want to write doco. (Not aimed at GrapheneOS specifically, just the state of things in general)
I feel like AOSP, at the very minimum, should have its own “tips and tricks” list (ideally in the form of a built-in app). Ideally every OEM flavor of Android should. I should not have to look it up in order to find these out tbh
In my case I just use an app called “shelter”. Going to the dirty profile is as easy as opening the app drawer and swiping left. I can also “pause” all apps in that profile whenever i want. No tikering necessary.
I tried the two profiles and I love it! Still figuring things out but this is going to work well.
I like this. I may do that two profiles since it sounds easy to switch between.
You don’t install the apps “sandboxed”. You can install the Google services like any normal app (in the “Apps” app). The Google services will then only have very limited permissions, for example they won’t be able to see your location, camera, contacts etc. by default and you can grant these permissions like to any other app.
The only thing that changes is that you have the option to install Google services and that you have the option to grant them permissions they would have limitlessly on a “normal” Android phone.
Your four mentioned apps should work on GrapheneOS without any problems, the only apps I had difficulties with were banking apps. The Google Play Store won’t be installed by default though, so you will need to install it in the “Apps” app. (I recommend using F-Droid to find alernative apps, although you won’t find something like Clash Royale on there. If you don’t want to use a Google account, you may want to look into Aurora Store (it provides anonymous access to the Play Store), which is also available of F-Droid)
I personally still use Firefox (Mull to be exact), because Vanadium doesn’t seem to have any good way of blocking ads. I found this on the internet in some R*ddit comment:
Chromium-based browsers like Vanadium and Bromite provide the strongest sandbox implementation, leagues ahead of the alternatives. It is much harder to escape from the sandbox and it provides much more than acting as a barrier to compromising the rest of the OS.
(Long version of the above quote: https://grapheneos.org/usage#web-browsing)
FWIW Cromite should be the recommendation now (Bromite has been long discontinued!), although I too don’t worry too much about the sandboxing benefits and use a FF fork for much/most of my browsing these days.
Cromite*
and yes Cromite is god tier stuff. even blows Mullvad Browser out of the water. ultimate privacy and ultimate security both.
One of my favorite browsers, and it does such a good job I apparently haven’t had to think about it enough to learn how to spell it…
Removed by mod
Because gecko base on Android has too many holes, and are harder to plug than webview. Android uses a modified linux kernel, which means that it is NOT linux “based”. Expecting Android to be Linux is just silly. TailsOS is Linux, genius 🥸
Removed by mod
I’ll be on the lookout for the cease and desist letter, and then I’ll stop, cool?
Removed by mod
Awesome. Thank you for the detailed explanation!
Idk what those apps are but if your work requires them, then you should have a separate work phone that runs whatever your boss wants it to, and your own phone that is degoogled. You want the separate phones for other reasons too, like if there is a problem at work and they need the phone, they get theirs and not yours.
Otherwise, find substitutes for those apps if you have to.
This. It is worth a few hundred bucks to get a separate “normie” phone and run all your Googled apps on there. It may not even need a sim or a data plan… Just use it on WiFi at home or office. This doesn’t need to be a flagship device… Just something “good enough”.
Then run all your personal stuff on your other degoogled phone. This is the one with your sim and primary number. Don’t do any work or Google crap on there.
Removed by mod
Sweet. This is helpful. Thank you!
Removed by mod
Maybe TOR uses FF because it’s easier to modify for their purposes.
Others would call that “insecure”
Removed by mod
Chromium is inadequate and bad.
For a anonymous browser, but not for a secure browser. The paper is purely about privacy and anonymity. No security (sandboxing, mitigations) here.
Removed by mod
Chromium sandboxing means nothing when it leaks so much data.
The attacker can’t gain access to the host with javascript.
A browser that support javascript but doesn’t have sandboxing might not leak these data but when their are bug in their js implementation, the attacker can gain more access to the host.
Removed by mod
Then why does the Tor Project choose Firefox over Chromium as its browser base? Chromium is incredibly insecure and full of holes. Post this wishy washy bullshit on reddit, not on Lemmy.
Because Tor browser’s goal is maximum anonymity and onion service. Firefox might be lag behind in security, but its code and features met the privacy requirements. Tor browser try to achieve some security by using noscript and block some web feature.
Removed by mod
Also, security means nothing if privacy and anonymity are worse.
Security here is protection from exploits, bugs,…
Removed by mod
And those exploits are features in Chromium browsers.
Nonsense.
Been usin graphene for a while now i reccommend find as many of your apps on fdroid (i use the neostore frontend for fdroid) then use aurora store for apps on google play. U can install google services from the graphene apps and then u can grant that permissions as u need. I use firfox developer edition cos i need my desktop plugins on mobile. Have had no problems running any apps if ur worried abt google services make a second profile and install it on that profile to further seperate google relient apps.
Just a heads up, the regular Firefox also let’s you install extensions on mobile now
All of them or just a select list cos theyve had a select list for ages now
They’ve recently expanded the list by a lot. I was able to find every extension that I use on desktop
They had an update a little while ago that you can install any desktop extension on mobile now
Good ideas. Thank you!
Removed by mod
Mod-trolling here too? Aren’t you going to mod-order us to stop talking about Graphene because it’s detrimental to Android and discriminates Apple, or something like that? 🤣🤣
Removed by mod
Things like cellebrite and pegasus are rapidly evolving tools based on specific zero day vulns that are known only to (and jealously guarded by) the respective tools devs. No one would have any meaningful way of validating whether Graphene is secure against those specific attack vectors or not unless they did test it, but “trust me bro” on the part of a dev doesn’t inspire confidence. I would assume any zero day vuln in AOSP is very likely present in most derivative systems based on it.
I never defend lies. But attacking them would be lying, because I’ve no idea what you mean by “Cellebrite Kits”.
What I am doing though, is riling yoi up because you’re evidently constantly angry in every single post I’ve seen you write.
I tried to appeal to logic in one of them (xenophobia, remember?), and all you did was post an even angrier message. So, since logic and good intentions don’t work, trying to increase your anger kay, or may not, do the trick. I just had to give it a shot.
By the way, no, that didn’t work either. It seems that nothing short of lithium will help. I’m sorry about that man. You sound exactly oike the GrapheneOS guy.
Removed by mod
I found the article (ironically in Graphene’s own forum) where they word their explanation in a way that would have us believe their project can counter Cellebrite with little to no effort. And I find that to be deceiving. I don’t know if they can, but from the universal knowledge that the 100% secure system does not exist, I find their claim hard to swallow.
I have to say, this is good food for thought. And this is where we could try to start a productive debate.
Within my limited technical knowledge, I have yet to see any mobile OS (ROM or otherwise) that comes close to the level that Graphene allows the user to secure their phones. I am not saying that Graphene is some sort of “fire and forget holy grail” of security, but checking the tracking in the included apps (all 5 of them), and finding absolutely nothing tracking, I have to say, it’s a very nice move from what the common folk uses (or used in my case) in their devices. On top of that, I have full control over 99% of my system (what with storage and contact scopes, plus the ability to disable ALL the apps I want, whenever I want, the control over all of the connections to my preference, and the list goes on and on. I have also tried Calyx (I have nothing bad to say about it, it’s pretty good and intuitive), which I think is an easier entry level than Graphene to incur into the privacy seeking life (my very personal opinion), but Graphene does take all that to different heights.
You might be wondering why all this long bloglike post. I thought it best to clarify my position towards Graphene as much as possible before i came out with what I’m hoping will spark the productive debate I mentioned before.
Other than GrapheneOS, what other real, potentially competing, options are out there?
Because, even with whatever flaws that GrapheneOS may have, it certainly beats having an iPhone, more so any other Android OS/ROM for that matter.
All previous joking aside, you’re evidently better versed on this subject than most of us, from my perspective anyway.
What would you recommend, short of getting a dumb phone with a prepaid sim card?
I’m genuinely curious about what you understand would be a better option.
“Linux phones” are not a viable option in over 90% of use cases (God O wish that wasn’t the case).
I’m waiting for the Pixel Fold 2 to launch, to see if I’m going to change my Pixel 7 Pro for that, or if I’m going to wait for the 9 Pro. But since this came up here, I might as well pick other brains and then do some research using the suggestions I find here as a starting point.
Removed by mod
The point of break in 99% of the cases is the carelessness of the user.
Removed by mod
That is exactly right.
you’re wrong and look stupid.
Be careful, he’s a moderator and can take away your sandwich.
Removed by mod
“Someone disagrees with what I say” = trolling
