Questions about switching from iOS to GrapheneOS
-
Graphene likes to push the use of user profiles (just called "users" in the OS) but I find that to be a trash experience myself. Instead, you can enable work/personal profiles right within the single user account and keep sandboxed Google Play and the apps requiring it all within the work profile. You can restrict location and other permissions for Google and don't even need to log it in for it to work. You just need the Island or Insular app to enable profiles.
The Google camera app works perfectly for great photos with the pixel hardware and last I checked it doesn't even require network access or Goodie Play - except it won't embed GPS in photos without Google.
As you can probably guess, the amount of data Google gets will really depend on your setup! I like to use NextDNS to further filter connections. (Pihole might be better but it's more effort.)
Regarding seedvault, you can have it save to a webdav location, Nextcloud, or directly on the phone. If saving on the phone you could just have SyncThing or something similar auto sync the file to another device.
-
You can install Google camera app on GrapheneOS if you want to
-
I run Grapheneos, just been through the setup. Out of about 100 aps 7 needed play. I only actually needed 3 of those. Uber and Lyft in particular and they ran fine with it. The other was my banking app which would not work. For now I will just use my old phone on wifi to deposit checks. After that I will either put it on my wife's phone or switch institutions.
Play services my understanding is not privilaged on GrapheneOS. Usually it is.
By the way Signal does not need Play Services but it will use them if they are available.
Phone. Look at all the Google phones and divide price by years of support remaining. Best will probably a later a-series phone.
Integrity api. Graphene passes except for highest level. Who knows the future.
-
Thanks, that’s useful to know!
-
Keep mind the owner profile also has a work profile too and a privte space. Might run in one of those.
The are also 31 user profiles like the owner profile but they do not have private spaces.
-
Backup. Seedvault can backup to Nexcloud though it is experimental. I use that too but do not fully trust it.
I dump apps that allow that to main storage and just plugin my phone to my laptop and archive main storage. Then I sync apps that incude sync to Nextcloud directly.
-
SMS is janky outside of the Owner profile. Unfortunately my workplace requires me to respond to SMS at times.
It does not sandbox you out of googles SSO, ie, if you sign into a google account in a google app, it will sign you in as that account system wide for all google apps. I wanted to sign into gmail but not tie the google account to google messages (for RCS).
-
Keep us updated on your transition, I'm curious
-
Do you know if WhatsApp allows dumping to main storage?
-
If GrapheneOS doesn't look like it will meet your needs, LineageOS w/microG may be best for you.
The main issue is that the learning curve is higher to get it to a state that's a balance between security and privacy. You have to learn how to install it for your device, set up root with Magisk or the like, install modules that allow your device to pass/bypass google's SafetyNet Device Assestation, install the module to avoid connecting to google via GPS, set up AdAway, AFWall, LSPosed if needed, and get android auto set up if needed. That's not even including all the device-specific tweaks you'll end up needing/wanting, or how to manage updates. It's a lot of work, but in the end you get a phone that acts like a computer you control instead of an "appliance" that works against you.
-
Does LineageOS let you bypass the strong authentication in the play integrity API? That’s probably my main concern with switching over as the main apps I use could become unusable in the future. GrapheneOS is probably a better fit for me at the moment but I have considered other options
-
How are you installing Signal? I installed it from their website and it was constantly throwing up messages about missing play store.
-
Certain things, yeah. For instance, I don't use the Google Play store (i use Aurora Store) instead, but I have gotten Android Auto working on my phone. What Google features you'll be able to get working also depend on the device and android version.
-
LineageOS sucks at security, weakens Android's security model, doesn't deliver full security patches, to name a few of the problems. Better an updated iPhone and save your files locally than switching to Lineage
PS: I know I'll get a lot of hates for saying that but I'm being honest
-
Firstly I know the ideal way to use it is without Google play services, however it looks like that's needed for my banking app (which also apparently only works under the owner profile so I don’t have the option of having a separate profile for Google play apps).
-
Obtainium.
-
No idea.
-
Saved. Will be swapping to Graphene as soon as I get a new phone, and that work/personal thing is about to be a life saver for all these garbage apps I'm forced to have installed
-
How do you use microg with graphene? I thought this was ubsupported.
-
I recently made the switch myself. I do use multiple profiles but I don't think it's required for me. I was curious to see how it all works. I may end up switching to a work profile instead.
I have google play on my main profile mostly for notifications for WhatsApp etc. A banking profile so that banking details are isolated, and anoyher profile for apps I need that I don't use often and prefer to not have in my main. In a lot of videos its advsed to not use profiles to begin with as I causes a lot of friction and that makes adoption harder. You can always begin using profiles later on.I am not logged into GPS and it only has network permissions. I connect via NextDNS and there is so little background traffic in thw logs, it's a refreshing sight.
I have yet to find anything I could do on iOS that i can't on Graphene. I install most apps via obtainium and the other few that I can't via aurora store.
I use OSS apps whenever possible.
