Questions about switching from iOS to GrapheneOS
-
With the recent news of Apple disabling iCloud encryption in the UK I'm wondering if now is the time to switch from iOS to GrapheneOS, however I have a few questions before I consider switching.
Firstly I know the ideal way to use it is without Google play services, however it looks like thats needed for my banking app (which also apparently only works under the owner profile so I don't have the option of having a separate profile for Google play apps). I believe it would also be needed for notifications on Whatsapp and Facebook messenger (I know they're shit but I can't convince everyone else to move). In terms of how much data Google/Apple can harvest how does GrapheneOS with sandboxed Google play services compare to iOS which I believe also sandboxes all apps by default? I've always used iOS previously so I don't fully understand what Google play services does on stock Android or how much better the sandboxing truly makes it.
Secondly what are the best options for backups? It seems like seedvault is USB only, ideally I'd like to be able to backup to my home server. The main thing would probably just be my photos and Whatsapp messages if its not possible to do full device backups.
I also have a couple of questions about the pixel hardware. There's currently an offer on so I can currently get a pixel 7a for £280, that seems like a good price but I know the pixel 9a is releasing soon, is the 8a likely to drop much in price after that? I don't know how quickly the prices drop but considering the 8a is currently £500 I can't see it dropping to <£300
Also I hear a lot of good things about the pixel cameras, is that still the case with GrapheneOS or is that just because of Google's proprietary camera app? I'm not a massive camera user so its not a deal-breaker either way.
Lastly, I know this will mostly be speculation but I'd be interested in people's thoughts on the future of GrapheneOS and alternatives with stuff like the play integrity API. Do you think it will get to the point where 90% of apps no longer function or do you think most developers will ignore it?
-
P [email protected] shared this topic
-
Graphene likes to push the use of user profiles (just called "users" in the OS) but I find that to be a trash experience myself. Instead, you can enable work/personal profiles right within the single user account and keep sandboxed Google Play and the apps requiring it all within the work profile. You can restrict location and other permissions for Google and don't even need to log it in for it to work. You just need the Island or Insular app to enable profiles.
The Google camera app works perfectly for great photos with the pixel hardware and last I checked it doesn't even require network access or Goodie Play - except it won't embed GPS in photos without Google.
As you can probably guess, the amount of data Google gets will really depend on your setup! I like to use NextDNS to further filter connections. (Pihole might be better but it's more effort.)
Regarding seedvault, you can have it save to a webdav location, Nextcloud, or directly on the phone. If saving on the phone you could just have SyncThing or something similar auto sync the file to another device.
-
You can install Google camera app on GrapheneOS if you want to
-
I run Grapheneos, just been through the setup. Out of about 100 aps 7 needed play. I only actually needed 3 of those. Uber and Lyft in particular and they ran fine with it. The other was my banking app which would not work. For now I will just use my old phone on wifi to deposit checks. After that I will either put it on my wife's phone or switch institutions.
Play services my understanding is not privilaged on GrapheneOS. Usually it is.
By the way Signal does not need Play Services but it will use them if they are available.
Phone. Look at all the Google phones and divide price by years of support remaining. Best will probably a later a-series phone.
Integrity api. Graphene passes except for highest level. Who knows the future.
-
Thanks, that’s useful to know!
-
Keep mind the owner profile also has a work profile too and a privte space. Might run in one of those.
The are also 31 user profiles like the owner profile but they do not have private spaces.
-
Backup. Seedvault can backup to Nexcloud though it is experimental. I use that too but do not fully trust it.
I dump apps that allow that to main storage and just plugin my phone to my laptop and archive main storage. Then I sync apps that incude sync to Nextcloud directly.
-
SMS is janky outside of the Owner profile. Unfortunately my workplace requires me to respond to SMS at times.
It does not sandbox you out of googles SSO, ie, if you sign into a google account in a google app, it will sign you in as that account system wide for all google apps. I wanted to sign into gmail but not tie the google account to google messages (for RCS).
-
Keep us updated on your transition, I'm curious
-
Do you know if WhatsApp allows dumping to main storage?
-
If GrapheneOS doesn't look like it will meet your needs, LineageOS w/microG may be best for you.
The main issue is that the learning curve is higher to get it to a state that's a balance between security and privacy. You have to learn how to install it for your device, set up root with Magisk or the like, install modules that allow your device to pass/bypass google's SafetyNet Device Assestation, install the module to avoid connecting to google via GPS, set up AdAway, AFWall, LSPosed if needed, and get android auto set up if needed. That's not even including all the device-specific tweaks you'll end up needing/wanting, or how to manage updates. It's a lot of work, but in the end you get a phone that acts like a computer you control instead of an "appliance" that works against you.
-
Does LineageOS let you bypass the strong authentication in the play integrity API? That’s probably my main concern with switching over as the main apps I use could become unusable in the future. GrapheneOS is probably a better fit for me at the moment but I have considered other options
-
How are you installing Signal? I installed it from their website and it was constantly throwing up messages about missing play store.
-
Certain things, yeah. For instance, I don't use the Google Play store (i use Aurora Store) instead, but I have gotten Android Auto working on my phone. What Google features you'll be able to get working also depend on the device and android version.
-
LineageOS sucks at security, weakens Android's security model, doesn't deliver full security patches, to name a few of the problems. Better an updated iPhone and save your files locally than switching to Lineage
PS: I know I'll get a lot of hates for saying that but I'm being honest
-
Firstly I know the ideal way to use it is without Google play services, however it looks like that's needed for my banking app (which also apparently only works under the owner profile so I don’t have the option of having a separate profile for Google play apps).
-
Obtainium.
-
No idea.
-
Saved. Will be swapping to Graphene as soon as I get a new phone, and that work/personal thing is about to be a life saver for all these garbage apps I'm forced to have installed
-
How do you use microg with graphene? I thought this was ubsupported.
