Ha! Me too! Exact same. Bought a Pixel 10. Intended to do the default Android for a while. But it was filled with ads for “Wicked” which had me looking at my phone with a sneer on my face I couldn't erase - as if someone had smeared feces all over it and threw it on my bed.
So I jumped straight to GrapheneOS, which was way easier and less extreme than I had been warned. So beautifully minimal, with no crap. Now my phone feels like a simple Linux (Void/Arch) PC. So wonderful.
Does it affect the photo quality? It used to require letting go of the default photo app and thus a downgrade in photo processing.
No, if you install the Google camera there is no difference in quality and by revoking network you don't lose privacy.
> by revoking network you don't lose privacy
Be careful, apps can still communicate with other apps, e.g. revoking the network permission doesn't stop apps from fetching and displaying ads over the network. I don't know enough about Android internals to understand the mechanisms behind it, but clearly there are ways for apps to exfiltrate data.
> Trying to use Network as a complete data exfiltration toggle isn't the intended purpose, and you should always consider apps within the profile being able to communicate for ALL data and access including permissions. It is not something only relevant to Network.
https://discuss.grapheneos.org/d/4024-in-what-extent-can-app...
https://github.com/GrapheneOS/os-issue-tracker/issues/2197
I don't have any Google or closed source apps with network permission, but thank you for sharing that quote I haven't seen that before.
Eye opener. Thanks for the warning! GrapheneOS sandboxes all apps including GSF as far as I understand. It would be nice if full capabilities could be exposed or at least shown in the app settings. There is the "All permissions" view which has a "have full network access" item with the following details: `Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.` Does this mean the app has this permission and even without it can fully access the internet? If so the primary "network" permission is very misleading. I wish for a smartphone-like device which installs apps with `cap_drop: ALL` by default. I wish for a government which would support such a standpoint and "assist" companies not able to provide a service which require intrusive data gathering. Either that or we're all just one big happy family with no secrets and no jealousy and no drama. sigh
Every Android app can do IPC with Android apps in the same profile. So an app without Network Access could cooperate with an app with Network Access to communicate with the outside world. Of course, most notably, a lot of apps communicate with Play Services and people generally leave on network access for Play Services to avoid breaking to much stuff.
There has been talk of developing 'IPC scopes', similar to how there are contact scopes.
IPC scopes would be a great solution!
To my knowledge, any app can just instruct the installed browser (Google Chrome, Vanadium, Firefox...) to open http[s]://tracker.evil-ad-network.example/?installedId=012345.
"Be careful, apps can still communicate with other apps, e.g. revoking the network permission doesn't stop apps from fetching and displaying ads over the network."
Another example relating to tracking ad targets, also known as "users":
"Around September 2024, Meta developed a creative solution to evade Androids sandboxing restrictions. (Id. 4849, 52.) Devices have localhost ports, which simulate a communications channel by allowing applications or services running on the device to communicate with each other... without those communications leaving the device. (Id. 53.) Meta modified its Pixel code (the Modified Pixel) so that it would send the _fbp cookies contents to a designated localhost port. (Id. 55.) In turn, Meta modified its Facebook and Instagram apps to listen to that localhost port for incoming data. (Id.) The Facebook and Instagram apps combined any incoming localhost data with personal information and identifiers, and subsequently shipped that combined data from the users Android device to its own servers. (Id.) As a result, even though Meta would typically have a harder time identifying Android users, Meta was now able to perfectly deanonymize Android users browsing activity if they used its apps. (Id.)
Meta's conduct was unknown until a group of internet security researchers disclosed it on June 3, 2025. (Id. 4; Dkt. No. 104-3.)
Shortly after the researchers public disclosure, Meta announced that it decided to pause use of this tracking method. (Id. 69; Dkt. No. 104-4 at 5.)
In this consolidated action, Plaintiffs assert nine claims against Meta: ... (3) violation of the Wiretap Act, 18 U.S.C. 2511(1); (4) violation of the California Invasion of Privacy Acts (CIPA) wiretapping provisions, Cal. Penal Code 631; (5) violation of CIPAs eavesdropping provisions, Cal. Penal Code 632; (6) violation of CIPAs eavesdropping device provisions, Cal. Penal Code 635; ... Plaintiffs assert an additional two claims against Google: negligence and negligent misrepresentation.
Plaintiffs CIPA pen register, unjust enrichment, and negligent misrepresentation claims are DISMISSED. Dismissal is with LEAVE TO AMEND because the Court cannot conclude on the current record that amendment would be futile. All other claims survive dismissal."
The above is an excerpt from In re Meta Android Privacy Litigation (3:25-cv-04674, N.D. Cal., June 3, 2025)
https://dn711508.ca.archive.org/0/items/gov.uscourts.cand.45...
https://dn711508.ca.archive.org/0/items/gov.uscourts.cand.45...
Of course Meta will eventually settle, like Google did in Brown v Google, in Google's case on the eve of trial. The wiretapping claims would be catastrophic for these companies
But the Court's observations are interesting
"At this early stage in the case, and given the undeniably significant portion of mobile phones using Apples iOS, it is reasonable to infer an industry custom of placing tight controls on communications between apps based on Apples restrictions."
I mean...... Google Camera has slightly different approach to low light photos and much better panorama mode, which means you can just install it and use with network access denied.
I mainly use native camera (good in most cases, can be brought up immediately with double power button press, from locked), Google camera (rarely), BlackMagic for when I need control over videos and ProShot when I need control over images (the last one might be hard to install - it's a paid app (I'm a paid user, this is how I got it), but not long time ago the moron of the developer made the app "incompatible" with devices without Google surveillance buttplug claiming it will prevent people pirating it form opening support cases....???).
So you can have multiple camera apps. Thankfully Google is not Samsung or Sony, and all the apps have full access to the cameras.
That really pissed me off when I found the only app that can access the full output of the sensor on Samsung is their own shitty app. WTF.
Install a 3rd party GCam and then the answer is no https://www.celsoazevedo.com/files/android/google-camera/
That sounds like the answer is actually yes: we're not talking about the lack of a camera app, but the lack of a camera app that knows the details of the usually-proprietary camera firmware
You can install both the regular GCam as well as third party mods. Actual GCam feels worse to me.
Problem with stock Google camera app is that it made horrible HDRlike images even with HDR turned off. You cannot adjust amount of reduced highlights and increased shadows which makes images unrealistic with lack of depth.
We took control, we're keeping control
[flagged]
What you are describing is not Google’s alturism but keeping competition in check. If Google didn’t “allow” GrapheneOS it opens up a new market segment for other smartphone manufacturers. Apple really cashed in on privacy for a few years so it’s not unfathomable that Xiaomi or someone else goes all in on “privacy focused android” in absence of pixel+graphene combo.
Edit: Apparently Motorola is doing just that.
I don't think any Chinese company can pull the privacy card. They're bound by their government to spy on their customers just like American ones are.
Otherwise Huawei would have already jumped into that gap. They have their own Google-independent OS now so they could have marketed it to privacy enthusiasts where the lack of Google services would have been a positive not a negative.
> Xiaomi or someone else goes all in on “privacy focused android” in absence of pixel+graphene combo
Xiaomi? Privacy?
> Apple really cashed in on privacy for a few years
Apple didn't "cash in", their marketing dept made sure privacy/security engineering got just enough budget to pull off miracles & then spend even more to successfully make the public forget about the very nasty Celebgate.
> Celebgate
That was a phishing campaign, not a breach.
My point isn't about engineering.
TBF if Google locked down the devices like that it would be a GPL violation. Not their first or whatever but still, there's a reason for them not to do that beside "being nice"
Would it? IANAL, but AIUI the only GPL component is Linux on GPLv2 which requires providing code but not giving the ability to install it
Yes. GPLv2 specifically contains a clause that you must provide "scripts to control compilation and installation"
Source you can't compile or install onto the device wouldn't be very useful.
Not really. Tivo did that eons ago. Whether you view this as a "flaw" or "feature" of GPLv2 it's ultimately why GPLv3 now exists.
The Linux kernel developers see what Tivo did as a "feature" rather than a "flaw" and refuse GPLv3.
It's also because so many Linux developers are on the payroll of big tech. Look at all the submissions. 95% are just big tech. And look at the key people in the Linux Foundation. All a bunch of business suits with compromised motives. Serving their company above the community. There's only a few unencumbered people in there now.
Linux is no longer the community-driven choice. It's big business with billions hanging on the line. The grassroots origins are long over.
TiVo never prevented installing your own build in the device. They only prevented running their proprietary app on top of it when you had done so.
And how many options are there exactly? How many of them are capable of at least making and receiving a phone call without any issues 99% of the time?
While I agree with your general sentiment, I feel necessary to acknowledge that it's just not there (yet?). GrapheneOS is a great option if you want to have a fully working and secure device.
Years ago I looked into GrapheneOS, and I ultimately didn't go with it because, at least at the time, they only supported pixel phones (specifically pixel phones that Google actively had security updates for). I realized that if I got that OS, I would be at the mercy of Google supporting the device in order to continue using GrapheneOS.
In the end I just opted out of the android ecosystem altogether and went with a flip phone that I used as a hotspot for an iPod touch (we only used over VPN with locked down DNS and nothing google related).
My privacy lasted about two weeks, because unfortunately Spotify was able to fingerprint that device to Facebook.
I would highly recommend LineageOS. Supports non-Pixel phones, some of them many years old (although now that I double check, the Galaxy S3 and OnePlus One aren't on the devices list anymore, I guess they do stop supporting old stuff eventually...). The OnePlus 5 is still supported and was released in 2017. For anything older than that, I guess I'd recommend looking into postmarketOS.
> at least at the time, they only supported pixel phones
At the time? They still are the only devices officially supported.
Having your freedom be tied to a handful of devices from Google, is a massive supply chain risk.
You're not wrong, but we gotta do what we can and take every advantage we can get.
There is no FOSS modem. The baseband is a separate computer operating on a lower level than the OS.
Your provider can run arbitrary code there.
I thought the PinePhone community had succeeded in making custom firmware for the modem in the PinePhone, though I'm not sure of the legality of actually using it. Plus both PinePhone and Librem 5 had a killswitch to disconnect the modem at least.
Your point is valid and yeah, it's a never-ending fight just to keep the control we have. Things like the Play Protect API and loads of Android apps being coupled to Play Services is it's own big challenge we're stuck with just to stay within the Android ecosystem
Let them eat steak!
iOS is also going into this direction, just open the AppStore, it’s all the cheapest most horrible apps. Temu (shop like you don't give a s* about the planet), addictive AI Waifu’s (who needs human interaction anyway), clean your stuff but fake-time-wasting style (it's free dopamine!), search option’s first hit is often scammy (ie search for MS Authenticator). I feel that Steve ("If you want pr0n get an Android") would turn around in his grave from the sight of this.
Its just a matter of time before this cesspool will leak into the rest of the OS, AppStore shows us the temptation is too big for Apple. When my iPhone 12 mini dies it’s /e/OS or GrapheneOS for me. My devices should serve me and my thoughts are my own.
You should read https://discuss.grapheneos.org/d/24134-devices-lacking-stand... about /e/ and also look at what they say about devices with strong privacy and security including but not limited to https://grapheneos.social/deck/@GrapheneOS/11635397373214317....
I'm aware of this discussion, I don't really like the way the Graphene people communicate, also against FairPhone.
But nevertheless I'm looking forward to their Motorola offer that should come any minute now?
The AppStore has been like that for eons, but then again I don’t know a single person that uses it or checks the “content” posted there. It’s an utter waste of time.
I don’t think it will leak. After the U2 debacle, Apple might have learned not to push too hard on this front.
What about banking Apps? No problem there?
Some of them have ridiculous secur... compliance rules.
There is a list of compatible banking apps: https://privsec.dev/posts/android/banking-applications-compa...
Big list, unfortunately one of my banks is not there (BCGE, Switzerland), most probably meaning I can't even login into ebanking in any other way since they have their properietary authentication app (CrontoSign, also not listed). Its rather small regional/cantonal bank so I get it, even though that region is Geneva, mecca of (some types of) banking.
Other banks that I use are there. Almost perfect...
Being missing means they haven’t been tested, not that they don’t work. Generally they probably only don’t work if they require the google play verification thingy
My banking apps were missing in list too, it doesn't mean that they are not working. You can test and report on that issue tracker about your banking app if it works :)
> What about banking Apps? No problem there?
Most banking apps work, but Google Pay/NFC payments won't work.
I know a handful of german banks that have their own nfc payment apps that still work in Graphene
Google Pay may not work, but NFC payments through yiur bankapp probably do. They did for me.
The vast majority work, check this list for details: https://privsec.dev/posts/android/banking-applications-compa...
I had to enable "exploit protection compatibility mode" to use my credit union's app.
In my experience: Everything™ works, except Google pay unfortunately.
My banks app complains will block me and tell me to disable developer mode, but if I turn it right back on after launching the app it won't complain for maybe another week. The post that really annoys me, though, is that if you don't set up biometric unlock they will not allow you to use the extended login cookie, so you need to put in your password every time, most don't work with password managers either (whether intentionally or not).
> it was filled with ads
You bought a phone from an advertising company?
It's not like buying from Samsung is any better.
for some reason i read that in archer(animated) voice.
Probably because it's a dumb useless comment in the same vein as most of that show.
I read this in a whiny high pitched voice with my nose and lower lip pulled up.
Don't recall my old nexus devices having ads in the OS. Disappointing where Google has taken this.
Technically they already did a built in ad with Android KitKat. Mostly benign, but I do remember being at an Android event and KitKats samples being given out to everyone. As well as KitKat wrappers being branded with the Android logo for a while.
"Do you not?"
[dead]