Over the past couple of years I've slowly and naturally shifted to using more free and open source tools on my phone. I think my phone apps are over 50% FOSS now? It's just so nice being able to browse F-droid knowing that everything you see is free from ads, tracking, and all the other anti-user nonsense that we've all been conditioned to accept.
At the same rate, I've gotten increasingly annoyed with the amount of tracking that Google bakes into Android. It's long past the point of pretending to be helpful, they're just scooping up as much data as they can. Do you have location history enabled? Google is keeping a detailed log of everywhere you've ever been and how you got there. It's accurate down to a couple of minutes and can potentially cover years of your life. Something even lesser known but almost just as creepy is that Google also keeps a minute-to-minute log of which apps you're using on your phone, which again can go really far back.
A significant amount of the user data that Google collects from Android is done through a system app called Google Play Services. This comes preloaded on just about every Android phone sold (outside of China I believe). It's what you're signing into with your Google login when you first setup the phone.
You can't just uninstall it, so instead what you can do is install an entire custom OS (or a custom ROM as they're often called). These are still based on Android and will feel mostly familiar since they run the same apps. They just allow you more freedom in choosing which software runs on your phone and may include their own tweaks to the OS.
Support for custom ROMs varies by phone model and manufacturer. Google's Pixel phones are very well supported by custom ROMs ironically making them excellent devices for degoogling.
Since I have a Pixel 4 XL, I've spent a while this week researching CalyxOS and GrapheneOS which both focus their development primarily on Pixel phones. Something I learned very quickly is that when choosing a ROM it's important to understand very specifically what your goals are. Both of these ROMs I picked are very privacy focused but have quite different philosophies. Knowing your specific privacy goals relating to Google will make it much easier to pick between the two. Even if you're looking for privacy and both ROMs are offering it, one might be completely unsuitable for you while the other one is perfect.
CalyxOS ships with MicroG, which is a free open source reimplentation of the APIs provided by Google Play Services. By using it instead of Google Play Services, you can degoogle while making sure you generally maintain good compatibility with many of the apps that rely on Play Services. GrapheneOS takes a different approach. It doesn't ship with Play Services or MicroG. Or hardly any other apps for that matter. If you want to run apps which depend on Play Services (which most people likely will), GrapheneOS makes it easy to install Google Play Services but as a normal unprivileged user-level app. That means you can take away any and all app permissions from Google Play Services and GrapheneOS's compatibility layer will make sure that it's still able to do its job. If you choose to, you can even create a separate user profile for Google Play Services and apps that rely on it to silo them off from everything else on your phone.
It's these different philosophies relating to Google Play Services that I believe is the main differentiating factor between these two ROMs. CalyxOS seems like a great option if you're wanting to fully degoogle but still maintain compatibility. GrapheneOS seems slightly more flexible and better suited for all the other goals: simply minimizing Google reliance, decoupling Google from the OS, or fully degoogling without a care for what breaks.
I'm not ready to fully degoogle yet. The biggest hurdle for me is Google Photos. It's just too good and convenient. I've looked into self-hostable photo backup options and none of them cover all the use cases of Google Photos. Plus if I were self-hosting photo backups I'd want to do it right... redundancy, off-site backups, etc. I don't have the time or money for all that right now, so I don't feel too bad about sticking with Google Photos for now.
As I looked more and more into CalyxOS I realized I might have to fight it a bit to do everything I wanted. I found an open issue on MicroG's issue tracker that suggested that even if I signed in to Google Photos, backups probably wouldn't work.
Since I'm definitely just at the Google minimization stage, I began to settle on GrapheneOS since it seemed flexible enough to allow that.
I've been on GrapheneOS for a couple of days now. I'll save my thoughts on it for a more in depth short-term review that I'll be posting soon, but I'm liking it so far.
Do you have any experience with custom ROMs or any comments on privacy in Android? I'm curious what things other people have made work for them or if there are any big privacy suggestions. Contact info is on my home page.
- moddedBear / 2022-09-26