GrapheneOS w/ Google vs iOS w/out Google

Hello, the subject says it all really. I am currently trying to decide between using an iPhone or a Google Pixel 7a with GOS flashed.

I do rely on a number of apps that I can’t replace with FOSS alternatives, so I would need GPS on GOS but I would be fine without any GApps on the iOS.

Under these circumstances, do people here think it would still be preferable to use GOS over iOS?

Google Play Services on GrapheneOS are sandboxed like all the other regular apps, they don’t have any special access to the phone.

But even if it had special access to the phone like it does on stock OS, GrapheneOS is still A LOT better than iOS.

6 Likes

Thank you!

In what way exactly do you consider it better? I’m not contesting it, just curious as different people will put emphasis on different elements. For instance, I love the fact that I can simply toggle off location services and also radio on GOS and then it is genuinely off, unlike in iOS.

Regarding the sandboxing, aren’t apps on iOS also sandboxed?

Sorry, to add, my threat model is not very extreme. I would simply like to minimise the data shared with Big Tech whilst still keeping some of the convenience smartphones provide. There are little shortcomings I experience with GOS, my main issue is with photos, which currently are trapped in iCloud and I still have not found a good alternative. Proton Drive photo back-up is very messy and Ente appears to have very sketchy policies from what I can read online.

1 Like

GOS has the best Android app compatibility because of their Sandboxed Google Play Services (SGPS). And you will gain a lot of security and privacy using GOS even if you use SGPS.

All apps are sandboxed on both iOS and Android. Lukas is talking about Google Play Services, which normally has unrestricted access to an Android device, but GOS treats them as any regular Android app. You can approve and deny permissions for Google Play Services and the Play Store on GOS but you can’t on Stock OS.

For me, a lot more private and secure. It’s even more secure than an iPhone in Lockdown Mode. Even if you install SGPS, Google won’t know your phone’s location unless you allow Google to have that permission. The bare minimum would be to allow unrestricted battery access and allow the Network permission for Google Play Services, this will make sure notifications arrive quickly. The Play Store is also officially recommended by GOS to get apps on Android as that is the safest.

GOS is definitely the best way to go if you want to reduce your reliance on Big Tech and minimise the amount of data they have on you. You do also have the option of Cryptee for storing photos, videos, (creating) documents, files.

2 Likes

It’s better in terms of security, privacy, and giving you control over your device and operating system, while Apple is trying to give you as little freedom as possible as long as they can get away with it.

These are some of the features of GrapheneOS: Features overview | GrapheneOS, it’s a good starting point.

2 Likes

It’s a common misconception that GrapheneOS is for people with extreme threat models, but even though it’s the best option for high-risk individuals, it still provides a lot of benefits for regular users.

Can you elaborate on that? It seems like you might have read some nonsense on a toxic platform like Reddit, etc.

1 Like

If you can’t use any FOSS alternatives, need GPS and can live with GApps, I think iOS would actually be a better option for you.

However, if your goal is being completely free from the privacy issues of either Apple or Google at the OS level, then you should go with GrapheneOS. Google Play Services are sandboxed on GrapheneOS anyways.

4 Likes

Thank you ever so much, this is very helpful. Sounds like I’ll be selling my iPhone 13 Pro then :slight_smile:

3 Likes

Yes, I was referring to this post from the Privacy guides subreddit:

https://www.reddit.com/r/PrivacyGuides/comments/rjzc9s/compare_cryptee_and_enteio/

It seems that since the last time I checked, they added a note that the thread contains much misinformation so it can probably be summarily dismissed…

1 Like

Please don’t take anything on Reddit seriously. Reddit is a toxic pile of garbage. You’re better off using this forum, which has a lot of really knowledgeable people.

Here are some recommendations on Photo Management: https://www.privacyguides.org/en/photo-management/

You can also take a look at crypt.ee.

1 Like

Thank you, Lukas!!

1 Like

I just took a closer look at this, and holy cows… That woman literally attacked Stingle and ente and was in my opinion toxic to both projects while supporting, and dare I say it, shilling crypt.ee. There was also another guy who was cheering that woman, and when I took a look at his profile, a lot of his posts were just recommending crypt.ee to people. I don’t know if I’m the only one, but this doesn’t look right to me…

I would say it depends on a few things:

How much do you trust Google compared to Apple, and are you willing to trust Google with some of your data? While Sandboxed Play does limit Google’s access to your device, it’s far from a silver bullet, and you’re still using and relying on proprietary Google apps and services when using it. While Apple is far from perfect, I personally have much more trust in them with privacy compared to Google, so I’d choose relying on them and their services over Google’s if I had the choice, but that does have the trade-off of potentially giving Apple more access to your data than you would to Google on Graphene. Of course, this is just my opinion, it’s very subjective, and depends on how much you trust Apple. I won’t tell you who you should or shouldn’t trust, that’s for you to decide personally, and I’m not interested in arguing this point, because there is merit to both sides, and this is just my personal opinion.

On the other hand, GrapheneOS does have a lot more than just simply Sandboxed Google Play. Network and sensors permissions are amazing, among other enhancements and features that Graphene adds. Of course you can also install apps outside of the App Store and use browser engines besides WebKit on Graphene, which is also important. Though this will hopefully change in the future, and it may of may not matter to you depending on your situation.

So overall, I’m mixed on this. I personally use GrapheneOS but without Play Services, so it’s basically the best case scenario for me, but it doesn’t seem like that’s an option for you. So you have to decide whether you’re comfortable giving some of your data to Google instead of Apple in exchange for the freedom, features, and other enhancements that GrapheneOS provides. If you disagree with my assessment that Apple is more trustworthy for privacy than Google, of if this just isn’t an issue for you, then that’s fine, just feel free to disregard this. I’m not going to give you a suggestion one way or the other, but these are just some things to think about. I really wish Android developers would stop being so reliant on GMS, because that’s the real big issue here imo.

Hopefully this makes sense, lol.

4 Likes

Some content on why Apple isn’t any better than any other big tech giants.

Apple tries to convince everyone that they’re different, that they’re the good guy, spoiler alert: they are just as bad.

7 Likes

Thank you so much, @Sharply!! This was precisely my thinking before asking my original question. And that was also why I made clear that in case of using an iPhone, I would NOT use any GApps, but rely solely on Apple.

The flip side to this is what @Lukas outlined very clearly and compellingly, i.e. that Apple comes with its own myriad of problems.

Due to my work and also personal situation (e.g., where I live, you must have WhatsApp if you want to be able to communicate with people, esp. in a school context), it is unfortunately not possible for me to solely use GrapheneOS without SGPS and thus I was/am very torn on this as I would still be handing over some of my data to Google (and, it pains me to say it, Meta, which IMHO are the worst of the lot)…

1 Like

Thank you, @Lukas. Very interesting.

I agree that they are no better than any of the others. The question really is what is the lesser of two evils. Sharing a minimal amount of data with Google through GrapheneOS or eliminating Goole entirely but sharing a larger amount of data with Apple as per @Sharply

You can just create an anonymous Google account if giving personal data to Google is a concern. Meanwhile, with Apple, they require a phone number, name and surname, a billing address, etc., which Apple then ties to your hardware identifiers. All the data that will be collected in the background will also be linked to you and your hardware identifiers.

When creating a Google account, you only need to provide a random name and a random birth date, and that’s basically it. Google doesn’t get access to any hardware identifiers on GrapheneOS. All the data that Google collects would be linked to an anonymous or pseudonymous identity that isn’t you.

3 Likes

Good advice, thank you!

1 Like

What apps do you want to use on GrapheneOS? It might be possible to use them without Google Play Services and a Google account.

1 Like