GrapheneOS (with sandboxed GApps) vs LineageOS for microG - which is better for striking a balance between usability, privacy and having control over my system?

For the past few years I have been using a Moto g5 with LineageOS for MicroG, but a friend sold me his Pixel 5 for $70 recently when he upgraded. I was initially planning to just continue to use LOS for microG, but then I realized that I could use GrapheneOS if I wanted to. However, as I’ve done more research, I have seen that GrapheneOS has some compromises to control over the system in favor of security. I value security, but I also value control. My main issue with GrapheneOS is that it lacks ADB root support. I get the concerns around root in UX, but being able to do whatsoever I will, at least with a terminal, is important to me. I saw mention on some old Reddit threads of some mysterious “userdebug builds” of GrapheneOS that support ADB root, but I can find no trace of such things on the GrapheneOS website. If someone can point me to those, or how to build such a thing myself, that would alleviate most of my concerns with GrapheneOS. Finally, with regard to GApps, I know that obviously the best thing for privacy would be to not use them at all, but I am still enough of a sheep to still want to use Google Maps and my old Chromecast that uses the V1 API. I understand the concerns around signature spoofing, I don’t really care, though. Beyond that, which implementation is better for privacy? The sandboxed approach has the benefit of giving less access to Play Services, but being Google’s actual GApps it will still phone home the things it can access. MicroG has the full access that GApps would have, but is FOSS and so what gets sent out is known and controlled.

MicroG actually doesn’t need to be a priv-app. DivestOS, a security and privacy-focused fork of LineageOS includes a microG toggle that works entirely in userspace / without privileges.


Interesting. I hadn’t heard about it, I’ll check that out. It sounds intriguing.