I saw this too https://discuss.privacyguides.net/t/what-is-your-private-phone-setup/
Seems like the jury is out on SMS, and things like QKSMS aren’t necessarily recommended over the AOSP messages app. Does privacyguides have a GrapheneOS guide for these replacements that we apparently need? That would be lovely.
You don’t need to replace those apps if they work for you.
I believe what Lukas meant is that Google and/or Android broadly considers those placeholder apps, not that GrapheneOS specifically recommends replacing them.
This is in my opinion one of the more insidious aspects of Android as an ““open source”” project. AOSP is indeed open source, but it has been designed in such a way that in its open form it is quite anemic, and the AOSP apps receive little attention, and a lot of dependence on proprietary apps like Google Play Services is build in by design for even basic core features of a smartphone. This is one of my biggest frustrations with Android (open source, designed to depend on closed source for basic functionality).
I wrote a thing about this back in 2016:
App developers choosing to develop their apps in a way that depends on Google Play Services and then only publish those apps to the Play Store is their fault, not the operating system’s fault.
Choosing to build basic functionality which apps are intended to rely on, into proprietary Google Play Services and other proprietary Google system apps instead of AOSP itself is a conscious choice that Google made and continues to double down on. This is in my eyes a very deliberate choice on Google’s part, akin to a dark pattern at the development level.
App developers can go out of their way to cater to the 0.1% of us who care about free software, and/or transparency, and/or privacy, but most developers (including even many somewhat privacy focused projects) take the path of least resistance or rely at least partially on proprietary Google stuff.
Android Studio also repeatedly tries to add Play Services and other libraries as dependencies when creating a new project.
And I don’t think you can use the standalone Android plugin in IntelliJ Community anymore either.
And a fair bit of example code for eg. location expects you use the compat layer from GMS.
Android is still an amazing operating system, and nothing else comes close to it.
It’s licensed under a permissive license.
It’s very secure, unlike desktop operating systems.
AOSP is a lot more private than iOS.
While most Linux distributions are privacy-friendly themselves, they don’t have strong privacy protections from third-party apps and services, and Android is literally the best at this. The sandboxing and permission model is just a chef’s kiss.
GrapheneOS, in my opinion, has by far the best privacy and security while not heavily sacrificing usability and performance, and GrapheneOS is obviously based on AOSP.
F-Droid alone has over 4,000 completely FLOSS apps that don’t have any proprietary dependencies and can be built almost exclusively using FLOSS tools.
Android is lovely.
I just wish the “Linux phones” focused on having well functioning Android as opposed to the current blob filled devices. Would still have downsides like lack of secure boot, but would be vastly superior with regards to mobile app availability.
just a question : why are you ignoring your own advise about not using a phone?
also avoid simple mobile tools, they got bought out by an ad company called ZipoApps. Use Fossify’s forked versions instead.
Wouldn’t agree with this, I hate how Android hardware companies avoid copyleft. The Linux kernel has tons of open source drivers included with the kernel, and on desktop various manufacturers contribute upstream (Yes, even there, companies like NVIDIA and Broadcom don’t open source their drivers, but that’s considerably less common than with chipset makers on Android), and both Intel and AMD contribute a LOT, Intel being the biggest overall contributor to Linux in general (opposed to, say, Qualcomm, which has never done so for Android. This won’t be the case for their laptop CPUs though.). Most of them are GPL licensed as well. The copyleft nature is much better, unless we end up with the Android driver situation.
I will say I don’t know the exact details, but I’m pretty sure there is some layber between the Linux kernel and blob drivers so it doesn’t violate licenses as well. And of course, each chipset has its own forked kernel with blob drivers included.
If Android wasn’t permissively licensed, then iOS would rule the world.
Yeah, I guess I framed the first post poorly… I agree with RMS that if your threat model is similar to his you just shouldnt use a phone… but I don’t have such an extreme threat model so this became a long conversation about how to use GrapheneOS and apps suggested by privacyguides without using Google Play Services which is what I’m doing now.
I do want to call out that it’s not a threat model that drives Mr Foot Gunk’s choices, it’s the “freedom at all costs” ideology. No one is trying to hack his shit, and if they were, they’d have a pretty easy time given the security issues with most libre alternatives to mainstream linux tooling.
For sure. Anyone using garbage tools will get owned.
Dr Foot Gunk in particular doesn’t online bank, pays cash, and PGPs his emails left and right. Historically he uses some insane email proxy system to ‘browse’ the web and disables javascript on every site he sees etc… While your point is true for libre idealists in general, it’s probably not true for RMS in particular.
(And also he is 100% making those choices bc FREEDOM! not bc threat model… but I was trying to use the lingo to keep the convo flowing.)
Because banks suck and cash is based.
Hi, did you know that a cell phone can be located by timing the signal, so the phone is a cetrain distance from a tower, and where does it cross houses. This is where you most likely live.
C
This is called triangulation, and you need to be pretty paranoid to worry about it unless you’re in the US, where your location is sold to everyone willy-nilly.
Hi L,
True, but, triangle is normally used when there are two towers, but I’m talking about using only one tower, and the distance from it.
It could be called paranoia, but some of us prefer to be private, nothing more.
C
Knowing the distance from one tower is completely useless.