Don’t have a Phone.
Where?
Hey, I just switched to GrapheneOS from CalyxOS last night. I am wondering if you were able to get autodownloads to work in Antennapod. I do all my media offline, not streaming, and I can’t figure out how to enable autodownloads in Antennapod presumeably bc GrapheneOS is denying the app permissions to the default storage folder for podcasts.
Bit late to this lol.
I’m using a Pixel 6a with GrapheneOS with Play Services enabled.
Passwords and security: I’m currently using Aegis and Bitwarden, hoping to move them over to 1Password in the future.
Music: Innertune
YouTube: LibreTube
Messengers: Signal and Element
Productivity: Proton suite (Mail, Calendar, Drive, SimpleLogin)
Google apps: Camera, Keep Notes, Maps, Photos, Play Store. Except for Maps and Play Store, I have the network permission disabled for the Google apps.
I use the GrapheneOS stock apps except for Camera and Auditor. I also use Shelter to separate uni stuff from my personal stuff.
Long term plan: I want to transition over to the Apple ecosystem, since it provides a nice balance of privacy, security and convenience for me. I’m hoping to get a Macbook soon, and when my Pixel runs out of updates I’ll probably switch to an iPhone.
I am using a Samsung S23 with stock OneUI. Obviously, it will never compare to the security and privacy of GrapheneOS or DivestOS, but I do my best with what I have. I’m not signed in to Google or Samsung for any apps, and I have uninstalled or disabled absolutely everything unnecessary that I can without ADB.
I use RethinkDNS which utilizes a range of filters to counter tracking and increase safety on the web. Additionally, I block the internet privileges of any apps that do not require them or I deem unnecessary, including many system apps.
I use Aurora Store and Obtanium to install and update apps, and the following are the apps I use:
- Signal
- Brave browser
- Organic Maps (additionally, I may use google maps not signed in just to check the traffic of my route before going back to OM)
- Lithium to read ebooks locally
- Newpipe
- Geometric Weather
- CAPod for ease of use with bluetooth devices
- BinaryEye for QR codes
- ExifEraser for sharing photos
- Find-MyDevice for device locating in emergencies via SMS
For simple tasks I use mainly stock Samsung apps with internet disabled, such as Calculator, Theme Park, Clock, Keyboard, Messages (since SMS is already insecure), and Camera (ease of use is the best with the stock camera, I have found).
All other apps aren’t mobile-specific, so I won’t mention them here.
A post was merged into an existing topic: deGoogling a OnePlus 10 Pro - best options?
Could be worse, at least the S23 is on Samsung’s quickest “monthly” update cycle and gets 4 years of updates. Much better off with a flagship Samsung than any OnePlus, Asus, Motorola, Sony, etc. device.
I’m on a Pixel 6 with GrapheneOS. No play services installed.
I use Mullvad VPN at all times. I use Brave browser 90% on the time and Vanadium for sites that don’t work properly with Brave.
I use FairEmail for my Gmail, but am slowly trying to move everything over to my ProtonMail account.
I use Aurora Store, Droidify and Obtanium to update apps.
I have a Shelter work profile installed as well. Mostly for ReVanced Extended (and other apps that arent exactly privacy friendly).
I also have GrayJay and LibreTube installed, but I admittedly like YouTubes recommended videos; something that is lacking from the alternative apps.
I now just use my phone to check e-mails (Proton), have access to passwords (KeePassDX), and calling & texting (default GrapheneOS apps). I also use Brave sometimes. I think we’re all capable of having some form of minimalistic approach to privacy, and I don’t think adding more and more apps to my life will make my experience of it more enjoyable. Less apps and accounts, less attack vectors and things to worry about.
Our brains weren’t meant to worry about so many things at once, which is why privacy is seen as very abstract to the majority of the population and isn’t understood. But what they do understand is that having less things to worry about is good. I think we should encourage this behavior rather than flaunt what apps we use.
Don’t get me wrong, I think it’s important to maintain and raise awareness to these privacy-respecting apps and businesses, but at the end of the day, they only fight against privacy on a systemic level. You as an individual can still maintain privacy without these apps via minimalism. You have a choice.
I recently did a factory reset and overhauled my setup. I’m using GrapheneOS on a used Pixel 6. My previous setup involved tracking app updates via RSS and multiple profiles. Now, I only use one (owner) profile.
As for the details of my current setup…
-
Obtainium for apps released directly on the developer’s respective GitHub releases page and Mullvad VPN (from its own website)
-
Sandboxed Google Play via the Play Store app for proprietary apps (e.g., Gboard), Proton apps not released on GitHub (i.e., Drive, Calendar), and AntennaPod (the only other download source is F-Droid)
-
Vanadium for general browsing, Brave for sites for which its built-in content blocker is useful (e.g., sites with banner ads)
-
Progressive web apps (PWAs) for Proton Mail, Proton Calendar, and this forum (disable “Close tabs on exit” in Vanadium to keep accounts logged in even after a reboot)
-
The Proton Mail Android app does not include enhanced tracking protection. The Proton Calendar app does not have the option to modify existing notifications for events; I have to delete the old notification and create a new one.
-
Despite the limitations of their Android apps, I still have them installed so I can receive notifications. (I have to disable “Pause app activity if unused” in their app settings since I rarely open the native apps.) The Proton Mail and Proton Calendar PWAs do not offer an option to receive live notifications as this forum does.
-
We strongly advise against using Aurora Store on GraphenOS. You should use the Play Store, which is sandboxed for greater privacy.
What do you mean by “we”?
I didn’t mean to say “we”, it would have translated into English using that term. I was referring to the GraphenOS community, which advises against using Aurora Store.
Aurora has obvious issues, but what greater privacy are you getting by actually signing into your Google account to use Play?
While Aurora Store has some issues I would still consider it a better way to download apps than to install Google’s proprietary services and then login with your account just so you can download apps.
On GraphenOS, Aurora Store is not recommended by the community because it is not secure.
Better to use the Play Store, which is sandboxed.
Is it less secure than the Play Store? Yes.
Is it not secure? No.
Also, you seem to misunderstand how sandboxing works. All apps are sandboxed, including the Aurora Store.
Both are sandboxed, Aurora is less secure than the Play Store so you might as well use the Play Store, then everyone does what they want, it was only a point I raised, I only said what the GraphenOS commu thinks between the two stores that’s all.
The Play Store is generally the most secure but least privacy-friendly option to download apps between itself, Aurora and F-Droid. Which of the three is best suited for you depends on your priorities. For many in the GOS community, security is the top priority, so the Play Store is often used. This is neither an universal nor an official recommendation.
I use the Play Store myself, but with a setup to minimize the risk to my privacy and anonymity:
- I’m always connected to a trustworthy VPN or Tor via Orbot with killswitch.
- I create the Google account inside the profile I need it for and never use it for anything else.
- During account creation I use false information and a burner number for SMS verification (if necessary).
That means there are still some limitations (like no paid apps), but Google will not be able to pose a meaningful linkability / identifiability threat for my threat model. As long as what they sent when requesting all personal data under GDPR is accurate, this works if done correctly.