Hello there! This is my problem: I’m going to buy a new smartphone, and I’d really like to degoogle myself as much as possible. The idea would be to buy a device compatible with LineageOS, but… Supported devices are usually older models, and often there are newer devices with better specs for the same price, that does not support lineageOS. Is seems a shame to buy a device with lower specs than another one just because of software compatibility. So the alternative would be to buy an unsupported device, unlock the bootloader and debloat it as much as possible, flash privileged fdroid and aurora store on it, install microg, etc… What do you suggest me to do? Is the second alternative a viable option? What other steps should I do if I decide to go that way?

Thanks in advance folks!

Edit:
Thanks to anyone for the great answers! I finally decided to buy a pixel 6 (or 6 pro if I find a good deal) and install a custom ROM on it! GrapheneOS will support it for “only” 3 more years, while other roms like lineageos or divestos will have longer support. What do you suggest? Graphene OS and when support ends switch to another one? O directly use the other one?

  • Genghis@monero.town
    link
    fedilink
    arrow-up
    3
    arrow-down
    3
    ·
    1 year ago

    microG runs Google Play code just like Aurora Store. It is not fully open source. Here’s more information.. It is still connecting to Googles propriety servers.

    microG requires Signature Spoofing and alternative OSes usually ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.

    Now you’re using a privileged component, which downloads and executes Google code in that privileged unprotected context, and which talks to Google servers because otherwise, how would FCM work for example?

    Despite doing both of those things, MicroG doesn’t have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device. Even in some magical universe MicroG worked without talking to Google servers or running Google code (again, in a privileged context), the apps you’re actually using it with (the apps depending on Google Play) have Google code in them.

    • Atemu
      link
      fedilink
      arrow-up
      3
      arrow-down
      2
      ·
      1 year ago

      microG runs Google Play code just like Aurora Store. It is not fully open source.

      Neither of them run “Google Play code”.

      You can download proprietary apps through the Aurora Store and those on their own might include Google play libraries but that should be painfully obvious.

      µG can optionally download and run the proprietary DroidGuard for implementing the proprietary SafetyNet. If you don’t want proprietary software, you should not explicitly enable SafetyNet (I don’t know what app you’d use it with anyways).

      Here’s more information.

      That’s a Twitter thread with no cited sources aka. the truthiest information known to man.

      It is still connecting to Googles propriety servers.

      If you ask it to, yes. That’s one of its explicit purposes.

      It obviously must talk to Google servers in order to facilitate things like cloud messaging for example; there is no other way.

      It does try to implement many APIs that would ordinarily talk to Google’s servers in regular GMS using alternative methods however and if it has to talk to Google, it does so with the least amount of data possible.

      microG requires Signature Spoofing

      This is usually only enabled for the µG app itself and nothing else.

      ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.

      This does increase the attack surface a little. In a world where blindly trusting gigabytes of privileged vendor blobs is the norm however, I don’t think it’s all that significant.

      Compared to the hundreds of MiB of regular proprietary GMS code that ships on Android devices, it pales in comparison.

      downloads and executes Google code in that privileged unprotected context

      As opposed to …running running the entire GMS in a privileged context?

      MicroG doesn’t have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device.

      You’re comparing apples to oranges. µG replaces GMS, not the tool used to sandbox GMS. You could sandbox it in the same way.

      There is no “extra access” that µG has compared to regular GMS.

      [if] MicroG worked without talking to Google servers

      I don’t know why you keep mentioning this, it was never up to debate.

      the apps you’re actually using it with (the apps depending on Google Play) have Google code in them.

      Apps that bundle Google Play code have Google Play code inside?!

      Start the presses! Notify the President!

      A wild revelation, the world must know it!