Why I ditched Google for a privacy-focused Pixel ROM

If you happen to’re privacy-conscious and looking for a brand new smartphone, you don’t have many choices nowadays. Some begrudgingly purchase an iPhone each single time for Apple’s glorious privateness dedication and monitor document, whereas many people settle for Google’s knowledge assortment in change for the comfort and AI-assisted options that Android has to supply. However what for those who may convert an Android cellphone right into a bastion of privateness? That’s precisely what GrapheneOS, an aftermarket customized ROM I just lately stumbled upon, goals to realize.

GrapheneOS affords a easy pitch — it delivers a personal and safe Android expertise with out compromising the usability of your smartphone. You possibly can obtain apps from the Play Retailer, get push notifications through Google’s servers, and even sync your knowledge as common. All of this whereas stopping Google from gathering knowledge via your smartphone. However how does all of this work and is GrapheneOS even value utilizing? I took it for a check drive on a Pixel 6 to search out out.

Earlier than speaking about my expertise putting in and utilizing GrapheneOS, I’ll deal with what you’re in all probability questioning: what even is a “privacy-hardened” customized ROM? And the way does GrapheneOS obtain its privacy-centric aim with Google providers put in?

Put merely, GrapheneOS doesn’t take the nuclear strategy to Android privateness and safety as we’ve seen up to now. Reasonably than eliminating Google providers completely, it affords a method to sandbox them.

Now, sandboxing isn’t a brand new idea. On Android, all user-installed apps are deliberately sandboxed or remoted as a safety measure. This prevents them from interacting with one another or operating malicious code that impacts your whole system. Nevertheless, Google apps get particular therapy. Most Android telephones ship with Google providers pre-installed as privileged apps on the system partition, which primarily offers them unrestricted entry earlier than you’ve even arrange the system.

To flee this diktat, privacy-conscious customers usually set up a customized ROM like LineageOS and easily refuse to put in any Google apps. After all, you are able to do the identical factor on GrapheneOS because it doesn’t ship with Google providers by default. However what if you would like Google providers minus the monitoring? That’s the place GrapheneOS shines and in addition the place the similarities with different customized ROMs finish.

Whereas most different ROMs anticipate you to put in Google apps to the system partition, GrapheneOS does the other. It allows you to set up the Google Play Retailer and Play Providers as person apps, forcing them to respect Android’s sandbox. This additionally means that you can revoke delicate app permissions like location and file entry. Blocking permissions works simply as successfully as it might for the Twitter app, for instance.

In impact, GrapheneOS means that you can reap the comfort and advantages of getting Google providers in your Android system with out compromising your privateness. However that’s nonetheless solely the tip of the iceberg. In my time utilizing GrapheneOS, I discovered a lot of options that I can solely hope make their method to Android sooner or later.

With Android 13, Google launched a brand new picture picker that allows you to share solely chosen photographs and movies with an app. This implies you now not have to supply full entry to your storage and even all your media information. It’s a neat privateness function, however Google hasn’t enforced the brand new picture picker simply but.

GrapheneOS takes this idea one step additional with its personal various permission system referred to as Storage Scopes. With it enabled, GrapheneOS will idiot the app into believing it has entry to the entire storage permissions it requested. However in actuality, the app will solely be capable to create information. After I need to share a photograph or doc with the app, I can specify particular person information and folders through the App Data > Storage web page (pictured above).

Even when Google enforces its new picture picker with Android 14 later this yr, it gained’t work for non-media information. In reality, Storage Scopes looks like a greater model and, in my utilization, works extraordinarily effectively for retaining much less reliable apps from peering into my storage.

Android means that you can create a number of person profiles, every with its personal set of apps, accounts, and knowledge. I’ve by no means discovered the function helpful for something past a separate work or leisure profile on telephones, however you could possibly additionally use it to share a pill between a number of customers. Apps can’t “see” outdoors the present profile, making it one other efficient privateness instrument.

With GrapheneOS, I can use a number of person profiles to isolate apps even additional. Since GrapheneOS installs Google providers as common apps, we will relegate them to a secondary profile alongside different apps we don’t need operating within the background.

GrapheneOS additionally has the flexibility to ahead notifications from one profile to the one I’m presently utilizing. On different Android gadgets, I’d should log into every person profile to verify for missed notifications — hardly handy.

Have you ever ever puzzled why a flashlight app wants web entry? With GrapheneOS, I can merely block apps from accessing the web. Every time I set up a brand new app, a affirmation immediate reveals up asking if I need to allow community entry.

Admittedly, you should utilize a firewall like Netguard to perform the identical factor on another Android system. Nevertheless it’s arguably extra handy and efficient to dam web entry earlier than you’ve even put in a brand new app in your system. To not point out, firewall apps like Netguard create an on-device VPN to filter community site visitors. This strategy prevents you from connecting to an precise VPN.

With GrapheneOS, you don’t have to decide on between blocking community entry to sure apps and connecting to a real VPN — you may have each. I deliver this up as a result of most individuals involved with their system’s safety doubtless depend on a VPN.

If all of that wasn’t sufficient, GrapheneOS additionally bundles smaller safety and privacy-oriented options. Listed here are just a few examples:

• Scrambled PIN enter: The lock display on GrapheneOS adjustments the PIN enter format every time I unlock my cellphone (pictured above). This prevents anybody from guessing my PIN through my hand actions alone. I bear in mind third-party gallery vault apps sporting this function practically a decade in the past, however it nonetheless hasn’t made its method to Android.
• Sensors permission toggle: GrapheneOS allows you to management entry to sensors just like the compass, gyroscope, and barometer. That is an app permission — disabling it leads to the app not receiving any sensor knowledge by any means.
• Auto reboot: A handful of Android OEMs supply the flexibility to schedule computerized reboots each night time or week, however Google doesn’t. Why would you need to allow it? From a privateness standpoint, rebooting your system clears the encryption keys from reminiscence and forces the system proprietor to enter their PIN.

If you happen to’re like me in that you just spent many of the early 2010s experimenting with Android mods like CyanogenMod and Xposed, you’ll in all probability be shocked to study simply how simple it’s to get GrapheneOS up and operating.

Whereas set up remains to be a multi-step course of, most of it takes place completely inside an internet browser. Even higher — I didn’t have to fret about downloading the improper zip file or flashing one thing that would doubtlessly brick my cellphone. GrapheneOS’ documentation affords a wonderful step-by-step information. And even that’s principally simply distilled all the way down to clicking just a few buttons on a pc and agreeing to the prompts that confirmed up on my linked cellphone.

Going again to the inventory ROM doesn’t take a lot work both — you solely have to make use of Google’s internet flashing instrument as a substitute. All in all, it’s a serious improve over what was a reasonably laborious and dangerous course of.

You possibly can set up GrapheneOS through the command line too, however the WebUSB technique ought to work simply as effectively. And when you boot into GrapheneOS, putting in sandboxed Play Providers takes little effort. The “Apps” app has the entire important Google apps coated.

Up to now, I’ve principally simply extolled the virtues of GrapheneOS with out elaborating on the downsides. However admittedly, there are just a few of them — a few of that are extra vital than others.

For starters, you may solely set up GrapheneOS on current Pixel smartphones. This will sound counter-intuitive since it’s important to purchase a Google-branded cellphone solely to tear every little thing out and begin from scratch. However there are just a few good causes for this juxtaposition, beginning with the truth that Google doesn’t discourage you from putting in various working programs. The corporate additionally retains its kernel supply code, system tree, and manufacturing unit photographs persistently updated.

Even for those who abdomen the Pixel-only requirement, nonetheless, GrapheneOS solely helps gadgets for so long as they nonetheless get Android safety updates. Which means that the Pixel 3 collection, for instance, will now not obtain new updates from both Google or the GrapheneOS venture. In accordance with the builders, retaining older gadgets safe isn’t possible after the “firmware, kernel, and vendor code is now not actively maintained.”

Then there’s the elephant within the room — app compatibility. Though the overwhelming majority of Google apps work with no drawback, some like Android Auto are incompatible with GrapheneOS’ sandbox mannequin. That stated, GrapheneOS excels at compatibility in comparison with operating a de-Googled smartphone. Even third-party apps like Uber that depend on Google Maps work with no hitch.

Nevertheless, GrapheneOS can’t cross all SafetyNet compatibility checks with out Google’s certification. Which means that NFC funds in Google Pay and a handful of third-party apps will doubtless by no means work. Having stated that, most apps don’t mandate SafetyNet. GrapheneOS additionally helps AOSP’s {hardware} attestation function however it’s as much as app builders to embrace it.

However for those who’re prepared to abdomen these two compromises, I can confidently say that you should utilize GrapheneOS as your daily-driver smartphone working system. All through my time utilizing it, I by no means felt inconvenienced. Quite the opposite, the cellphone appeared and behaved like another Pixel 6. That’s excessive reward for any customized ROM, given their popularity for being buggy at finest and unreliable at worst.