Posted on 1 Comment

More AOSP Details – Round Two!

A user on the awesome No Agenda Social app raised some interesting points regarding our latest article. Rather than keep them to ourselves, we figured we’d share our response as a blog post in case anyone else raises these questions in the future.

Thanks for the valuable feedback – our intent here is not to confuse, but to illuminate, and you’ve brought up some good points that require more specificity. We have no dog in this proverbial fight as both Lineage and Graphene are great OSes, we just think the former is a bit more n00b friendly.

That being said, Pixels sold from US carriers are notorious for poor bootloader unlock compatibility. Some carriers require a SIM unlock first (T-Mobile, AT&T) and others, like Verizon, have locked bootloaders in perpetuity. A brief search of the XDA-Developers forum will demonstrate how much difficulty there is in trying to unlock a bootloader on handsets with an incompatible SKU.

Pixels outside of the CDMA-dominated US market are largely unlockable, and many European countries have laws specifically disallowing bootloader and SIM locks. So if you’re in Europe, this device compatibility issue probably doesn’t apply to you πŸ™‚

The only way to absolutely guarantee bootloader unlockability on a US Pixel out of the box is by purchasing a Pixel from Google directly or sourcing an aftermarket phone that was purchased from the Google Shop. Google’s nomenclature refers to these as “Google Edition” and “Developer Edition” in their package inserts depending on the generation. It’s great if you can source non-OEM Pixels with unlockable bootloaders, but you’re at the whims of the carrier here. We hear Best Buy sells OEM Pixels in the US, so that’s another option.

As for Aurora Store, yes, you can download it on F-Droid with GrapheneOS – but it totally defeats the purpose of a degoogled phone, as Graphene does not support signature spoofing for Google API calls. In fact, the Graphene team is almost militantly AGAINST adding signature spoofing via MicroG because “security”:
https://www.reddit.com/r/GrapheneOS/comments/bnfx6r/signature_spoofing_support/

For the record, the LineageOS team also refuses to add signature spoofing by default. That’s why we focus on the MicroG fork of Lineage in particular here at PrivacyToGo as we feel providing disinformation to Google is not just a cool feature, but a moral obligation πŸ˜‰

The trade-off here is clear: Security or privacy, which do you value more? If you’re using Aurora via Graphene right now and value your privacy, we’d highly recommend you uninstall it and use an alternative like APKPure instead. You’ll sacrifice push notifications and easy updates, but if your intent is to avoid Big Tech snitches, Aurora Store without metadata disinformation is still giving Google a decent amount of usage data about you.

If you can ride with Graphene in perpetuity, God bless you, truly. It’s an OS that’s designed for open-source apps first and foremost. Most people aren’t willing to make that trade-off to preserve privacy (yet), but we hope the world will get there in time.

Share this:
Posted on 25 Comments

LineageOS vs GrapheneOS – Which Degoogled ROM is Right for You?

When it comes to choosing LineageOS vs GrapheneOS (or any other degoogled ROM for that matter), confusion abounds and debates can get very heated!

The tl;dr is that it doesn’t matter much from a privacy perspective. Any variant of Android without Google and based on the Android Open Source Project is going to offer unparalleled privacy and security gains over a traditional iPhone or Android smartphone.

However, there are subtle differences when comparing LineageOS vs GrapheneOS that are worth exploring.

Here at PrivacyToGo, we’ve chosen to focus our efforts on the microG fork of LineageOS, though we’re happy to flash GrapheneOS for Pixel customers on request.

Why do we think LineageOS is the best degoogled ROM for most people? Let’s get into it!

Device Support

GrapheneOS is only supported by Google Pixel devices. That may change in the future, but for now, if you want to use GrapheneOS, you have to use a Google smartphone.

Furthermore, you cannot use just any old Pixel phone. You have to secure a Google Edition Pixel in order to flash GrapheneOS or any other custom ROM. This means that the vast majority of Pixels out there cannot actually be degoogled as their bootloaders are locked.

If you want to ensure you’re getting a degoogleable Pixel, you have to buy it directly from Google.

We don’t like the idea of lining Google’s pockets to escape Google.

By contrast, LineageOS supports hundreds of devices.

We would much rather support manufacturers like Motorola and OnePlus who are committed to supporting privacy ROM options by default.

Community

By virtue of its massive popularity, the LineageOS community is also massive! That means if anything goes wrong, bugs are quick to be fixed.

That also means discussion boards about LineageOS are always buzzing. It’s nice to know that there is a large support network of other users just like you should you need to ask questions.

Dangerous App Installs

GrapheneOS comes installed with only one app store, the open-source F-Droid store.

LineageOS also comes with F-Droid. It’s a fantastic service and we would strongly recommend looking for open-source apps on F-Droid before turning to Google Play!

But if you want to use your favorite apps from the Google Play store, you won’t find them in F-Droid. You’ll have to install them some other way.

On modified builds of LineageOS, there’s a great app called Aurora Store that allows you to download apps directly from Google in 100% anonymity. This is called device spoofing and feeds disinformation to Google about your device type, language, and even location.

You get the security and convenience of Google’s Play Store while retaining your privacy. It’s a win-win.

By contrast, a GrapheneOS user who wants to install their favorite app is going to have to install files from a third-party source that may or may not be secure. Yikes! An advanced user knows how to avoid these pitfalls, but your average smartphone user is sure to make mistakes here that could compromise their security.

Age

LineageOS is here to stay.

The project has been around since 2016 and is the direct descendant of CyanogenMOD, the earliest Android ROM that started all the way back in 2011.

In comparison, GrapheneOS is much younger and had a very rocky start to its development. Their team is growing and the project is doing some amazing stuff, but it’s yet to prove the test of time in the same way as LineageOS.

Hardened Memory Allocators and Other Niceties

This is one area where GrapheneOS takes the cake.

They are pioneering alternate implementations of a lot of Android features to reduce attack vectors, but their hardened memory allocator is probably the most impressive. This is a very low-level feature that the average person would never encounter, but if you’d like, you can read more about memory allocators here.

A security professional, for example, may have good reason to choose GrapheneOS over LineageOS.

In Closing

When it comes to LineageOS vs GrapheneOS, they’re both excellent choices.

Advanced users might gravitate towards GrapheneOS, whereas LineageOS is much closer to being “soccer mom approved.”

Open-source fanatics ready to leave behind all “normal” apps will also find GrapheneOS more appealing.

And frankly, if you’re the type of person who loves nerding out over AOSP ROM choices, you can probably flash GrapheneOS or LineageOS yourself! There’s a guide over at No Agenda Phone that can get you started with Graphene flashing, and a bevy of device-specific guides for LineageOS on their wiki.

It all depends on your device, personal preference, and level of knowledge. But for the average smartphone user, LineageOS is simply much more approachable and user-friendly.

Finally, if all this talk of ROM flashing and device selection is more than you want to deal with, we’ve got you covered. Head on over to our shop, where we sell a wide variety of degoogled phones ready to use out of the box.

Stay informed, stay free.

The best degoogled smartphone and privacy news, straight to your inbox.

Share this: