A user on the awesome No Agenda Social app raised some interesting points regarding our latest article. Rather than keep them to ourselves, we figured we’d share our response as a blog post in case anyone else raises these questions in the future.
Thanks for the valuable feedback – our intent here is not to confuse, but to illuminate, and you’ve brought up some good points that require more specificity. We have no dog in this proverbial fight as both Lineage and Graphene are great OSes, we just think the former is a bit more n00b friendly.
That being said, Pixels sold from US carriers are notorious for poor bootloader unlock compatibility. Some carriers require a SIM unlock first (T-Mobile, AT&T) and others, like Verizon, have locked bootloaders in perpetuity. A brief search of the XDA-Developers forum will demonstrate how much difficulty there is in trying to unlock a bootloader on handsets with an incompatible SKU.
Pixels outside of the CDMA-dominated US market are largely unlockable, and many European countries have laws specifically disallowing bootloader and SIM locks. So if you’re in Europe, this device compatibility issue probably doesn’t apply to you 🙂
The only way to absolutely guarantee bootloader unlockability on a US Pixel out of the box is by purchasing a Pixel from Google directly or sourcing an aftermarket phone that was purchased from the Google Shop. Google’s nomenclature refers to these as “Google Edition” and “Developer Edition” in their package inserts depending on the generation. It’s great if you can source non-OEM Pixels with unlockable bootloaders, but you’re at the whims of the carrier here. We hear Best Buy sells OEM Pixels in the US, so that’s another option.
As for Aurora Store, yes, you can download it on F-Droid with GrapheneOS – but it totally defeats the purpose of a degoogled phone, as Graphene does not support signature spoofing for Google API calls. In fact, the Graphene team is almost militantly AGAINST adding signature spoofing via MicroG because “security”:
https://www.reddit.com/r/GrapheneOS/comments/bnfx6r/signature_spoofing_support/
For the record, the LineageOS team also refuses to add signature spoofing by default. That’s why we focus on the MicroG fork of Lineage in particular here at PrivacyToGo as we feel providing disinformation to Google is not just a cool feature, but a moral obligation 😉
The trade-off here is clear: Security or privacy, which do you value more? If you’re using Aurora via Graphene right now and value your privacy, we’d highly recommend you uninstall it and use an alternative like APKPure instead. You’ll sacrifice push notifications and easy updates, but if your intent is to avoid Big Tech snitches, Aurora Store without metadata disinformation is still giving Google a decent amount of usage data about you.
If you can ride with Graphene in perpetuity, God bless you, truly. It’s an OS that’s designed for open-source apps first and foremost. Most people aren’t willing to make that trade-off to preserve privacy (yet), but we hope the world will get there in time.