Degoogled Phones –
Free Your Phone From Google And Apple¶
Want a degoogled phone? In this chapter, we'll discuss how to break away from Android and iOS by:
- privileging free and open source apps (FOSS apps) without trackers and with minimal permissions
- using a customised open source phone OS such as CalyxOS or LineageOS
Tracker-free FOSS apps¶
Mobile apps from Google, Facebook, Samsung or Microsoft are downloaded by the billions. Often, they come pre-installed without the user's explicit consent.
This raises serious privacy concerns. Many of those apps request access to your location, microphone, camera, contacts and so on. They also contain trackers to collect information about you. On average, the top 50 Android apps (over 100 billion downloads) contain 2 to 3 trackers and require 36 permissions, as illustrated above.
Tell me more about trackers
A tracker is a piece of software gathering information on how applications and smartphones are being used. This can include various aspects, such as let's say the ability to track your location, scan your contacts, access your credit card numbers or read your clipboard contents. Carefully check for trackers and permissions when you install an app, for example using εxodus.
|Analytics||Collects data, for example which websites you visit, for how long, which part of the website, and so on.|
|Profiling||Builds a virtual profile by looking at your browsing history, installed apps, and so on.|
|Identification||Determines who you are by referring to your name or pseudonyms, location, and so on.|
|Advertisement||Identifies who is using your device, to serve targeted ads.|
|Location||Determines your position by checking GPS, cell towers, WiFi networks nearby, and so on.|
|Crash reports||Informs developers if applications encountered an issue.|
Degoogled phone & Linux phone¶
In 2020, the world counted 3.5 billion smartphone users. That's almost half of the world's population. Three out of four of these phones were running Google's Android, the rest Apple's iOS. And 3.3 billion people were using at least one of Facebook's core products — Facebook, WhatsApp, Instagram or Messenger.
Privacy has never been the main focus of these companies. Quite the opposite, smartphones are constantly "sharing" private data with Google, Facebook or Apple, which is then sold to an army of marketers and data brokers: advertising agencies, law enforcement, political action committees, financial institutions, insurance companies and so on. Android phones for example send 12 megabytes of data to Google every day. Even when idle, they communicate their location to Google 14 times per hour. Likewise, iPhones push 6 megabytes of data to Google and 1 megabyte to Apple — every day.
What are the best privacy phones?
|1. Dump your phone||Phones haven't been designed with privacy in mind. If you really care about privacy, you shouldn't be carrying a mobile phone. For most of us, this option is however too radical.|
|2. Go for a FOSS phone||The next best option would be to find a Linux phone OS or a phone with fully open source mobile OS (and possibly hardware). There are some ongoing projects such as the Librem 5, Pinephone, Postmarket OS, Ubuntu Touch or Sailfish OS (the latter is not entirely FOSS). Again, these bleeding-edge solutions are not for everybody.|
|3. Free Android from Google||In principle, Android is open-source. Getting rid of Google's applications and proprietary software is the best compromise solution as of now. This can for example be achieved by switching to CalyxOS or LineageOS for microG, two de googled Android alternatives.|
Should I choose LineageOS for microG or CalyxOS, or something else?
It depends on your phone model, as well as your threat model. LineageOS for microG is compatible with many phone models, at the cost of enhanced security. CalyxOS is more secure, but compatible with less phone. Here an overview of both mobile operating systems:
|Features||LineageOS for microG||CalyxOS|
|De googled phones(1)||99%||99%|
|Automatic security updates(4)||Limited||Yes|
|Signature spoofing(6)||Yes||Yes (if using microG)|
|Supported devices||Available to hundreds of devices||Google's Pixel line only|
|Ease of installation(7)||Hard||Medium|
(1) While not entirely open-source, LineageOS for microG and CalyxOS get rid of Google apps and limit the amount of proprietary code to a strict minimum.
(2) Considering aspects such as app compatibility, push notifications, access to maps, and so on. While most apps work just fine with LineageOS for microG or CalyxOS, some programs don't play nice. Also, using paid apps without Google's Play Store can be a little tricky.
(3) Considering aspects such as battery, storage and CPU usage. microG only takes up 4 MB, compared to over 700 MB for the full Google Apps stack.
(4) CalyxOS automatically receives security updates. LineageOS rolls out manual security updates: while these regularly include patches for Android, patches to the devices's kernel or drivers are not consistent.
(5) CalyxOS can lock the bootloader. This maintains the ability for verified boot, in line with Android's security model. LineageOS on the other hand runs with the bootloader unlocked. This is a security issue, which can be exploited by an attacker with physical access to the phone, or by persistent exploits able to survive a reboot, e.g. from malicious apps or browser exploits.
(6) microG uses signature spoofing, which can present certain security vulnerabilities. On CalyxOS, signature spoofing is implemented in a very restrictive manner.
(7) Setting up LineageOS for microG can seem quite complex and lengthy. You might run into unforeseen issues, especially if it's the first time.