mirror of
https://github.com/avinal/avinal.github.io.git
synced 2026-07-03 23:30:09 +05:30
added new blog on grapheneos
Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
This commit is contained in:
@@ -29,7 +29,7 @@ jobs:
|
|||||||
- name: Setup Hugo
|
- name: Setup Hugo
|
||||||
uses: peaceiris/actions-hugo@v2
|
uses: peaceiris/actions-hugo@v2
|
||||||
with:
|
with:
|
||||||
hugo-version: '0.124.1'
|
hugo-version: '0.134.3'
|
||||||
extended: true
|
extended: true
|
||||||
- name: Install elm-land and node packages
|
- name: Install elm-land and node packages
|
||||||
run: npm install
|
run: npm install
|
||||||
|
|||||||
@@ -0,0 +1,246 @@
|
|||||||
|
---
|
||||||
|
category: blogs
|
||||||
|
date: 2024-09-22T05:47:00
|
||||||
|
description: Privacy is just like hope. It is the quintessential human delusion, simultaneously
|
||||||
|
the source of your greatest strength and your greatest weakness. This post outlines my switch
|
||||||
|
to GrapheneOS and my experiences so far.
|
||||||
|
image: /images/grapheneos-kill-bloat.webp
|
||||||
|
tags:
|
||||||
|
- grapheneos
|
||||||
|
- privacy
|
||||||
|
- degoogle
|
||||||
|
- android
|
||||||
|
- pixel
|
||||||
|
- google
|
||||||
|
- security
|
||||||
|
title: "GrapheneOS Saga: The Privacy-Centric Midlife Crisis"
|
||||||
|
---
|
||||||
|
|
||||||
|
In **The Matrix Resurrections** Morpheus says *Not all seek to control. Just as not all wish to be
|
||||||
|
free*. The ever-increasing cases of privacy invading technology and the number of people sprinting
|
||||||
|
to adopting them reflects the quotes in its entirety. It is true that in the modern world it is
|
||||||
|
nearly impossible to have control of your complete data. But with few changes you can decide how
|
||||||
|
much one has access to your data. Do remember once anything is on internet, it is forever.
|
||||||
|
|
||||||
|
## My Smartphone Journey
|
||||||
|
|
||||||
|
I got my first smartphone in 2014. It
|
||||||
|
was [Samsung Galaxy Star Pro](https://www.gsmarena.com/samsung_galaxy_star_pro_s7260-5749.php), a
|
||||||
|
very basic budget smartphone with Android 4.1. I used it until mid 2019, then for a few months I
|
||||||
|
used ASUS ZenPhone Go. It belonged to my friend. This also means I have never used 3G on smartphone.
|
||||||
|
It was a direct jump from 2G to 4G.
|
||||||
|
|
||||||
|
My first good smartphone
|
||||||
|
was [Nokia 6.1 Plus](https://www.gsmarena.com/nokia_6_1_plus_(nokia_x6)-9178.php). Excellent build
|
||||||
|
quality, clean OS with decent performance. Camera quality was surprisingly excellent considering
|
||||||
|
that it had almost no AI based processing. Nokia can be a market leader in smartphone, but it seems
|
||||||
|
either they don't care much or they aren't putting much effort. I had to leave this phone in a year
|
||||||
|
because of severe charging port issue. Other than that it is still one of my most favorite
|
||||||
|
smartphone.
|
||||||
|
|
||||||
|
Then I bought [Google Pixel 4a](https://www.gsmarena.com/google_pixel_4a-10123.php) in January
|
||||||
|
of 2021. First gadget bought with my first earning. Pixel 4 and 5 series are my most favorite
|
||||||
|
smartphones still. These are ergonomic and handy phones without many bells and whistles. The
|
||||||
|
design is nice with good performance and clean OS. After these things started going bad.
|
||||||
|
|
||||||
|
My current smartphone is [Google Pixel 7a](https://www.gsmarena.com/google_pixel_7a-12170.php)
|
||||||
|
bought in 2023. It is good but for the price I would expect a little more. Takes excellent photos
|
||||||
|
and the performance is decent. The stock OS is unfortunately not as clean at it used to be.
|
||||||
|
|
||||||
|
## Why GrapheneOS?
|
||||||
|
|
||||||
|
Before I can explain why I choose GrapheneOS, I should explain what I need. It can vary person to
|
||||||
|
person and phone to phone. But the keywords are same, privacy, security, performance and control.
|
||||||
|
|
||||||
|
### What I Do Not Need on My Smartphone
|
||||||
|
|
||||||
|
This is a very opinionated list of things I do not want on my phone. This is in part inspired by
|
||||||
|
privacy and performance concerns. A lot of it comes from my way of interacting with smartphone.
|
||||||
|
|
||||||
|
- AI: It is awesome in quantities in which Wine can be enjoyed. Too much of it and the phones
|
||||||
|
behaves exactly like a drunken, too much talk but very little of it makes any sense.
|
||||||
|
- Apps I will never use: Every smartphone comes with some set of preinstalled applications. Some of
|
||||||
|
them as crucial for the phone to function normally. Some of them are useful but may have an
|
||||||
|
alternative. And others neither crucial nor useful. And on most phones you cannot even
|
||||||
|
uninstall/disable them. It makes no sense to keep two apps with same functions or apps with no
|
||||||
|
functions.
|
||||||
|
- Spyware/Malware/Adware/Bloatware: On many smartphones these are intentionally installed. Ok, maybe
|
||||||
|
not the first two, but definitely the next two. Most of the Chinese smartphones are riddled with
|
||||||
|
Adware and Bloatwares, probably the reason why they are so cheap. They are privacy nightmares and
|
||||||
|
eat up your performance and battery.
|
||||||
|
- Inability to control permissions: A smartphone is a huge data generator and gatherer. If wrong
|
||||||
|
entities have access to it, they may use it for nefarious purposes. One of the shocking example
|
||||||
|
is [How Facebook was able to track location using accelerometer](https://www.cpomagazine.com/data-privacy/facebooks-use-of-alternate-location-tracking-methods-to-circumvent-apple-privacy-protections-expands-to-accelerometer-data/).
|
||||||
|
So I would like to be in charge of what permissions each application has.
|
||||||
|
- Gimmicks: IYKYK
|
||||||
|
|
||||||
|
I still want my phone to be usable and have regular updates. I want it to perform close to what it
|
||||||
|
was designed for.
|
||||||
|
|
||||||
|
### It just makes sense
|
||||||
|
|
||||||
|
Once you are clear that what you do not want on your smartphone, GrapheneOS immediately makes sense.
|
||||||
|
I can achieve everything listed above and more. I actually researched and planned for almost a year
|
||||||
|
before I finally installed it. Now that I have done it, I think there is no going back.
|
||||||
|
|
||||||
|
## Installing using Fedora
|
||||||
|
|
||||||
|
GrapheneOS can be installed using WebUSB or via command line. Both are simple, but WebUSB is
|
||||||
|
simpler. Since Fedora is not in
|
||||||
|
the [supported OS](https://grapheneos.org/install/web#prerequisites). WebUSB may not work, for me,
|
||||||
|
it didn't. So I opened my favorite tool, the terminal and started
|
||||||
|
typing. [Installation via CLI](https://grapheneos.org/install/cli) works flawlessly as long as you
|
||||||
|
follow it step by step. There are few extra steps you might need for Fedora, that I will be
|
||||||
|
explaining here:
|
||||||
|
|
||||||
|
1. Install these packages:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo dnf install android-tools
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Follow the official instructions up
|
||||||
|
to [OEM unlocking and booting into bootloader](https://grapheneos.org/install/cli#booting-into-the-bootloader-interface)
|
||||||
|
3. Check if fastboot can detect your device
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo fastboot devices
|
||||||
|
```
|
||||||
|
|
||||||
|
4. After that you can continue following the instructions. Use `sudo`.
|
||||||
|
|
||||||
|
Wait patiently as it takes some time and there is not much interactive response. Be sure that the
|
||||||
|
process has ended successfully before you disconnect your phone.
|
||||||
|
|
||||||
|
## First Impressions
|
||||||
|
|
||||||
|
The onboarding was short and clean. No account logins, no spooky agreements to accept. Once you set
|
||||||
|
up your phone, it should feel like a minimal installation of any Linux distros, few necessary
|
||||||
|
pre-installed apps and nothing else.
|
||||||
|
|
||||||
|
In GrapheneOS all apps are sandboxed, no matter what is its origin. They have similar permission
|
||||||
|
scopes and no app is treated as royalty. On stock Android, some Google apps have system level
|
||||||
|
access, which they absolutely don't need for function. Unlike most custom OS available, GrapheneOS
|
||||||
|
is a completely de-Googled OS. You can see a detailed
|
||||||
|
comparison [here](https://eylenburg.github.io/android_comparison.htm). This means you should be just
|
||||||
|
fine without any Google Apps at all.
|
||||||
|
|
||||||
|
## Getting It To Speed
|
||||||
|
|
||||||
|
I wanted to retain my ease of use and most of previous apps. Some of them may be privacy invading
|
||||||
|
but with newly gained superpowers, I should be able to control them. I do use a fair share of Google
|
||||||
|
Apps as well as FOSS applications.
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
### My daily drivers
|
||||||
|
|
||||||
|
These are everyday applications, like calendar, payment and banking apps, maps, messaging, phone,
|
||||||
|
contacts, browser, email etc. To install apps from Play Store you will need to install Play Services
|
||||||
|
first. This is easy, just go to the App Store and install them.
|
||||||
|
|
||||||
|
### Enhancers
|
||||||
|
|
||||||
|
There are few apps, mostly FOSS that I use to improve my experience. In no particular order (its
|
||||||
|
alphabetic):
|
||||||
|
|
||||||
|
- [AdGuard Home Manager](https://github.com/JGeek00/adguard-home-manager): An AdGuard Home client
|
||||||
|
app, that lets me quickly control and manage my self-hosted AdGuard Home installation.
|
||||||
|
- [Aegis](https://getaegis.app/): Probably the best 2FA apps that is also FOSS. Compared to popular
|
||||||
|
options like Google Authenticator, it encrypts your token at rest, lets you import and export as
|
||||||
|
well as take encrypted backups.
|
||||||
|
- [Immich](https://immich.app/): A FOSS and self-hosted Google Photos replacement. Except editing,
|
||||||
|
it has everything you may need in a media backup app. Even more features are being added
|
||||||
|
regularly.
|
||||||
|
- [Insular](https://secure-system.gitlab.io/Insular/): I use this to enable a separate work profile
|
||||||
|
where I keep all my less used or data hungry applications. When not in use I can just pause them,
|
||||||
|
and it saves battery as well as enhances privacy.
|
||||||
|
- [Lawnchair](https://lawnchair.app/): To be frank, I am unable to find a launcher that fits to my
|
||||||
|
liking. My favorite launcher is still the OP Nokia Lumia launcher. Lawnchair is a Pixel launcher
|
||||||
|
replacement with a lot more features and customizations. I use it
|
||||||
|
with [Arcticons](https://arcticons.com/).
|
||||||
|
- [ServerBox](https://github.com/LollipopKit/flutter_server_box): I use this to keep an eye on my
|
||||||
|
servers and even make small updates via ssh.
|
||||||
|
- [Tailscale](https://tailscale.com/): Three of the apps mentioned above will be unusable if not for
|
||||||
|
Tailscale. In layman terms, it is a p2p VPN that tricks all the participating devices like they
|
||||||
|
are connected in same local network. So you can access your remote servers and data without ever
|
||||||
|
exposing them to internet. Additionally, it also redirects your DNS request to a custom server (
|
||||||
|
like AdGuard Home) or even make one of your devices act as exit node.
|
||||||
|
|
||||||
|
## Things I Loved
|
||||||
|
|
||||||
|
New OS, new experiences and new things to love. There are many things that made me say _**Wow**_,
|
||||||
|
but I will point out the biggest changes in my smartphone experience.
|
||||||
|
|
||||||
|
### Game-changers
|
||||||
|
|
||||||
|
- Google Pixels are known for churning out good performance out of comparatively less powerful
|
||||||
|
hardware. With recent AI outbreak, Google and other organizations are putting too much of it even
|
||||||
|
in places that makes little sense. GrapheneOS is clean from all that bloat, not even the
|
||||||
|
Assistant. If I really need it, I can install specific applications.
|
||||||
|
- Battery life improvement is the biggest visible change I observed. I am not getting around 25%
|
||||||
|
more screen time than before with similar uses.
|
||||||
|
- I can now decide what permission each app has as well as stop their access to network completely
|
||||||
|
without relying on a third party apps. You also get fine control for your location data as well as
|
||||||
|
activity indicator.
|
||||||
|
- As I mention in my first point, Pixels have good performance, but GrapheneOS takes it to another
|
||||||
|
level. My phone feels significantly faster. This should be expected since you no longer have bloat
|
||||||
|
apps running in background.
|
||||||
|
|
||||||
|
### Little things
|
||||||
|
|
||||||
|
- You can archive any installed application instead of removing them. This makes sure that you don't
|
||||||
|
have to set up again but still get rid of them in practice.
|
||||||
|
- Ability to install apps in user profiles without any App Store installation.
|
||||||
|
- The usual things, you can see the complete list of improvements/new things
|
||||||
|
on [GrapheneOS features](https://grapheneos.org/features) page.
|
||||||
|
|
||||||
|
## Things That Went Wrong
|
||||||
|
|
||||||
|
Yes, not everything is great with GrapheneOS. There were some downsides, some failures as well loss
|
||||||
|
of data. I backed up all my data before making the switch and still got few things wrong.
|
||||||
|
|
||||||
|
### Horribly Wrong :(
|
||||||
|
|
||||||
|
- I lost my WhatsApp data completely. I am still a bit sad about it. This happened because WhatsApp
|
||||||
|
couldn't detect active backup on my Google Drive and decided to start new. This is a scary example
|
||||||
|
of how dependent everything is on Google, if WhatsApp had allowed independent backup, this would
|
||||||
|
not have happened. I did find a probable fix, but after I lost my data. You can use _Transfer
|
||||||
|
Chats_ feature of WhatsApp to transfer between phones. But you need two phones with latest
|
||||||
|
versions of WhatsApp so not possible for me anyway. There was a lot of not-important data, few
|
||||||
|
important and some which I wanted to remove but couldn't. So the destiny decided it for me, it
|
||||||
|
seems.
|
||||||
|
- GrapheneOS doesn't have a great backup solution. It uses an implementation of Seedvault, which is
|
||||||
|
secure but not reliable at all. Most of the time it simply doesn't work. Except USB backup,
|
||||||
|
nothing worked for me. That also means you have to regularly take manual backup.
|
||||||
|
|
||||||
|
### Manageable
|
||||||
|
|
||||||
|
- All banking apps worked, except PayTM. After some research I found that it is not GrapheneOS
|
||||||
|
fault. It seems PayTM hardcoded application used for webview. The usual _Android System Webview_
|
||||||
|
is not available neither installable on GrapheneOS since it uses its own implementation. It is
|
||||||
|
okay because I always use a different payment app.
|
||||||
|
- Getting location to work was a little tricky. First few attempts completely failed. GrapheneOS
|
||||||
|
uses something called _Reroute location request to OS_ which limits when and how Play Services can
|
||||||
|
access location. A great privacy feature, but it took some time to work.
|
||||||
|
|
||||||
|
## Things I am missing
|
||||||
|
|
||||||
|
- Reliable backups would be a major missing. The GrapheneOS seems to be working on it, but it may
|
||||||
|
take time.
|
||||||
|
- Some of the features are not latest compared to Stock Android or even completely missing i.e.
|
||||||
|
Wallpaper Chooser, Extreme Battery Saver, Digital Wellbeing, pausing of apps. I understand that
|
||||||
|
these may not be a priority for the team, so it's okay.
|
||||||
|
- I loved _Now Playing_ feature on Pixel, it is not available.
|
||||||
|
- Although GrapheneOS is extremely minimal, there are still apps you cannot remove. The preinstalled
|
||||||
|
apps for dialer, contacts and cameras are simple and do the work, but the UI is pretty outdated,
|
||||||
|
and they do not have many features. So I installed alternatives but I cannot remove them. Some of
|
||||||
|
them can be disabled though.
|
||||||
|
- There are few UI issues that needs fixing. Not anything critical but sometimes it bothers.
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
- [GrapheneOS Website](https://grapheneos.org/)
|
||||||
|
- [Comparison of Android ROMs](https://eylenburg.github.io/android_comparison.htm)
|
||||||
|
- [Installation using Fedora - Forum](https://discuss.grapheneos.org/d/359-fedora-to-install-grapheneos/4)
|
||||||
|
- [The Matrix Resurrections](https://www.imdb.com/title/tt10838180/)
|
||||||
Binary file not shown.
|
After Width: | Height: | Size: 217 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 185 KiB |
+1
-1
@@ -13,4 +13,4 @@
|
|||||||
# status = 200
|
# status = 200
|
||||||
|
|
||||||
[build.environment]
|
[build.environment]
|
||||||
HUGO_VERSION = "0.124.1"
|
HUGO_VERSION = "0.134.3"
|
||||||
|
|||||||
Reference in New Issue
Block a user