Replying to Avatar Ava

Totally fair—and you’re right to just learn and work with what you have.

Most Samsung devices don’t support true secondary user profiles the way Pixels do, so you’re mostly limited to things like Secure Folder. It’s better than nothing, but it’s not real OS-level isolation.

And for what it’s worth, Apple isn’t meaningfully better here. Different tradeoffs, same surveillance realities, and even fewer options for compartmentalization.

Pixels with GrapheneOS can still make sense for isolation. But Google has been tightening the ecosystem—locking custom ROMs out of hardware driver access and forcing projects like GrapheneOS to reverse-engineer components they previously had direct access to.

At the same time, there’s increasing pressure on sideloading through Play Protect, more apps opting into attestation that blocks custom ROMs outright, and growing dependence on Google Play services. That combination makes the path more constrained than it used to be, and it’s part of why GrapheneOS is moving toward its own hardware.

GrapheneOS support for existing Pixels continues, but it’s under growing platform constraints.

Threat model first. Work within constraints. Practice privacy and security through isolation and compartmentalization. Improve over time. You’re doing exactly that.
Avatar
jaquesbody 3d ago

What a legend 🙏 - I assumed that that Play Protect was a crock of shit and turned it off. I'll get up to speed on Secure Folder and most likely bite the bullet til GrapheneOS release hardware in the future.

This is golden: "Threat model first. Work within constraints. Practice privacy and security through isolation and compartmentalization. Improve over time."

Reply to this note

Please Login to reply.

Discussion

No replies yet.