Yeah I seem to recall it was a known issue with Pixel 4s & earlier.
I'm sold on the Pixel otherwise.
Discussion
If you don't have a cost issue, I would get the 7 as the camera got a nice bump. I've been on the 6 though and for everything I do, including amethyst, it's buttery smooth.
Do you run something like calyx or graphene on them?
I’m a long-time iOS user who’s tempted regularly to try it.
No, I use stock Pixel firmware. Google did a phenomenal job on it. The launcher is very good.
I know there are privacy concerns for some folks, but I have a smart home so that ship has sailed for me. I secure my Linux desktop and enjoy convenience on my mobile.
Honestly you could not get me to go back to iphone after using Pixel. I still use a iMac, MacBook Pro, and iPad Pro though. I'm not a fanboy for any brand, and android tablets suck compared to iPad. The phones are hands down better devices in my usecase though.
I appreciate you sharing your perspective and experience! If I pay the switching costs, I think I’d have to go for a degoogled experience. I tried android for a short time and some things were way way better. Like Brave browser. It was so neat to have what felt like a real web browser on a phone. Hm. Food for thought.
I was a heavy iOS user.
Bought a Pixel, degoogled it & them started slowly moving certain uses across to it.
New email addresses. Bitwarden password manager. More thought around what I did & didn't do.
It takes a while to fully separate - their stuff is deliberately sticky.
Don't let perfection get in the way of progress.
Now that the original Pixel is starting to die, I'm thinking I'll take my privacy to another level. I learned a lot in moving across & made mistakes. It's not about becoming invisible, so much as making it difficult for them to know every detail of your life.
Appreciate you sharing your perspective. I’ve been trying not to be a “heavy” phone user - so that helps in general but things like photo-taking and photo-backup and photo-viewing have been the tarpits that keep me. Software like immich and photoprism may be changing that for me though.
Some of the recent nasty bugs in android world have spooked me (“acropolypse” - and the 5G modem/WiFi calling bug specifically.)
I’ll keep thinking about it. 🤔
How did you deal with banking? That was my biggest hangup. I'd really like to hear from someone who's invested a lot of time into this.
At first I couldn't find my bank's app. I assumed I'd have to use their web page.
I eventually found the app on Aurora store.
Aurora store uses a login from a pool to get a certificate to the Google store. That certificate is location specific so a VPN will effect the apps that are available in that session.
The banking app functions fine - no issues.
I couldn't get mine to load at all. It detected the phone was rooted and refused to run. I was trying to use the sandboxed gplay services on graphene for that part.
I went with Calyx on my first because of usability issues like that.
I heard that Graphene made some significant changes to their setup a little while ago. It's apparently much easier to do things now but I've never used the old Graphene, so I don't know.
It seems pretty similar to calyx to me.
I had to enable Google services to add my e-sim but then disabled them after it was downloaded.
I installed F-droid from a downloaded apk & then installed Aurora from F-droid. Seems fine
Thank you for sharing. I may attempt this again eventually.
It is fantastic to hear you're considering GrapheneOS for your device. Please if you have any questions at all reach out to me and I will be more than happy to provide any up to date information/answers that you might have, should the documentation on our site not cover it.
Just as an FYI...
GrapheneOS and CalyxOS are much different. GrapheneOS is a hardened OS with substantial privacy and security improvements:
https://grapheneos.org/features
CalyxOS is not a hardened OS. It substantially reduces security. It recently went 2 months not shipping standard security patches.
Compatibility with Android apps on GrapheneOS is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer:
https://grapheneos.org/usage#sandboxed-google-play
Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the problematic microG approach.
CalyxOS is closer to LineageOS they both share the same issue above and they both always use multiple Google services too while giving them privileged access even if users don't use microG. It would be wrong to imply they don't use Google services. microG is of course an implementation of Google services. GrapheneOS doesn't use Google services by default.
To clarify further they always use Google services even without microG. They use Google for connectivity checks, network time, attestation key provisioning, SUPL, DNS fallback (LineageOS only), PSDS (Pixel 6 and 7), eSIM activation and more enabled by default.
https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ is a 3rd party article explaining some of the substantial differences between GrapheneOS and CalyxOS. It's a common misconception that they're similar. CalyxOS is far more similar to LineageOS than GrapheneOS. There are many other alternate OSes available.
https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is another article about privacy and security differences between alternative Android-based operating systems.
PrivSec also have a community resource for banking apps that work on GrapheneOS that can be contributed too, make sure to check the issue tracker too for submissions that might not be on the list yet.
https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
Thanks for your detailed response Metroplex!
I'll be taking a look at the links you posted.
It's great to see you on Nostr.
💪🤙
This is awesome. I will have to go through some steps to get off a proprietary 2FA app before I can try again. Thankfully I already moved to a private vaultwarden instance for passwords, so I'll be able to move 2FA there.
So, I’m reading through https://grapheneos.org/faq#security-and-privacy and see “the baseband is isolated on all of the officially supported devices” … were GrapheneOS Pixels effected by the Samsung baseband remote code execution vulnerabilities Project Zero disclosed earlier this year?
All Pixels were however, once an attacker has taken over a baseband via a remote code execution exploit, they could potentially have another exploit for the OS. Hardening the OS including drivers against exploitation from hardware components is often overlooked. Drivers can accidentally trust hardware.
GrapheneOS can't directly harden the firmware/hardware itself, but we do harden the OS against being taken over from compromised firmware/hardware in these situations.
Therefore on the OS level it was mitigated against yes.
Then once the patches were available we rolled them out instantly.
Something you need to be aware of though is while this particular exploit received a lot of attention, things like this are commonly found in security bulletins and updates and can only deal with known knowns not known unknowns. The latter requires constant vigilance and GrapheneOS goes a long way in ensuring best protection from them. We are not currently aware of any in rhe wild vectors compromising the OS.
It is that very isolation via IOMMU that enables this.
