What privacy / security steps does everyone take to lock down their mobile devices?
Discussion
Android. Calyx or Graohene OS. Don't install google services / GApps / GSF. Minimise the number of installed apps. Disable apps automatically if unused for a period of time.
Graphene*
GrapheneOS + always-on VPN + separate profiles for certain apps
I've been using calyx os for about a year now, i really like it and I'll only be using a custom rom from now on. but I'm thinking about giving graphene os a go. I would like to know if there is much of a UX difference?
UX is better π
Just be aware GrapheneOS and CalyxOS are much different. GrapheneOS is a hardened OS with substantial privacy and security improvements:
https://grapheneos.org/features
CalyxOS is not a hardened OS. It substantially reduces security. It recently went 2 months not shipping standard security patches.
Compatibility with Android apps on GrapheneOS is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer:
https://grapheneos.org/usage#sandboxed-google-play
Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the problematic microG approach.
CalyxOS uses Google services by default and give them privileged access, even if you don't use microG on CalyxOS.
grapheneos.org/faq#default-cβ¦
Purpose of GrapheneOS is not specifically avoiding Google services but we do avoid using them as the default services.
To clarify, they always use Google services even without microG. They use Google for connectivity checks, network time, attestation key provisioning, SUPL, PSDS (Pixel 6 and 7), eSIM activation and more enabled by default.
Some of these involve sending data and could be considered privacy invasive. GrapheneOS has worked hard to avoid using Google services by default.
https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ is a 3rd party article explaining some of the substantial differences between GrapheneOS and CalyxOS. It's a common misconception that they're similar. CalyxOS is far more similar to LineageOS than GrapheneOS. There are many other alternate OSes available
privsec.dev/posts/android/choosing-your-android-based-operating-system/ is another article about privacy and security differences between alternative Android-based operating systems. Talks about other alternate operating systems including DivestOS. Unlike most content, these are based on real experience and technical details.
always-on VPN, always off: bluetooth, location, microphone (unless strictly necessary); use Tor browser often; minimize/uninstall default corporate apps
Buy a 6th or 7th Gen (or latest on release) Google Pixel for the longevity of the support window.
Go to grapheneos.org and use the web installer at graoheneos.org/install/web to install GrapheneOS.
Profit ππ²π
How long could we expect a 6th Gen Pixel to receive support
The minimum support period is outlined here:
However beyond that it will receive complete support for as long as official firmware/driver updates remain available. If official vendor support for those are dropped GrapheneOS aims to provide Extended Support releases for as long as possible as a harm reduction exercise to help people transition to a supported device. Understand that ESR are not the complete and secure OS.
Thanks again βΊοΈβΊοΈ Good community to be a part of