I’m planning to buy a new phone, and would like advice. I will probably get one of the following:
- Pixel 8a running GrapheneOS
- Pixel 8a running CalyxOS
- Fairphone 5 running CalyxOS
Either one of these phones will effectively be without warranty from the start. I can’t file a warranty claim for a Fairphone 5, because they offer no warranty in my country. I can’t file a warranty claim on a Pixel 8a, because I can’t create a Google account.
Free open source software is important to me, and these are the free-est phone OSs I could find.
I’m planning to install Magisk to root the phone. I need adb root at a minimum. Will this prevent automatic updates?
Why do the GrapheneOS people say that rooting breaks the whole security model of Android? I can’t understand this, because only a few specific apps are granted root access, or possibly only adb.
Reasons I need root access:
- I need a comprehensive backup system. Non-root backup systems skip files.
- I want to block connections using the hosts file.
- I want to study the filesystem to learn more about Android.
- I want to mess with apps’ internal states.
I’ve been using calyxOS for several years on pixel hardware, and I’d honestly recommend you go with grapheneOS; it is technologically the more sophisticated project, and I’ve just sort of made my peace with the concessions I have to make using Calyx (it’s kind of ideologically driven, given that I like the idea of microG in principal).
Genuinely I would avoid root on Android if security and device integrity is a key focus for you, but I also empathise with the perspective of wanting to feel like you own the device you paid for. It depends on what you do on your phone; If banking apps or the handling of any sensitive data fall into the equation, I would completely avoid root.
Similarly to you, I also used to block adverts systemwide via hosts / adaway. Today I use Firefox for Android with the ublock origin plugin. Any apps that would have presented ads to me otherwise have kind of been phased out over time by FOSS replacements (if there are any alternatives you need, please reach out).
For a comprehensive backup system, you might want to check out Seedvault? I’m not certain but I hope this will cover your requirements?
I’m not sure what ‘mess with apps’ internal states implies, can you please elaborate on this?
Device integrity is important, but in the sense that I don’t want police to be able to get in if they take my phone while it’s locked. The phone should not be trying to protect itself from me, the owner.
I’m not planning on running any banking apps, nor any other proprietary apps that need any sort of remote attestation. For sensitive data, nothing like “other people’s social security numbers”. Just my own data, which I would prefer remain private.
Seedvault uses Android’s built-in backup infrastructure, so it won’t back up things like Signal, or proprietary apps that resist being backed up. Only a rooted app (or rooted adb) can properly backup an Android device.
By “mess with apps’ internal states”, I want to see what data proprietary apps are storing about me, and selectively delete it. I want to replace their certificate authorities with my mitmproxy’s certificate authority, and intercept their connections to understand them. I want to try modifying apps’ code – for example, call recording doesn’t work on my current phone, because there’s supposedly some XML file somewhere that marks all the US as “recording is illegal”. GrapheneOS claims to fix this, but there may be future problems in that same style, which could be fixed by modifying just one file.
Appreciate the info & context, and I agree with your overall sentiment WRT device protection against authorities.
I’ll be moving to grapheneOS for my next phone (which unfortunately may be another from the pixel series). I suppose I can try my hand at magisk and other things (I’d still prefer to use MicroG on GOS). If it writes a custom boot image then there’s a chance it’ll prevent boot entirely. I’m not sure if there are other methods for installation or temporary use of root?
