Oddbean new post about | logout
 Pro/Con of DeGoogled Phone operating systems

Graphene
Pro: Good optional sandbox for Google push.  And advanced security features such as:
1) Hardened to resist memory attacks
2) Better sandboxing (access policies)
3) Enhanced verified boot
4) Attestation tool to diagnose Pegasus malware
5) Browser reducing “just in time” JavaScript
/
Con: Only Google manufactured hardware, which is the most likely to have hardware backdoors. Titan-M security chip is closed source and therefore untrusted to protect me from Google/Government

Calyx
Pro: Similar DeGoogled experience to Graphene, but supports a wide group of phone manufacturers outside the 5 eyes including Fairphone, OnePlus, Vivo, Xiaomi, ZTE, and Huawei.  LOL, Do you trust Google or the Chinese?  Calyx also has a great built in Firewall app to cut off apps from the internet
/
Con: While Calyx is better for avoiding Google’s unknown hardware backdoors, it doesn't have Graphene's advanced security against known targeted attacks.  Additionally, if you need Google push notifications, then it uses MicroG instead of Graphene's sandbox, which isn't as good at isolating Google from the core system data.

Lineage
Pro: Works on an even larger variety of hardware, so you got a lot of choice.  Lineage is also great for fake android virtual machines on your desktop PC. You can easily spin up a VM with this and use spyware apps.  While as Graphene won't allow this under current builds, and Calyx requires "annoying to use" Android developer kits to do it.
/
Con: Can't lock the bootloader. Controversial security issues.

Pinephone (Linux phone)
Pro: It's good to see alternatives to Android. Hardware "brains" are open source.
/
Con: Low amount of apps because it's not using Android's ecosystem.  Not as good performance as Android.  Lacks Android's good security model, and it still uses closed source hardware to communicate: WiFi and LTE modem (they had to)

Purism's Librem 5
Scam.  They won't ship it, don't buy it.

Summary,
Graphene - Extra Security, IF you trust Google's hardware
Calyx - Good for non-Google hardware & app firewall
Lineage - Great for VMs
Pinephone - Boycott Google

</end>
SimplifiedPrivacy has lowered custom consultations to $30/hour. Reach out and we'll help you with flashing phones, routers, Linux, any tech support.