A degoogled Android phone is the best option today for a smartphone that respects your digital privacy and autonomy. In this post I’ll discuss some different options for Google-free Android ROMs.
With most smartphones the OS vendor has full control over the phone. Apple uses this power to prevent users from installing any unapproved apps, which is kind of horrifying. Google allows you to install your own apps, but tracks pretty much everything you do in order to build a digital dossier they can use for targeted advertising; that’s horrifying in a different way.
The PinePhone and Librem 5 are attempts to build phones that can run a standard (desktop-style) Linux OS with the mainline Linux kernel. Once the software matures a bit that will probably be the best option to have full control of your device, but realistically both are still in the developer/enthusiast phase, not even ready for traditional tech early adopters.
Luckily, Google’s Android operating system has a mostly open source core, called Android Open Source Project. This is a functional operating system, released by Google primarily as a basis for vendor images, that does not include any of Google’s proprietary apps or libraries. That eliminates much of the spying that Android normally does, as well as avoiding the universal back door that would be enabled by automatic updates.
What is “Security”?
Security for a digital device means that the owner of the device has exclusive control of that device. If the owner of the device wants it to do something, nobody else should be able to override that decision. If the device is doing something the owner doesn’t like, the owner should be able to make it stop doing that.
I like to talk about autonomy, which is when an individual can make their own choices. Security is the technical enforcement of autonomy.
Privacy is mostly just security for personal data.
Unfortunately, when people talk about security, that’s frequently not what they mean. For example, corporate IT may want to secure the company against its employees. And tech companies frequently want to secure devices against the end user, with DRM measures for streaming music and video being the most obvious example. What is security for Netflix may be a security breach for every Netflix user; to prevent you from copying a movie, they hijack your device and turn it against you.
We trust the user, because that’s the whole point - we are the user.
We don’t trust anyone else. We especially shouldn’t trust the developers of our OS, at least without some mechanisms in place to make them more trustworthy. Optimally that would mean stuff like reproducible builds, but there doesn’t seem to be much push for that with Android.
We definitely want to keep an eye out for automatic updates plus user accounts from the vendor, since that would add up to a universal backdoor.
I could go into a lot more detail on traditional security questions and how they apply to phones, but that’s a question for another time.
What are some noteworthy ROMS?
This is a boring, mature custom ROM. It provides an AOSP-based OS for many devices, with minimum changes from stock Android. That means that possible functionality that could improve security or user control is intentionally left out. This can be run with or without Google Apps; but installing Gapps eliminates the benefits we’re trying to get here.
This custom ROM provides some built in alternatives to Google stuff in the form of cloud services provided by the E foundation. There are issues with privacy and autonomy with using any third party cloud services, and there’s still a universal backdoor, but GDPR might help slightly.
The E cloud services can also be self hosted. This might be a really good option.
This is a security-focused ROM with MicroG. They enabled verified boot verifying their signatures, and disable local root. That’s basically the same security model as stock Android - they trust themselves but not the user, which is basically the opposite of security for the user. In addion to MicroG accessing Google’s services, they bundle Signal by default, which is another proprietary service.
It doesn’t look like there’s a universal backdoor (automatic updates but no user accounts), and automatic updates through F-droid and the Aurora store are enabled, so this might be a good practical choice for some users.
This is a security focused ROM with neither Gapps nor MicroG. Again, they do verified boot on their signatures and block local root. They don’t enable F-droid background updates, so this is pretty much useless unless app updates aren’t needed at all.
This is a system for building custom ROMs for Pixel phones with verified boot based on custom signing keys. This looks really neat for an org that wants to issue its own phones.
- Simplest: CalyxOS
- Standard: Still LineageOS
- Time and tech expertise? Rattlesnake OS