Pot, meet kettle.
To add to this, at least Android being open source allows for alternative versions that can be used on some hardware that truly don’t track and can be consistently supported long term. With Apple’s devices, that’s not a practical option.
Edit:
From the news today:
Google’s relationship with Apple is particularly significant given its unilateral access to iPhone customers. Internal Google notes of a meeting between Sundar Pichai and Apple CEO Tim Cook released Monday by the DOJ give an interesting insight into that relationship. The meeting, which began as a discussion of the regulatory environment in D.C. eventually turned toward the question of Google’s place as the default search engine on Apple products.
Cook, according to the notes, told Pichai he believes the two companies were “deep partners; deeply connected where our services end and yours begin.” In another note from the meeting, Pichai reportedly said, “Our vision is that we work as if we are one company.” Pichai tried to distance himself from that line during this testimony on Monday.
Oh boy, oh boy, oh boy!
Hello from GrapheneOS 👋
The same GrapheneOS kicked out of AOSP Alliance for being toxic and shady?
I dunno about that but the toxic guy was also kicked out of Graphene
SOME hardware. I hope you’re not picky with your devices.
I mean, it’s a higher count than Apple with exactly…0
Does anyone else remember that old project from many moons ago that was working on getting Android working on iOS devices
Yep! I remember running Android on an original iPhone (just for fun, really, and like two or three years after the iPhone had debuted).
I member!
If you’re planning to do this, you will find yourself in a sea of options.
I’ve seriously looked into it and I disagree.
We need open source drivers for devices. Without those, your smartphones with any other open source OS would be next to useless.
what the fuck
https://wiki.lineageos.org/devices/
These are only the official ones which are up to par with the quality assurance of LOS, there are countless of unofficial builds for almost any phone.
For example, Pocophone F1, my first Xiaomi phone still gets security and feature updates:
https://download.lineageos.org/devices/beryllium/builds
https://wiki.lineageos.org/devices/beryllium/
It’s now 5 years old, that’s Apple kind of support for an €350 Android device.
Vote with your wallet and only buy phones on the device list of LOS.
No kettle here, just a couple of pots. The kettle is shiny and reflective. The pot is seeing its own reflection in the kettle. Hence there’s no kettle in this scenario.
🤯 Thank you for your service.
Android being open source
Hahahahaha. Good one.
Yes. LineageOS and GrapheneOS among other forks are some obvious counterexamples to the narrative that Android isn’t open source. Then there are the countless vendors that use it in China without Google software. I know it’s cool to hate on Google and I do partake but that’s simply a fact.
Those are missing major parts of a full Android system. Play Services is a huge one.
No, they’re not. You can use sandboxed google services, if you want to. Or you can use FOSS apps.
Or your own proprietary implementation if you’re making an Android device yourself and you were lazy.
Keep digging, bud
Go buy any Android phone from a major brand (Google, Samsung, etc) try to rebuild the OS as it’s installed from the factory from source. You can’t.
Even theAOSP based Android distros like LineageOS ship with closed source binary blobs for crucial parts of the OS.
Calling Android OSS is a marketing gimmick to trick nerds into choosing Android.
I don’t know how to rebuild shit but certainly plenty of people can and have.
There are dozens of forks of Android so I don’t know how you can NOT call it OSS.
You can build a version of Android, but not the version that is installed on the device you buy in the store.
There are dozens of forks of Android so I don’t know how you can NOT call it OSS.
Because even those forks ship closed source binary blobs. You simply cannot build an Android phone with 100% open source. The phones you can actually buy in the store? A huge part of those is closed source.
Android is opensource. It has closed source components, but they aren’t necessary to run Android.
And they’re completely replaceable as there are clean interfaces between the closed source components and the open source base.
If those are you idea of clean interfaces… wow.
Feel free to post comparison images of core apps on different mobile OS’es to strengthen your incredulity.
Exactly. It’s like saying Linux isn’t open source because some distros come with proprietary NVidia drivers.
Mayor parts that are very much necessary for a fully functional Android system are closed source. Play Services is a big one.
Yes. I would like to see a DIY selfhosted replacement for play services that is a direct swap in, in the sense that as an end user I couldn’t tell the difference (notifications primarily)
Edit: wow! Didn’t realize selfhosting replacements for Google services is so controversial!
Apple literally scans your photo galleries for illegal photos.
Source?
I assume they’re referring to the now cancelled CSAM https://www.wired.com/story/apple-photo-scanning-csam-communication-safety-messages/
deleted by creator
No they don’t
Australia’s Basic Online Safety Expectations made it required by law:
“If the service uses encryption, the provider of the service will take reasonable steps to develop and implement processes to detect and address material or activity on the service that is or may be unlawful or harmful”
Source: https://www.legislation.gov.au/Details/F2022L00062/Html/Text#_Toc93478766 section 8
“Service” sounds more like something such as iCloud than my personal, on-device photo library to me.
But only local, look into the source code yourself, heh.
You forget to add /s
If you need an /S here, you deserve the troll.
Lmao pot call the kettle
deleted by creator
task failed successfully
HTTP Response 418 I’m a teapot
P sure the only difference is that Apple hoards the data while Google gives it all away.
Google also doesn’t give it away
Sorry sorry, semantics. Google sells user data.
No kettle here. The kettle is shiny and the pot sees its own reflection in the kettle. That’s the meaning of the phrase. Just two pots, one of them pointing out the other is a pot.
Well yeah, as much as I dislike apple, the majority of Google’s income comes from advertising - and to be the best at it, they need to have more personal data than everyone else, which = lots of tracking.
How do we open source hardware and make it competitive? If we figure that out, maybe we can break free of yet another 2 party system we’re creating lol
You give them the freest phone with the most open operating system you can find and people will install the spyware themselves.
Give a person a privacy phone and they’ll install spyware on it.
Give a person a want for privacy and they’ll get a privacy phone and never install closed source apps on it.
You can lead a troglodyte to knowledge but you can’t make them think.
As opposed to Apple where advertising is a growing revenue stream that they’re definitely not gonna maximize because they have other revenue streams.
Agree on the hardware point. That said you can buy a Fairphone or a Pixel today and install usable Google-free software on it, today.
There are plenty of phones one can install notgoogled OS’es on, but it requires the buyer to look up the list of phones that are supported.
Not necessarily. There’s always the option to port something like LineageOS yourself, which is in fact where most of the ROMs for a much larger selection of devices comes from than what is officially supported by LineageOS. This is of course not for the average user, but it is possible. Except for some devices like the newest Samsung flagships that are based on Snapdragon. With the Exynos variants, porting AOSP and operating systems based on it is possible.
I don’t understand. There’s a large list of officially supported devices and users can create support for even more devices. Doesn’t that mean that there is a wide range of phones that support custom ROMs, even if not all phones are supported?
There’s one thing I’m still missing when looking at custom roms, and that is being able to properly hook into the camera API to use all the cameras that come with modern devices.
I’m a little iffy on just how Google-free any Pixel after 5 is even if you run Lineage or something.
I hope eventually risc-v become the norm. It’s the closests to the open source hardware idea.
Unfortunately, no matter how open the hardware and software may be, for the vast number of people it will never be possible to verify that one specific peice of hardware is running a specific peice of software.
And even if the tools existed to enable normal persons to do this, they would need to trust that the hardware/software in the tool has not been tampered with and that the tool is running it.
I don’t think trusting the security software would be any harder to trust than the OS or anti-viruses, both systems designed to keep the users safe.
More of an issue would be how to find out who is trustable, and that will take both time and trust from the getgo.
I don’t think that that’s going to be a problem. We have a long history of dealing with such verification. What is important is that people trust science and scientific institutions, and sooner rather than later, in-depth analysis of devices conducted by experts will be able to provide security and credibility for the layman to rely on without the need to run tests themselves. This is basically how the privacy and cryptography branches of hardware and software engineering have operated for decades now.
Yeah I’m laughing at the top comment which equates Apple and Google on this. Please give me a break. Apple sells ads within its App Store and some people would have you believe this makes them an ad company. Meanwhile Google collects data from your browsing, email, phone, and tried damn hard to hook us on its social media products, and they run ads on all of those as well as third party sites and apps. I mean FFS come on.
Pot. Kettle. Black.
No kettle here. The pot sees its reflection in the kettle, kettle being shiny, so the kettle is actually different from the pot. Just one pot calling another pot black in this instance.
They’re absolutely right, but the last person who should be pointing that out is Apple, of all people.
Kind of a “takes one to know one” situation here
Unless you use GrapheneOS this is true. But iPhones aren’t any better. GrapheneOS is the only solution.
Multiple OS choices, hardware kill switches for connectivity/camera/microphone, expansion pins, etc. Modest specs but for enough functionality to be a daily driver, zero ads or spyware, and infinite customizability, $400 is a steal.
Mine was unusable IMO but maybe I didn’t try hard enough.
Linux phones are not at a point where you can actually daily drive them. They even lack support for basic apps like Signal. The camera and battery on the PinePhone aren’t great either. These are concept phones, but nothing that anyone can actually use. Also, Linux distributions are much less secure than GrapheneOS or even AOSP. And good luck getting normies to use a Linux phone, it’s already hard with desktops, but impossible with phones.
Yeah I’m aware they’re still in a really early/rough state, I definitely used the term pretty loosely. From what I understand they’re capable of reliably texting, calling, light web browsing and maybe playing some audio. If you aren’t someone who frequently/extensively uses your phone, and has decent knowledge of Linux, this may be enough for you. Def not the average user though.
I’d like to do this but it looks a bit complicated. Maybe there’s a video guide I can follow so that I don’t fuck it up.
Oh man, this looks so much easier than when I installed Lineage on the Poco F1! Might go for it now that I’ve got a pixel 7
I can only recommend it. I used a Samsung phone a few years ago and putting a custom ROM on it took me a whole weekend, I had to spend many hours researching and I often encountered issues. With GrapheneOS, it was super easy. 15 minutes after taking the phone out of the box I had Graphene running on it. That was my first time installing GrapheneOS btw.
Does it work with most common applications?
Yes, the GrapheneOS team put a lot of time and effort into creating Sandboxed Google Play services. It allows you to use Google services which are required for many apps without giving up your privacy. You get to choose which permissions you grant to Google Play services, just like with any other app. Basically any app that works on Android also works on GrapheneOS, except for a few things like Google Pay or Android Auto, because Google actually prevents them from working on Graphene.
You mean apps? Then yes. You can just install Aurora.
You mean apps?
What do you think apps is a contraction of?
Apparently, apple applications apply appropriate approvals for the apprehension of appliance appendices.
You don’t need aurora on graphene, thats the point of sandboxing.
How do you get apps from a trusted store without signing in?
deleted by creator
Maybe this topic isn’t for you. Apps and applications can mean two different things depending on the context.
No they don’t. Your responses are pointless and unwelcome.
iPhones aren’t any better
Anyone got a source for this claim? I see it repeated often in this thread with no supporting evidence.
I’m not disputing it, I’d just like to know more.
Google has a direct financial motivation to track you through their business model. Just based on that I’d assume Google is performing more data harvesting.
deleted by creator
https://www.tomsguide.com/news/android-ios-data-collection
The full research paper: https://www.scss.tcd.ie/doug.leith/apple_google.pdf
If you prefer a video: https://piped.video/watch?v=nQ9LR8homt4
No? There are many other ways to ensure privacy on Android.
-
Best option: Use a Custom ROM (which Graphene OS is an example of). However, going via this route is almost always a headache, as all devices don’t have specific, stable builds, etc. Also, going this route poses a very real risk of bricking your device.
-
Easy and safe option (I would recommend this): Buy a device with stock android instead of the crappy MIUI and other variants. Disable all google services and apps and install all your applications from Fdroid. Install a firewall like TC from Fdroid for additional protection.
all devices don’t have specific, stable builds, etc
GrapheneOS is actually very stable and has specific builds for all the devices they support. It only supports Google Pixels, because these are the reference devices that AOSP is built for. They also have great hardware security features like the Titan M series of secure elements.
Also, going this route poses a very real risk of bricking your device.
Not with GrapheneOS. Their easy-to-use web installer makes is basically impossible to break your device during the installation process. It’s really easy and maybe takes 15 minutes.
-
And if you don’t buy Google’s Pixel you’re just fucked?
I believe LineageOS has a wider selection of devices
But far worse security, privacy and app compatibility.
LMFAO, i’m interested in that explanation.
LineageOS without GApps is literally as secure as GrapheneOS
No, it definitely isn’t. Stop spreading false information and potentially giving people a false sense of security. LineageOS isn’t even as secure as stock Android, it’s definitely not as secure as GrapheneOS as GOS has many security improvements compared to the AOSP. Some examples are the hardened C Library, hardened memory allocator, improved SELinux policies, secure app spawning, hardened browser (Vanadium) which is also used for WebView, etc. LineageOS doesn’t even allow you to relock the bootloader, meaning anyone can modify the system because Android Verified Boot only works with a locked bootloader. It doesn’t have any of the security features that GrapheneOS adds on top of AOSP, it also lacks basic security features from AOSP. It’s ok for tinkering, but I would never use Lineage on a production device. You can read the section about LineageOS of this blog post: https://madaidans-insecurities.github.io/android.html#lineageos
Quote:
A common ROM that has many of these issues is LineageOS:
- LineageOS uses userdebug builds by default. This adds many debugging features as additional attack surface. It also weakens various SELinux polices and exposes root access via ADB, which, as previously discussed, is not a good idea.
- LineageOS requires an unlocked bootloader, therefore disabling verified boot, which is essential to verify the integrity of the operating system.
- It does not implement rollback protection. This allows an attacker to downgrade the system to an older version and then exploit already patched vulnerabilities. The default updater even allows you to downgrade versions yourself.
- Most LineageOS builds also do not include firmware updates, which prevents users from getting new patches to fix vulnerabilities. Instead, it gives a pop-up advising users to flash updates manually that most people will simply ignore.
This is a non-exhaustive list. There are more issues than just those listed above. LineageOS (and most other custom ROMs) are focused on customising the device and not privacy or security. Of course, you could build LineageOS yourself to fix many of these issues, but most users will not be capable of doing so.
What a load of crap. What’s ur source for this information?
From a privacy standpoint, Lineage OS uses hard-coded Google IPs for some core functionalities (DNS, NTP, Webview). MentalOutlaw did a video on this and how it can be removed by rooting your phone.
it can be removed by rooting your phone
Which makes it even less secure
Why is my comment crap?
Which of my points are not true?
LineageOS has far worse security than both AOSP and GrapheneOS as outlined in the LineageOS section of this blog post: https://madaidans-insecurities.github.io/android.html#lineageos
It also has worse privacy because it uses Google services for things like DNS and NTP by default, which can not be changed by the user. GrapheneOS replaces all Google services like DNS, NTP, connectivity check, and the Attestation key provisioning service through either their own service or their own proxy for the Google service. Most of these can also be entirely disabled by the user on GrapheneOS. It also offers proxies for SUPL and PSDS location services and allows the user to disable these.
App compatibility is worse, as LineageOS uses microG whereas GrapheneOS uses Sandboxed Google Play services. microG is an insecure and poorly implemented version of Google Play services that sometimes has issues with basic Google SafetyNet checks. GrapheneOS just uses the standard Google Mobile Services bundle, but it’s not installed as a system app and has the same privileges as any other app. It can be installed and uninstalled by the user and all permissions can be revoked (including network and sensor access).
No, Google does the same shit. You just decide which big company you give your data to. Or use a Nokia on 2G
If you install GrapheneOS, then Google doesn’t get any data from you, but they still get the money you spent on the phone. GrapheneOS only supports Google Pixels, for multiple reasons they explain in their FAQ.
Jokes on you, we disable 2G for the sake of 5G frequencies.
But on Google Pixels you can install GrapheneOS, unlike any other Android device
Just have to pay google 800$ to leave the google ecosystem. Seems legit.
My Pixel 6a was 300 bucks
tbf Androids are about the same size as iPhones
Googled Androids yes, not degoogled ones. There’s a big difference.
Pot calling the kettle black.
Pot calling another pot black. The kettle is shiny and the pot is seeing it’s own reflection, at least in the original meaning of the phrase.
“Ignore those AirTags”
That’s ironic
And, what is an iPhone?
iPhone is the same thing, but you don’t have a choice.
IPhone scans your photos even!
They say its to protect the children.
LOL!!
A miserable little pile of secrets!
Not wrong but ironic coming from apple. As if they don’t track and have spyware.
Just because Apple hinders tracking by others doesn’t mean they don’t do it themselves. Just because they can’t decrypt your phone when the FBI comes knocking doesn’t mean they don’t track you.
Think about it. What was Apple’s privacy advertising all about? It was never “we don’t track”. It was about encryption and how they prevent others from tracking. Yet, my wife’s Siri can always find the nearest whatever and suggest stuff based on my wife’s “preferences”. Curiou, ain’t it?
From what I’ve heard it’s been harder for law enforcement to get into Android phones now.
Also, the whole privacy features only make Apple’s data gathering more valuable because they become the only ones that can access that information. Google caught on and is doing the same thing with their privacy features. Privacy features are nice, but it’s naive to think that Apple and Google don’t have other ulterior motives with implementing them.
Exactly! As if Apple would hesitate even one cycle of their M3 CPUs to establish a monopoly through “data protection” (aka “only we can sell access to your data to others”)
Apple being an american company, what’s to stop high level surveilance from demanding backdoor access and printing out a letter of non-disclosure as per current US laws?
It would be negligent of any intel agency with the possibility to not make their own Room 641A at Apple.
The government can’t compel them to actually lie, and under their current public disclosures, they do not do such things. At any rate, demands are not unlimited in scope; US law doesn’t require them to secretly re-architect the whole service to create a backdoor from scratch. AT&T willingly built 641A.
deleted by creator
To say they are part of it kind of implies they even had a choice. When Yahoo tried to fight being a part of the program they were going to be fined $250k a day.
From what I’ve heard it’s been harder for law enforcement to get into Android phones now.
Don’t need to just call up Google and get whatever they want. In fact they get whatever they want for thousands of people at a time.
Only for things that are on Google’s servers. If you have something that’s on-device police will use something like Cellbrite to access it.
The vast majority of stuff Google has on their servers isn’t really all that useful to law enforcement anyway and Google requires a search warrant before handing it over. And they generally notify the user when it happens (when legally allowed to do so). Most useful would probably be location data, but law enforcement can also get similar information from cell phone companies (who are much more carefree about handing over subscriber data).
Google and Apple are both actually kind of a pain to deal with for warrant related stuff. In my line of work, I most often see subpoenas for cell phone providers and social media records as those are much easier to get.
People often act like Google is just handing out user user data to the highest bidder, but that really misunderstands their profit model. They are very protective of user data. Google does not like to give it out so that only they can be the ones to profit off of the data.
Only for things that are on Google’s servers.
Everything is on Google’s servers.
People often act like Google is just handing out user user data to the highest bidder
Yeah, I realize it’s worse than that… When did I say otherwise? I even started off the comment by stating that Apple and Google’s privacy features were made for anti-competitive reasons, not to benefit the consumer.
Your type of fear-mongering isn’t really helpful though. It just makes people feel powerless to large corporations and makes people try to address the wrong issues. It’s important to accurately state what they are collecting and how they are using that data. We spent a decade complaining about Google not respecting privacy and selling data and what we got was Google gaining even more power. Because, that wasn’t what Google was doing or their end goal.
“People” are not powerless. You and I are powerless because “people” don’t care about the dystopian future we’re living in.
And it’s not fear-mongering, it’s the truth. Google does not require warrants.
What are you talking about? Google does not give law enforcement information without a warrant or valid subpoena.
You clearly have no idea how any of this works and are fear mongering based on sound bites you may have heard. I work in this field and I know that Google (at least in the US) won’t just hand over data without a valid warrant or subpoena. Now this can be a FISA warrant where the defendant (imo) doesn’t have proper due process rights, but it is still a court order requiring them to comply.
Here is an alternative Piped link(s):
no it’s actually much worse than that
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Yet, my wife’s Siri can always find the nearest whatever
You can choose to let your phone use your location for requests. Her questions to Siri are not associated with her Apple ID but are instead linked to a separate anonymous Siri ID, which allows a degree of context without creating any records linked to an identifiable person.and suggest stuff based on my wife’s “preferences”.
Suggestions for random stuff on your phone (Do you want directions to work? Do you want to listen to this playlist that you listen to every freaking day?) are generated locally on the phone. Apple the company never sees that sort of stuff.Strange that those posts with seemingly absolutely sure facts are always coming from accounts that have had at least two other discussions about how great apple is in the last 24 hours. Why do only the devoted fans know for absolutely certain that there are shadowy IDs generated and never cross-linked with any other identifier and that apple never ever ever ever ever gets metadata from the stuff that is “generated on the phone locally”. Google generates tons of stuff on their tensor chips locally. Does anybody really believe them when they say that they don’t know anything about the stuff the Phone generates? I don’t. So why would I believe Apple?
