SimpleX Messenger is a great option.

and some people are ignorant

Thank you. I wouldnt have known this if it wasn't for this post. I've never seen these sites. Good post.

This does not solve the Play Integrity API issue. This would make app compatibility even worse lol.

Only a few apps enforce Play Integrity so it is still the best option for a casual user. Cash App enforcing it is my biggest hurdle.

XMR is decentralized and its seen as a currency

anyone know the name of this case? asking for a friend

Why isn't it possible for a creator to exist?

Thom Yorke 🔥

Nostr is awesome. I'm hoping it grows much further.

Aurora Store isnt needed because of Graphene's Sandboxed Google Play Services.

Obtainium app is best for installing APKs from github, fdroid, etc because of the auto updates.

My favorite feature of GOS is the scopes for contacts, storage, and MTE support on Pixel 8

Watch this in a dark home theater

https://youtu.be/Zgg7BgaFG1s

We go to sleep and it clears

Why is a windows computer not my computer? makes no sense

it needs organic stability and you're also comparing the stability with fiat.

pls buy a new phone lol

https://gitworkshop.dev

Everything should work perfectly fine.

Just make sure you know which apps are not supported on GOS such as Netflix, Hulu, Cash App, etc because of the Play Integrity API. Don't be afraid to use the Play Store as well. Its treated like any other app on the system so it isn't highly privileged.

Also, one thing that was a problem for me at first was the restore solution (and backup solution). You will have to transfer your files from an external drive whether its the cloud or a local one.

Feel free to join the GrapheneOS Discord/Matrix/Telegram server and ask more questions because they're very knowledgeable people that can support you.

carti

A lot of the security work on Linux is being done by Google. It's highly unlikely they are putting backdoors in their products.

The desktop security model is insecure in general. Phone OSes are much more secure.

Reasonable desktop OS to use is Qubes, Fedora, MacOS, ChromeOS, or Windows pro/enterprise (hardened)

Phones are much more secure especially the Pixel 8/pro with MTE immensely reducing remote exploitation. GrapheneOS is the only distro that enables MTE by default and recently implemented it in their Vanadium browser.

Secure phones (secure elements are important): IPhones and Pixels (GrapheneOS or stock)

Also yes, Chromium is much more secure on Linux than Gecko based browsers because of its great internal sandboxing and site isolation. Firefox on Windows is catching up though, but still bad on desktop Linux and android.

This all doesn't matter if you're running an EoL device. Make sure your receiving official security and firmware updates.

that's about it

You can always connect a USB stick or card reader with an SD card via USB-OTG

I will recommend you do use a phone that still receives security updates (Not EoL) because I don't want you to lose out on security just to deGoogle.

If you are strict on having an SD card slot and your phone is still receiving support, you should use StockOS to receive firmware updates as soon as possible. If the phone you decide to get is EoL, the least bad option would be DivestOS (fork of LineageOS)

Again, I would advise not using an EoL phone.

microG runs Google Play code just like Aurora Store. It is not fully open source. Here's more information.. It is still connecting to Googles propriety servers.

microG requires Signature Spoofing and alternative OSes usually ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.

Now you're using a privileged component, which downloads and executes Google code in that privileged unprotected context, and which talks to Google servers because otherwise, how would FCM work for example?

Despite doing both of those things, MicroG doesn't have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device. Even in some magical universe MicroG worked without talking to Google servers or running Google code (again, in a privileged context), the apps you're actually using it with (the apps depending on Google Play) have Google code in them.

I recommend you purchase a Google Pixel 6a or above (minimum security support ends July 2027) and flash GrapheneOS. (Pixel 8/pro preferred)

Aurora Store doesn't avoid Google since a lot of the apps from the play store include Google's SDK and libraries. microG also doesn't avoid Google as it is still running proprietary Google code and has more privacy/security weaknesses

Sandboxed Google Mobile Services is a much better implementation which is featured in GrapheneOS. The services are not privileged and is treated like any other app. They don't downgrade privacy or security unlike the other alternatives.

There are much more privacy and security benefits using GOS. Here is a 3rd party comparison between different mobile OS.

I would use Firefox on Android but I'm waiting until the security is on par with Chromium such as having internal sandboxing and site isolation.

Also since Firefox doesn't have a WebView implementation, it has to be used with the Chromium based one so it doesn't make sense for me to use two browser engines.

security theater

AOSP does get security updates first because GrapheneOS is based on unmodified AOSP. They are quick to port over updates though and they have extra features like hardened malloc and better user profile support.

Non pixel phones aren't secure because GrapheneOS doesn't support them. They aren't secure because they either don't have secure elements, broken verified boot, or don't properly support alternative operating systems. This makes phones like OnePlus, Fairphone, etc not secure enough for GrapheneOS.

DivestOS I would say is the least worst option when it comes to supporting EoL phones. They're at least honest about what they do and don't provide unlike what other OSes do. On their website, they tell you they aren't a secure OS and they can only try their best to reduce harm on an EoL device. DivestOS Security.

The only secure phone operating systems are either grapheneOS or stock. All the others usually are behind security updates.

For migration, I would just use a USB C drive and transfer files.

Please do not tell me you use Mull over Vanadium

Have you tried enabling the Exploit protection compatibility mode on the PF app setting info page?

Passkeys are replacing MFA and passwords.

Element for matrix is actually cheeks

I just use the AOSP messenger. If I used google play services, I would switch to Google messages because of RCS and it looks much nicer.

End of Life date was 4 weeks ago 😔

I'm not sure about pizza but I've heard a guy putting a casserole in his oven and forgot about it because his coworker was begging him to hang out with him. When he walked back home, his house was burned down to the ground and the firefighters told him "Some knucklehead left a casserole in the oven." He was super devastated after that.

This is why Accrescent is amazing. It has automatic updates for Android 12+. Also leaving the bootloader unlocked is a security risk. Using stock or GrapheneOS (better option) on Android is best because you can lock the bootloader.

I don't mind Fdroid being around. If you're okay with the security risk, I have no problem. I've explained to you the security issues and the misinformation that people give that FDroid is secure. I was just explaining their security vulnerabilities and explaining why Accrescent is a much better option for installing apps.

I think your thinking im against FOSS but you're not understanding. Many people in the FOSS community only care about privacy and ignore security. A developer can implement security benefits to FOSS but many people don't care to do it.

Accrescent is FOSS and it has much higher security benefits than F-Droid. Accrescent allows both open and closed sourced apps because there's no benefit being exclusive to having FOSS apps in their catalog.

If the user chooses to not use proprietary apps on Accrescent, they don't have to install them.