The IOS update that killed my original iPhone SE was the last straw. I was done with Apple.
They’d already skated far out onto the thin ice when they killed the excellent Dark Sky weather application and replaced it with their more-is-less Weather application, which took what was once quick, convenient, easy, and comprehensive — Dark Sky — and replaced it with a jumble of information, often not the information being sought, on a too-busy screen. It would have been forgivable if they had provided a setting that restored the look, feel, and functionality of Dark Sky. They didn’t. They never do. Apple knows best.
As when after IOS 9.3.5 they forced use of the home button, a physical switch, in some iPad functions. They may do as they wish, of course, but it would have been considerate of their customers if they’d allowed them to keep the way of doing things to which they were accustomed. But they didn’t. They never do. Apple knows best.
This is a part of a two part point-counterpoint series on privacy in mobile systems. You can read Timothy R. Butler’s take here.
For all its fluffy bunny, sweetness-and-light image, Apple is, I have concluded, at least as authoritarian as the other big-tech companies, whom as it happens I despise. Apple talks of privacy, but at Apple privacy apparently means hoarding your data so that only they can sell it. Its entire software regime is blocked from the curious eyes of its users. Trust us, says Apple. Apple knows best.
When the latest update to IOS 15 effectively ruined my little iPhone, I suspected (and still suspect) that it was a back-door attempt to get me to buy a new phone. If so, it succeeded.
Thing is, that new phone is not from the closed-source-and-guarded Apple. My new cellular telephone is a product from a company so generally reprehensible that it surprised even me: I bought a Google Pixel, from the Google store on Amazon. Yes, I did business with internet Satan, through his pal retail Beelzebub.
But hear me out. This is actually pretty cool.
The Pixel 6a, released the middle of 2022, is one of the most highly rated Android phones ever. People (and I am among them) think that Google is evil. But no one ever accused Google of making less than excellent hardware. And the Pixels come with a clean version of Android, free of the fripperies, complications, and bloatware added by most Android phone makers (Samsung, I’m looking at you). Google Pixel phones also tend not to burst into flames.
As cellular phones go, Pixels are open. By this, I mean that you can readily unlock the bootloader and install a different operating system if you want. I wanted. And the Pixel 6a, priced at $450 when it came out a few months ago, was now on sale for $300, brand new in the box. (I’d tried to go even cheaper, with an as-new Pixel 4a 5G for $160, but it had been locked by T-Mobile — when will I learn not to trust T-Mobile? It was once a cool company — which left me stuck with Google’s Android. I returned it.)
The new phone arrived and I unlocked it before it had ever been connected to anything. I then flashed it with the latest version of GrapheneOS. It is based on the open-source bulk of Android, but has been completely re-engineered with privacy and security in mind, resulting in a hardened operating system as opposed to the rapacious version shipped by the phone makers (including the version that had arrived on my new Pixel).
Flashing a phone, the installation of a new operating system, can be a tense thing. It usually is. I’ve done it a number of times and while I’ve never had it go wrong there has always been a mad-scientist flavor to the proceeding. But Graphene has even eliminated most of that, with its simple flash-from-the-website system. It’s available only for Google Pixel phones — I’d gotten mine with Graphene in mind, in fact — because they’re known quantities, not tampered with. The whole process took well under an hour.
There’s talk — I’ve done it — of “de-Googled” phones, and there are several well respected Android alternatives that achieve this worthwhile goal. For a time my favorite of these was Calyx OS, and I briefly considered it for the new device. The people who make it are loved in the open-phone community and seem very nice indeed, while Graphene folks are known to some extent for being paranoid and combative. But two things changed my mind. The first is that, alone among the custom ROM (alternative operating system) makers as far as I know, Graphene has you re-lock the bootloader after installation, to prevent unauthorized modification. The second is just as important: When I want my phone hardened against intrusion and data harvesting, do I want the development work done by nice people, or by people known for being cranky and paranoid? So Graphene it is.
It was now time to populate the phone with applications. This can be a problem with de-Googled phones, because there’s generally one source for apps (as is true to an even greater extent with “trust us” Apple). But the freedom-loving alternative-Android community has its own free substitutes for the Google Play Store, the best-known of which is F-Droid. Many of its apps are designed to be drop-in replacements for mainstream commercial applications. A few, such as the highly regarded YouTube replacement app NewPipe, are seen as improvements on the official versions.
Some people choose or need, for reasons of taste or function, official applications from the Play Store. Ah, but there’s a way to obtain and install those, too, and remain de-Googled. It’s the Aurora Store. It anonymously logs you in to the Play Store, where you’re free to download to your heart’s content. If you want, for instance, the official YouTube app, you can get it here. (It hasn’t sorted yet, though, how to deal with apps you pay for.)
We’re not in the clear yet, because some apps require things provided by Google Play Services, and Google Play Services (and their antecedent framework) aren’t on de-Googled Android. Ah, but much of a solution can be found in the work of the microG Project. This does a remarkably good job in handling the duties normally done by Google’s proprietary code. Yet there are a few things that even microG can’t accomplish, and Graphene has an answer for that: run the official Google framework. But with a twist.
The real Google code on GrapheneOS is put in a “sandbox,” where it’s kept on a short leash. It can do things applications need but is prevented from collecting information and from phoning home with anything it has managed to scratch together. It does what it’s supposed to do without being spyware (unless for some reason you give it permission to be spyware). In fact, all applications are sandboxed, so they can neither collect data from other apps nor the system itself nor report to their secret masters.
Anyway, there was no problem getting and installing the essentials: Proton Mail, Proton Drive, Proton VPN, Signal. The specially hardened browser and other stock applications are fine.
Then I made a discovery, called MySudo. I neither know nor care about its browsers or texting abilities (though the latter might get useful after Signal drops support, as it soon will, for notoriously unsecure SMS texts). What I wanted, and got (along with the other stuff), is its telephony. It does VoIP, or voice over internet protocol. What this means is that calls are handled as data, not voice minutes. If you have lots of data and limited minutes, as I do, this is a way around that limitation. For $5 per month you get 200 minutes and three phone numbers, which you can choose from among selections from the area code of your choice. That makes room for much merriment, if that kind of thing appeals to you, or you can choose your home area code. I might feel guilty about this but for the fact that the cellular company’s fanciful coverage maps have assured me — and sworn up and down on it if I got a new phone — that I have service here. Never did before and don’t now. But MySudo works anyplace you have internet data, which includes both cellular data and WiFi. So there. Do what you claim you’re already doing and we’ll talk.
(That having been said, you can get MySudo and pay for it only through a Google or Apple account, and it then nags you to make a backup of your configuration, but only allows you to do so to Google or Apple. Which suggests that MySudo is not really serious about either privacy or security. I got three numbers and paid $50 for them for a year, by which time there might be alternatives to whom security and privacy matter more.)
Selecting a few applications important to me from the Google Play Store via Aurora, I felt the scales get ripped from my eyes as I installed them. With GrapheneOS, you’re told of all the permissions and access that a given app seeks, and have the opportunity to deny those requests. In fact, I think the default is to deny everything you do not specifically approve. It was in turn troubling and terrifying as I saw the access seemingly benign applications sought. That little game or calculator, it appears, is more often than not a dinky application perched atop a wad of code the real purpose of which is to harvest as much data about you as possible.
A perfect example, I was sorry to learn, is the mobile app for My Anime List, the online database anime fans use to keep track of the shows they’ve watched and to discuss them with others. GrapheneOS informed me that it had blocked that app’s attempt to gain access to the phone’s sensors. “Most Android-powered devices have built-in sensors that measure motion, orientation, and various environmental conditions,” says the Android developers guide. “These sensors are capable of providing raw data with high precision and accuracy, and are useful if you want to monitor three-dimensional device movement or positioning, or you want to monitor changes in the ambient environment near a device.” They are also tremendously useful to people seeking information about you, where you are, what you’re doing, whether you’re on the move or not — the kind of stuff that law enforcement couldn’t collect without a warrant. (Apple phones have similar sensors, but how they’re used is opaque. But Apple knows best, right?) One thing is certain: a site for keeping track of the Japanese cartoons you’ve been watching has no legitimate need for such information. Thanks to GrapheneOS, they’re not getting it, either, at least not from me and my friends. What they’re doing is not illegal in most parts of the world. Nor is it likely to become illegal in the U.S. — political campaigns and organizations are among the leading consumers of shadily acquired data.
GrapheneOS caught the attempt. It does other things as well to confound those who would take from you information you’d just as soon they didn’t have. It prevents applications from collecting data about your device, about other applications, about your online life, pretty much anything you have not given them permission to access. Applications may be given access only to files they have themselves created unless you over-ride it. By default, pictures do not contain details of where and when they were made — again, you may allow it if you want.
Cellular phones are easily tracked from WiFi network to WiFi network by their MAC (media access control) addresses. This means that as you walk down the street a record is being kept of where you were walking, what corners you turned, how fast you were walking, and so on. In any medium-sized town, if you have a smart phone your location is constantly tracked to within a few feet. The Federal Trade Commission has known about this for years. And this is not something that can be done, it is something that is being done, all the time. GrapheneOS helps confound this by defaulting to use of a new, randomized MAC address created every time you connect to a network. It also defaults to not constantly pinging your device’s presence, as phones typically do.
The list goes on and on. As I got deeper into it, I was surprised, then enraged, by the devious ways information is collected about us — more about this in the future — and surprised and delighted by how much of it GrapheneOS neuters. All of this without sacrificing much convenience (in my case, there was no inconvenience at all). And all of this comes for free (though it would be only right for me and others who use it to kick in a few bucks to the GrapheneOS cause).
With just a little work, I was able to turn a Google-made cellular telephone into just about as secure and private a phone as can be readily had. With a little more work and a small loss of convenience I could make it extremely private and secure. My goal was basically to make collecting data about me more trouble than it’s worth, and at that I think I’ve succeeded.
(And through the sandboxed Play Store, I was able to install the official Google software for the Pixel’s camera, one of the phone’s main selling points. Sure enough, first time I used it it tried, and failed, to phone home. I’m not especially impressed with the camera, but I’m not impressed with any camera built into a phone, but that of the Pixel, with the Google software, is better than most but not on par with a real camera. The picture above, for instance, rivals the quality of images from my 2005 Canon SD400.)
Maybe you would like to do something like I’ve done but don’t have or intend to purchase a Google Pixel smartphone. Don’t despair — there are good alternatives. If you want, you can probably put de-Googled Android on the Android phone you already have.
Top of the list is LineageOS for microG, the popular Lineage non-Google Android operating system pre-built with the microG Google-services alternative. That’s available for hundreds of phones and is updated twice a month. It’s really something (GrapheneOS is frequently updated, over-the-air, as well.) To use this you need to know the codename of your Android device. Fortunately, this is pretty easily found. You then download the operating system — known as a “custom ROM” — and “flash” it onto the phone; instructions are available where you get the ROM itself. You need to back up your data ahead of time, because the flashing process wipes your phone. And you need to follow the instructions precisely. Then reinstall the applications you need — checking the permissions sought by each of them (no, that emoji juggler does not need access to your contacts list) — and restoring your backed-up data. This would be a good time, having gone this far, for you to install Signal and the various Proton products.
We need always to be aware of threats to privacy and security, but after having taken these steps we can breathe a little easier.
If you have an Apple device, you’re pretty much out of luck, sorry to say. That’s Apple’s decision. Apple knows best, they want us to believe. I don’t believe, not anymore.
And for that I thank them. I now know that security and privacy are my responsibility in this dangerous world.