Hi, lately I have been trying to decide what to do with regards to having a mobile phone. This post is basically an organized rant of options I am considering based on things I have read. I am not an expert or anything, and this is not advice, just information that can be found online.
What IS the problem? several things;
- data privacy does not exist on smartphones (outside of pricey and paradoxical options)
- trying to regain some amount of privacy unfortunately leads to potential security risks.
- it is not really safe to remain with the status quo (not updating/upgrading your smartphone)
- and every single alternate option comes with minor to major inconveniences.
This post is long, here are some jump links:
Jump To:
Data Privacy
I have mentioned this before in other posts, but if you open up the play store page of an app that you use every day, there is ironically a 'Data Safety' section. This section tells you all the different types of data that app collects, and what data it shares with third parties. A good rule of thumb is that if an app, website, or tech service is 'free', the real price is your data. Most modern tech companies' primary currency is data, because with more data usually comes more effective advertisements, more effective algorithms, and more time spent on the website or app (which inevitably improves the advertisements and algorithm). Most of these companies also have their own generative 'AI' service, which requires enourmous amounts of data to be as barely effective as they are now. If a company you use a service with has it's own named AI service, all of your data held with them will eventually be fed into it (if it hasn't already).
On top of the above, in the context of smartphone use, the data isn't just what you manually give to them (text, images etc.) it is also your behaviour. All apps draw over the entire screen of your phone, this allows them to determine the screen size and often the model of your phone, if google or apple haven't given that information away already (they probably have). Apps are able to track what you view even if you don't engage with it (liking, commenting). Any post or advertisement you linger on while scrolling, even unintentionally, is tracked and fed back to your personal algorithm. Many apps will also collect your device ID or unique user IDs which will allow them to cross reference with third parties and build a larger data set about you. Alot of your data is tied to your device ID and UUID, so apps may be able to scrape things like your predicted age, location, shopping habits, behaviour patterns, and potentially what other phones or computers you have/had. All of this is (deceptively) 'consented' to by you whenever you download or use these services. Obviously knowing the breadth of data collected is confronting, that's why terms of service and user agreements are so long and complicated, in the hopes you will just say yes and move on. And if individual apps doing all of this isn't enough, the phone operating systems also collect the same (if not much more) data, even more effectively.
Alternatives & Security Risks
One thing that the major two phone operating systems do well is security. The process of downloading apps from their controlled stores, along with their app scanning/vetting processes, hugely reduces the risk of malware. While the apps are technically coming from one source (Google Play Store, Apple App Store) that can be the target of attack, they are owned and run by companies that are able to put a lot of money into risk mitigation and redundancies. They also put a lot of money into the security of the operating systems themselves, while the manufaturers do similar with the hardware.
The assurances given in the previous paragraph fade away when the version of the operating system stops being supported, and when the manufaturer stops supporting the hardware with security updates. At the time of writing, Android 12 and below are no longer supported by Google and won't get future security updates. Android 13 was only released in 2022. Most manufacturers stop supporting a phone about 3 years after they release it, the Google Pixels are considered outlyers for having 5, and now 7, years guaranteed support. I am not as familiar with Apple's ecosystem, but I believe it is a similar situation. These companies are telling you that to remain safe, you must purchase a new device (of several hundred to a few thousand dollars) about every 3 years if you wish to engage in smartphone use safely. It is still possible to use older 'outdated' hardware and software, but the risks increase as more time passes (more time for people to find and exploit vulnerabilities).
There are a few alternatives, most of which come with potential security risks of their own.
Alternate App Sources
I have written about this in another post at length with more detail. But to briefly summarize;
F-Droid: A free and open source app store that only hosts apps which their teams builds from source code provided by the developers. This method should ensure that there is no malicious code or proprietary code within an app, fitting with their security and ideological aims (FOSS only). However with F-Droid solely responsible for the building, scrutinizing, and hosting of apps, they are potentially one large attack source. Their process also takes time, which can mean a security update patching a serious vulnerability in something like a browser could be days late on F-Droid vs directly downloading from the developer.
Third Party Repositories: F-Droid, and other derivitives like Droid-ify, allow for the addition of third party repositories (app sources). This allows you to use the F-Droid client to circumvent F-Droid's building from source code process and download apps directly from servers hosted by others, with IzzyOnDroid being among the most popular. This comes with new potential security risks and new attack surfaces, while also usually getting security updates to you quicker than F-Droid can provide them.
Obtanium: Open source app that allows you to download apps and updates to those apps directly from the developers' Github/GitLab/Codeberg sites. This requires you to trust the developer of each app, and also adds the potential attack surfaces of the major code hosting sites used. You are also recommended to manually verify the apps on initial download. It is probably the quickest and most convenient way to get the most up to date versions of apps directly from developers though.
Accrescent: Newer alternate app store with many security features, but very few apps available (20-30).
*Just to note; open source typically should mean that the software is free from malicious code, as any and all people who use the software are able to see the source code. However, many people assume someone else has done so, or do not have the knowledge to peruse code themselves, with this in mind it is theoretically more likely to be safe when using open source software that has many users and therefore more eyes on the code.
iOS: There are no alternate app sources, the options are limited to 'sideloading' 1-3 apps, or 'jailbreaking'. There is also a much smaller scene of open source/alternative app developers because of how locked down the system is. sowwy
Alternate Operating Systems
This is only viable for Android devices, it is not possible to install a different operating system on iPhones. Unfortunately all but one of these will leave the bootloader unlocked after installing. This is a major potential security risk, as if you lose, misplace, or even leave your phone unattended briefly, someone could load malicious software onto it. The only way to mitigate the risks associated with this would be to remove or largely reduce the data you keep on your phone after installing a different OS.
GrapheneOS
GrapheneOS is a highly secure, open source, Android based operating system that takes measures to protect your data privacy and obscure your identity from data collecting apps. It also allows you to relock the bootloader on your phone to ensure if somebody else gets a hold of it, they are unable to install malicious software. Some of the security features implemented by Graphene have been sent upstream to improve the security of Android and the Linux kernel. There are also endorsements from people who have had highly sensitive information remain secure due to the use of GrapheneOS, including journalists arrested under the guise of having their data collected. Graphene also provides sandboxed google services out of the box, which is to say you can use play store apps without them interacting with the rest of the system. The download and install process is made relatively easy with a browser based method (requires a chromium based browser though).
All of this is probably the ideal setup that I would like, the only downside is it requires a Google Pixel 7 or above. This is for multiple reasons, the main two being; Pixels are some of the only phones available that even allow unlocking/relocking bootloader, and Pixels now have a minimum of 7 years manufacturer support (which means the work put in to developing GrapheneOS for a device is not undone by loss of support in less than 3 years). So arguably the best option for decoupling from Google's phone data privacy invasion is , ironically, to buy a Google manufactured phone. Even second hand these phones are out of my budget, and it would still leave me with the problem of a 7 year cycle of 'requiring' a new device when manufacturer support ends and Graphene also ends support (to maintain the best security).
CalyxOS
CalyxOS is another privacy focused Android based operating system that allows relocking of the bootloader. It uses microG to manage google play services without the constant stream of data back to google. Everything about this seems good also, but it has the same problem of requiring a Pixel phone, or a limited range of other models from other manufacturers that are not available to me, and especially not second hand as they are quite niche already. wah
LineageOS
LineageOS is a great open source Android alternative that allows you to keep old devices running far past their support end dates. I have used this within virtual machines/android emulators before and it's fine. No relocking the bootloader though :(
Ubuntu Touch
Ubuntu Touch was originally created by Canonical (Ubuntu company) and abandoned. Later picked up by the community in 'UBPorts' who have been maintaining it and adding further support/devices. This is a more conventional Linux operating system, but running on phones. One of the more popular community maintained devices is the Pixel 3a which is much more affordable second hand. The main drawbacks are; again no relocking bootloader, potential security risks of using older phone hardware in general, and at this time VoLTE (4G phone calls) is not totally supported. The VoLTE problem is currently very close to being resolved, which is cool as where I live has shut down it's 3G networks, but I am still hesitant to using an bootload unlocked device. There are also verrrryyyyy limited apps, which I could easily cope with, but is not for everyone.
Other Linux Phones
There are some other Linux based phone operating systems like SailfishOS or /e/OS, but they are primarily coming from Europe. This poses problems of compatibility with my local mobile networks and huge costs associated with buying/shipping physical phones (from Murena, Volla, Jolla, Fairphone, etc.), as well as issues trying to load the operating systems themselves onto unsupported phones (unlocked bootloader, limited app or hardware support).
Freak options
I say 'freak' facetiously because these options I am grouping together are unrelated apart from being 'outside of the norm'. The idea would be to get rid of my smart phone and use one/both of these instead.
Emulating Android on a Laptop full time
I have been testing this out a bit lately with a couple options. Just to note, all PCs and laptops in my house have Linux only, so this will mainly be from that perspective.
Android x86 is my favourite way to use Android on PCs just for it's ease of use. It is an ISO so you can just load/install it in a virtual machine or even directly on a regular x86 PC/Laptop (I haven't tried the latter). This makes it technically compatible with any operating system (with a virtual machine program). It comes with play store already installed so you can use any apps from there, but you can also use any of the alternate app sources I mentioned above (F-Droid, Obtainium etc.). Everything I have used it for has worked perfectly fine, and it remains separate from my laptop's system when contained in a virtual machine. This setup could be annoying for people who need constant phone connection for social, familial or professional purposes, but I am in a unique position where it should be fine. I personally find grabbing my laptop and logging in to be very quick and easy, and much prefer it's usability compared to a smartphone. It is more comfortable to use a keyboard, the screen is larger, it is more powerful, and it can run many more apps and programs. I have not actually tried using Android x86 to mobile-ify my laptop yet, because I have been testing Waydroid for that instead.
Waydroid is a containerized way to run Android inside a Linux desktop. It requires a Wayland desktop session to function (or some configuration in an X11 desktop with 'Weston') and actually loads the apps into your application menu/list. I figured this would be ideal for having phone apps accessible all the time, especially if you install a GApps image to allow for the download and function of play store apps/google services. I have only tested Waydroid out breifly, it requires a bit more configuration and troubleshooting than Android x86, but I am slowly learning the quirks. The version I have installed runs on LineageOS, and can easily load F-droid/alternative apps. Not sure about the level of compatibility with my laptop hardware yet (stuff like camera, mic etc.)
Feature Phone
This is just the name for a normal older style mobile phone with buttons, the majority of which do not have any apps. Considered a freak option today, but looking into it online I have seen a huge chunk of people switching to these as a method to counter smartphone addiction. They are generally pretty affordable with many second hand options available, even with VoLTE support. I do need the ability to make a receive phone calls and texts for various reasons, and this option is seeming to be much cheaper and safer. Cheaper in that I don't 'need' to buy a new model every 5 seconds when support ends, and safer in that I can't really store data on it anyway, or 'security through obscurity'. If there were any app that I wanted to use, I can just use a PC/laptop to access the web version or do the android emulation I mentioned above. It is also on my mind because a close friend has recently made this change, with success.
Conclusion
This post is already extremely long and I am kinda fizzling out mentally with regards to it. This has been a means for me to get all this information I have been researching out of my head and written down. My conclusion is... I don't know what I am going to do. I think the most desirable choice is either GrapheneOS (which I don't have the money for, nor would I want to drop it on this) or doing a hybrid feature phone and android on laptop setup (the freak options for $0).
I guess I am just still slowly working out if I even want to use any phone apps, I don't really get anything out of them and I can contact people via phone calls or SMS still. It is honestly all so low stakes that while it has been on my mind, I haven't taken much action beyond online research. For now I am just sticking with the status quo and taking privacy mitigation measures on my current phone, like using websites instead of apps, a privacy focused browser (Ironfox), and removing most data from my phone.
Thanks for reading if you did, I hope this helps you somehow too. I may add to this later if I make a decision, or if I find more relevant resources. Byebye