• Off Topic

  • Long time iPhone user thinking about making the switch - good idea?

Thanks for all the encouragement, guys! I just went ahead and ordered a Pixel 9 Pro, so I'm all in now!

Okay, so I've got a few other questions for when I set everything up. I've heard people mention using profiles, and I'm not totally sure if I need separate ones or not. But I do like the idea of having a main profile that's totally Google Play Services-free, and maybe keeping GPS on a secondary profile just for specific apps that need it. For example, I'm planning to use a VOIP service like MySudo for phone calls, and it seems like that needs GPS to work.

Does it make sense to keep that app in a secondary profile that's always running in the background? And if I'm in my main profile, will my phone still ring if a call comes in from the secondary profile? I'm also a little worried that keeping multiple profiles open at the same time will drain my battery a lot...

    hesitantapplegal My main profile (usually referred to as 'owner' here) is also Play Services free. Some people utilize secondary user profiles in a completely different way. They use the owner just for management purposes and offload their daily usage to other profiles. I personally don't have that in my threat model, so I use a secondary user for some rarely used spyware apps. Shopping and smart home management mostly. The rest of my stuff is spread across owner (all FOSS apps, except GCam), work profile (with Play Services for Maps and some apps that rely on timely notifications or Play Services in the first place to even run) and Private Space (also non-FOSS apps, that don't need Play Services and are there for convenience).
    You should ask yourself if it will be beneficial for you to compartmentalize the phone to an extreme extent or keep it simple. I don't know how reliable secondary user profiles will be for something like VOIP, I don't think you'll be able to take calls if you need to switch profiles first. And yes, running profiles in background will have more impact on battery life. Since I run my main tasks in owner, I have most things shut down during the day. Secondary user, work profile and Private Space are all disabled, location services are off, camera access off. Gives me some peace of mind at least. And a good 2 days of battery life.

        DeletedUser87

        Thanks for sharing your setup! I'm not trying to go full-on Snowden or anything, I just want to minimize my digital footprint and not make it too easy for big tech to collect all my usage data.

        But hearing you out, I'm wondering if it might just be simpler for me to use Google Play Services in my main profile after all. That way, I could run MySudo in there for VOIP, and also get notifications from Proton Mail and Calendar. Does that sound like a more straightforward approach for someone with my (pretty basic) needs?

            hesitantapplegal you can still isolate it via Private Space or a work profile and leave it running. I wouldn't personally install Play Services into my owner profile since I can't put that to sleep. When Private Space or work profile get disabled, they stop background activity - that's why I set it up this way. And at least Proton Calendar shouldn't rely on Play Services. I also seem to recall that ProtonMail will work via WebSocket for push notifications (I might be wrong though).

              I think I get it now. Since I need my VOIP phone app (probably MySudo or Linphone) to be running 24/7, and it requires Google Play Services, I'd never really be turning off the work profile or private space anyway, would I? So, in that case, maybe it's just easier for me to put everything into one profile with Google Play Services and be done with it?

                hesitantapplegal maybe it is. I avoid Google as much as possible, so I don't really use services that rely on them. My VOIP is barely used, so I only open the app when I need to call someone, I don't receive calls on that line.

                    DeletedUser87

                    Do you mind sharing what you use for receiving phone calls? I used to listen to the Bazzell podcast before it got taken down, and I remember him always stressing how important it is to keep your SIM card-based phone number private. He'd say how it can be exploited in all these different ways, like how your location is always tied to it (unless you're in airplane mode), and how your provider keeps all your SMS and call logs forever. And then there's the risk of getting SIM swapped, which is just a whole other level of scary.

                    If I recall correctly, he used to use a Mint SIM card just for data, and then relied on VOIP for all his calls and texts. He'd only use his actual phone number when absolutely necessary, and would try to get people to use Signal instead. I'm curious, what's your setup like?

                    On my iPhone I just use mysudo for everything and no one knows my 'real' number.

                        hesitantapplegal that depends on your threat model. Just having your phone number exposed doesn't automatically mean everyone will try to hack you. Location is of course tied to it, but I can't change anything about that. I would need to run airplane mode at all times to effectively mitigate the risks, which would turn my phone into an iPod. I barely use SMS, my 2FA is almost completely based on FIDO, TOTP or e-mail (for less important services) and I don't really care about call logs, I mainly use Signal to call people if I ever call them. That fits my setup and my threat model. I would suggest reading up on that topic as you're throwing a bunch of different threats into one basket, which seemingly have no clear goal. The problems a journalist in China faces are not even close to what the average Joe in the US might have to deal with. If you need some help on threat modeling, I (and probably some others here) can of course assist you.

                            DeletedUser87

                            I think I can summarize my concerns pretty simply: I just want to minimize the amount of non-encrypted data that's collected by companies and governments who might use it for profiling, marketing, or worse.

                            I'm assuming that all this data is stored indefinitely, and with AI getting more advanced, it's not hard to imagine that it could be analyzed for who-knows-what purposes, either now or in the future.

                            I remember Bazzell talking about how if your SIM card is your public number and it's tied to your identity through KYC, you could get caught up in dragnet surveillance just because you were near a crime scene. He even shared some crazy examples of this happening and how hard it is to clear your name after being wrongfully accused.

                            But, I don't know if that's a good enough reason to not use my SIM card number for non-Signal/WhatsApp calls. I'm not exactly worried about being targeted by anyone, so this is more of a proactive approach to minimizing my digital footprint. I'm already pretty careful about my online presence - I don't use social media, I try to use privacy-friendly apps like Signal and Proton, and I only have about 10 apps on my phone.

                            I hope that helps you understand where I'm coming from. I did read some advice I think from @matchboxbananasynergy about starting out by installing Google Play Services and using my phone just like I did my old iPhone, so I don't get frustrated and give up on the switch. I'm definitely worried about getting frustrated, especially since I'll already be adjusting to the Graphene UI, which I'm sure will take some getting used to.

                            Edit: I guess I would also add that if you think with my somewhat generic and not targeted threat model, it would be perfectly reasonable to stick with an iPhone, don't hesitate to tell me that! As I understand it, the security and privacy is OK on an iPhone, but you may be losing privacy to Apple (which they allegedly don't share with others?)

                                hesitantapplegal alright, that at least narrows it down a bit. Although the threat actors are a bit generic and thus the amount of hurdles is pretty extreme. Play Services is good for a start as I said. Remember that with 3rd party services you also always outsource your data to a party you have to trust. If for example MySudo ever got malicious, you would have basically the same problems you could have with your carrier. I employ a zero-trust policy, meaning all systems I use that I don't trust are considered compromised; this includes my carrier. The same goes for VPNs (it's why I just run my VPN at home and connect to that when I'm on the go). Different people have very different approaches in general. I decided to go for self hosted solutions for most of my services. I only have mail on a different provider, everything else runs on my own server at home. If you can include Apple Music, well - I can't replace that by buying a million songs. At home, my router is set to support DNS-over-HTTPS (DoH) to disguise DNS requests from my ISP. General advise: try to move as much of your communication over to Signal or SimpleX, since that is one of your main concerns. You can't really fix calls or SMS - they are outdated protocols all in all and it's better to use Signal calls or chats wherever possible.
                                I think you have a good starting point by reducing the amount of apps and not using social media. Everything else - you can figure that out as you go. (It's hard to give general advise without knowing the exact needs someone has)

                                    To address the most important and most common privacy problems one should get private from their ISP by using a trusted always on VPN, getting private from Google since their infrastructure has been designed around apps communicating with the platform thus allowing wide collection of data that is linked to your identity and last but not least careful selection of apps you decide to trust and use to cover your needs for mobile phone use. This will already put you well ahead of most. Then keep educating yourself and build on top of that.

                                    For one I know getting private from Google is very difficult, which I go about by using Aurora Store as my source for apps (I know many may disagree that this is not the recommended way, but I stay away from apps that are suggested to be privacy unfriendly, and most of them have network disabled, thank you GrapheneOS. And knowing they can't talk to Google puts my mind at rest, because this is where majority of IPC happens).

                                      DeletedUser87

                                      Thank you again for the detailed response. So in your situation, if you ever needed to make/receive an old fashioned phone call (not signal), do you use your SIM card phone number? Or like if someone like your doctor or accountant or lawyer needs your phone number and they don't use signal?

                                          hesitantapplegal same as every one else who doesn't rely on FCM notifications anf no self hosting. It takes getting used to but I like the way of interacting with my device in more proactive way. And I tend to stay offline where I can. This style doesn't suit most.

                                            a month later

                                            Just my two cents.

                                            Used iPhones for a decade and recently switched to Pixel 6a and GOS. I've actually really enjoyed the switch to Android.

                                            Somethings are a bit off feeling, but many things are way better. Split screen mode is awesome! Also, you may run into some hiccups because GOS is by default more locked down. So every app starts from no permissions and you have to add permissions. Some apps work without all permissions, and some don't. However I really appreciate the capability now that I've got it all configured.

                                            It does have somewhat of a learning curve. I started off wanting to avoid google at all costs, but ended up installing Google Play Services. I've since switched off of Gmail and use NewPipe for YouTube. So Google gets less data now because of my choices, and merely because the Sandboxed Google Play Services that GOS implements is already by default better than a non-GOS phone with Google Play Services and still using all the same apps.

                                            I would recommend it! Hardest thing is not using iMessage only because so many people default to SMS now and I have had some issues sending/receiving texts to a select few iphone users who I previously iMessaged even after deregistering my number from iMessage.

                                            a month later

                                            someone27281
                                            Nobody knows what the behind-the-scenes system apps in iPhone are doing. We don't see them and have no idea even what they are.

                                            Ditto with the Modem processor.

                                            I always thought the iPhone was private, but nowadays, not so much...