• General

  • Noob questions/advice about privacy for someone switching to Graphene

I've been testing GrapheneOS on my old Pixel 3 for a couple of weeks now to see how feasible it would be to use as a daily driver. My main goal is reducing my digital google footprint overall.

While my main phone is running I'm noticing my reliance on privacy invasive apps:

  • FB Messenger (so many friends rely on it for all comms, but I'm pushing to only be available on Signal)
  • Gmail (Is where my main account of so many years is, but slowing getting off of it and using other services)
  • Google Photos (I'm working on self hosting my cloud backups)
  • Uber (I don't use it often, but I don't have much choice at certain times)
  • Strava (literally recording GPS of where I run, but maybe I'll ditch this in future)
    I'm on my way to weening off/reducing these services, but in the meantime can someone highlight if there's much point in using GrapheneOS and still using these apps?
    In my mind I'd like to start with Google Play services all turned on without logging into Google Play, downloading apps off Aurora store anonymously, and then cutting privacy invasive apps back as I go.

If anyone can offer some insight to any huge holes in this strategy or if there's an optimal way you might suggest to use profiles to split out any services in particular it'd be greatly appreciated.

    You could use FairMail for gmail account if you plan to stop using sandboxed play services eventually...

    Uber works alright in a web browser, again if your goal is to not use play services one day.

      Strava works on GOS.
      (I have the sandboxed Google play)

      DeletedUser115 Unfortunately the recommended way
      to set up a Gmail account on Fairemail
      requires Sandboxed play services setup with the
      email account in question.
      At any rate gmail on Vanadium works pretty well,
      I mean it is the mobile version, pffft,
      but you can do all the basic stuff like the mobile app.
      And in my opinion looks far more elegant than the mobile app.

      Here is the FAQ which deals with this.

      Also https://photos.google.com works well on Vandium
      except for downloads.

          ayaen Thank you ayaen! So play services are needed for OAuth with Gmail? That's sad... But yeah... One could use an app password for Gmail but that's obviously bad for security and should be avoided...

          Just tried OAuth gmail in FairMail and it does require play services... I am a sad girl now 😿

            reissue Strava (literally recording GPS of where I run, but maybe I'll ditch this in future)

            Unless you're hooked on the social aspects of sharing your runs for comparisons, there are privacy respecting trackers out there for purely recording your activities with the GPS. FitoTrack (more fitness related), or for simple track recording: OpenTracks or even OSMAnd.

              ayaen I haven't tried it yet, but it looks like K-9 Mail recently received an update to support OAuth with Gmail accounts, and it seems like that build has made it to F-Droid, so I'd be curious if that works without Sandboxed Google Play.

                Omg I just tried it and it works! Thanks Mario! I am a happy girl again 😺

                I noticed if you enter a G Suite email address with custom domain, it doesn't launch OAuth flow like it does for @gmail.com address... Wondering if K9 can do OAuth for work email?

                  DeletedUser115 Awesome, thanks for confirming! I'm not sure how an email address with a custom domain would work. Could you perhaps start with an @gmail.com domain and then edit it to the custom domain during the OAuth prompt? I can't test that myself, unfortunately, but I don't see why that wouldn't work.

                    Thanks Mario!

                    I got my work G-Suite email (custom domain) working! Yay... You enter a @gmail.com email address on the first step of the wizard, then change email address to your work email on Google OAuth screen and authorize your work Google account.

                    Then K9 shows 2 error messages when trying to check incoming and outgoing server settings. Tap continue each time. Then Go to Settings and change username in both Incoming and Outgoing server settings from the gmail.com address to your work address.

                    That's it, it works 🌷