Hansel
That guide is actively malicious and is not to be followed at any cost. It spreads a substantial amount of misinformation.
Most of that guide is complete privacy and security theatre. You are not even "degoogling" anything with it.
For starters, do ps -AZ
and see the active processes. You will notice that Google Play Services is still actively running in the highly privileged gmscore_app
SELinux domain (https://android.googlesource.com/platform/system/sepolicy/+/master/private/gmscore_app.te). Various other apps, including OEM, Google and third party apps, will remain running under the priv_app and system_app SELinux domain. You can see some of the bundled system apps and privileged apps in /system/app
and /system/priv-app
. You can see their hardcoded permissions in /etc/permissions/whatever-app-here.xml
. You cannot revoke privileges like location access from GMSCore or storage access from the Play Store, etc.
Netguard is bypassable via intents and just general local sockets. To see for yourself, get:
- Netguard
- Orbot
- Telegram
Set Netguard to block Telegram and allow Orbot to access the internet. Start up Orbot. Then, set Telegram to use 127.0.0.1:9050
(or whatever port Orbot is running on). Observe that Telegram will be able to access the internet by proxying through Orbot. Malicious apps by competent adversaries can easily find bypasses like these and there is nothing you could do to stop it.
You are about as private with that "guide" as you are if you didn't follow it at all.
F-Droid has various problems on its own that you should be aware of: https://wonderfall.dev/fdroid-issues/
Just by switching to a Pixel, you have a device with longer guaranteed security updates (5 years with the Pixel 6 series and above), a Secure Element (Titan M chip), proper support for verified boot with third party operating systems, and so on.
The goal of GrapheneOS is to increase privacy and security over the stock operating system by both doing low level hardening (hardened_malloc, secure exec spawn, hardened libc, hardened kernel, etc) and putting more control in the user's hand (per-app sensor permission, an actually functioning network permission toggle, Sandboxed Play Services, optional remote attestation, etc). The full list of features can be found here: https://grapheneos.org/features
Note that the goal of the project has never been and will never be to "degoogle". That being said, you have to option to use the operating system without any proprietary Google apps and services if you choose to (this is the default configuration), unlike the guide that you referenced.