Gross. Android defaults are a privacy nightmare.
Option 1: leave everything enabled, & everything works with full spyware enablement too
Option 2: disable everything, but forget basics like mail notifications, yet still resign yourself to invasion from irrevocably disabled services
Option 3: the middle ground. Just kidding, disabling only what you truly don’t need is wildly opaque, and painfully slow: options are split and hidden wherever possible. Forget any “apply to all” graces being given by King Google. Disable the wrong thing, and break a seemingly enabled feature.
Also love how some options are given during setup, while others are only informational: “visit settings later to change this thing - hope you forget!”
So, what’s left: Option 4, root your phone and hope Magisk will work when you need to use your bank app?
I just want my cell provider to spy on me because physics. (Govt banning sale/sharing of that data would be epic, maybe some day in the far future.) Extra spying in the shadiest ways is bad and Google should feel bad.
Review of Android 12
Consider getting a Pixel as your next phone, immediately flash GrapheneOS onto it and never look back. Its very easy to do.
This is option 5!
The default install is really clean, you can run all the Google services you want, you can install them in their own user account, or profile, and not share with other accounts. You have full control. The only thing that doesn't work is tap to pay
Android Device Policy (ie: the spyware that is work profiles) doesn't work either. An important FYI for folks whose personal device doubles as their work device.
What do you mean work profiles don't work?
I'm using a work profile on grapheneos right now.
Well that's interesting because what this individual posted about is the exact behaviour I experienced trying to get my work's Slack connection set up.
https://discuss.grapheneos.org/d/1662-work-profile-sandboxed-google-play-services-android-device-policy-help
Not sure what you did to circumvent this.
Ahh. I see what you mean. Android device policy, doesn't work. But setting up work profiles with shelter does work.
So giving a third party control of your phone doesn't work on grapheneos, which makes sense.
Isn't work profiles the opposite of spyware because it insulates everything else on your device from company resources?
But then Android Auto and NFC payment like Wallet/Pay won't work…
I think Graphene supports Auto. Its the only thing that makes me want to switch from Calyx
My car doesn't support android auto but I would really miss nfc payments at this point.
Android Auto is supported. Payments are the only thing holding me back currently. But that's not something the developers of GrapheneOS can change unfortunately.
Yeah, if you're going as far as rooting and Magisk, go the extra half step and install App Manager (io.github.muntashirakon.AppManager). With profiles and 1-Click ops, you can disable trackers, freeze apps, revoke permissions. It's like a 1000 pound scalpel.
It's on the F-droid repos.
Fantastic suggestion - love it, thanks!
App Manager FTW
Yeah, I only buy phones with good Custom ROM support and then I flash them without Google Apps. I don't think banking apps would be happy about that, though.
Many banking apps work on GrapheneOS: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
This is good tech reviewing. Pithy and unforgiving.
It’s not a google thing specifically to be honest. Tapping into phones happened way before android was a thing.
Smartphones, both android and iOS, just make it easier for them to tap.
That's why GrapheneOS exists.
Just download ublock. Problem solved, obviously.
Option 5: throw your spyware pile of trash phone in the garbage can where it belongs.
Technically, it is private. As in privately shared. Not just anyone can get your data. It's a select club. Other than the employees handling it, it's mostly pay per view.