I’m Leaving Custom ROMs - Here’s Why


This is a companion discussion topic for the original entry at https://www.youtube.com/watch?v=LJXFqM2OC1Q

First, props for your bravery in announcing this move and being honest rather than pretending to be a privacy shadowlord who only uses the most extreme options.

Second, I’m not gonna lie, now I fee a little more validated for still having stock Android. In my case, I just wasn’t sure about flashing a custom ROM on the only phone I got.

Third, based on the general consensus that Apple gives the better privacy of the big tech companies, why not jump ship to an iPhone if you are going to use the stock version of the OSes? Is it just that Android is your preference? Is your interest in GAPP the thing that is keeping you on Android?

Fourth, in what ways have you had to ‘re-google’ in order to make your phone work?

Fifth, I’m looking forward to the additional insight on how to take stock Android further. :wink:

5 Likes

A lack of a GAPP-like equivalent for iOS was an issue (which is now fixed with Lockdown!) I would now choose an iPhone w/ Lockdown, but the new problem is I require multiple Signal accounts, and it’s simply not possible to have more than one Signal account on a single iPhone. So until iPhones support multiple profiles or Signal supports multiple accounts in the same app, it has to be Android. (I dislike carrying two phones everywhere I go)

Glad you like the video! Definitely won’t be too popular with people :stuck_out_tongue:


Update with more formal responses now that I had lunch:

First, props for your bravery in announcing this move and being honest rather than pretending to be a privacy shadowlord who only uses the most extreme options.

<3 No one is perfect!

Second, I’m not gonna lie, now I fee a little more validated for still having stock Android. In my case, I just wasn’t sure about flashing a custom ROM on the only phone I got.

I’m glad it validates you! Just to make it clear though, I’m not necessarily endorsing leaving ROMs, using them, or anything like that. The video was just designed to outline my journey. But if that validated something for you and your decision-making process I’m happy to hear!

Fourth, in what ways have you had to ‘re-google’ in order to make your phone work?

Very very few. The phone is as degoogled as it can be while maintaining GAPP. I still use almost all my same services as I was on Calyx, just with the benefit of more stable/reliable/fast updates, and constant protection under GAPP. So the only real “re-googling” is the crap I have to leave enabled via Google Play Services.

Fifth, I’m looking forward to the additional insight on how to take stock Android further. :wink:

Our video on Android Privacy & Security covers a great deal of what I did.

2 Likes

Yeah, I understood that loud and clear and it makes total sense. :+1:

Good to hear that it didn’t take much more than what is covered in the guide!

2 Likes

To expand, the consensus is that Apple is the best out-of-the-box option for privacy… but they are still collecting a bunch of data and just keeping it internal to inform ecosystem business decisions.

1 Like

Maybe I missed this in the video or something, but I’m not sure I understand why GAPP is valuable to someone that doesn’t have a Google account even if they’re likely to be targeted? What services does Henry use that would require a Google account to begin with for his personal (non-techlore/youtube) use?

From what I could gather about Google’s advanced protection program it:

  1. Requires the use of a security key for 2fa on a google account (which can be setup without the GAPP and wouldn’t be needed if you didn’t have a google account)
  2. Only allows app installation from Google play store which means goodbye F-droid (and is kinda the default setting anyway on an Android device because you can’t allow apk installs from anywhere without explicitly allowing it)
  3. It “allows only Google apps and verified third-party apps to access your Google Account data” (which is rendered moot by not having a google account in the first place)

What would make having GAPP a necessity for someone that already practices good opsec and common sense?

Even if someone wanted to run stock Android, couldn’t they remove Google Play services with ADB?

Not automatically hating the decision, just confused as to why the threat model would necessitate this. Thanks for any insight.

2 Likes

To answer your question about removing google play services via ADB, this very rarely doesn’t break a good deal of functionality of the device that you cannot get back, without using stuff like microG tmk, which requires root. I think rooting would make the device too insecure, at least for Henry

1 Like

That’s a very good example of choosing a threat model that fits to our own life. I personnaly don’t need this high level of security but I want to keep my phone as long as possible. So I’m going to CalyxOS. This is only about choice!

Thanks Henry!

1 Like

I do not see how this is the case with Apple products. Most Apple services are designed to run locally, in contrast with most Google services being designed to run in the cloud.

Just to name a few examples of various services Apple provides: Photos, HomeKit, Apple Health, Apple Fitness, iMessage, and Apple Translate are all designed to run locally on your device. Most of these services do have iCloud integrations for convenience/backup purposes, because many consumers do demand privacy-invasive internet integrations (lol), but none of them require you to give your data to Apple at any time. Simply disabling iCloud removes any access Apple might have to your data in these services.

In contrast, Google Photos, Google Home, Google Fit, Google Chat, and Google Translate all work exclusively in the cloud :upside_down_face:

All of this does make Apple better with respect to your personal privacy. They fundamentally design their products in ways which are more privacy-respecting than alternatives from the ground up, because they specifically don’t have an interest in your data. They have built a sustainable business model in which they require no personal data to be successful. There are areas in which I would like to see Apple improve their privacy and security posture, but comparing them to Google, et al., seems frankly absurd to me.

2 Likes

These post need to start adding the LBRY link too. Although for this one maybe not, the comments wheren’t that nice

1 Like