I’m frustrated. I’m a long time fan of Motorola. Their phones have been pretty simple and easy to remove junk apps. Recently I got an update that forced perplexity on my phone.
- Buy Pixel 9a (great value among new, 120Hz smartphones)
- Activate, setup service
- Unlock bootloader
- Install grapheneos using their install guide
- Lock bootloader
Good budget(ish) switch to get a good phone, privacy, security, and AOSP experience.
Great value my ass, I can barely get a used pixel 8a for 300€ in the EU. Redmi 4x from 2017 costed 160€ new and had all the features of phones at the time (except NFC). I’m still considering a pixel just for GrapheneOS, just because it’s that good compared to LOS, I use on the Redmi.
I’m sure it’s a good value for some. I just use the super budget phones. They work fine and have more stats than I ever need.
Do you need root? It’s a big security risk, for multiple reasons.
You can always just get a used pixel (no further money to Google), and install a custom ROM that allows your bootloader to relock after installation. I personally prefer Graphene for this, but I believe Lineage also allows you to do so. They both have no bloat from the start, and GOS has sandboxed Google Play and Lineage has the ability to use microG iirc.
GOS can be installed via chromium based browsers, even from another phone. Security wise, there’s nothing more secure at the moment.
Why are pixels so popular for this?
Pixels are (currently) the only phones that allow for all of the following at once:
- Proper verified boot
- Bootloader unlocking (this is most important for any custom ROM installation, regardless of ROM)
- Hardware memory tagging
- Full hardware isolation
- Hardware key attestation
- Ability to disable USB data (and also USB entirely) at the hardware level
- Everything else on this list
In short, it’s simply because Pixel currently has the most hardware level security features of any Android phone (on top of bootloader unlocking), for now. The Graphene team is allegedly in talks with an OEM to produce a phone specifically designed for it, which may be just as or even more secure. Time will tell.
I feel the need to mention that I’m not trying to shill for Graphene and especially not Google. Depending on your threat model and goal, Lineage or similar might be just fine for you. I just don’t think there’s anything more secure than GOS at the moment, and if that is important to you, along with minimizing bloat, it’s a great choice. I do highly recommend avoiding root and instead just get something that you can unlock the bootloader for, and then install a degoogled ROM. Just make sure you don’t accidentally buy a permanently locked phone, make sure it says unlocked somewhere in the listing.
Great write up! Thank you!!
Desktop operating systems provide root access without forcing you to bypass manufacturer restrictions. Why should phones be any different?
rooted
Root is always a security risk, you really should not. (GrapheneOS comment (on Reddit) about rooting.)
out the box
None, probably. Refer to Bootloader Unlock Wall of Shame instead to check which companies do not restrict bootloader unlocking. See here for a list of devices where the bootloader can be locked with custom AVB Keys.
security risk
All those rooted concerns are true for desktop Linux / MacOS, and they still ship with sudo. If I can’t rm -rf the root partition then its not really my device.
The bootloader wall of shame is nice.
Recently I got an update that forced perplexity on my phone.
Fuck me, that’s infuriating.
What country are you in? Murena sells Fairphones in the US.
Other than that, I know this isn’t what you asked for but GrapheneOS can be installed from the browser on your computer…
That’s what OnePlus, Nothing, and FairPhone are supposed to be about.
For privacy, I like my iPhone, but I can’t really recommend them anymore. Even with “Apple Intelligence” the keyboard is hilariously terrible. It gets a few things right and I’m wondering more and more if the ecosystem is worth it. But throwing money at Google somehow seems worse.
That’s what OnePlus, Nothing, and FairPhone are supposed to be about.
It seems that you’re implying they’re not? Could you expand?
OnePlus originally had really nice enthusiast features and support for the CyanogenMod ROM. Now it’s just another manufacturer of corporate-safe glass-and-metal slabs while the soul of CyanogenMod lives on in LineageOS.
Carl Pei left OnePlus and put together Nothing. Nothing is a bit closer to what OnePlus was supposed to be, but they still leave much to be desired. They went all the way to implement a detachable back on the CMF phone, but the battery is still sealed inside. Absolutely no advantage compared to manufacturers like Google in terms of the third-party ROM experience.
FairPhone is the best of the bunch, but their priorities don’t necessarily match those of the community (i.e. security concerns, loss of audio jack and USB 3.0 on the FP6)
You noted on the phone hardware but not the software so I’ll comment on that. Recently OnePlus has announced as of Android 16 that they will restrict bootloader unlocking to only those who fill out an application.
Nothing Phone 3 and all prior Nothing phone bootloader are still unlockable to this day with no call to restrict it. I would know, I have a Nothing Phone 3 running Shizuku and am waiting for Google to move Play Integrity off of its Kanban board so I can root again. Their forums have a strong development presence and as far as I’m concerned this is the one of the last good holdouts on this new restriction standard.
Pixel was the de facto standard for unlocked bootloaders. However, Google is the core of the “registered developers only” movement for their phones, killing sideloading and removing Pixel images from the development models in AOSP. I no longer support new Pixels (certain used ones are still good, don’t get the 6 series though they are BAD).
Oooo ill check out the nothing phone! Thanks for tips!
