Embracing Change: My Journey from iPhone to Graphene OS (Part 1)

In an era of rising concerns around data privacy, there’s a growing shift towards secure and privacy-focused alternatives to mainstream operating systems. Among them, Graphene OS stands out as an open-source, security-centric mobile OS built on the Android Open Source Project (AOSP). This article will explore the rationale behind my transition from my iPhone to Graphene OS, and in part 2 I’ll explain my personal journey through this change, and guide you through the process if you wish to follow suit.

Edit: Part 2 is now available here. This has turned into a 3 part series.

The Great Privacy Debate

There is a common misconception that privacy is the domain of the paranoid or those with something to hide. This is far from the truth. Privacy is a basic human right, and everyone, regardless of their activities or interests, should care about it.

Consider a sample scenario: you’re at home, and someone is peering through your window with binoculars, meticulously noting down your activities. This invasiveness would undoubtedly disturb you, regardless of whether you’re reading a book, watching TV, or having a conversation. The reason you’d draw the curtains isn’t necessarily that you’re doing anything suspicious — it’s simply because it’s none of their business.

Similarly, why should entities like Google know every detail of your online activities, or even your physical movements? Whether you’re walking, biking, or doing anything else at any time, it’s your business and yours alone. The desire for privacy isn’t about hiding illicit activities — it’s about retaining control over your personal information.

Privacy and security, although different, are interdependent. Privacy measures protect you from potential data leaks, which could expose your personal information, leaving you vulnerable to targeted ads, identity theft, or worse. Furthermore, data breaches have become increasingly common, further emphasizing the importance of taking control of your privacy.

Google

In 2018, an extensive study titled “Google Data Collection” conducted by Professor Douglas C. Schmidt from Vanderbilt University, revealed alarming insights into the extent of Google’s data collection practices, particularly in relation to Android smartphones.

The report disclosed that an idle, stationary Android phone with Chrome browser active in the background communicated location information to Google 340 times during a 24-hour period. That’s roughly 14 data communications per hour, even when the user was not interacting with the phone.

The study shows that Google tracks not just where you are, but how you are moving, discerning whether you are standing, walking, running, bicycling, or in a vehicle, using the device’s accelerometer.

Furthermore, Google collected a significantly larger amount of data compared to its major competitors. The report showed that Android collects around 20 times more data from users than iOS from iPhone users. Google’s data collection activities also extend beyond its own products and services. It is estimated that more than 70% of the data Google collects comes from outside its own platforms, through third-party apps that use Google’s advertising and analytics services.

A notable aspect of this data collection is the passive nature of the majority of the information gathered. Google’s Android system collected and transmitted data even when users were not actively using the device or engaged with any applications. This incessant data collection provided Google with a detailed user profile, including personal interests, daily routines, socio-economic status, and even the user’s probable future activities.

In essence, the study demonstrated a rather invasive level of data collection by Google, particularly on its Android devices. This paints a worrying picture of the privacy implications of using such devices without adequate privacy-protecting measures in place.

Other Android Devices

A 2021 study out of Trinity College titled “Android Mobile OS Snooping By Samsung, Xiaomi, Huawei and Realme Handsets” conducted extensive tests on a series of Android devices from different manufacturers, specifically focusing on the telemetry data transmitted to Google. The study observed that these Android devices connected to Google servers even when not in use, and telemetry data was sent at regular intervals.

Key insights from the study include:

1. Frequency of Connection: These Android phones were found to make a connection with Google servers every 4.5 minutes on average.
2. Data Collection During Idle State: Even when idle, these devices transmitted information to Google. This data included hardware information like the device’s IMEI, SIM serial number, phone number, and more.
3. Data Sent on Interaction: When a user interacts with the device, such as by opening an app, additional data is sent to Google. This could include the time at which apps were opened and closed, and the amount of data transmitted and received by the device.
4. Pre-Installed Apps: A large number of pre-installed apps on these devices were found to have communication with Google servers. Even when these apps were not opened or used, they still sent data to Google.

This study underscores the extent of telemetry data collected by Google, even from non-Google Android devices. It demonstrates that data transmission to Google is a core part of the Android operating system, regardless of the device’s manufacturer.

Apple

According to a study by Trinity College Dublin titled:
Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google, Apple’s iOS, while sending less volume of data than Android, collects a wider range of information, which includes device location, local IP address, and identifiers of nearby Wi-Fi networks (MAC addresses). This collection extends to times when the user is not actively using their device, not logged into their Apple account, and even when all optional data-sharing settings are disabled. The iPhone also transmits data about other devices sharing the same Wi-Fi network, and when location services are enabled, it shares the device’s latitude and longitude with Apple servers. The researchers summarize: “We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins.”

This data collection behavior suggests that Apple could potentially be collecting a more sophisticated dataset about nearby devices than Google. The transmission of Wi-Fi network identifiers, in particular, allows Apple to map out a “social graph,” which indicates relationships between various Apple devices on the same local network. Such a map could provide insights into how different devices — and, by extension, different users — are interconnected in the same household, office, shop, or café. Despite these revelations, the study found that Apple users currently have minimal options to prevent such data sharing.

What to make of all of this?

The research above shows that, between the two stock mobile operating systems, Apple’s IOS may be slightly better. However, both still collect a large amount of telemetry on the user and seem to ignore user’s requests to opt-out of data collection.

Additionally, for those of us who prefer the Android operating system, we can be left frustrated. Indeed, for years I used an iPhone because it was the most secure and private mobile operating system I could use while still maintaining a normal life. However, I knew that Apple still collected telemetry, even if it was less than Google. I was also frustrated with the lack of control I had over my iPhone. I wanted more customization, I wanted USB-C… and yes, I wanted my fingerprint reader back!

Enter Graphene OS.

Graphene OS: A Privacy-Focused Alternative

Graphene OS, an open-source, privacy-centric mobile operating system, proposes an attractive alternative for those seeking control over their data. Being open-source, its code is freely available for scrutiny, alleviating concerns over hidden data collection processes. A key highlight of Graphene OS is its lack of embedded Google services as a default feature, substantially reducing the amount of data transmitted to Google. It’s built upon the Android Open Source Project (AOSP) and includes no inherent Google telemetry.

The list below includes links for your reference.

Privacy and Security Benefits

1. No Unnecessary Data Collection: Graphene OS doesn’t involve unnecessary data collection or telemetry, meaning that your data isn’t sent to any third parties without your explicit permission. This gives you control over your data and peace of mind about who can access it.
2. User-Controlled Permissions: Graphene OS respects user-set permissions, ensuring that apps access only the data you allow. There is even the ability to tell an app it has access to the camera, microphone or network even when it doesn’t. Graphene OS simply feeds the app dummy data.
3. Sandboxed Google Play Services: Graphene OS allows for the installation of Google Play services, but it’s sandboxed to minimize the level of access and privilege. This enables you to use apps that require Google Play services without granting them unbridled access to your data.
4. Enhanced Security Measures: Graphene OS employs advanced security features, like a hardened memory allocator, which provides improved memory usage security. It also supports features like MAC address randomization for Wi-Fi, adding an additional layer of privacy.
5. Regular Security Updates: Graphene OS provides regular security updates to address any potential vulnerabilities, keeping your device safe from potential security threats.
6. App Isolation: Each application on Graphene OS runs in an isolated environment, known as a sandbox. This approach significantly limits the potential damage in case an app is compromised.

By providing these features and more, Graphene OS gives users a more private and secure option for their mobile operating system. You don’t have to surrender your privacy for convenience or compromise security for functionality. It embodies the idea that privacy and security are not just privileges, but essential rights in the digital age.

Installation

As we’ll explore in part 2, the installation process for Graphene OS is made very simple with the web installer. You don’t need to be very technical at all to successfully install Graphene.

What phones does Graphene OS work on?

Graphene OS only officially supports the Google Pixel.

You heard that right, all of this talk of getting rid of Google and we’re using Google hardware… WHAT? Allow me to explain:

Graphene OS, even if built on Google’s hardware, are private and secure because Graphene OS operates independently of Google services. The open-source nature of Graphene OS allows it to remove the aspects of the Android operating system responsible for transmitting data back to Google. In fact, it has no integration with Google services unless a user specifically decides to install them, and even then, these services are sandboxed, limiting their access and privileges.

Graphene OS is primarily designed for Google’s Pixel phones due to the strong hardware security these devices provide. Pixels have a security chip called the Titan M, an enterprise-grade security chip custom built by Google to secure sensitive data and ensure the integrity of the operating system. This hardware-level security complements the privacy-focused features of Graphene OS, creating a secure platform that effectively protects user data.

Graphene OS, when installed on a Pixel phone, leverages the phone’s robust hardware security while stripping out the standard Android OS’s data-sharing aspects. This results in a private, secure device that respects the user’s data and does not transmit it back to Google or any third party.

Deep Dive

If you want to dive deeper into the way Graphene OS works, I point you first to this youtube video by louis rossmann (check out Freetubeapp for a more private way to watch youtube on desktop)

Then, go and have a read through the Graphene OS website, looking at the features, usage guide, FAQ, and source code.

Conclusion

Embracing Graphene OS signifies more than just switching operating systems; it’s about reclaiming control over your digital privacy. This unconventional journey, while challenging, puts you in the driver’s seat of your data and, through this, empowers you as a digital citizen. It’s not merely about a phone or an OS, but a conscious decision to prioritize personal privacy and security, challenging the prevalent data-sharing practices all too common today. It represents a step towards a future where we dictate our own digital narratives. Check out Part 2 of this series, where I go in depth into my transition from relying on iCloud to self hosting my own backups. Stay tuned for Part 3of this series, where we’ll delve into my journey of transitioning from the depths of the Apple Ecosystem.