I agree yeah, I’d say in a lot of ways that Edge is much better than Chrome, due to its performance and also very good security, plus some tracking protection (though not a lot) vs. Chrome’s none, etc. Between the 2, I’d probably always pick Edge.
But yeah just never use either tbh, Firefox ftw.
I prefer Calyx on my phone, for the sake of the extra privacy of Micro-G vs sandboxed Google Play Services.
You should give DivestOS a try tbh if you prefer microG to Sandboxed Play Services, since Divest’s implementation of microG is sandboxed/unprivileged unlike Calyx’s, which is a massive privacy and security benefit. Divest in general is a lot more private and secure then stock or Calyx, since it includes a lot of hardening and patches from Graphene, so I’d recommend it as the second best option to Graphene in general, and definitely by far the best option for using microG. Divest also covers most of the same phones Calyx and Graphene do, unfortunately no Pixel Tablet support though.
(I’m not trying to shill Divest or anything btw lol, I just think its a great underrated project that deserves a lot more recognition and support than it has, and seems to fit your use case)
For microG (what I would recommend, since its much more private than regular GAPPS/full Play Services), you can just flash a LineageOS for microG build for your device instead of the official LineageOS. You can get them here. It covers the same devices that Lineage itself does. Same installation process, just using their files instead of Lineage’s.
DivestOS added optional support for unprivileged microG fairly recently, so its definitely usable.
They both should work, you won’t get notifications for Teams though unless you flash microG or GAPPS.
Not all of it is carrier related. I had an S21 unlocked (from US) and it still included Facebook and their garbage services, Netflix, OneDrive, etc. Also all of Samsung’s first party bloatware and nonsense is prevalent regardless. Not to mention Samsung selling data and their tracking, crippling your phone if you root it or install a custom OS (and in the US outright preventing it entirely), etc. Can’t recommend them or their phones at all, but its unfortunate because they have great hardware, just terrible software.
Is the culprit “firebaseinstallations.googleapis.com”?
Sensors and Network access aren’t on Stock Android unfortunately (though they should be!), only on other OSes like GrapheneOS and DivestOS atm. Everything else besides those 2 however is present on Stock.
I’m not sure if it could be done without at least compromising security to some extent (at least in Android’s current state, but maybe that could be changed or worked around in the future), but yeah, overall I do agree, that’s what I was trying to get at. I definitely support there being an official and easier method to root on Android, as long as it isn’t the default, and as long as the risks are clearly explained. People should certainly be able to do whatever they want with their own devices, it is unfortunate, and definitely an overstep from Google and OEMs.
Not having root is done on Android for some very good security reasons to be fair, it opens up a giant attack surface and risk for all kinds of malware and nasty stuff to take advantage of. I don’t think it’s done completely in malice as you think. Its a very important part of the app sandbox and Android’s security model at large.
With that said, I do think that people should have the option to root if they want to, I’m not a fan of OEMs like Samsung and whoever else purposely preventing people from rooting at all costs. I think people should be able to do whatever they want with their own device, root just certainly shouldn’t be the default, and users should be aware of the risks if they choose to use it. But I do think it should be a possibility for those who really do wish to do so.
With Android, it all just comes down to the OEM and variant of it that you’re stuck with. As a whole, I think its an amazing project and OS, though unfortunately Google, and especially OEMs, tend to make a lot of bad choices. It’s similar to Linux as a whole in that aspect. You’ve got options like ChromeOS which are a nightmare for privacy and user freedom any way you look at them, but then you’ve got your traditional distros like Debian, Arch, Fedora, etc, which are the exact opposite. Its an important distinction.
Side tangent but god, just unbelievable how an app like YouTube would ever be a system app on Stock that you can’t just uninstall without needing to go through hoops like ADB. Samsung includes so much fuckery on their variants of Android, but to be fair, I believe even on stock Pixels, YouTube is a system app as well, so can’t even entirely blame them for this case. Still unacceptable and insane to me.
Stock Android just sucks, can’t see myself ever going back to it unless I absolutely had to. Props to you for making it work.
I usually use Signal.
You’re off to a good start, I’d recommend reading through and following this guide, its the best resource out there at the moment for Linux hardening/security imo.
Yeah, Pixels are great, basically reference Android. Developers even usually use them for testing and making apps, so you know you’re getting the best compatibility. Overall can’t recommend them enough.
There’s so many I could list, I’ll just mention 2 underrated ones I don’t see mentioned as much:
LibreTube - Best YouTube client imo, has a very nice and modern interface, proxies videos through Piped for maximum privacy (No direct connections to Google are made), No ads/tracking, SponsorBlock + Return YouTube Dislikes, support for downloading videos, etc. It’s everything I’d want and more out of a YouTube client.
URLCheck - Excellent app that allows you to preview what a URL is before you click it, includes tons of features such as scanning for malware, removing any tracking parameters, upgrading links from HTTP to HTTPS, etc. I can’t recommend this app enough for the security, privacy, and general peace of mind it gives you.
I 100% agree, its best to just stick to upstream Fedora imo. Glad you made this comment. The security issues of Nobara always put me off, especially since basically everything it does can just be applied to regular Fedora. I think Nobara would much better serve as a script or toolkit, similar to Brace, or something along those lines instead of an entire separate OS with the security issues it brings.