Choosing a Sovereign Mobile Operating System - The Sovereign Computing Show (SOV011)

Your smartphone is a computing device just like our desktop and laptop computers. How can you have a smartphone that isn't surveilled, censored, controlled, and constrained? Jordan discusses the challenges and solutions for achieving self-sovereignty with mobile devices. He critiques the limitations of iOS and explores the emerging landscape of Linux mobile devices. The episode focuses on de-Googled Android solutions like CalyxOS and GrapheneOS, elaborating on the latter's security features and compatibility with Google Pixel devices. Jordan also provides practical advice on acquiring and setting up these devices for enhanced privacy. Tune in to learn how you can reclaim control over your smartphone and boost your digital security.

Chapters

• 00:00 Understanding Google Play Services and Its Privileges
• 00:34 Welcome to the Sovereign Computing Show
• 00:50 Introduction to Sovereign Computing and ATL BitLab
• 01:54 Episode Overview and Listener Interaction
• 02:57 Challenges of Achieving Self-Sovereignty with Smartphones
• 04:41 Exploring Mobile Operating Systems: iOS Limitations
• 06:39 Linux Mobile Devices: Pine Phone and Mecha Comet
• 09:34 Android as a Viable Option for Self-Sovereign Computing
• 11:03 De-Googled Android: CalyxOS and GrapheneOS
• 12:54 GrapheneOS: The Best Option for Privacy and Security
• 15:56 Purchasing and Installing GrapheneOS on Google Pixel
• 23:00 Using GrapheneOS and Alternative App Stores
• 28:52 Listener Feedback and Future Topics
• 31:47 Conclusion and Support Information

Links

• Jordan Bravo
• Boost in on Fountain.FM
• CalyxOS
• GrapheneOS
• Pine Phone
• Mecha Comet

Transcript

Jordan Bravo: [00:00:00] Normally on Google's Android, Google Play Services has highly elevated privileges.

And that's just cybersecurity speak for, it has God Mode basically. And it can and does monitor everything that goes on on the phone. You as the user do not have the ability to disable it. So Google Plays services, it, it can see every app that's installed. It monitors the usage of every app.

It monitors and tracks your location and other telemetry that it reports back to Google.

Jordan Bravo: Welcome to the Sovereign Computing Show, presented by ATL BitLab. I'm Jordan Bravo, and this is a podcast where we teach you how to take back control of your devices. Sovereign Computing means you own your technology, not the other way around.

Stephen DeLorme: This episode is sponsored by ATL BitLab. ATL BitLab is Atlanta's freedom tech hacker space. We have co working [00:01:00] desks, conference rooms, event space, maker tools, and tons of coffee. There is a very active community here in the lab. Every Wednesday night is Bitcoin night here in Atlanta. We also have meetups for cyber security, artificial intelligence, decentralized identity, product design, and more.

We offer day passes and nomad passes for people who need to use the lab only occasionally, as well as memberships for people who plan to use the lab more regularly, such as myself. One of the best things about having a BitLab membership isn't the amenities, it's the people. Surrounding yourself with a community helps you learn faster and helps you build better.

Your creativity becomes amplified when you work in this space, that's what I think at least. If you're interested in becoming a member or supporting this space, please visit us at atlbitlab. com. That's A T L B I T L A B dot com. Alright, on to our show.

Jordan Bravo: Welcome to the Sovereign Computing Show. I'm Jordan Bravo. [00:02:00] And today I have something a little different for you. This is a solo episode. Stephen will not be joining us. Um, but we do have a great topic that we're gonna get into. But first I would like to remind everybody that you can. Boost into the show and let us know what you'd like to hear or what you think about the topics.

You can do that by using the Fountain app on Android or iOS, which allows you to download the show. And also to boost in with your boosto grams, attach some SATs to a message and we'll read 'em here on the show. If you don't wanna do that, you can also email the show at s o v e r e i g n at atl bit lab dot com. That's sovereign, s o v e r e i g n at atl bit lab dot com.

Today we're gonna talk about how do we solve the [00:03:00] problem of, we want to be self-sovereign in our computing, but we want to use a mobile computing device. In other words, a smartphone that isn't surveilled and censored and controlled. And constrained. And make no mistake about it, a smartphone is a computing device just like our desktop and laptop computers.

It has an operating system and applications, and it's subject to most of the same rules, constraints, trade-offs, and benefits as a larger computing device. But there are some additional considerations. So when you go and you buy a laptop or a desktop computer, you have a lot of choices and you've actually got.

The three major operating systems out there are Windows, Mac, OS, and [00:04:00] Linux. And in another episode we'll get into, we'll do a deep dive on the desktop operating systems. Spoiler alert, Linux is gonna be the favorite one that's gonna be talked about here, and we'll go into more detail on that in that future episode.

But today we're gonna be talking about mobile operating systems. So what are our, our options if we want to use a modern smartphone mobile computing device, but we don't want to be surveilled and constrained in all of those other things? Well, let's look at the, at the options we have. On the one hand, the iPhone.

The problem with the iPhone, as with most Apple devices, is that it's extremely locked down. The iPhone Boot ROM only allows iOS to be booted. You can't put another operating system [00:05:00] on the iPhone. You may have heard of something called jailbreaking the iPhone, but jailbreaking an iPhone only allows access to.

Uh, third party app stores and other additional options that aren't normally available in iOS. However, it doesn't allow you to put a completely different operating system on it. It's still iOS and jailbreaking. An iPhone is not recommended because even though it allows you to put some additional software on there, you lose the security model.

You break the security model of iOS. You're no longer getting updates from Apple and it's just, it's not recommended to do that. You will, you will make yourself probably less, definitely less secure, and arguably you're not gaining any huge privacy advantages. So, sorry to break it to you folks who have iPhones as your daily driver, but if you want to take full [00:06:00] sovereignty of your mobile computing.

And still have modern features and modern software. iPhones are just not an option. And I say this to you as somebody who understands, I used iPhones for a good amount of my computing, mobile computing life. Um, I've used iOS, I've used Android, and um, iOS is a great experience in many ways, but I. When it comes to freedom, software freedom, they just, it's, it's very constrained on iOS, so you don't have a lot of options.

Um, so we are going to move on to the next option, and the next option is actually something you probably don't see very often, and that would be a Linux mobile device. We're talking. Not Android, which uses the Linux kernel, but actual Linux that would be able to run similar apps to what you would have [00:07:00] on a desktop or laptop computer.

There are actually two phones that I want to bring up that are potential Linux phones. Um, the first one here is we're gonna talk about is Pine Phone by Pine 64. And for those of you watching the video, I've got this up on the screen. And pine phone's been out for a few years. It, uh, it runs a, I think it's an Ubuntu specifically designed for mobile devices and it seems to have decent hardware.

It's not the best in the world. I have not personally used it, but from what I can tell and based on what other people have reported it. Still a little too early or, or they were a little too early and they're missing a lot of the features that you would expect from a modern smartphone. The next [00:08:00] option is actually something that's in progress or, or will be coming out in the near future, and that is the Mecha Comet Mecha, like M-E-C-H-A and.

Comet is the model and they've, they have a, a Kickstarter that they are gathering funds for and they're going to ship this. I. Don't remember if it's gonna be shipped in 2025 or 2026, but in any case, it's not ready for public use for full. Like they're not in production. Um, I believe you. They've shown up at conferences, so they actually do have some hardware.

It's not vaporware. At least it doesn't seem like it. And I'm gonna be keeping an eye on this as, as a potential mobile computing device and see if, um, if I can get my hands on one, I'm gonna try it out. I'll, uh, I'll carry it around in parallel with my everyday [00:09:00] device and see if it could replace it. So I, I've got some hopes for that.

But in the meantime, the bottom line when it comes to Linux phones is I just don't think they're ready for. Mainstream use, they might be okay for hobbyists and people who are really into this kind of thing, but, uh, I'm not gonna recommend it to everybody, not until I've tried it myself at least. So if we, if we can't use iOS and we can't use Linux, that leaves us with the next major option, which is Android.

Now Android is actually known as the open Android open source project. And

the Android open source project, despite being developed primarily by Google, is actually a completely open source project, as the name [00:10:00] suggests, that does not have any Google specific code in it. That's right. People might assume that because Google is the major developing source behind it, that it would be baked in.

But actually Android itself is free from Google's shenanigans and code, and so the Android open source project, what Google does is it takes that base code base and then they add in their proprietary Google stuff, including. The Google Play Store and all of the tracking and surveillance technology that's built into that.

And so there have been some other projects, some other developers and organizations that have actually taken the Android open source project, started with that baseline operating system that's free of Google and anything else, um, proprietary and they have. Built on top of it and created [00:11:00] completely Google free Android operating systems.

The first one that we're gonna talk about today is Calyx. Os. Calyx is a Android version that is free of spyware and tracking and Google, and it's made by the Calyx Foundation and they're very much focused on privacy. And they have a good reputation in the space they, for using, when you use Calyx on an Android device, that is it.

It's de-Googled. And so the first thing that a lot of users wanna know is, can I use the same apps And the way that Calyx. First of all, many apps work with zero reliance on Google, but there are some that do have a, uh, reliance on the Google proprietary code that's built [00:12:00] into, um, Google's version of Android.

And so Calyx gets around this by providing something called Micro G and it sort of simulates. Google's services so that various apps that require it to run can still run. Uh, I'm not gonna speak too much more about Calyx. I just want to put it out there that it's a good option and I think it's healthy that the privacy ecosystem has more than one project that's working on, uh, Google free Android.

But the next project we're gonna talk about is. What I think is the best way to go about having a free and de-Googled android operating system and that's Graphene os. Now, graphene OS is an open source [00:13:00] Android operating system project and they are highly focused on, on privacy and security. They're a nonprofit and they.

They, in fact, they're so focused on security, they have such a good reputation for improving the security of Android that many of their updates and improvements to the operating system have been upstreamed and they are used by Google as well. So if, uh, you, you can use that as kind of an indication that they know what they're doing when it comes to security.

Graphene OS is only supported on the Google Pixel. Now that might sound a little surprising because the, you have a Google piece of hardware and yet it's the only phone that they support if for de Googling and running a Google free. Android operating system, and there's some very specific reasons for [00:14:00] why they only support the Google Pixel, and that is the Google Pixel's.

Security hardware is unmatched in the rest of the Android phone space. They really do rival the iPhone in terms of the security and quality of the hardware and. There's an additional consideration, which is that the Google Pixel is the only phone that will allow the user to both unlock the boot loader, put on another operating system, and then relock the boot loader.

And what that means is if you have a locked boot loader and somebody has physical access to your phone, they can't load another operating system on there or do anything malicious. Um, I. They can't tamper with the operating system or load any kind of malware on there. Whereas all the other phones that you would buy that are Android compatible, [00:15:00] for example, Samsung, Motorola.

Et cetera. You can unlock the boot loader on some of them and load another operating system onto there. But then you can't relock the boot loader. So your phone would then be susceptible to what's referred to as an evil made attack, where if your phone is left out and somebody has physical access to it, they can then load malware on there and you would have no idea that they had done so if they're a sophisticated attacker.

So in short, the. Pixel by Google, even though it ironically comes from Google, which is a company that we are trying to get away from and is not present with any of their software on GrapheneOS it, they make the best hardware that's vendor neutral and therefore is perfect for these de Google and operating systems.

So where can you get a good pixel? [00:16:00] Most people know that you have your cellular phone provider, and you might be renting your phone from them, where you're paying a monthly fee for your subscription, for your phone subscription, and part of that price baked in is the cost of your phone. But this is actually a terrible way to buy your phone, first of all.

You are gonna be buying a, you're gonna be having a locked a, a carrier locked phone, and which means you don't have the freedom to change your provider if you wanted to. So when you are gonna buy a phone, buy it from places other than your carrier and make sure that it is factory unlocked. The other thing you wanna do is.

Buy it in a much more private manner if possible. So if you can buy it in person, maybe it's at a place like Best Buy with Cash, that's great. Or maybe you want to go a method and buy a used one [00:17:00] because you're gonna be wiping the operating system from it anyway. It's not a big deal. You're gonna be loading a new operating system onto it.

So, uh, before we, we go into where you could buy a phone to load Graphene os onto, I wanna point out that there are some companies now that are catering to people who want Graphene OS or these other privacy focused oss on. Android phones. Um, I'm gonna go over some of them right now, but I am not endorsing or recommending these.

You'll see it why in a second. But I think the best way to go about it's to just buy one that has regular Google, Android on it, and then put GrapheneOS on it. Uh, do it yourself, and it's actually really easy. You don't need to download any extra software. If you have a web browser, which every computer does, it's a very.

Click, easy click install process. And um, yeah, that's, [00:18:00] I I think it's anybody listening to this is capable of doing that. There's no command line required. No magical software developer incantations. This is all very graphical and you just follow a simple set of instructions. So there's a place called, there's a site called liberate your tech.com, and they sell graph OS preloaded onto pixels.

I. But you're gonna see here. The other reason why I don't recommend that you go with one of these sites is that they charge a huge premium. So a pixel. Let's take a look at some of these prices. A pixel eight with 128 gigabytes of. Storage. They're selling it for 8 99, $900 and that's a huge premium. Let's look at another site, private phone shop.com, and they are selling a Pixel eight Pro with Calyx OS or Lineage os.

That's another one we haven't [00:19:00] talked about, but it's another de Googled Android. Uh, this is $750, and finally there's another. A company called Above Phone, and here they're advertising a Pixel nine for $1,100. And that comes with Google Ibel, uh, excuse me, that comes with graphene, I believe. Lemme take a look at what they are advertising here,

but in any case. I think anybody listening is perfectly capable of buying a phone with Google Android on it, the typical outta the box one, and then adding, uh, grapho if to it. If you look here on the site, swapa.com, this is a site that sells for those of you don't know, they sell [00:20:00] used and refurbished devices.

And if you look here under unlocked Google phones. The comparable Pixel nine unlocked, which we just saw over here on above phone.com. For $1,100, you can buy a used Pixel nine for $398. So that's, that's a great deal. I don't think that's, uh, spending too much just to have, I mean, to have a top of the line.

Phone that's completely unlocked and you can load whatever you want onto it, and it's gonna be completely private and self-sovereign. You could even drop back a couple of generations. The, the Pixel nine is the current generation, uh, the Pixel 10 will be released later this year in probably August of 2025.

But even if you were to go with the Pixel eight, let's [00:21:00] say.

I mean, here's a Google Pixel eight for $293 on, uh, on Swapa. And that's awesome. That's a great deal. Uh, you could even go back another generation. The A models are the, are the less expensive of any given generation. So for example, the seven A will be. Less expensive than the seven. Here's a Google Pixel, seven a unlocked $164.

That's amazing. I mean, I might just wanna pick up one of those just to have an extra maybe for traveling or for messing around giving it to friends or family. Um, but like I said, make sure it's unlocked and you can put whatever operating system on it you want. Now to when you, when you do buy that [00:22:00] and you are ready to put Graphene OS onto it, their website has a install wizard and it's gonna walk you through its web-based.

So again, you're doing it in the browser and you'll go through the instructions. Um, you don't have to. Type any commands. It's just gonna be clicking this button here. Unlock the boot load. So you're gonna plug it in your computer. You're gonna click unlock boot loader, download flash, and then lock again.

Remember that locking it afterwards is very important the Pixel eight and later have seven years of support from GrapheneOS, so you don't have to worry about your phone getting out of date. I mean, that's really good. I think that's on par with Google, possibly even better for some of those older generations.[00:23:00]

Now, once you have GrapheneOS installed, you're going to need to get apps, all the apps you use in your daily workflow, and I highly recommend listening to our previous episode on alternative app stores. You can use Google Play just the same way that you do on Google's Android, but you are gonna be giving up some privacy because it you have to sign into your Google account.

Which means all of the apps that you download and install are gonna be correlated with your account. You are, even if you use Google Play. However, you are getting a lot of privacy on GrapheneOS because they run Google Play Services in a sandbox, uh, uh, application sandbox. And what that means is normally on Google's Android, Google Play Services has, uh, highly elevated [00:24:00] privileges.

And that's just security cybersecurity speak for, it has God mode basically. And it can, and it can and does monitor everything that goes on on the phone. So you and the, you as the user do not have the ability to disable it. So Google plays services, it, it can see every app that's installed. It monitors the usage of every app.

It monitors and tracks your location and, um, other. Uh, Teleme, uh, telemetry that it, it reports back to Google. So just by using Graphene OS and even with Google Play Services in its sandbox environment, meaning it's not allowed to escape and, uh, have elevated privileges like su super user privileges, that alone has given you a good level of protection, but the less you can.

Use Google the better. So if you reduce your reliance on Google by replacing your various Google [00:25:00] apps with alternatives, then you're just gonna be incrementally improving your privacy. And this is a great approach because you don't have to go all or nothing, right? So I. If you were to just replace your, your Google, Android with GrapheneOS and then install all the apps that you're still using and continue using it in that way, you're, you are gaining some privacy there.

But then what you can do is over time, as you can, you slowly replace and find alternatives for your Google apps. You will then be incrementally improving your sovereignty. As you go forward and making continual progress and not having to worry about jumping completely from one set of apps to a complete replacement stack.

So I really advocate for that incremental approach because it's a lot more realistic to do for everybody. Um, when I completely de-Googled my tech stack, it took me over a year [00:26:00] because, you know, like most people, I'm busy and I've got my apps that I'm using on a regular basis, and I'm used to them and I'm logged in.

So don't be too hard on yourself. Give yourself small, attainable goals in terms of taking back more self sovereignty in your computing life, and they are absolutely achievable.

By using Google Play Services Sandbox, you are able to use 99% of apps out there that would work on Google, Android. Um, so I've successfully am able to use things on GrapheneOS, such as banking apps and, um, those are typically the, the most annoying to use without Google, but. They, they work for the most part.

I would say there are occasionally apps that are gonna give you some trouble. Um, [00:27:00] I've not had a problem with Cash App, but I reported, but I've heard reports from somebody I know that was using Android or GrapheneOS and they couldn't get Cash App working properly. For some reason the app was. Having trouble with the os.

Um, another thing that I know is that even though Android Auto works, um, Google Pay in, in other words, if you use your phone as tap to pay, that's probably not gonna work unless you have a specific banking app that allows that without Google. But that's just something to be aware of. But other than that, everything would work just as you expect.

The last thing I'll say before we wrap up on this topic today is that if you are currently using a, maybe a Samsung with, with Google Android on it, or maybe are using an iPhone with iOS on it. [00:28:00] Consider taking the approach of buying a pixel, a used pixel, and loading GrapheneOS onto it, and then keeping your main phone and then as your daily communication device as you already do, and then using your GrapheneOS phone, um, on the side when you have time, putting some apps on there.

See if you can mirror some of your workflow and. And try to incorporate it into your day-to-day activities. And I think you'll see that it is very usable. It's come a long way since in the last few years. Uh, it, I know originally there were a lot of limitations and it was very inconvenient to use, but these days I think it's perfectly doable for 90% of the population out there that is using a smartphone and relies on it for their day-to-day work.

It is time for listener feedback and a reminder that if you want to message us, you can do so in a [00:29:00] couple different ways. You can go to Fountain fm, search for the A TL Bitlab podcast and you can boost into the show. You can send a message and attach SATs to it, and we will read that on the show and, uh, respond to your feedback and take your advice in terms of what you want to hear.

We also have an email address that you can write into, and that email is s o v e r e i g n at atl bit lab dot com. That's s o v e r e i g n at atl bit lab dot com. And we have a listener who wrote in Miles asks. About self-hosted backups and he's, he wants to know if you are hosting your own files on your own server.

For example, if you have a home server running next cloud and you're storing your pictures, your videos, and your documents on your home [00:30:00] server. What happens if your house burns down or floods, or the server gets destroyed for some reason, or there's some other disaster? And that is a great question. I'm going to give a quick answer here and I will tease the next topic that we're gonna be talking about.

And the answer to that is you want to have backups, of course you need to have a backup at a. Another location, so an offsite backup. And we're gonna talk about how to do that in an encrypted way so that wherever you are storing it, um, that data is secure and private. And that the people who are storing that, whether it's a third party or someone, you know, that that is completely, um, encrypted in such a way that.

Only you are able to decrypt it, and if you ever had a problem with your server or your drive was destroyed for whatever reason, you can [00:31:00] then once you get up and running with, with a new server, you would be able to pull that data in from your offsite backup, decrypt it, and restore everything and sleep easy at night.

So we'll talk about that more in a future show. Please let us know what you think of that topic. If you have questions on it, if you have comments, have you self-hosted anything yet? Have you had backups? Have you had trouble with backups? Boost in and let us know. Or you can send an email as well. And we are working on getting a chat going.

It's probably gonna be a matrix chat, so keep your ears peeled for that. We'll talk about it more as we have more information to share with you. All right everybody. Thanks a lot for listening and we'll see you next time.

Stephen DeLorme: Hey, thanks for listening. I hope you enjoyed this episode. If you want to learn more about anything that we discussed, you can look for links in the show notes that should be in your podcast player, or you can go to [00:32:00] atlbitlab. com slash podcast. On a final note, if you found this information useful and you want to help support us, you can always send us a tip in Bitcoin.

Your support really helps us so that we can keep bringing you content like this. All right. Catch you later.