I cannot use a custom ROM as I need apps that sadly enforce the Google Play Integrity API, and no GrapheneOS with Google Play Services dose not passes this check.
I am stuck between an iPhone and a Google Pixel.
I have government apps and a work app on my phone that I do not want to route through a VPN or any other type of proxy(All apps are in the Android privet spaces). The only thing I need to go through a VPN/proxy is my browser (I know brave have a VPN in their browser but I don’t want to use or pay for it and the DuckDuckGo vpn is system wide and the Firefox vpn does not have a Firefox exstention on iOS or android). I need to be able to change countries myself (I don’t think you can do that with Apple’s Private Relay), as I live in the EU and ID checks for social media, other things, and maybe even Wikipedia are coming soon. Android support split tunneling but iOS don’t.
I need to have Facebook Messenger installed on my phone and active all the time (I cannot put it into the private space feature on Android).
I use another service for mail and backup, so iCloud end-to-end encryption is not a plus for me.
I don’t communicate much over SMS, but I would be able to chat over iMessage instead of Facebook Messenger with some contacts.
pixel
deleted by creator
Use a separate phone for the work stuff.
Yep don’t mix work and personal devices. Im surprised work wouldn’t be providing a work phone.
Or maybe they decided to use a work phone as a personal phone too which shouldn’t be done.
Work phones are unfortunately rare, at least in my field. The number of people who put work apps on their personal phones without a second thought and expect I do the same is astonishing.
I don’t find it surprising, since its not too common a thing for the average person to even consider it could not be ideal. Does lead to some concerning situations though like doing personal projects on a work device that could end up being considered now property of the company.
It’s not necessary to have the app installed, but in reality, it is.
I had tried to mitigate it by using Android’s private spaces, but I now use it in a web browser on my phone but I don’t get notifications
It would certainly be preferable to use two devices in this context, but first verify that the apps in question actually use the Play Integrity API, and that you can’t replace them with websites. For myself, I use a Pixel with a custom ROM, and I’ve never had any problems. Of course, it could get worse over time, it depends on the policies of the developers.
Taking your requirements at face value though, iPhone is definitely the correct choice. For the longest time, it was google wants your data but doesn’t care about control, while apple wants control over what you do (to force you to buy their other products) but doesn’t care about your privacy one way or the other. Of course, in the past few years, they’ve both taken some of each other’s worst attributes, but I still think iPhone is marginally better on privacy in stock configuration.
There are definitely ways in which apple is worse: they track your location while your device is powered off, not merely whenever it’s connected to a cell tower or wifi network, and I think they still scan photos uploaded to icloud (but that last point could be out of date, somebody correct me if so). But all that can be worked around if necessary, and in any case it’s not as bad as stock android.
Finally, consider how much has to be tied to your phone at all. Maybe your government apps need to be on the phone, but maybe social media and wikipedia can be primarily used on your laptop, loosening the requirements somewhat. Maybe email can go to your x86 boxes only, even if facebook messenger doesn’t. It depends on your situation.
Thanks a lot for the response, it’s very helpful.
I have verified that tow apps have implemented the Play Integrity API. I believe a third one is going to implemented soon. Yes, sadly, the government apps need to be on my phone but luckily i think you can disable background usage.
I have a graphene is phone and I have no problems with play integrity api. I currently have two apps (one banking) that does such calls (I see the notifications) and blocked it for both, they still work without problem. By default, graphene does not block it, btw.
Do normal phone calls work fine? I remember last time I used graphene I had problems with those, but it might just have been the phone itself.
Never had a problem with phone calls. For me, graphene always worked just like a regular android phone but without bloatware.
I would still recommend using Graphene on a separate Pixel, one that isn’t used as your primary phone. As for Messenger, get whoever is on there to switch to using Signal, which is cross-platform. For a service for mail and backup, I will have to assume that would be Proton, as I happened to use it too (so does my producer, Neigsendoig). iMessage is for sure iOS.
What I would do is get an iPhone only for your work things (since iMessage is an iOS thing), and get a Pixel for everything else and use Graphene on it (with FOSS apps, of course).
Sorry for the long response.
I will think about switching to GrapheneOS anyway and just have tow devices it would be possible and mabye not as annoying as i first thougt.
I don’t have the money to switch to an iPhone if the apps I need for my day-to-day life on the go begin requiring the Google Play Integrity API (I think some of the apps may do so in the future, like the app used to send money in my country).
Btw, thanks for pointing out the work app. I might actually be able to use it in a browser (didn’t think about it because I hade it in Android private spaces).
Yes it’s proton. It sounds like you have an iOS device. What’s your experience with Proton on that, if you have the apps installed?
Facebook Messenger is also cross-platform, but not great for privacy. Unfortunately, I need it at the moment - not so much for close friends. Less close friends I still want to stay in contact with and groups for activity’s if you join a socker team the communications is gonna be on Facebook messenger.
And also, I heard that GrapheneOS (and other ROMs) will only receive non-critical security fixes every 3 months, which sounds like a long time. And looks like Google will do more and more to kill custom Roms. The thing I fear is google will require google play integty api to use Google play services.
I’ll go ahead and break this down for you, so you can hopefully see where I’m coming from:
In terms of things requiring the Play Integrity API, it’s a digital lock Google introduced in order to shun any AOSP OS’s like Graphene, and have only DRM’d bullspit in terms of the apps you can install on it. Graphene isn’t easily affected, as many apps right now don’t have the DRM.
In the case of using your work app in a browser, I’d recommend making a profile on a Firefox-based browser (I’m using LibreWolf for my stuff), hardening it to the nines, adding a few good quality extensions on it (uBlock Origin, LibRedirect, and SimpleLogin for now). That way, you’ll be able to, at the very least, ensure you won’t be easily watched with bossware.
For my experience with Proton, I tend to use it on the browser. My producer, Neigsendoig, has had a good experience with Proton, with a couple quirks on iOS that he’s since seen fixed. It’s the best email provider we’ve used, as we had no intentions on using Tutanota, despite Germany’s privacy laws being decent.
For Messenger, I have a sneaking suspicion you’ll just want a device that has just Facebook stuff on it. Otherwise, maybe it’s possible to do a Facebook profile so that way your other ones don’t get touched, and Facebook only sees this particular profile for your Facebook stuff. As long as you firewall it, you should be fine for some cases.
As for custom ROMs, Google won’t be killing them that easily if I’m not mistaken. I think it’ll be rare to find an app with this DRM you speak of, but they are out there. GrapheneOS will be making an OEM soon, and I wouldn’t mind trying that if Pixels are impossible in the future (which they look to be a little harder, but maybe not that much to begin with).
Hopefully, you can see my thought process on this.
deleted by creator
In terms of Facebook Messenger notifications, probably have Google Play Services installed on that particular profile I mentioned… as that could be the safest bet.
For the Google Play Services, I don’t have those installed, and I don’t use apps that require the Google Play notifications in my setup. If an app has notifications, it’s their own push notification services within the apps themselves.
And for when I talked about my producer, this is him on his main channel and his personal channel. I’m his former editor, and the current narrator for a channel that’s currently inactive, being this one since the third video on the channel. I sound very similar to Neigsendoig in some circumstances.
Is buying two used phones not an option? Older models whether it is Pixel or iPhone should continue to function for their intended purpose. Iphones get long updates and Pixel has moved in that direction too. Its not a good idea to use a work device for personal use and not one of the areas to save on.
I’d focus on just trying to get two cheap phones within your budget before even diving into selecting based on privacy to keep work hardware separate.
Android private spaces dont share the same network namespace, meaning a VPN in the main profile wouldn’t effect anything inside the private space.
I live in the EU and ID checks for social media
The app will ask for your camera anyway.
::spoiler
Please stop panicking. ID checks are fortunaterly contained on the British isles. They left the EU 5 years ago. .
::
Use work profiles and also try Signal.
You can deny camera access, and the EU has proposed the same and is set to implement age verification by the end of 2026.
