Should you de-Google your Fairphone?

Originally published at: Should you de-Google your Fairphone? - Fairphone

Has this ever happened to you? You’re discussing the new Marvel movie that’s coming out soon with a couple of friends. A few days later, you suddenly start seeing ads for movie tickets for opening night, Marvel merch, games, video games and more. Congratulations! Your data’s being monitored.

Is data monitoring a bad thing? Well, not so much if it helped you snag a great deal on your next hotel stay. But when behemoths like Meta and Google have access to enough data to build a pretty detailed, real-time profile of you, there is this eerie feeling of a band of Big Tech Bros watching over you, no matter how benevolent they seem. Think about it. They know where you have been going, who you have been talking to, what you have been spending on, what sites and apps you like using.

Data monitoring is not a new thing. Ever since the dawn of the internet and internet browsers, we have been allowing companies and services to keep an eye on what we do in the online world. If you have ever come across words like cookies and trackers in your online journey, you’ve encountered an instance of data monitoring. Websites use them to remember your browsing experience, so the next time you visit, you can pick up right where you left off. Ad services use this data to deliver ads based on your interests, your location, your age, your gender, and more. And with Google baked into Android, your phone can potentially be watching you all the time.

Of course, there’s no denying that our lives have changed for the more convenient (better or worse is relative) thanks to services like Google Search and YouTube and so on. However, for the longest time, most of us assumed there is no other option, at least not one that is practical and usable on a daily basis. That’s where /e/OS comes in.

What is /e/ OS?

/e/OS is an open source operating system created in 2017, building off previously existing Android Open Source Projects, and does not use Google. For anything. Unless you want it to.

Instead of Android’s standard Google suite of basic apps, it has a curated collection of open-source alternatives for mail, calendar, and messaging. It also allows you to download more apps from Play Store alternatives like F-Droid. The /e/OS Application Installer makes it easy for you to gauge the privacy factor of an app with easy-to-read scores, telling you what permissions the app needs or how many trackers there are in total and what they are.

• It’s all about privacy

Choose /e/ OS, and you’re opting for a system that minimizes data exposure to Google and third parties. For those keen on mobile privacy, this OS is a top contender.

• It’s open-source

Transparency is key in the tech world. Being open-source, /e/ OS invites users to delve into its code, ensuring community-backed improvements and trustworthiness.

• Pre-installed apps that are privacy-first

No need to hunt for privacy-safe apps; /e/ OS delivers them pre-installed, simplifying your transition and ensuring your data’s protection.

• Wide compatibility

One of the OS’s strengths is its compatibility with various smartphones, making it an attractive choice for those looking to rejuvenate older devices.

• Secure Cloud Services

/e/OS comes with a suite of privacy-focused cloud services, from email to calendars, all under one roof.

If you do decide to make the switch to /e/OS, there are some things you need to be prepared for. You will be navigating the new; figuring out where everything is might take a bit, depending on your level of tech literacy. It’s also a niche OS compared to iOS and Android, which means there might be the occasional delay in issue resolutions and updates. You should also ensure your essential Android apps (ones that do not have /e/ OS equivalents) are compatible with /e/OS as well. The focus of /e/OS is privacy, which might come at the expense of certain features. Severing ties with the Google ecosystem isn’t easy, especially if you have a Gmail account. If you use your Google account to sign in to your apps, you will be opening up the device to Google’s servers. However, we still feel the end user should have the option to choose. That is true ownership.

“Since the inception of /e/ Foundation and /e/OS, we realized that many of our users were not only concerned about their data privacy and limiting unnecessary data streams, they also wanted hardware that would last longer and be repairable.”

– Gaël Duval, /e/OS creator and e Foundation founder

Fairphone’s association with the privacy-focused operating system goes back to 2020, when we announced an /e/OS option for the Fairphone 3. At the time, we were able to sit down with the /e/OS creator, Gaël Duval. From the get-go, Gaël has been about giving power back to the end-user. Read the full article here. You can also head over to our webshop and read more about the Fairphone 4 with /e/OS.

de-googling is always the first thing I do with my phone (and all other devices / OSes as well). I’d be happy to upgrade to the FP5 if there was a de-googled rom available (which afaik at the time of writing is not).

Interesting.
I’m quite dependent on bank apps and government authentication app on my phone, I hesitated to install /e/OS on my FP3 because I was not sure I’d get all those working (mainly ItsMe, the .be authentication app).
Now I got FP5, I tried to get /e/OS installed on FP3 but I hit a snag somewhere. Is there a step by step guide that is updated for Android 13 and 2023?

This has never happened to me before. Sorry, but I’ve been using the original Android from the manufacturers for ages. Samsung, Nokia, Motorola and today Fairphone.
I revoke all permissions from Google that I don’t see as necessary. For example, the microphones of the Google Assistant app. I also don’t log in to the app.

As I said, you can determine a lot yourself in the apps what data they collect. I’m certainly not the type to throw everything down the throats of the big companies, or to claim that I have nothing to hide. But there are many ways to reduce the collection of information. There are also sensible things that only work through the amount of people. Or have you ever wondered where the traffic jam information in your navigation software comes from?

At the end of the day, ask yourself if you can trust an operating system that few people know at first and is not the focus of many people who are constantly looking at security vulnerabilities and so on. So I personally would answer your question in the thread name with no.

The monitoring of your person also happens without your intervention.
You can be monitored via the mobile phone provider through the radio masts.
You can be monitored by the others around you. The WLAN and Bluetooth modules constantly scan the environment and, in conjunction with a location share, a movement profile can also be created, as your MAC address of your Fairphone is unique. This is also how the Apple Airtags or similar products work.

Have Fun with e/OS, i dont need it

Unfortunately Murena has struggled a bit with and delayed their Android 13 (usually labeled “T” over there) release for the FP3 a few times. They are now aiming at the second half of this month. They usually offer a slightly more advanced “dev” version as well as a “stable” version.

thanks. So I gather the installation guide will be updated along the way when they release the new version?

I’m a bit out of the loop when it comes to the first install (I switched my FP3+ to /e/OS like two years ago). Our great unknown @AnotherElk or @Volker are better at advice there. Oh, and @Ingo has repeatedly helped on the /e/OS Easy Installer (see the Fairphone rows here: Smartphone Selector).

Here is some discussion about it how to without the easy installer, and with the easy installer really easy😉

Maybe you describe the snag a bit more and someone can help?

all my banking apps and also my federal ID app are running perfectly with microg. for now at least.

the only thing that’s not working is gpay and buying apps / in-app purchase, so everything related to paying money through gplay services. But I have never needed any of that and have no intention of using that.

Well, there’s an ugly but sometimes working “hack” if someone really needs a payed app: you can temporarily login using a Google account, buy it, install it and revert to an anonmyous account.
Yes, and some apps offer paying them outside the GPlay world. This obviously also works.

@Volker thanks, I probably will try again and describe what I run into - no time right now but when I have the time I’ll try again and ask for help if needed. It’s ages ago that I was used to installing Android mods, that doesn’t help There was no mention of the easy installer when I tried, so I must have used an old guide.

Fairphone and eOS: please show us a more complete upside, like the comparison of battery life and data usage for a Googled FF5 vs. an eOS FF5. If I don’t see better day to day performance, reduced data consumption and a lower total cost of ownership, then I am going to be tempted to stick with my secondhand good as new iPhone 11 - for a bit longer!

Which would also be the more sustainable choice, so thanks!,

Murena wins, BTW!

just FYI, there hasn’t been any research that has proven that phones are actively listening to conversations, and there actually has been proof of the contrary: Is My Phone Recording Everything I Say?

I know the post doesn’t explicitly mention listening, but I’ve heard so many anecdotes about it that I reflexively replied to it. and of course data is mined in various other ways, and Google as well as the rest of ad companies should go heck themselves.

Reminder that /e/OS is still shipping a highly insecure version of Chromium Browser & System WebView from December of 2022 with 296 known security issues: https://divestos.org/misc/ch-dates.txt

Screenshot from 2023-10-13 12-25-18907×891 213 KB

Has numerous other issues, such as phoning home directly to Google out of the box: https://divestos.org/misc/e.txt

And generally doesn’t even stack up against the rest: Comparison of Android ROMs

Also of note: their cloud services do not use end-to-end encryption and already leaked user data to other users once: Service Announcement : 26 May - #27 by arnauvp - Forum - /e/OS community
They even had this removed from their Wikipedia page

And they qickly reacted in the incident and fixed and improved their system. So what’s the use of this information for the future?
Please don’t use this platform for negative propaganda against other OS groups.

@Volker
kindly that is not hate speech, that should be known as part of its track record for a service marketing itself as secure.

Nextcloud themself even states how server side encryption isn’t very useful: Encryption configuration — Nextcloud latest Administration Manual latest documentation

The encryption app does not protect your data if your Nextcloud server is compromised, and it does not prevent Nextcloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide.
Note also that SSL terminates at or before Apache on the Nextcloud server, and all files will exist in an unencrypted state between the SSL connection termination and the Nextcloud code that encrypts and decrypts files. This is also potentially exploitable by anyone with administrator access to your server.

What’s the use of this information here for the future, for example (while we’re at Wikipedia) …

The use for me is showing that “the cloud” is somebody else’s computer, which as a user in the end I don’t control, which can have unwanted consequences for me, which I should factor in any decision about using or not using such a service.

Leaking user data to other users is as serious as it might get, it’s arguably worse than “mere” data loss (which e.g. Google, Microsoft and Amazon as major cloud vendors all had to admit under their watch in their clouds at some point in time). It should be known that this really happened, at least.
While Wikipedia was edited, a statement about the incident can still be found in the forum … E Foundation/ecloud Security Notice June 15, 2022 - Security Announcements - /e/OS community

I almost forgot:
It is worth mentioning that /e/OS can be used without using its cloud (which I do), and the cloud can be self-hosted if the user wants to (and is able to).

Same here. I don’t have any Google issues. I revoke all permissions, turn off location logging and logout of Google.