One of the reasons I build my own LineageOS builds is because of terrible one-party consent recording laws (in places like California) there’s no geographic way in Android to check it on a state-by-state way. It just goes off country code and disables it for the US since quite a few states it’s illegal to do. For my state it isn’t illegal so I modified my builds to allow it.
There are other things like this too in Android disabled on per-country. Japan has a camera shutter noise that cannot be disabled but this was a request by their carriers, apparently not a law, big discussion under this review: https://review.lineageos.org/c/LineageOS/android_frameworks_...
I always assumed blocking recording because two party consent states exist was an excuse to help big companies screw over individuals. For one thing, the phone has gps, for another it could start recording if it hears the “you are being recorded” tone. Also, why is this the only scenario where they block the mic and camera? Locker rooms are apparently fine.
Anyway, how many times have you been recorded on a phone call by some faceless corporation, then wished you had a copy of the recording after they “reviewed” it then came to the opposite conclusion the recording should support?
This is something I've never understood. If consent is remaining on the line after a message "this call may be recorded (for training and quality purposes)", the simple answer is in places where you have to have consent have the phone send a similar message.
> Also, why is this the only scenario where they block the mic and camera? Locker rooms are apparently fine.
How would the phone detect that you're in a locker room? Even if it is possible, it seems very hard and likely error prone. Disabling call recording is easy.
> Japan has a camera shutter noise that cannot be disabled but this was a request by their carriers, apparently not a law
In some countries, regulation works in a way that the economy gets a chance to fix issues before the legislative needs to intervene. And with the Japanese and their massive issues with rampant sexual abuse... I get where that one came from, in addition to the two major phone brands not wanting to be associated with sexual abuse (which the last comment of the thread also references).
And personally, I do believe that this is the better way when forced with widespread ignorance of difficult to enforce laws - target the "accomplices" or "toolmakers".
I'm not making a judgement on it either way. These are things that are available to change in source. I'm just pointing it out, since others aren't aware of how things can be done.
But there are things locked out in the US I cannot get to. One of the things I've wanted to do for some years is turn on BeiDou reception, but it has a firmware geofence while inside CONUS. For Qualcomm devices there's no way that I've been able to find a way around this, it's not an opensource component. Just to preempt anyone saying it's because it's Chinese spywhere, Qualcomm/Tomtom engineers don't feel receive-only reception is a security risk (there's a report somewhere where military said the same, it's strictly a political prohibition): https://www.uscc.gov/sites/default/files/Research/Staff%20Re...
Japanese "shutter sound" requirement is peak "we regulate ourselves" outcome - completely ineffecitve nuisance that provides an illusion of effectiveness to the illiterate.
* Set up a private space which will be used for google play services required apps (bank stuff, etc). Install google play and google play services in the private space. Do not install google play services on your main profile. Set the private space to lock after 5 mins of inactivity. Set up google play on a brand new google account. You'll need to provide a phone number during setup. I used my normal phone number, others who are more concerned about deanonymization could use rental phone numbers or other things. Install any apps into the private space.
* Try to install apps on your main profile, ideally open source, privacy respecting stuff. Some recent apps I've found that work great and replace google infested stuff - AntennaPod for podcasts, OrganicMaps for OSM maps, Obsidian for notetaking (google keep), KOReader for ebooks, Molly/Signal for messaging. Vanadium as the default browser works well, except it doesn't have adblock plus for youtube (it does some other ad blocking though and works fine).
Things I still don't have a great solution for:
* Android auto - I don't think it works from a private space due to auto locking. Still figuring this out
* Spotify - since it also needs to run in the background and I haven't found a better music replacement.
Overall graphene has been a far better experience and I like it much more, and feel more in control of my hardware.
fennec (firefox mobile fork) lets you install ublock origin
newpipe or tubular for youtube.
ive also been using freetube lately. its just the desktop ui ported to an android app so its not as good as newpipe, but im using syncthing to sync freetube's settings/subscriptions between desktop and mobile
comaps is better fork of organicmaps and has better people running it
the fossify apps are great for the basics, sms, phone/contacts, gallery, calculator etc
droidify is a nicer front end for the fdroid store imo
keepassdx for passwords
kde connect or localsend for one-off file transfers between devices, or syncthing for things you need to sync all the time
>Set up google play on a brand new google account. You'll need to provide a phone number during setup. I used my normal phone number, others who are more concerned about deanonymization could use rental phone numbers or other things. Install any apps into the private space.
Or just use Aurora Store to install apps from the Play Store.
A note on OrganicMaps: at present you are better off using the fork CoMaps. OrganicMaps is tainted by governance issues and a lack of financial transparency:
A note on this reactionary stance: at present you are better off using OrganicMaps. CoMaps is tainted by being a reactionary fork, has less features and lags behind on bug fixes.
I've found CoMaps actually has more features, like I was able to submit a new Place to OSM which wasn't possible in Organic Maps at the time I switched over. This discrepancy may not still be the case though as I haven't checked recently.
You have Google play services enabled only in private space outside of default profile? Just double checking because I’m interested to know if this works.
All I want is car GPS that is (not cloud connected) && (not 5 years out of date), OSMand should cover this, tho it takes quite a bit of work to get address search to work.
Music I like Finamp, but I like an iPod even better
Thing is Android Auto only interacts with google blessed devices, iirc device manufacturer has to pay license fee to support android auto. Android auto is not FOSS, I don’t think any automaker would allow their smartphone mirroring to work with rooted hardware that may not comply with safety regulations.
I did try that as a first solution. I found switching profiles to be pretty unusable. Having it all in a private space so that it's accessible from main profile was much more ergonomic but does come with some privacy downsides for sure.
why not use Youtube instead of Spotify? there are certainly open source Youtube apps
btw. Spotify really doesn't work without gapps? what a crap app then, I am using phones without gapps for 10+ years and only very few apps actually don't work without (usual suspects being anyone using gmaps) them despite warning shown
Vanadium annoyingly has no option to automatically delete history nor always use Incognito. It's one of the reminders that the project's main focus is security, not privacy.
The workaround to drag a shortcut to the New Incognito Tab intent is clunky as it launches a new tab each time
A lot of people use Brave, which has the features "forget me when I close this site" and "clear data on exit"
I have to wonder how this will impact their partnership with Motorola. Presumably, Motorola will have more difficulty if they're found not to be complying with relevant law...
I hope GrapheneOS isn't completely banking on their partnership succeeding. If Motorola devices ever became the only devices that GrapheneOS works on, and it's being done with Motorola's blessing, then it could be more easily legislated out of existence.
I hope you are allowed to operate in Canada Freely. If I am right, there is already something called Bill C-22, which is again a censorship and state level surveillance act under the guise of Child protection. Sooner or later Canada introduce this rule too.
Of course :^) I'm close to jumping ship to GrapheneOS, but as a Swedish resident I really need our digital id services, digital mailbox, and banking apps. I have seen their page on app support, but I am slightly afraid its not up to date / will break any time. I guess the solution is to use one banking android phone and one GrapheneOS for everyday use.
so what is going to happen? Will California issue slave catcher warrants for those who violate laws? will Free Stater sheriffs dispatch citizens on long haul flights to meet their fate in the Golden State?
But It would be nicer if they said
"If GrapheneOS devices can't be LEGALLY sold in a region due to their regulations, so be it"
keeping the door open for GrapheneOS to ensure it would still try to supply the residents of authoritarian hellholes with a secure OS, the same way that Signal has been quite open about how if they pull out of a country for legal reasons then they'll do all they can to ensure service is still avalable to users in such places.
Also: when they're partnering with manufacturers maybe they could get the manufacturers to guarantee that bootloaders on device sold everywhere (including in regions which ban freedom respecting software) will be unlocked, or if the manufactuer is banend from selling unlocked bootloader devices then make sure any bootloader locking is trivilally vulnerable to some means of easily achievable local bypass (shorting a pin or something which a user in posession of a device can do but which can't pose an atack surface for a remote adversary).
Unfortunately, it doesn't look like this is sufficient.
While I had great success with GrapheneOS in the past, bank apps in Brazil have started blocking it, even when the profile you run it under has Google services installed. So GrapheneOS (again, even with all Google Play Services and all other dependencies installed in a given profile) is still not completely transparent to apps.
This may be a coincidence (as I don't use it every day), but I noticed blocking started just as the recent Felca Law (which introduced mandatory age verification for every software, app and OS in Brazil) came into effect.
I appreciate the principled stand, but on the other hand the CA law only requires users to self-identify when setting up accounts (and then the OS will expose age to apps), that seems fairly toothless (though wrongheaded) compared to TX and UT wanting to scan photo IDs[1]
That's a very arrogant and hubristic statement. It'll come back to bite them in the ass when a government with a long enough arm forces them to retract such an absolute statement. Even if they genuinely believe that they will never do it, in the future it will be seen as a lie regardless.
the commitment to not requiring google play services is what makes this different from most privacy ROMs. the real question is whether the app ecosystem holds - banking apps and 2FA are always the pain point that pushes people back to stock android.
Good. It is time to get rid of those corporate lobbyists that try to sniff for user data and then write up corporate laws. I would not understand in the slightest why my computer should provide any information about myself to the outside world - so why is the law suddenly changed? Who, aside from Meta, is pushing for this? Clearly the "but but but protect the kids!" is the red herring here. The whole law could have been worded differently than it was - that was not "accidental".
On a google pixel? No thank you. Please come again when you run on jolla or some other ethical companiys hardware. I cannot buy a phone that will lead to google earning money.
192 comments
There are other things like this too in Android disabled on per-country. Japan has a camera shutter noise that cannot be disabled but this was a request by their carriers, apparently not a law, big discussion under this review: https://review.lineageos.org/c/LineageOS/android_frameworks_...
Anyway, how many times have you been recorded on a phone call by some faceless corporation, then wished you had a copy of the recording after they “reviewed” it then came to the opposite conclusion the recording should support?
(Check applicable state law, but it has been true everywhere I am aware of)
> Also, why is this the only scenario where they block the mic and camera? Locker rooms are apparently fine.
How would the phone detect that you're in a locker room? Even if it is possible, it seems very hard and likely error prone. Disabling call recording is easy.
> Japan has a camera shutter noise that cannot be disabled but this was a request by their carriers, apparently not a law
In some countries, regulation works in a way that the economy gets a chance to fix issues before the legislative needs to intervene. And with the Japanese and their massive issues with rampant sexual abuse... I get where that one came from, in addition to the two major phone brands not wanting to be associated with sexual abuse (which the last comment of the thread also references).
And personally, I do believe that this is the better way when forced with widespread ignorance of difficult to enforce laws - target the "accomplices" or "toolmakers".
But there are things locked out in the US I cannot get to. One of the things I've wanted to do for some years is turn on BeiDou reception, but it has a firmware geofence while inside CONUS. For Qualcomm devices there's no way that I've been able to find a way around this, it's not an opensource component. Just to preempt anyone saying it's because it's Chinese spywhere, Qualcomm/Tomtom engineers don't feel receive-only reception is a security risk (there's a report somewhere where military said the same, it's strictly a political prohibition): https://www.uscc.gov/sites/default/files/Research/Staff%20Re...
* Follow instructions to install graphene on their website: https://grapheneos.org/install/
* Set up a private space which will be used for google play services required apps (bank stuff, etc). Install google play and google play services in the private space. Do not install google play services on your main profile. Set the private space to lock after 5 mins of inactivity. Set up google play on a brand new google account. You'll need to provide a phone number during setup. I used my normal phone number, others who are more concerned about deanonymization could use rental phone numbers or other things. Install any apps into the private space.
* Try to install apps on your main profile, ideally open source, privacy respecting stuff. Some recent apps I've found that work great and replace google infested stuff - AntennaPod for podcasts, OrganicMaps for OSM maps, Obsidian for notetaking (google keep), KOReader for ebooks, Molly/Signal for messaging. Vanadium as the default browser works well, except it doesn't have adblock plus for youtube (it does some other ad blocking though and works fine).
Things I still don't have a great solution for:
* Android auto - I don't think it works from a private space due to auto locking. Still figuring this out
* Spotify - since it also needs to run in the background and I haven't found a better music replacement.
Overall graphene has been a far better experience and I like it much more, and feel more in control of my hardware.
newpipe or tubular for youtube. ive also been using freetube lately. its just the desktop ui ported to an android app so its not as good as newpipe, but im using syncthing to sync freetube's settings/subscriptions between desktop and mobile
comaps is better fork of organicmaps and has better people running it
the fossify apps are great for the basics, sms, phone/contacts, gallery, calculator etc
droidify is a nicer front end for the fdroid store imo
keepassdx for passwords
kde connect or localsend for one-off file transfers between devices, or syncthing for things you need to sync all the time
and hacki for hackernews!
but i mainly meant its better just because its more community based now
https://itsfoss.com/news/organic-maps-fork-comaps/
https://lwn.net/Articles/1024387/
>Set up google play on a brand new google account. You'll need to provide a phone number during setup. I used my normal phone number, others who are more concerned about deanonymization could use rental phone numbers or other things. Install any apps into the private space.
Or just use Aurora Store to install apps from the Play Store.
Versions of Google Maps newer than the last year or two also require it.
https://itsfoss.com/news/organic-maps-fork-comaps/
[1] https://grapheneos.org/usage#android-auto
All I want is car GPS that is (not cloud connected) && (not 5 years out of date), OSMand should cover this, tho it takes quite a bit of work to get address search to work.
Music I like Finamp, but I like an iPod even better
[1] https://grapheneos.org/usage#android-auto
btw. Spotify really doesn't work without gapps? what a crap app then, I am using phones without gapps for 10+ years and only very few apps actually don't work without (usual suspects being anyone using gmaps) them despite warning shown
> Set up a private space which will be used for google play services required apps (bank stuff, etc).
If all the apps (including GP+GPS) are sandboxed anyway, what's the point of doing this?
The workaround to drag a shortcut to the New Incognito Tab intent is clunky as it launches a new tab each time
A lot of people use Brave, which has the features "forget me when I close this site" and "clear data on exit"
I hope GrapheneOS isn't completely banking on their partnership succeeding. If Motorola devices ever became the only devices that GrapheneOS works on, and it's being done with Motorola's blessing, then it could be more easily legislated out of existence.
I'll rephrase here what I said there:
Well done GrapheneOS.
But It would be nicer if they said "If GrapheneOS devices can't be LEGALLY sold in a region due to their regulations, so be it" keeping the door open for GrapheneOS to ensure it would still try to supply the residents of authoritarian hellholes with a secure OS, the same way that Signal has been quite open about how if they pull out of a country for legal reasons then they'll do all they can to ensure service is still avalable to users in such places.
Also: when they're partnering with manufacturers maybe they could get the manufacturers to guarantee that bootloaders on device sold everywhere (including in regions which ban freedom respecting software) will be unlocked, or if the manufactuer is banend from selling unlocked bootloader devices then make sure any bootloader locking is trivilally vulnerable to some means of easily achievable local bypass (shorting a pin or something which a user in posession of a device can do but which can't pose an atack surface for a remote adversary).
While I had great success with GrapheneOS in the past, bank apps in Brazil have started blocking it, even when the profile you run it under has Google services installed. So GrapheneOS (again, even with all Google Play Services and all other dependencies installed in a given profile) is still not completely transparent to apps.
This may be a coincidence (as I don't use it every day), but I noticed blocking started just as the recent Felca Law (which introduced mandatory age verification for every software, app and OS in Brazil) came into effect.
1: https://www.tomshardware.com/software/operating-systems/cali...