this post was submitted on 19 Sep 2025

103 points (100.0% liked)

Privacy

42301 readers

758 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

103

Is there a phone I can buy that out the box is rooted, private, and does not install bloat apps? (lemmybefree.net)

submitted 2 weeks ago by LAN_Mower@lemmybefree.net to c/privacy@lemmy.ml

60 comments fedilink hide all child comments

I'm frustrated. I'm a long time fan of Motorola. Their phones have been pretty simple and easy to remove junk apps. Recently I got an update that forced perplexity on my phone.

top 50 comments

sorted by: hot top controversial new old

[–] AmbiguousProps@lemmy.today 22 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Do you need root? It's a big security risk, for multiple reasons.

You can always just get a used pixel (no further money to Google), and install a custom ROM that allows your bootloader to relock after installation. I personally prefer Graphene for this, but I believe Lineage also allows you to do so. They both have no bloat from the start, and GOS has sandboxed Google Play and Lineage has the ability to use microG iirc.

GOS can be installed via chromium based browsers, even from another phone. Security wise, there's nothing more secure at the moment.

[–] LAN_Mower@lemmybefree.net 3 points 2 weeks ago (2 children)

Why are pixels so popular for this?

[–] AmbiguousProps@lemmy.today 28 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Pixels are (currently) the only phones that allow for all of the following at once:

Proper verified boot
Bootloader unlocking (this is most important for any custom ROM installation, regardless of ROM)
Hardware memory tagging
Full hardware isolation
Hardware key attestation
Ability to disable USB data (and also USB entirely) at the hardware level
Everything else on this list

In short, it's simply because Pixel currently has the most hardware level security features of any Android phone (on top of bootloader unlocking), for now. The Graphene team is allegedly in talks with an OEM to produce a phone specifically designed for it, which may be just as or even more secure. Time will tell.

I feel the need to mention that I'm not trying to shill for Graphene and especially not Google. Depending on your threat model and goal, Lineage or similar might be just fine for you. I just don't think there's anything more secure than GOS at the moment, and if that is important to you, along with minimizing bloat, it's a great choice. I do highly recommend avoiding root and instead just get something that you can unlock the bootloader for, and then install a degoogled ROM. Just make sure you don't accidentally buy a permanently locked phone, make sure it says unlocked somewhere in the listing.

[–] LAN_Mower@lemmybefree.net 8 points 2 weeks ago

Great write up! Thank you!!

[–] Broken@lemmy.ml 3 points 2 weeks ago

I'm sure its in the link the other comment provided, but I'll call out that you not only can unlock your bootloader to install your OS but you can relock it so nothing can install anything afterwards.

So if your phone is ever not in your possession you can be sure that nobody installed anything. Also keeps your phone safe from malware (at root level).

[–] Ulrich@feddit.org 20 points 2 weeks ago (1 children)

Recently I got an update that forced perplexity on my phone.

Fuck me, that's infuriating.

What country are you in? Murena sells Fairphones in the US.

Other than that, I know this isn't what you asked for but GrapheneOS can be installed from the browser on your computer....

[–] LAN_Mower@lemmybefree.net 1 points 2 weeks ago (1 children)

USA

[–] Ulrich@feddit.org 5 points 2 weeks ago

There ya go, Murena is probably your best bet.

Looks like they have a few devices, actually

https://murena.com/products/smartphones/

[–] SwooshBakery624@programming.dev 17 points 2 weeks ago (2 children)

rooted

Root is always a security risk, you really should not. (GrapheneOS comment (on Reddit) about rooting.)

out the box

None, probably. Refer to Bootloader Unlock Wall of Shame instead to check which companies do not restrict bootloader unlocking. See here for a list of devices where the bootloader can be locked with custom AVB Keys.

[–] jeff_hykin@lemmy.world 18 points 2 weeks ago (2 children)

security risk

All those rooted concerns are true for desktop Linux / MacOS, and they still ship with sudo. If I can't rm -rf the root partition then its not really my device.

The bootloader wall of shame is nice.

[–] AmbiguousProps@lemmy.today 13 points 2 weeks ago* (last edited 2 weeks ago) (7 children)

Android does not have the same security model as desktop Linux. I made a comment about this above (which you probably can't see due to .world being defederated with who I replied to), but if you don't want to go to my comment history, it's summed up as three or so main issues.

Rooting breaks OTA updates since it modifies your partition hash, meaning rooted users tend to leave security holes open way too long. Android does not have a package manager for you to be able to update these issues individually.

Android does not expect users to have root access, so they do not even consider it in the design. Android sandboxes apps, and apps can only generally have permissions that you grant, with no direct access to the kernel. However, rooting adds an entirely new attack surface for which there are no protections whatsoever. Desktop Linux, on the other hand, does expect users to need root level access from time to time. That's what sudo is for, but you should not confuse this with switching your user entirely to root and doing everything as root. There's a reason that's not recommended on Linux: it's dangerous. The same thing applies to Android. On top of that, Linux has other tools and protections designed to make running as sudoer safer, and Android has none.

Finally, it breaks your ability to use proper verified boot. If your system partions silently get malware installed, there's generally no way for a user with a rooted phone to notice. Verified boot protects against this, but because rooting (along with whatever else you're running as root) changes your partition hashes, it will either stop booting or revert your changes.

If mobile Linux ever takes off, it will likely be very similar to desktop Linux and be designed with root in mind.

[–] planish@sh.itjust.works 5 points 2 weeks ago (1 children)

Touching the system partition isn't the only thing one would do with root. And if the ROM ships su in the ROM, there's no problem of being out of sync with upstream or even not passing boot verification.

It does open up an attack surface against the app that provides the UI to gate root access. But that has to be considered against the "availability" arm of the security triad.

[–] AmbiguousProps@lemmy.today 1 points 2 weeks ago

Regarding the system partion and verified boot, it's the fact that it isn't the only thing one would do with root that breaks verified boot. You totally could package su in the ROM and ship it, but if a user installs something else to the system with it, it is very likely that the verified boot hash would change, unless I'm missing something.

load more comments (6 replies)

load more comments (1 replies)

[–] MonkderVierte@lemmy.zip 2 points 2 weeks ago* (last edited 2 weeks ago)

[–] cerebralhawks@lemmy.dbzer0.com 12 points 2 weeks ago (6 children)

That’s what OnePlus, Nothing, and FairPhone are supposed to be about.

For privacy, I like my iPhone, but I can’t really recommend them anymore. Even with “Apple Intelligence” the keyboard is hilariously terrible. It gets a few things right and I’m wondering more and more if the ecosystem is worth it. But throwing money at Google somehow seems worse.

[–] OhtoAiReal@programming.dev 6 points 2 weeks ago (1 children)

Sadly, we've lost Calyx till Febuary. Fairphone 5 with Calyx is the ultimate private phone. You can also get any Google device and flash Graphene.

[–] icelimit@lemmy.ml 4 points 2 weeks ago (1 children)

Wdym until February?

[–] midtsveen@lemmy.wtf 5 points 2 weeks ago

https://calyxos.org/news/2025/08/01/a-letter-to-our-community/ 💟

[–] Kirk@startrek.website 5 points 2 weeks ago (1 children)

That’s what OnePlus, Nothing, and FairPhone are supposed to be about.

It seems that you're implying they're not? Could you expand?

[–] monovergent@lemmy.ml 12 points 2 weeks ago (1 children)

OnePlus originally had really nice enthusiast features and support for the CyanogenMod ROM. Now it's just another manufacturer of corporate-safe glass-and-metal slabs while the soul of CyanogenMod lives on in LineageOS.

Carl Pei left OnePlus and put together Nothing. Nothing is a bit closer to what OnePlus was supposed to be, but they still leave much to be desired. They went all the way to implement a detachable back on the CMF phone, but the battery is still sealed inside. Absolutely no advantage compared to manufacturers like Google in terms of the third-party ROM experience.

FairPhone is the best of the bunch, but their priorities don't necessarily match those of the community (i.e. security concerns, loss of audio jack and USB 3.0 on the FP6)

[–] alkaliv2@lemmy.world 3 points 2 weeks ago (1 children)

You noted on the phone hardware but not the software so I'll comment on that. Recently OnePlus has announced as of Android 16 that they will restrict bootloader unlocking to only those who fill out an application.

Nothing Phone 3 and all prior Nothing phone bootloader are still unlockable to this day with no call to restrict it. I would know, I have a Nothing Phone 3 running Shizuku and am waiting for Google to move Play Integrity off of its Kanban board so I can root again. Their forums have a strong development presence and as far as I'm concerned this is the one of the last good holdouts on this new restriction standard.

Pixel was the de facto standard for unlocked bootloaders. However, Google is the core of the "registered developers only" movement for their phones, killing sideloading and removing Pixel images from the development models in AOSP. I no longer support new Pixels (certain used ones are still good, don't get the 6 series though they are BAD).

[–] pandorabox@lemmy.world 2 points 1 week ago

Oooo ill check out the nothing phone! Thanks for tips!

[–] Thedogdrinkscoffee@lemmy.ca 2 points 2 weeks ago (2 children)

Why is Fairphone no bueno?

[–] neon_nova@lemmy.dbzer0.com 3 points 2 weeks ago

I don’t have one, but I think they are overpriced for the specs you get.

Their goal is sustainability, but the outdated specs means I’d probably upgrade more frequently than I would with an iPhone where I can upgrade less often.

[–] cerebralhawks@lemmy.dbzer0.com 1 points 2 weeks ago

Didn’t say it was. I said that was the idea behind them. I’ve never used a phone from any of those three.

load more comments (3 replies)

[–] dink@lemmy.world 11 points 2 weeks ago (1 children)

Buy Pixel 9a (great value among new, 120Hz smartphones)
Activate, setup service
Unlock bootloader
Install grapheneos using their install guide
Lock bootloader

Good budget(ish) switch to get a good phone, privacy, security, and AOSP experience.

[–] JamesBoeing737MAX@sopuli.xyz 4 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Great value my ass, I can barely get a used pixel 8a for 300€ in the EU. Redmi 4x from 2017 costed 160€ new and had all the features of phones at the time (except NFC). I'm still considering a pixel just for GrapheneOS, just because it's that good compared to LOS, I use on the Redmi.

[–] LAN_Mower@lemmybefree.net 6 points 2 weeks ago

I'm sure it's a good value for some. I just use the super budget phones. They work fine and have more stats than I ever need.

[–] utopiah@lemmy.ml 9 points 2 weeks ago (1 children)

Have a CMF1 from Murena for few months now, pretty happy with it. 350EUR with unlocked bootloader and rooted, used it as daily driver since day one. Transition from iOS was surprisingly painless.

[–] solrize@lemmy.ml 7 points 2 weeks ago (2 children)

Less expensive than I expected, but no headphone jack, no SD slot, comes with /e/OS.

In the end any mobile phone is inherently privacy invasive because of tracking by the cellular carrier, and the unending security bugs in the software. It's hard to do much about this.

[–] utopiah@lemmy.ml 2 points 2 weeks ago

no headphone jack, no SD slot, comes with /e/OS.

I personally didn't need jack but I understand it might be problematic for some. If you create music for example you might not want the latency but for that I have a dedicated PBG-1 (OSHW grove box) which does have jack. FWIW there are USB-jack adapters.
it has an SD slot, I have a .5To inside
comes with /e/OS was the point for me. I wanted a deGoogle Android without any tinkering. If you don't want that though you can buy straight from CMF but I don't know with what ROM they will ship.

In the end any mobile phone is inherently privacy invasive because of tracking by the cellular carrier, and the unending security bugs in the software. It’s hard to do much about this.

if you don't trust cellular carriers you can setup your own network, e.g. https://www.crowdsupply.com/ukama/ukama but... yeah that's a bit demanding and obviously nobody else will connect to it. You can use eSIM but still have to trust the resulting carrier. You can rely on WiFi only but same, trust the ISP or encrypt everything you can, have your own VPN elsewhere and hope you can go through deep pack inspection
on bugs in software... but I like https://www.crowdsupply.com/sutajio-kosagi/precursor is exploring the idea, pragmatically, of verifying the whole stack, hardware included, but it doesn't go to mobile packed. One could consider this with simpler modem equivalent, e.g. LoraWAN, but with the obvious bandwidth limitation. None of that removes bugs but if the entire stack is verifiable at least it's about genuine bug, not backdoors.

[–] bilb@lemmy.ml 1 points 2 weeks ago

A headphone jack is just another attack vector! Use your head!!!

[–] anon5621@lemmy.ml 7 points 2 weeks ago

None currently ,closest is pixel with for now easy unlockable bootloader

[–] gravitywell@sh.itjust.works 7 points 2 weeks ago

Consider if you truly need root on your device because its more of a risk then a benefit in most cases these days. Most features that used to require root no longer do or have more secure alternatives

Another consideration is that while you can buy a phone with grapheneos preinstalled, it's much better if you take the time to do the web install yourself because anyone selling preinstalled phones could potentially be a honeypot.

Pixels don't include bloat other than google, installing grapheneos is a simple and easy process you can do from your browser, unfortunately that's about the only truely secure option available currently any other devices (ie fairphone) will be a trade off of less/slower security updates and/or lack of ability to relock the bootloader.

[–] OhtoAiReal@programming.dev 5 points 2 weeks ago

Very unorthadox suggestion, but those Vollaphones can come with Ubuntu Touch pre-installed. Best UI experience I had with a phone was an Ubuntu Touch. Pinephones also come with a Linux phone distro.

[–] PrincessCory@lemmy.wtf 5 points 2 weeks ago (1 children)

Graphine os, am not sure if its rooted.. But eather way i think its the best one for privacy.

[–] jet@hackertalks.com 6 points 2 weeks ago* (last edited 2 weeks ago)

It is not rooted, that would break the GOS security model

[–] comrade_twisty@feddit.org 3 points 2 weeks ago

Fairphone

[–] DieserTypMatthias@lemmy.ml 2 points 2 weeks ago (1 children)

Rooted

Why would you do that?

[–] LAN_Mower@lemmybefree.net 4 points 2 weeks ago (1 children)

I may have terms mixed up. I want to be able to have full control of any software.

load more comments (1 replies)

[–] xzot746@sh.itjust.works 2 points 2 weeks ago (1 children)

Brax phone, braxtech.net.

They are focused on privacy and no bloat. I don't have one but will be getting one when my phone needs replacing.

load more comments (1 replies)

[–] golden_zealot@lemmy.ml 2 points 2 weeks ago

With this question asked, I'd like to build on it and ask what options exists outside the realm of google given their recent bullshit.

For those who know, tell me about the pine phone, fair phone, anything else like this.

When google fucks shit up in the near future, I would very much like to hold on to the ability to side-load apps using obtainium and f-droid indefinitely. Are the pine phone/ fair phone reasonable for this? What pros and cons am I looking at?

[–] ironhydroxide@sh.itjust.works 2 points 2 weeks ago

I bought a refurbished pixel with e/os already installed. Only apps pre installed were murena's small suite. Notes, app lounge, etc. minimal "bloat"

load more comments