Android Phone Project

For this project option, you will install a Google-free Android stack onto a phone supported by GrapheneOS, LineageOS, or LineageOS for microG. You will locate alternative ways to implement similar core functionality that does not require using Google-provided services, greatly improving the privacy of the phone.

Required Technology

To be able to complete this project successfully, you will need:

• An Android phone that you can repurpose for this project. Not all phones will work! Check device support for GrapheneOS, LineageOS, and DivestOS. Be sure your device isn’t end of life, as even these alternative systems cannot safely extend the life of a phone that the manufacturer has completely abandoned. You will also need to be able to unlock the phone’s bootloader, which might not be possible with some mobile carriers if you bought the phone from them.
• A computer system onto which you can install Android tools and any necessary phone-specific tools.
• A way to create and upload a video presentation showing your phone (second phone, video camera, webcam, etc.).

This project option is NOT recommended if:

• You have only one phone, unless you’re extremely adventurous and/or have some prior experience with third-party Android “ROMs” as they are typically known.
• You would have to spend a bunch of money to buy a new phone for the project. Of course, if doing this project is an excuse to replace your existing old phone with its cracked screen and missing buttons, then consider one of the newer Pixel phones supported by GrapheneOS. If you are buying a new phone anyway and intend to use it for this project, try to get an unlocked phone from a vendor other than your phone company. Be especially careful buying unlocked phones on Amazon: there have been instances of counterfeit products, and some US carriers will block international versions of otherwise supported models.

Background

In the United States, there are basically two realistic choices for a cell (mobile) phone: an Android phone or an iPhone. While a handful of companies do produce non-Android Linux phones, including Pine64 and Purism, these are niche market devices. In particular, US frequency band support can be a challenge with the PinePhone, and the Purism phones are quite expensive ($1,000 if manufactured overseas, $2,000 if manufactured domestically). There are some other projects to bring Linux to phones that originally shipped with Android, such as postmarketOS (which is based on Alpine Linux). Unfortunately, even with these efforts to develop alternatives, most users are stuck with Android or iOS as a practical matter for the time being.

Apple produces and controls iPhone devices, including both the hardware and the phone’s operating environment. While it is possible to “jailbreak” an iPhone and thereby escape the limitations of the App Store, not much community effort has been put into creating alternative operating environments for these devices. Instead, much of this effort has been devoted to Android devices, which follow a different development model. Instead of building the entire phone as an integrated piece of hardware and software, Google produces the Android system and then licenses it to various hardware manufacturers, who can make their own customizations and adjustments to the software. Google releases the source code for the base Android operating system as the Android Open Source Project, which in turn is used by various community developers to produce third-party operating environments. These third-party environments are colloquially called ROMs on sites like XDA Forums.

While some of these third-party environments are produced by individuals and released only through forum posts, there are a number of projects that have attracted communities of their own. Some of these projects include GrapheneOS, DivestOS, and LineageOS. Each of these projects has somewhat different goals in terms of security and device support, but all are ultimately based on the Android Open Source Project (commonly called AOSP).

On an Android phone, there is an important distinction between the parts of the operating environment that are provided by AOSP (and therefore by the third-party environments) and the parts that are proprietary Google applications. In particular, many Android apps make use of Google Play services, which are actually separate applications from Android itself. These applications are both proprietary and full of code that tracks users. Worse yet, since Google also controls Android development, these special Google-provided applications get special access to the underlying system that Android otherwise denies to third-party applications. These special privileges serve to enhance Google’s data collection efforts against the phone user. Meanwhile, some of the more interesting APIs available to app developers are provided by Play Services, encouraging those developers to build apps that depend on Google’s proprietary apps, helping to limit the competitiveness of third party app stores.

All that said, it is nevertheless possible to build an Android-based phone software stack that doesn’t contain or depend on Google services. The aforementioned third-party projects – GrapheneOS, DivestOS, and LineageOS – actually make the process relatively straightfoward on supported devices. As is the case with any community-supported open-source project, each one has its strengths and weaknesses. And, each one has its highly opinionated supporters and detractors. However, any of these third party environments will give the user greater overall privacy than stock Android, provided that Play services are either not installed or are properly isolated (possible only on GrapheneOS).

In addition to privacy, it is also important to mention security. GrapheneOS developers, in particular, are highly focused on device security to the point of developing a silo mentality. Some of them will argue against using the F-Droid open-source software repository, for example, since F-Droid uses the Linux distribution model of package signing instead of the (old) Play Store model. The developers of Signal even refused to allow a version of their otherwise open-source application to be released in F-Droid’s repository, citing the same reason, but then closed another bug report about their own weak signing key in a somewhat contradictory move. Moreover, Google is moving closer to a mandatory repository signing model, and the European Union’s Digital Markets Act is inching closer to requiring a more open app ecosystem where device vendors must support multiple app stores with different security models. Therefore, these arguments are largely noise in the greater scheme of things and are probably not much of a concern to anyone with a reasonable threat model. (And for those who believe it is possible to design for an unreasonable threat model, I have one word for you: Pegasus).

Speaking of signing and apps, one major difference between an Android phone with Google Play and one without is the means by which Android apps are installed. There are several choices of “app store” application that can be utilized with third-party, Google-free environments, including the aforementioned F-Droid and the Aurora Store. It is also possible to forego an application manager altogether and sideload apps from a computer using the Android Debug Bridge, although keeping apps updated will be much less convenient with this approach. Either way of installing apps is acceptable and represents a choice between the threat of a rogue app store and convenience. In any case, check the dates on which apps were last updated. Mobile apps have a tendency to be abandoned from time to time (both open-source and proprietary).

Project Requirements

A successful implementation of this project:

1. Is deployed directly on a mobile phone running GrapheneOS (if supported), DivestOS, or LineageOS. Google Pixel 5a and newer Pixel phones should use GrapheneOS.
2. Does NOT run Google Play Services or support the Play Store application at all if running DivestOS or LineageOS. GrapheneOS installations may have Google Play Services and the Play Store installed into a work profile or alternate user account.
3. Uses a non-synchronized local contacts/calendar database, synchronizes only to self-owned devices or services (such as DECSync, private Nextcloud instance, etc.), or synchronizes to a service provider located in an area with stronger privacy laws (such as the EU).
4. Provides an open source calendar application.
5. Provides an open source email application. Note that accessing CCU email requires using Office365 with Exchange ActiveSync, which is not well supported via open source email apps. Alternatives are to use a browser to access the Web version of Office365 on the phone or (on GrapheneOS devices only) to use a proprietary mail client in the work profile or alternate account.
6. Provides a local (non-cloud) password manager that is optionally synchronized with a private system.
7. Provides an open-source application for obtaining weather forecasts and related information.
8. Provides mapping and routing services using an open-source, offline application that doesn’t require cell service to work.
9. Has an open-source way to play music (via streaming, locally stored files, etc.).
10. Has an open-source way to watch Internet videos with improved privacy.

Completion of this project demonstrates the ability to integrate mobile software components to produce a custom operating environment for a cell phone.

Specific Rules for This Project

1. You must use third-party operating environment with an established track record: GrapheneOS, DivestOS, or LineageOS. While some random person might have a really cool ROM for your phone available as a forum download, there are security and privacy risks. Without a track record, how do you know the developer hasn’t included malware? What happens if that one developer decides to stop making updated ROMs for your phone? Sticking to an established project reduces – but does not entirely eliminate – these risks.
2. You must use open-source apps for the categories identified above. Sideloading a proprietary app does NOT satisfy the corresponding requirement.
3. The Play Store and Google services are only allowed if you are using GrapheneOS and then only in a work profile or separate user account. These services should not be running all the time on a privacy-oriented phone.

Academic Integrity Rules

1. Generally speaking, this project is to be completed INDIVIDUALLY. You may use any Internet source for research purposes, and you may share and receive information through the course forum activity (in fact, sharing information through the forum is a separate requirement of this course). However, you are to implement your own solution to this project and produce your own videos.
2. You MAY work with another student (or multiple other students) if each of you completes a SEPARATE project option in this course.
3. If you’re taking this course with your best friend, roommate, family member, or other close associate, it is advisable to choose separate projects to avoid any appearance of questionable activity. As a bonus, you both will learn more.

Milestones

Milestone 1

For Milestone 1, prepare a video presentation that covers the following items:

1. Identify and show the phone that will be used for this project.
2. State which mobile operating system will be used for the project (GrapheneOS, DivestOS, or LineageOS).
3. Explain how apps will be installed onto the phone after installing the OS.
4. Identify your choices of open-source apps for calendar, email, password manager, weather, mapping, music, and video.
5. Explain whether or not the phone will be synchronized to another system or to a cloud service, and identify the synchronization method to be used if applicable.
6. Explain how you plan to replace Google-provided applications (especially the Play Store). If using GrapheneOS, state whether or not you plan to configure sandboxed Play Services.

Before submitting, review the Grading Rubric for Milestone 1.

Milestone 2

For Milestone 2, prepare a video presentation that covers the following items:

1. Show that you have successfully installed GrapheneOS, DivestOS, or LineageOS to your phone.
2. Demonstrate the way that you can install apps on your newly installed phone WITHOUT using the Play Store app.
3. If you are synchronizing contacts and calendar information to another device or service, show how this synchronization is configured. Otherwise, state that your phone does not synchronize data.

Before submitting, review the Grading Rubric for Milestone 2.

Milestone 3

For Milestone 3, prepare a video presentation that covers the following items:

1. Explain which calendar application you chose to install.
2. Demonstrate that your phone calendar is working.
3. Explain which open-source email application you chose to install.
4. Demonstrate that your email application is working (note that you might need to use a non-CCU email address for this purpose).
5. Explain which password manager you chose to use.
6. Demonstrate that this password manager is installed. For security and privacy reasons, do NOT show any of the accounts or passwords you have stored in the password manager!
7. Explain which open-source weather app you chose to use.
8. Demonstrate that you can obtain weather information using an open-source weather app.

Before submitting, review the Grading Rubric for Milestone 3.

Milestone 4

For Milestone 4, prepare a video presentation that covers the following items:

1. Explain which mapping app you installed.
2. Demonstrate using the mapping app to get turn-by-turn directions. BE SAFE: You can demonstrate this functionality while walking. If you choose to demonstrate while driving, either have someone else do the actual driving, or at least take a second person along to make the recording.
3. Explain which music app you installed.
4. Demonstrate that you can listen to music using an open-source app.
5. Explain which Internet video app you installed.
6. Demonstrate that you can watch Internet videos using an open-source app.

Before submitting, review the Grading Rubric for Milestone 4.

Tips and Resources

• If you want to synchronize with a cloud service, look for a provider based in Europe, especially one with a strong privacy policy. Note that most providers that offer any semblance of privacy are paid services (since “free” services are really paid services, but the currency is your personal information). The DAVx5 project maintains a list of tested services, but not all these services are good for privacy.
• For self-owned synchronization of contacts and calendars, you could try DecSync, although a recent lack of development on it is concerning. Setting up a Nextcloud instance might be a better idea at the moment, but you will need to figure out how to make the instance available to your phone, either limiting synchronization to your home network or using a secure way (e.g. a VPN connection) to make the instance available over the Internet.
• An open-source password manager known to work on Android is KeePassDX. This manager is interoperable with KeePassXC on the desktop, and the database files can be synchronized privately using Syncthing.
• A good place to look for open-source Android apps is in the F-Droid repository.
• You can configure a work profile on GrapheneOS using the Shelter app.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.