No Dark Magic

books, Sweden, and computers, not necessarily in any order

Degoogling, Swedish Style

Posted at — Aug 21, 2020

It took me way more time to find a way to degoogle my phone than to put it into practice, so I’d like to share some notes and experiences of doing it.

The Long Game / Email and Registrations

Actually, the process had started way before a phone. The most deeply ingrained google thing I’ve ever had was Gmail. I got an account back when it required an invite, and tied 90% of my online registrations to it. Untangling that took some time.

In order to not have to do this ever again, I purchased a domain and a subscription to an email service (FastMail). Since all my registrations are tied to my own domain now, I can move away from FastMail without all the pain it took me with Gmail. And one day I will, since FastMail’s privacy policy is not the best.

I worked in batches, looking through the emails labeled 'registration' (which I had put on everything since the beginning of my Gmail) and deciding whether I still need this particular registration or not. After I was done, I still let Gmail run for two years, checking periodically if it got any new mail. It did, but not much. After I was sure nothing important would ever come that way, I downloaded my ‘Google Takeout’ (all the data they collected about/from me over the years) and deleted the account. Google does not reuse the addresses, so there’s no danger of anybody registering the same address again and acting as an impostor of mine.

Migrating the existing emails (with all the attachments) into FastMail was very straightforward. The only gripe I had was that FastMail did not have labels back then, so for every Gmail label I got a separate folder in FastMail.

Now I have virtually endless email addresses and can see who lost/sold my data. For somesite.com I use somesite@mydomain.com address during the registration. This sometimes confuses clerks or customer support (“Why do you have the name of our company in your email address? Do you work here?”), but it’s easy to smooth that out with something along the lines of “ah, it’s okay, I work with computers, it’s my weird spam protection”.

The Phone Game / Device and Operating System

Some of the available animated icons for the fingerprint detector

There are alternative operating systems out there, but they don’t run just on any phone. The eternal “What currently supported device should I get” topic on r/LineageOS subreddit is there for a reason, and making assumptions like “well, these two phones are surely similar enough” can be costly.

While LineageOS is very well-supported for an alternative operating system, it is not necessarily an easy choice if you want a phone free from google.[1] The solution for that is MicroG, but it requires a particular patch to work, and LineageOS people have made it very clear they won’t ever include it.

Luckily, there are automated builds of a forked LineageOS which does have that patch. Unluckily, for my phone those automated builds did not exist despite it being supported by LineageOS.

And that’s how I ended up with crDroid.[2]

I haven’t had any issues with this operating system: the battery life is good, and the amount of customization is utterly enjoyable. Choosing the animation for the fingerprint detector was not necessary, but I have to admit, it made me happy. It reminded me of the time when I switched to Linux and realized I can configure pretty much everything.

The App Game / Replacements and Workarounds

What I use from f-droid store:

  • andOTP — two-factor authorization

  • AnkiDroid — spaced repetition system, aka flash-cards on scientific steroids

  • AntennaPod — best podcast manager I’ve tried

  • Bromite — tracking-free browser, unfortunately Chromium-based. Killer feature: allows anonymous tabs by default (even when opening links from another app). Strictly speaking, it’s not in the f-droid store, but it is after the repository is added manually

  • FairMail — email client, can handle multiple inboxes, and allows to modify the 'from' field. Highly customizable and neat. Tried it after two weeks with K-9 Mail and never looked back. For example, unlike K-9, it allows me to specify the ‘From’ email address (of which I have infinite, see the beginning of the post)

  • Jitsi Meet — video calls without tracking, registration, etc

  • NewPipe — youtube client with features like “just give me the audio and let me turn off my screen” and without ads. Unfortunately, I’ve had some crashes with it, but just retrying what I was doing usually helped. Update: the secret is to add NewPipe team’s own F-Droid repository and get updates from there. Crashes go away if you stay updated.

  • Noice — background sound generator: overlays things like rain, fire, white noise, water stream, etc with the chosen volume for each component

  • S. Notes — encrypted notes

  • Syncthing — peer-to-peer file synchronization for backing up phone photos to my computer and alike

  • Telegram — messenger

  • TimerDroid — a timer app, a bit crude, but lets me run multiple timers in parallel and to put big fat widgets with a predefined timer length on the homescreen

Sweden-specific:

  • Riksdagskollen — surprisingly beautiful app with the news from the Swedish parliament

  • Transportr — public transport routes, not only for Stockholm, and not only for Sweden. It does not replace the dedicated apps from the companies that actually run public transport in your region because you can’t purchase tickets in it, but it finds the routes

What I use or tried from Aurora store:[3]

  • Magic Earth — maps and navigation with no trackers. I like the navigation more than that of google maps, but the time estimates are sometimes too big, and I find previewing the route a bit cumbersome

  • Netflix — tv-shows and movies

  • Tidal — music, like spotify

  • Signal — messenger

Sweden-specific:

  • BankID — signatures and authentication for all the Swedish things. When it’s started, it shows a message “BankID won’t run without Google Play services, which are not supported by your device”. Tap ‘OK’ on the message, and the app works just fine (also with the QR-code thing)

  • Biblio — e-books and audiobooks from the library

  • Kivra — e-mail and bills from the authorities and some companies

  • Länsförsäkringar — banking, insurances, and so on

  • Nordea Mobile — banking

  • Postnord — tracking letters and parcels. Works except for showing the map

  • SVT Play — swedish television and archives

  • Swish — payments

The problem with apps from Aurora store is that most of them have built-in trackers. There’s a new sheriff in town though, called Warden. It requires root and tries to disable the trackers like Google Analytics in the apps. Does it actually do it? For all of them? I don’t know. There’s a line somewhere between acceptable privacy and acceptable inconvenience, and for me currently that line is beyond not having a BankID.[4]

What I couldn’t find a replacement for (yet):

Overall impressions after a month

When I was done installing all the things, the experience was very smooth. I don’t miss the pre-installed apps that can’t be removed or the bloat of google play services. Even notifications work. Camera, wi-fi, bluetooth, microphone work as well.

Every day there’s a possibility that all this will stop working. The developers of the operating system might move on. One of the banking apps might introduce a deeper check for the phone being rooted, one which Magisk won’t be able to counteract. I just might brick the phone myself with a clumsy update attempt. Google might roll out yet another ‘security measure’ which will result in BankID not working ever again or notifications being finally broken for good. Shit happens, and usually it doesn’t make the lives of the privacy-aware open source developers easier. But for now they’re still out there, working. Answering stupid questions on the forums. Coming up with yet another hack that lets you run the software you want on the hardware you bought. A thousand thanks to each of them. And good luck.

Update after half a year

The phone still works. The issues I’ve encountered:

  • NewPipe crashes — fixed now, see update above in the list of applications

  • camera blackouts — one time out of 20 or 30, when I start the camera, the preview is black. It still takes the photo, it’s just impossible to know what will be in it until after the fact. Closing and opening the camera app does not help, and so far I haven’t investigated other options

  • scanning in Swish and Nordea apps — while scanning a QR code works fine in the BankID app, reading a QR code for a Swish payment or scanning a faktura with Nordea’s app just plain does not work. I haven’t investigated any solutions yet

  • updates from Aurora Store stopped working at some point, fixed by Settings → Network → Enable custom tokenizer.

Next up

Now that the phone works, I’m planning to somehow fix my music library. While streaming services are nice for discovery of new music, they might at any point go out of business, or lose a contract with a particular label, or raise prices — so, one way or another cut me off from my library. I haven’t solved this yet, but this post by Tom MacWright looks interesting.

Appendix: the nitty-gritty of the installation steps

I’ve done this on two phones, one for me and one for a friend, OnePlus 6 and OnePlus 7 Pro (OnePlus 7 would not work for this whole enterprise, by the way).

Steps for OnePlus 6

First, on a computer:

On the phone:

  • Settings → several taps on 'Build number' until the “You are now a developer” message pops up

  • Settings → Developer options → set OEM unlocking to on, Advanced reboot to On, USB debugging to On

  • long press on the power button → reboot to bootloader

Back to the computer:

  • connect the phone via USB cable

  • sudo fastboot oem unlock

On the phone:

  • use volume buttons to select, and power button to confirm the unlocking of the bootloader. The phone will wipe itself from all the data and reboot.

  • set up the phone (but not too much — we’re about to install a different OS on it. The important thing is to connect it to the internet, e.g. via WiFi)

  • ensure the phone has the latest OxygenOS

  • Settings → several taps on 'Build number' until the “You are now a developer” message pops up

  • Settings → Developer options → Advanced reboot to On

  • long press on the power button → reboot to bootloader

Back to the computer:

  • sudo fastboot boot twrp…​.img (the .img file, one of the two downloaded from TWRP)

On the phone:

  • swipe to allow modifications

On the computer:

  • sudo adb push twrp-installer…​.zip /sdcard/ (put the .zip file, one of the two downloaded from TWRP, to the phone’s memory)

    • this didn’t work the first time (insufficient permissions for device), the internet advised installing android-udev which did nothing; but sudo adb kill-server followed by sudo adb start-server helped

On the phone:

  • (in TWRP) Install → select the twrp-installer…​.zip file

  • swipe to confirm flash

  • agreed to install the official TWRP app as a system app (which was probably pointless, see “the most useful comment” below)

  • Wipe → swidpe to factory reset → Back

On the computer:

  • sudo adb push crdroid…​.zip /sdcard

On the phone (here I’ve made a mistake but recovered; to avoid making the mistake, see “the most useful comment” below):

  • Install → select the crdroid…​.zip file → swipe to confirm flash (it said “flashing a/b zip to inactive slot: B”)

  • Reboot → Recovery. OxygenOS recovery booted with a menu of choices. I chose Advanced → Reboot to bootloader, and re-flashed TWRP and crDroid:

    • sudo fastboot boot twrp…​.img

    • (twrp) Install → select twrp-installer…​.zip → swipe to confirm flash

    • Reboot → Recovery

    • Install → select crdroid…​.zip → swipe to confirm flash (it said “flashing a/b zip to inactive slot: A”)

    • Install → select twrp-installer…​.zip → swipe to confirm flash

    • Reboot → Recovery

    • Reboot → System. crDroid booted at this point.

On the computer:

  • adb reboot recovery

  • adb push MinMicroG-NoGoolag…​.zip /sdcard/

On the phone:

  • in TWRP, Install → select the MinMicroG-NoGoolag…​.zip file → swipe to confirm flash

  • Reboot → System (I can’t say if it was necessary at this point, I just wanted to verify I can still boot)

On the computer:

  • adb reboot recovery

  • adb push Magisk…​.zip /sdcard/

On the phone:

  • in TWRP, Install → select the Magisk…​.zip file → swipe to confirm flash

  • Reboot → System

  • when crDroid boots, open the app ‘microG Settings’ and go to Self-Check

  • tap on ‘System grants signature spoofing permission” → Allow

  • reboot.

Unbrick a OnePlus

Before I figured out which of the plethora of tools and alternatives I need and what is the approximately correct sequence of applying them, I have gone down some dead ends, which resulted in bricking the phone. There is an unbricking tool out there, but I haven’t found a way to run it on Linux. Luckily, I had access to a Windows laptop. The tool is called ‘MSM Download tool’ and requires some fiddling with the phone to get going (holding down the physical buttons on the phone while plugging the USB cable in). It, of course, wipes everything.

The most useful comment

There are many sets of instructions on how to install this or that part of the stack required to get a somewhat-google-free flavor of Android on a phone. Many of them mentioned rebooting and slots, but I couldn’t make heads or tails of it; at some point the reboots started looking to me like a ritual dance. Then, after having finished the installation, I stumbled upon this comment on the XDA forum, which finally made me realize what’s going on:

So the way A/B works is when you initially get the device and it has software on it which is typically located in Slot A. So out of the box you have OOS 10.0.3 on slot A and after you’ve had it on for a minute it tells you there’s an OTA update. After the download finishes and you see it finish installing the files it is ready to boot you into Slot B where the newest files are. The phone reboots and next time boots into the latest version of the update on slot B. They do this so if there is a corrupted update you aren’t stuck with a busted phone; it can fall back to partition A and wait out the next update simply overwriting the last failed update files.

TWRP handles this the same way whether you are doing an OOS install or an install of CrDroid. You reboot to recovery, you flash the ROM zip (and re-flash TWRP because typically the software overwrites the boot parititon) and then you reboot to recovery so you actually are on the slot that you just installed CrDroid to. This is why it is so important to reboot because CrDroid has you use opengapps. Opengapps script flashes to whatever partition you are currently on in TWRP. That means if you are coming from an old version of CrDroid and flashing a new one it’s going to install Gapps over the old build and not the new one. So rebooting to recovery after installing the ROM always boots you to the latest build where you can easily flash Gapps, TWRP, Magisk, or anything else you want to be on the latest build.

This is also why it is critical to install OOS to both slots before coming to AOSP ROMs because both partitions need to have the same important files from OOS on them in place before flashing CrDroid or any other **ROM on the OP7P. If you flash the same OOS build to both slots you’ve created the foundation needed to continuously install CrDroid OTA updates because no matter which slot you install CrDroid to and boot into the same good foundational OOS files are already there.

The last typical mistake that people make is not following OP’s directions on which version of OOS to use. People use Open Betas, latest stable releases before the Dev is able to pull in the blobs and incompatibilities can exist between the vendor/blob files of 10.3.4 and CrDroid if he hadn’t implemented the new blobs (he has now so this example isn’t relevant). Open Betas often see large changes to the blobs because they are experimental builds and so the blobs could be wildly different from what these custom ROMs expect that use stable OOS as a base (the same reason many custom kernels tell you they don’t support Open Betas). For a short while, when Omni was still being updated and shared here, people were flashing Open Betas and experiencing issues on OmniROM and the Dev basically told them Open Betas are not supported. Is there a massive difference between 10.3.3 and 10.3.4? The only person that knows that is the Dev but if he is saying use stable 10.X.X that’s what you should use until he says otherwise. No matter how satisfying it is to have the latest and greatest build OOS build.

So hopefully that answered your question(s). I’ve done this a long time, since the original Pixel started doing A/B partitions, and it does require some digging to find out why things are the way they are. On XDA it is highly encouraged that you learn while you are here and help others from an informed standpoint. Unfortunately this isn’t reddit and we can’t downvote bad advice into oblivion. If you still have questions about A/B googling some should get you all you need to know. If you want specific questions about this ROM then the Dev, the OP and the search tool are your best friend when it comes to making sure your phone will work exactly how it should when moving to a custom ROM.

**The exception to this is Unofficial/Official LineageOS but that is because they reverse engineered their own vendor file for this phone and it gets installed for you when you flash the zip so OOS is not needed on LineageOS.

Assorted links

1. it seems to be possible, but I chose a different route.
2. of course, first I tried to make my own build, which required hundreds of GB of disk space and some fiddling with docker — but that didn’t work, and the thought of updates made my brain hurt in a very special “I’m too old for this” way.
3. yalp is often mentioned as an alternative but the project looks dead.
4. there used to be a version of BankID that ran on Linux, but of course not anymore.

There is no comments section, but if you'd like to give feedback or ask questions about this post, please contact me.