This weekend I did something I planned to do for more than a year already. I got rid of the stock ROM on my smartphone and I highly recommend everyone else to do this as well, and a lot earlier than me.
First of all my Android setup was quite minimal from the beginning. When I bought my phone it was basically plain Google Android with the Motorola tools installed. Not cluttered with OEM apps like Facebook or similar, that some other smartphone vendors do. This is maybe the reason why I stayed with my old setup for so long. It was fine, it looked clean and it worked.
Since this phone is my daily driver, a not working phone would be a big problem for me. I was always suspicious about running a custom ROM on it. Would that work out?
A few days ago I installed an app called Blokada from F-Droid. This app works like a lot of non-root traffic modifying apps, by just run a VPN on the loopback device and filter traffic that passes through this VPN. Blokada is an adblocker, it just provides a collection of block lists and then shows a counter of how many requests were blocked. After looking at this counter for 1 day, I decided to definitely flash my phone. With all my conservative app choices and focus on privacy, I came to around 30 apps that were not from F-Droid or system apps. But Blokada blocked more than 10000 requests within the first 24 hours.
Why /e/? Why not LineageOS
LineageOS would be the classic go-to solution for a Google Android alternative. It’s also an Android version, but removed most links to Google which makes it a lot friendlier in terms of privacy. But I was quite unlucky. LineageOS cleaned up their builds for ROMs in November. Lots of builds for older systems or without maintainers where purged, including the builds for my phone. I basically waited too long to use it.
The good news is: /e/ still supports it and, as a fork, is quite close to LineageOS. Also, I was really interested in their concept which tries to be a more privacy-friendly Google Android alternative including all kind of convenience that users might know from Google Android but by removing a lot of ad-based revenue models. All in all, a quite interesting idea, why not try it? They also have a build for my device and say it works without problems, so go for it!
Well, not much to say about flashing it. To make sure things work as expected, I consulted a friend of mine who is a bit experimental with his smartphone so he’s familiar with flashing ROMs. We met and sat down, created a final backup of my phone’s data, especially Signal, and he told me some pitfalls he noticed during his experimenting. Like it’s better to disable the registration lock in Signal, as in worst case you end up with a whole week without being able to use it. All in all, great, we did all the preparation and went for the regular flashing process.
Following their documentation, which is either a modified copy of the LineageOS documentation for flashing phones, this worked exactly as documented.
But I learned some lessons: When you unlock the bootloader of your Motorola you need your Motorola account. When you used your phone to sign up for one, it’ll probably be the Google account you used on your phone. When you are serious about security, as I am, you’ll use MFA means for example TOTP to secure your Google Account and those tokens are generated on your phone. I guess you see the problem. Restarting, getting the token, login, restart, unlocking the bootloader. For the next time, just log in before you reboot.
All in all, things worked out. Flashing the TWRP image, booting into recovery, wiping the data, copying the /e/ image, installing it and booting.
Setup /e/ and getting started
A regular boot screen comes up, quite nice from a design perspective. After the boot logo is gone, a setup guide greets you, asks you some details and finally asks you to optionally sign in to your /e/ account. I don’t have one, so let’s go without. Looking at the default screen it looked quite nice, they provide Signal as default SMS app which made me a bit nervous as you have to have your backup in place before you start Signal for the first time. I copied the backup to the device following the official restore instructions and then reset the app data of Signal, force stopped the app, just to be sure, and started it for the first time. The restore worked smoothly as written in the documentation and messages as well as all conversations + conversation keys were restored. No breaking conversation keys for my contacts, great!
Anyway, back to the first impression. After restoring my messages I came up with the question: How to install apps? There was no sign of an “app store”. Now I read that in future version there will be the so called privacy store, but for now I simply had to get F-Droid and install it. That was the first moment where the system felt a bit itchy. Also, I missed my sorted app list in the launcher since this is super nice to find everything, this way I fiddled around in the settings to realize the missing app store.
F-Droid was installed now and I went to install my usual apps. My friend then mentioned that
fakestore was installed and should allow F-Droid to install apps without the need to ask for permission all the time. While this additional click isn’t a big problem for me, I would, of course, love to get rid of it, but somehow I didn’t get it working yet.
With all this done, now I only needed some apps from Google Play. Let’s installed the “Yalp store” from F-Droid to install those. Again, some fiddling around in the settings and things worked as expected.
Now it was time to setup all the installed apps. Starting with OpenKeychain and AndOTP to get my OTP tokens to sign in to all the services, like Nextcloud, Mastodon, and all the other apps afterwards. But before I copy such sensitive information over to the new device I wanted to double-check the disk encryption.
Setting up disk encryption
As the title of this section indicates, and that was a real bummer for me, the disk encryption was not enabled by default. I wanted to enable it but my phone told me that it can’t do this until it’s plugged in and almost 100% charged. Maybe that’s the reason why it wasn’t encrypted from the beginning, I wasn’t home at that time and so, of course, my phone was neither charging nor around with 100% battery. I had to wait until I was home before I could continue with the disk encryption and everything that is related to store sensitive data on the device.
Actually, I’m really unhappy about the missing encryption as I already restored my Signal backup onto this device. And charging this phone takes its time. Time to write this part of this blog article.
Back to work! Let’s be productive
Once I made it charge my phone to more than 90% I was able to start the disk encryption and continue my setup procedure. With all the apps installed, I needed to get my setup running which means, in this case, to re-enable TOTP first and therefore I needed OpenKeychain. OpenKeychain manages my OpenPGP keys which I use to encrypt and sign my TOTP backups with.
With the private key exported, copied to the smartphone, imported into OpenKeychain and there unlocked then, I could copy my AndOTP backup to my phone and import it. Now things got forward quite fast. Setting up Bitwarden and Passwordstore for my login credentials, setting up Nextcloud, E-mail and Contacts. Here /e/ surprised me in a positive way. Their default mail app is a modified version of K9 mail which has a material style which looks really pretty compared to the original. They also ship DAVdroid (now known as DAVx⁵) for CardDav and CalDav integration.
With Mail, contacts, calendar, and data in place, things became already productive. Basically, I was already able to work again. Great!
The good, the bad, the ugly
With my basic setup provided and all needed applications in place, I could add my convenience apps, means apps of services I like, that help me with some tasks or similar. Since most of my applications are from F-Droid they simply were downloaded, log in (if needed), and use it. Simple, easy, nice and smooth. But of course, there are things I don’t like.
First of all, non-OS-release updates for certain apps are not supported, to be exact: All system apps. The main issue for me here: One of the system apps is Signal. And I want Signal to be up-to-date for good reasons. I haven’t decided how to handle that yet.
As mentioned earlier, I needed to install F-Droid myself, which was a bit annoying. And that fully automated updates don’t work either doesn’t make things better. Anyway, same goes for Yalp so I’ll spend the next few days with looking how annoying it is to install those things by hand and when I’m annoyed enough I might go to install the F-Droid OTA package using TWRP.
Another thing I’m still working on is getting back my bought version of Sleep as Android. First I thought it’s lost due to the missing play store and that my google account couldn’t download the paid version using Yalp, but then I read their FAQ about blackberry devices and now hope that I get it unlocked.
Finally, there is one thing that gives me some headache: Telegram. Not that it doesn’t work or I couldn’t install it, more the other way around. It comes by default with /e/ as system app. On one hand it makes sense, since they are running a lot of support work over Telegram channels, but to be honest, I went away from Telegram around 1-2 years ago and was really happy to get rid of it. Now it’s sitting around on my smartphone and I can’t delete it. At least not as long as I don’t want to modify the system. What a bummer!
Basically I ran into a few pitfalls but all in all the system seems quite solid. My blocked requests count down to a few hundred per day, which is mainly caused by browsing and apps I installed from Google Play using Yalp.
/e/ seems to be okay, maybe there are still too many apps built into the system image, but on the other hand from a consumer perspective, it’s not wrong to have an easy way to contact the support. Just an app store would be nice, which they are working on according to their community forum. With F-Droid and Yalp installed, I’m fine for now.
The pre-installed apps with DAVx⁵ and their modified version of K9-mail looks nice and seems to do its job. Signal works as always and their Launcher, which mimes the design of the iOS home screen, gets the job done. Even when some icons don’t work as expected.
All in all, I’m fine with the system as it is right now and will test it for while. It’s free of play services and runs microG so things work as they should while I get mostly rid of Google which makes me happy and breaks, except of YouTube, my last connection to this company.
Feel free to reach out to me on Mastodon or any other media mentioned in the sidebar if you have comments to this blog post.
P.S.: Things I don’t want to hide from you
When I tooted that I would use /e/ now, I got some quite interesting response. One of my followers thought it’s his duty to inform me that /e/ is, according to him, not the best choice and that they are doing something shady. So far, I can’t complain, but I don’t want to leave it unmentioned that there seem to be some people who had a problem with /e/ as a company and its whole setup.
If you are interested in it, please read the conversation and make up your own mind if you want to use it or not. (Removed due to not archived, dead link.)
Header picture by rawpixel on Unsplash