Ask HN: What currently is the best, nerd-friendly, rootable Android phone?

72 points by azalemeth 15 hours ago

52 comments

View on Hacker News

My network provider has turned off 3G and despite my current device supporting VoLTE appears to have blacklisted it on the basis of its model name and I cannot make calls any more.

I like running rooted Android because of systemwide adblocking, the ability to run things like Frida and inspect or modify applications, and _ideally_ be something where I can get CTS_BASIC_INTEGRETY – my main bank (Monzo) works with other OSes and rooted phones quite happily, but having the ability to play the highly irritating fun and games is a bonus point. I despise remote attestation and DRM and ideally would have something that fails from the start (!). I'm aware of the security issues with running a rooted Android device; I just frankly don't think that in my threat model that they are that severe. I'd much rather have the freedom to toggle on/off Secure DoH, change my SIP routing, and spoof settings such as my geolocation for legitimately good purposes (e.g. network-level VPN to a different country!).

I've experienced /e/ OS and CyanogenMod in the past and would like a privacy-focussed, ideally open source OS – linux would be perfect but unfortunately it just appears that the totally free Phone OSes aren't ready for prime-time just yet.

What is the best – or perhaps "least worst" – hardware to run something natively rooted on, or an OS like LineageOS? Is there a single manufacturer that supports this? At the moment I probably lean towards the Fairphone 5 but I honestly would love to know of the least worst option.

neilv 14 hours ago

When I tried CalyxOS years ago, it gave me the impression of generic Android with all possible "privacy" apps recommended.

I replaced it with GrapheneOS, which at the time seemed seemed to be developed much more seriously. (I haven't looked at recent CalyxOS.)

Choosing GrapheneOS determines the hardware: recent-generation Google Pixel.

For a more open platform, maybe take the Phosh stuff (or whatever it is now) that Purism developed for the Librem 5, and run it with PostmarketOS Linux with whatever is the current most mainline-kernel-and-drivers supported device. Or maybe the KDE Plasma mobile stuff has come along further.

I've been trying to get a good Linux handheld so long (including buying dozens of various devices, trying many approaches, doing many crazy builds, etc.), that I finally gave up. GrapheneOS works as a daily driver without violating me itself.

Reply View 7 replies
  • mu53 13 hours ago

    Google pixel with grapheneOS is where I ended up as well. I think there was more interest in privacy focused OSes for a while, but it died out. The community has coalesced around google pixels and other phones/manufacturers have hardened against 3rd party OSs.

    Linux phones are just not there, and getting non-smart phone would be better than a linux phone for reliability.

    Reply View 0 replies
  • ustamills 10 hours ago

    I'm typing this on my Google pixel 6A using grapheneOS. I've been very happy with results. There have been a couple of friction spots, but nothing I've not been able to work through. The installation was remarkably simple.

    Reply View 0 replies
  • marto1 12 hours ago

    So ensuring privacy would mean feeding the infamous privacy predator Google? Seems like a classic case of exchanging short term gains for long term pain.

    Reply View 3 replies
    • neilv 11 hours ago

      The actual problem is a bit different than what people reading your message might think. AFAIK, GrapheneOS doesn't talk to Google, by default.

      The nature of the problem is more about:

      * being somewhat at the mercy of Google (in hardware, and in where they take Android, and how they might frog-boil), and

      * in supporting this compromise, to the exclusion of advancing more open and sustainable ones.

      I suspect that the relative number of principled techies has dropped dramatically, as the number of people developing computer stuff increased massively, and we let the Leetcode interviews and the VCs lead astray prospective new principled techies.

      Debian, for example, has a critical mass of principled techies for historical reasons. Not many projects do. And it's really hard to find new principled techies, when most people are just imitating what they see everyone else doing: posturing and promoting personal brands with open source (because they heard it's a good way to help land ), or launching open source projects that they hope to be startups (usually essentially investment scams, whether they realize that or not, or the rare legitimate ones). They're not bad, they just haven't seen much different. Plus the occasional state actor sleeper on a project, which we have to assume is happening, plus entire projects that are giant long-con honeypots.

      So I'm hoping GrapheneOS somehow manages to be sustainable and have integrity. I think founder strcat is principled and passionate, for example, though I don't know the current contributors. I sent the project a little money I could spare. Because GrapheneOS is the best user-respecting daily-driver option I see at the moment, and I couldn't wait or flail around any longer.

      Purism might be a good daily driver, and I think they respect users, but their entry level price point is too high for me and most people. And they seem to chronically have financial problems, so I don't know how long they'll be around. Last I checked, running their software platform on affordable used third-party hardware, as entry points for large numbers of principled techies (like Linux was), wasn't yet viable.

      Reply View 2 replies
      • summm 2 hours ago

        GrapheneOS pushes hard for remote attestation though.

        Reply View 0 replies
      • fsflover 7 hours ago

        > Last I checked, running their software platform on affordable used third-party hardware, as entry points for large numbers of principled techies (like Linux was), wasn't yet viable.

        It seems you've just described Pinephone, which runs Phosh quite well and is quite affordable.

        Reply View 0 replies
  • fsflover 13 hours ago

    > take the Phosh stuff (or whatever it is now) that Purism developed for the Librem 5, and run it with PostmarketOS

    Or just buy Librem 5 and use it with the preinstalled PureOS. Works for me.

    Reply View 0 replies
sandreas 15 hours ago

I would probably use either CalyxOS, GrapheneOS or /e/OS with a set of open source apps:

  Aurora Store
  Open Camera
  Immich / Ente.io
  Obtainium
  Magic Earth / Organic Maps
  PDF Doc Scan
  Binary Eye
  K9 Mail
Just to name a few. Best compatibility is Google pixel but Motorola or fairphone might also be supported.

You can also installiert Kali nethunter rootless with tmux.

No need to root in my opinion

Reply View 7 replies
  • Freak_NL 14 hours ago

    Also with Fennec (rebranded Firefox) from F-Droid and uBlock Origin, ad-blocking isn't really needed at the OS level unless you insist on using apps which feed you ads.

    And if you have F-Droid (probably a given if you want more freedom) you can also install OsmAnd~ (note the tilde) from there for the full premium version of OsmAnd.

    OpenCamera is really nice on the Pixel when you want to tweak a bunch of settings, but the stock app is fine too for non-demanding snaps on the go. Just put them both under an icon somewhere.

    Reply View 2 replies
    • theyknowitsxmas 14 hours ago

      OsmAnd is slow and janky. Someone suggested Organic Maps here, way better.

      Reply View 1 reply
      • sandreas 12 hours ago

        See my comment. Magic earth is not FOSS but considered as friendly

        Reply View 0 replies
  • snapplebobapple 13 hours ago

    I hadn't heard of ente.io, is there a way to selfhost, ideally as a container? I've been looking for a few minutes on their website and github repo and I can't seem to figure it out (maybe I am just short on coffee today)?

    also, have you tried fairemail? I like it a lot better than k9 mail, mostly because it appears more paranoid. https://github.com/M66B/FairEmail

    Reply View 1 reply
    • sandreas 12 hours ago

      Ente.io supports selfhosting.

      Thanks for fairemail, will check it out soon

      Reply View 0 replies
  • sharpshadow 14 hours ago

    I had a Kali Nethunter on a Samsung S7. It is mind boggling what you can do with a fully rooted android phone.

    Reply View 1 reply
    • sandreas 12 hours ago

      With tmux you can do nethunter without root

      Reply View 0 replies
giantg2 3 hours ago

I thought I remembered VoLTE or something related to using VoLTE on some networks wouldn't work with a rooted phone. But I'm not sure since I was looking at this a year or two ago and don't remember.

Reply View 0 replies
hollow-moe 15 hours ago

imo Google Pixels are a good bet, officially supported by GrapheneOS, Lineage and a lot of alternative ROMs, easy bootloader unlock. Just buy it refurbished so no money comes from you to Google directly. My second hand Pixel 4a is running lineage micro g for a year and half and the only issue i have is the battery dying.

Reply View 0 replies
ignoramous 15 hours ago

Get a Pixel or a Motorola and install userdebug GrapheneOS / DivestOS / CalyxOS.

> running rooted Android because of systemwide adblocking, the ability to run things like Frida and inspect or modify applications

nb: Don't need root for any of that.

Reply View 8 replies
  • _heimdall 15 hours ago

    I'm pretty sure you do need root to inspect and modify applications. APKs are in protected storage that is off limits to adb without root.

    Reply View 7 replies
    • alias_neo 14 hours ago

      Also, system-wide adblocking either has to be done off-device (no good for cellular networks) or with an on-device VPN, which is no good if you actually want to use a VPN of your own.

      Personally, I stopped rooting a few years ago and I don't see any ads with Firefox + uBlock Origin; I just don't use the type of apps that would show ads; not necessarily intentionally any more, just that the types of services I install apps for don't do it (making obvious exceptions for things like Amazon where the entire app is an Ad).

      Reply View 4 replies
      • mminer237 13 hours ago

        You can use an adblocking DNS on your cell network.

        Reply View 1 reply
        • alias_neo 13 hours ago

          Sure, but that's "off-device", so you either have to run it yourself (and pay-for-and-manage it) or rely on someone else to run one for you, which if you're into privacy on top of ad-blocking, you likely don't want.

          Reply View 0 replies
    • numpad0 13 hours ago

      adb pull /path/to/apk and adb install apk-1.apk don't require root.

      Reply View 1 reply
      • _heimdall 10 hours ago

        Yep that's fair. I was thinking you had to have root to install any modified apks but I could very well be wrong there, its been a while since I got that deep into modifying Android.

        Reply View 0 replies
megasquid 6 hours ago

Pinephone is getting more stable. Typing from one now with PostMarketOS. Waydroid android app emulation works. Email works. SMS / calls work. Open source maps work. Time investment required but definitely nerd-friendly and runs android & linux simultaneously. Once you set it up make a backup and you're set.

Reply View 0 replies
nijave 5 hours ago

Pixel 7 stock OS root passes CTS Basic with Magisk/Zygisk and Play Integrity Fix (usually)

I'd also check out xda developers forums and see which phones are popular on there.

Reply View 0 replies
Beijinger 15 hours ago

" appears to have blacklisted it on the basis of its model name"

Why is that?

I think Pixel was always good for this. The problem with rooted phones is that many bank applications wont run anymore.

"of systemwide adblocking"

Your alternative would be to use another DNS service like https://nextdns.io

Reply View 2 replies
  • numpad0 13 hours ago

    Pixels were always mediocre. LTE stability issues, major call bugs, GPU driver issues, camera cover cracking, etc. Some of those problems are Tensor SoC related.

    Reply View 0 replies
  • orbisvicis 14 hours ago

    Heh never had any issues with bank apps, but did with NFC payments, one grocery store app, and most transit apps.

    Reply View 0 replies
Moldoteck 15 hours ago

Best would probably be pixel. If you want even more freedom - probably last gen fairphone

Reply View 0 replies
jqpabc123 14 hours ago

"Best" is a vague requirement.

"Best" performance wise would probably be Pixel.

"Best" price wise would probably be Motorola.

I use Motorola One 5G Ace with e/OS.

Shout out to Discreet Launcher which I run in a blacked out setup.

Reply View 0 replies
WarOnPrivacy 13 hours ago

The Motorola G100 is easily rooted. It works with that whitelisting carrier (AT&T). Also works on other GSM networks (T-Mobile, etc).

It's dual physical SIM, the 2nd SIM slot doubles as microSD. Has 3.5 jack, 802.11 AC and does 5G. The rest of the specs are pretty okay.

Worst thing is side button dedicated to Google, which can be 'fixed' after rooting.

https://www.gsmarena.com/motorola_moto_g100-10791.php

Reply View 0 replies
theyknowitsxmas 15 hours ago

Galaxy Note 2 + Replicant. I got 2 used for $10, one is my main, the other a dummy airport security can look at.

Reply View 2 replies
  • pjerem 14 hours ago

    The Galaxy note 2 from 2016 ? You really can run modern Android on it?

    Reply View 1 reply
mystified5016 15 hours ago

I just went through this a few weeks ago. From what I can tell, the best available options are Google Pixel, or those open source pinephones with hardware that was obsolete ten years ago.

I got a pixel 8. I'm currently running graphene, but it's definitely not for me so I'll be switching to lineage soon

Reply View 7 replies
  • sychou 15 hours ago

    What didn't you like about Graphene? And hope to see in Lineage?

    Reply View 4 replies
    • nichohel 14 hours ago

      For me the dealbreaker on Graphene was inability to record my phone conversations. I went back to Lineage.

      Reply View 2 replies
      • mcsniff 13 hours ago

        GrapheneOS can record phone calls just fine, there is a record button in the dialer.

        Reply View 1 reply
        • summermusic 11 hours ago

          I can confirm this, and will add: on my Pixel 6 running GrapheneOS, I have to scroll down the "6 pack" of buttons on the in-call screen to reveal the record call button. There is no UI hint that these buttons are within a scrollable element, so discoverability is poor.

          Reply View 0 replies
    • sigmonsays 14 hours ago

      i too would like to know, I use graphene right now and can't imagine it being better.

      Reply View 0 replies
  • fsflover 14 hours ago

    > or those open source pinephones with hardware that was obsolete ten years ago

    What is obsolete about them? They will receive updates forever, and are quite snappy when using a good OS (e.g. SXMo).

    Reply View 0 replies
[removed] 15 hours ago
[deleted]
Reply View 0 replies
[removed] 15 hours ago
[deleted]
Reply View 0 replies