I have a Pixel 6 with GrapheneOS but all opinions are welcome.
My choices:
1° Disable screenshot feature 2° Desktop mode
-
Education regarding advertising ID and its deletion presented during setup (consent).
-
Addition of internet permission on per-app basis. Just like notifications now, every new downloaded app must get your permission to use the internet, else work in offline mode.
-
Give permission to only selected media to apps rather than everything. This is such a security risk, one bad app and it can steal whatnot.
2 and 3 are already supported in GrapheneOS.
I know. I was going to buy a Pixel 7 for it but the G2 processor runs pretty inefficiently thanks to Samsung’s 4nm process, as compared to something like the 8+ Gen 1. It’s pretty weak in comparison as well. So I ended up getting a Nothing Phone 2 and manually degoogled it, swapped everything with their open source counterparts. Not full proof I know, but my threat model is escaping big tech surveillance and living an ad-free life which is more or less getting satisfied xD
Im pretty sure this feature is from the upstream lineageOS, for those without a pixel
-
Multifactor unlock. (Fingerprint+ pin)
Different cold boot passphrase.
Hardware token support for unlock or boot (yubikey, etc)
Each user should be able to have a work profile.
Work profiles shouldn’t be special, why not unlimited profiles per user.
Disable / freeze any app (not just pause notifications). If I have a game I like to play on airplane flights, I can have it frozen all the other time.
Prefer wifi mode, go into airplane mode, turn off cellular radio when attached to good wifi.
Better customization of the share screen, I don’t fucking need or want apps to put my contacts I to the share bar. Google loves to rotate contacts into my share bar. This needs to be a optional feature, because it leaks who you are communicating with outside of the app
When using multiple users allow for notifications to be shared to the active user.
Having more work profiles would make things so much easier. I could sandbox away apps into different profiles. Sometimes I need to install something and I’d like to be able to split them up accordingly
GrapheneOS, then. It’s still cumbersome switching between those profiles.
Just to be pedantic. I don’t believe graphene allows for multiple work profiles. There can be a single work profile on the main owner user account. Graphene allows for more user accounts. But not extra work profiles…
Just a nit to pick
I’m guessing. I don’t know. But I think under the hood they just implemented a work profile as a separate user. But this users interface gets hacked into the interface of the main user account. So I feel like it’s a kludge. So if they fix that code then I could have unlimited users all displaying in my main user account all separated. And I’d be a happy camper
deleted by creator
Enter different profile depending on the finger print or pin you use.
Have attempts left before device is erased be something you can have be misleading, so show there’s 10 attempts but really there’s only 4.
Be able to feed false permission data to apps so even without sandboxing it won’t see your contact list and mic access doesn’t actually give access to the real mic.
Installing apps without having to deal with Google or shady app stores.
You can install apps without Google Play the problem is that Google services has a lot of privileges in the system and many useful apps relies on Google Play services to work.
Aurora store (google-dependant but at least it’s anonymous) and f-droid exist
Having a built-in system setting for apps you choose to require biometrics would certainly be nice.
Allow internet access on a per-app basis and just like what NightOwl said be able to feed false permission data to apps
GrapheneOS ftw, probably my favorite feature. Talk to the hand you scummy bastard.
I love GrapheneOS and just wish that one day non-pixel devices start to meet the requirements to get official support
Per app network permission to enable or disable access by using a toggle would be such a great addition.
Your 2 features are good choices.
Some developers have added the “disable screenshots” feature (Privacy Browser, for example) activated by default.
I think desktop mode is all about the hardware. My phone can do it, and my partner’s more powerful phone cannot. I’m probably wrong though.
I think all phones should have hardware switches to kill camera, WiFi, etc.
iirc the librem 5 has hardware switches, which are such a comforting feature to have
It does