Comment by port11
15 days ago
I've ran Graphene for a year to complement an iPhone; sadly, Device Attestation makes it non-viable as a main phone. Banking apps and what we used to id ourselves are a whack-a-mole of incompatibility. For everything else, I do think it's a great solution.
For reference on Nara, it tries to connect to domains such as dewrain.*, vaicore, akisinn, etc. (many TLDs) Little Snitch was the only way I'd know. Sadly it means we're unsafe on iOS and Android, so we've stopped using any features that might be or leak PII. Just milk and sleep.
This unnerved me so much that I'm building an app for parents on the side. I can't believe our options are free with trackers or expensive (with trackers). And Nara was clean before the update around March.
Wow! Well you never know where simple frustrations will lead, or in your case noticing something that you just can't shake that no one else seems to think is important. I'd say keep me posted, but that's not on you especially while you're developing that app. I wish you the best of luck, and it sounds like you're doing it with a really unique and authentic perspective that I wouldn't be sure that any of the apps that become popular on either App Store can guarantee. Seriously, the world might depend on you :)
I had a feeling about what you described with GrapheneOS would be the case, and that's what kept me from really considering it as a replacement for my iPhone until talking with some folks in this thread. I really don't see myself getting out of using an iPhone as my "main phone" tied to my phone number since my wife is neck-deep in the whole Apple ecosystem (and I truly believe that being flexible in this regard is worth it and makes our lives a whole lot better, even when the issue in question is what I would consider a simple moral non-negotiable, securely protecting my and my family's personal data. just means that I have more solving to do before the solution).
My solution for now is to always run everything through a trusted VPN and NextDNS on the iPhone, or as much as iOS will let me I guess, and using this as my new Pixel's gateway to the internet when I'm away from a trusted connection. I will also be running everything through the VPN when I'm using GrapheneOS, so when I am out and about I'm not treating my not-entirely-trustworthy iPhone any differently than a Starbucks hotspot. Sometimes the convenience really makes a difference, not all the time but it does matter occasionally.
That's a very good approach.
What I've been trying to do is have the critical apps on the iPhone, which stays home; then take the Graphene around as much as possible. It's making me use the phone less as well, since my Pixel isn't very interesting.
Now to convince more family members to connect via a VPN… hmm. No wonder we lost the war on privacy.
Maybe check that your partner has Advanced Data Protection on. iCloud without it is what got us all these iCloud leaks in the past.
And thank you for the kind words :)