Comment by MrDisposable

Russian here, a former Android and iPhone user. I had to switch to Graphene OS in full paranoid more due to our worsening situation regarding VPNs and phone searches.

After about a month of using Graphene OS, I'm not looking back – it's great. I'm not recommending it as a 100% solution for everyone, but it's definitely a very solid practical step towards keeping the phone yours:

1. Your phone will be able to operate as a basic phone (calls, SMS, web, photos / videos, location, Bluetooth, eSIM) without a Google account.

2. You will always be able to install an APK. This helps you install apps that are banned from Google Play Store in your country.

3. There's a duress PIN that lets you wipe the phone completely from any 'Enter PIN' screen. (I tried it, it's a bit messy, but it does wipe the phone and in the end you return to a blank Graphene OS installation – no need to reinstall.)

4. There's a setting that lets you disable any USB port functionality other than charging.

5. The permission system is amazing. If you are forced to install a state-mandated spy app (like the Max messenger in Russia), you can put it into a "permission jail" where the app assumes that it has access to the requested data but actually receives what you explicitly give it. For example, you can select individual photos and contacts to make available to the app – while the app will think that it has access to all contacts and photos. Bonus: the new Internet permission, which lets apps think that they are connected to the Internet while they are actually blocked from it.

6. You can have a separate profile for data and apps you don't want to expose. (There's also a Private Space for that, it's very convenient but it exposes installed apps via app search from the main space.)

7. There's an End Session function for a logged-in profile that stops it from running, wipes it from memory, and puts the data at rest.

8. You can have a separate VPN in each profile. This should help against situations where your local equivalent of Roskomnadzor sniffs out your VPN connection settings via state-mandated changes in apps operating in your jurisdiction, and bans that particular VPN later. Just make sure you install all spy apps under a profile with a disposable VPN that you aren't afraid to lose.

9. Each profile (and the Private Space too, because technically it is a special kind of Profile) can have a separate Google account. For example, one profile can have a Russian Google account (for banking and state apps), while another profile can have an Armeninan Google account (for things that are banned in Russia, like Spotify and Kindle.) However, to arrange this, you have to physically be in the desired country – Google doesn't let you change the account country without being there.

To sum up – if you are concerned about this situation, buy Pixel 10 (excellent hardware btw.), install Graphene OS (very easy, their web installer is great), and try using it for a while.