Ask HN: What currently is the best, nerd-friendly, rootable Android phone?

My network provider has turned off 3G and despite my current device supporting VoLTE appears to have blacklisted it on the basis of its model name and I cannot make calls any more.

I like running rooted Android because of systemwide adblocking, the ability to run things like Frida and inspect or modify applications, and _ideally_ be something where I can get CTS_BASIC_INTEGRETY – my main bank (Monzo) works with other OSes and rooted phones quite happily, but having the ability to play the highly irritating fun and games is a bonus point. I despise remote attestation and DRM and ideally would have something that fails from the start (!). I'm aware of the security issues with running a rooted Android device; I just frankly don't think that in my threat model that they are that severe. I'd much rather have the freedom to toggle on/off Secure DoH, change my SIP routing, and spoof settings such as my geolocation for legitimately good purposes (e.g. network-level VPN to a different country!).

I've experienced /e/ OS and CyanogenMod in the past and would like a privacy-focussed, ideally open source OS – linux would be perfect but unfortunately it just appears that the totally free Phone OSes aren't ready for prime-time just yet.

What is the best – or perhaps "least worst" – hardware to run something natively rooted on, or an OS like LineageOS? Is there a single manufacturer that supports this? At the moment I probably lean towards the Fairphone 5 but I honestly would love to know of the least worst option.

When I tried CalyxOS years ago, it gave me the impression of generic Android with all possible "privacy" apps recommended.

I replaced it with GrapheneOS, which at the time seemed seemed to be developed much more seriously. (I haven't looked at recent CalyxOS.)

Choosing GrapheneOS determines the hardware: recent-generation Google Pixel.

For a more open platform, maybe take the Phosh stuff (or whatever it is now) that Purism developed for the Librem 5, and run it with PostmarketOS Linux with whatever is the current most mainline-kernel-and-drivers supported device. Or maybe the KDE Plasma mobile stuff has come along further.

I've been trying to get a good Linux handheld so long (including buying dozens of various devices, trying many approaches, doing many crazy builds, etc.), that I finally gave up. GrapheneOS works as a daily driver without violating me itself.

Google pixel with grapheneOS is where I ended up as well. I think there was more interest in privacy focused OSes for a while, but it died out. The community has coalesced around google pixels and other phones/manufacturers have hardened against 3rd party OSs.

Linux phones are just not there, and getting non-smart phone would be better than a linux phone for reliability.

I'm typing this on my Google pixel 6A using grapheneOS. I've been very happy with results. There have been a couple of friction spots, but nothing I've not been able to work through. The installation was remarkably simple.

So ensuring privacy would mean feeding the infamous privacy predator Google? Seems like a classic case of exchanging short term gains for long term pain.

The actual problem is a bit different than what people reading your message might think. AFAIK, GrapheneOS doesn't talk to Google, by default.

The nature of the problem is more about:

* being somewhat at the mercy of Google (in hardware, and in where they take Android, and how they might frog-boil), and

* in supporting this compromise, to the exclusion of advancing more open and sustainable ones.

I suspect that the relative number of principled techies has dropped dramatically, as the number of people developing computer stuff increased massively, and we let the Leetcode interviews and the VCs lead astray prospective new principled techies.

Debian, for example, has a critical mass of principled techies for historical reasons. Not many projects do. And it's really hard to find new principled techies, when most people are just imitating what they see everyone else doing: posturing and promoting personal brands with open source (because they heard it's a good way to help land ), or launching open source projects that they hope to be startups (usually essentially investment scams, whether they realize that or not, or the rare legitimate ones). They're not bad, they just haven't seen much different. Plus the occasional state actor sleeper on a project, which we have to assume is happening, plus entire projects that are giant long-con honeypots.

So I'm hoping GrapheneOS somehow manages to be sustainable and have integrity. I think founder strcat is principled and passionate, for example, though I don't know the current contributors. I sent the project a little money I could spare. Because GrapheneOS is the best user-respecting daily-driver option I see at the moment, and I couldn't wait or flail around any longer.

Purism might be a good daily driver, and I think they respect users, but their entry level price point is too high for me and most people. And they seem to chronically have financial problems, so I don't know how long they'll be around. Last I checked, running their software platform on affordable used third-party hardware, as entry points for large numbers of principled techies (like Linux was), wasn't yet viable.

GrapheneOS pushes hard for remote attestation though.

> Last I checked, running their software platform on affordable used third-party hardware, as entry points for large numbers of principled techies (like Linux was), wasn't yet viable.

It seems you've just described Pinephone, which runs Phosh quite well and is quite affordable.

> take the Phosh stuff (or whatever it is now) that Purism developed for the Librem 5, and run it with PostmarketOS

Or just buy Librem 5 and use it with the preinstalled PureOS. Works for me.

I'm not sure if I can recommend a particular phone model, but in terms of Manufacturers to consider buying a phone from, this can be a good starting point: https://github.com/melontini/bootloader-unlock-wall-of-shame

I would probably use either CalyxOS, GrapheneOS or /e/OS with a set of open source apps:

  Aurora Store
  Open Camera
  Immich / Ente.io
  Obtainium
  Magic Earth / Organic Maps
  PDF Doc Scan
  Binary Eye
  K9 Mail

Just to name a few. Best compatibility is Google pixel but Motorola or fairphone might also be supported.

You can also installiert Kali nethunter rootless with tmux.

No need to root in my opinion

Also with Fennec (rebranded Firefox) from F-Droid and uBlock Origin, ad-blocking isn't really needed at the OS level unless you insist on using apps which feed you ads.

And if you have F-Droid (probably a given if you want more freedom) you can also install OsmAnd~ (note the tilde) from there for the full premium version of OsmAnd.

OpenCamera is really nice on the Pixel when you want to tweak a bunch of settings, but the stock app is fine too for non-demanding snaps on the go. Just put them both under an icon somewhere.

OsmAnd is slow and janky. Someone suggested Organic Maps here, way better.

See my comment. Magic earth is not FOSS but considered as friendly

I hadn't heard of ente.io, is there a way to selfhost, ideally as a container? I've been looking for a few minutes on their website and github repo and I can't seem to figure it out (maybe I am just short on coffee today)?

also, have you tried fairemail? I like it a lot better than k9 mail, mostly because it appears more paranoid. https://github.com/M66B/FairEmail

Ente.io supports selfhosting.

Thanks for fairemail, will check it out soon

I had a Kali Nethunter on a Samsung S7. It is mind boggling what you can do with a fully rooted android phone.

With tmux you can do nethunter without root

imo Google Pixels are a good bet, officially supported by GrapheneOS, Lineage and a lot of alternative ROMs, easy bootloader unlock. Just buy it refurbished so no money comes from you to Google directly. My second hand Pixel 4a is running lineage micro g for a year and half and the only issue i have is the battery dying.

Get a Pixel or a Motorola and install userdebug GrapheneOS / DivestOS / CalyxOS.

> running rooted Android because of systemwide adblocking, the ability to run things like Frida and inspect or modify applications

nb: Don't need root for any of that.

I'm pretty sure you do need root to inspect and modify applications. APKs are in protected storage that is off limits to adb without root.

Also, system-wide adblocking either has to be done off-device (no good for cellular networks) or with an on-device VPN, which is no good if you actually want to use a VPN of your own.

Personally, I stopped rooting a few years ago and I don't see any ads with Firefox + uBlock Origin; I just don't use the type of apps that would show ads; not necessarily intentionally any more, just that the types of services I install apps for don't do it (making obvious exceptions for things like Amazon where the entire app is an Ad).

> with an on-device VPN, which is no good if you actually want to use a VPN of your own.

I co-develop a FOSS Android app that can run DoH, ODoH, firewall, and WireGuard: https://github.com/celzero/rethink-app

Looks like a nice solution, thanks for the link.

You can use an adblocking DNS on your cell network.

Sure, but that's "off-device", so you either have to run it yourself (and pay-for-and-manage it) or rely on someone else to run one for you, which if you're into privacy on top of ad-blocking, you likely don't want.

adb pull /path/to/apk and adb install apk-1.apk don't require root.

Yep that's fair. I was thinking you had to have root to install any modified apks but I could very well be wrong there, its been a while since I got that deep into modifying Android.

SHIFT6mq is a favorite of some postmarketOS devs: https://wiki.postmarketos.org/wiki/SHIFT_SHIFT6mq_(shift-axo...

The newer SHIFTphone 8 (still preorder) from the same maker looks quite interesting: https://shop.shiftphones.com/shiftphone-8.html

Pinephone is getting more stable. Typing from one now with PostMarketOS. Waydroid android app emulation works. Email works. SMS / calls work. Open source maps work. Time investment required but definitely nerd-friendly and runs android & linux simultaneously. Once you set it up make a backup and you're set.

I thought I remembered VoLTE or something related to using VoLTE on some networks wouldn't work with a rooted phone. But I'm not sure since I was looking at this a year or two ago and don't remember.

Pixel 7 stock OS root passes CTS Basic with Magisk/Zygisk and Play Integrity Fix (usually)

I'd also check out xda developers forums and see which phones are popular on there.

" appears to have blacklisted it on the basis of its model name"

Why is that?

I think Pixel was always good for this. The problem with rooted phones is that many bank applications wont run anymore.

"of systemwide adblocking"

Your alternative would be to use another DNS service like https://nextdns.io

Pixels were always mediocre. LTE stability issues, major call bugs, GPU driver issues, camera cover cracking, etc. Some of those problems are Tensor SoC related.

Heh never had any issues with bank apps, but did with NFC payments, one grocery store app, and most transit apps.

Best would probably be pixel. If you want even more freedom - probably last gen fairphone

Pixel phones have good support. Here's a good comparison of possible OSes:

https://eylenburg.github.io/android_comparison.htm

"Best" is a vague requirement.

"Best" performance wise would probably be Pixel.

"Best" price wise would probably be Motorola.

I use Motorola One 5G Ace with e/OS.

Shout out to Discreet Launcher which I run in a blacked out setup.

The Motorola G100 is easily rooted. It works with that whitelisting carrier (AT&T). Also works on other GSM networks (T-Mobile, etc).

It's dual physical SIM, the 2nd SIM slot doubles as microSD. Has 3.5 jack, 802.11 AC and does 5G. The rest of the specs are pretty okay.

Worst thing is side button dedicated to Google, which can be 'fixed' after rooting.

https://www.gsmarena.com/motorola_moto_g100-10791.php

Galaxy Note 2 + Replicant. I got 2 used for $10, one is my main, the other a dummy airport security can look at.

The Galaxy note 2 from 2016 ? You really can run modern Android on it?

2012 and it's Android 6 with maintenance

I just went through this a few weeks ago. From what I can tell, the best available options are Google Pixel, or those open source pinephones with hardware that was obsolete ten years ago.

I got a pixel 8. I'm currently running graphene, but it's definitely not for me so I'll be switching to lineage soon

What didn't you like about Graphene? And hope to see in Lineage?

For me the dealbreaker on Graphene was inability to record my phone conversations. I went back to Lineage.

GrapheneOS can record phone calls just fine, there is a record button in the dialer.

I can confirm this, and will add: on my Pixel 6 running GrapheneOS, I have to scroll down the "6 pack" of buttons on the in-call screen to reveal the record call button. There is no UI hint that these buttons are within a scrollable element, so discoverability is poor.

i too would like to know, I use graphene right now and can't imagine it being better.

> or those open source pinephones with hardware that was obsolete ten years ago

What is obsolete about them? They will receive updates forever, and are quite snappy when using a good OS (e.g. SXMo).

You should check out /e/OS https://e.foundation/e-os/

It's a de-googled LineageOS fork with a focus on usability.

[deleted]

[dead]

[deleted]