Phones suck
I've thought about this a lot since listening to investigative journalist Joseph Cox talk about that he doesn't have a phone and why. At that point, I already had a Google Pixel phone that I loaded GrapheneOS onto, which is the absolute best you can do in terms of DeGoogle-ing and security if you want to use Android. Since then I've been trying to see what it takes to really break away for someone who uses their phone A LOT, simply as an exercise and to learn more.
How You are Being Tracked
First, there are multiple levels of tracking to be aware of:
Per-app tracking. This is the most obvious form of tracking, and is what is usually talked about in the news.
Advertising ID (MAID) and cross-site cookies. MAID is an operating-system-wide identifier that apps can use to identify you and connect your activity to other apps even without directly communicating between apps on your device. This is what most of those scary tracking apps that you might see in the news use. They get their data from apps selling your data to them after you give those apps access to your MAID and GPS when you install them. Alternative versions of Android like GrapheneOS get rid of this. Cross-site cookies can usually be turned off on your mobile web browser, but they can have similar functionality to the MAID.
SIM-level ID (IMSI). This is tied to your SIM card or eSIM and can be tracked using using devices like Stingrays (often used by law enforcement). Some software has access to this. Swapping to a different SIM card or eSIM is how you generally can change this.
Device ID (MEID or IMEI). This is a hardware ID for your phone that stays with it no matter if you change SIMs or not. This can also be tracked by law enforcement. This can generally not be changed.
Even if you put your phone in Airplane mode, it will still communicate your IMSI and MEID to nearby cell towers. The only way to make it not do that is to cut power to your modem which, in pretty much every phone, means not only powering off your phone, but draining your battery all the way (since you can't remove them in the vast majority of phones these days). Even with your phone off, it may still transmit because you aren't in full control of the software or firmware on your phone and their definition of “off”.
The best thing you can do if you want to keep a single phone and be tracked as little as possible is to keep to keep it in a Faraday bag and only pull it out when you absolutely need it. I don't do this yet, but I've considered it.
Smartphones
There are other alternative Android versions that have some of the same features, but buying a used Google Pixel 8a for $260, throwing GrapheneOS on it, and getting security updates until May 1, 2031 is very difficult to beat. Yes, I am fully aware of the irony of using Google hardware to DeGoogle, but there are just no other companies creating competitive hardware from a security perspective. If you are in the market for a new phone, and you want to install an alternative Android OS on it, it doesn't matter what your threat model is, just get the best since it's so easy.
Cox uses a WiFi-only iPad Mini to do his mobile computing which, I have to admit, is beautiful hardware. If you are okay with Apple not holding itself to the same non-tracking standard it holds third parties to, and you don't care about running a locked-down proprietary operating system, then that is a fine option. I'm not okay with those things, so I'll be staying away from Apple products.
The third option here is to get something like a OnePlus 6 and installing a Linux operating system on the phone. This, very unfortunately, just isn't ready for prime time. Often the core features of the phone (microphone, speakers, camera, on-screen keyboard, etc.) simply do not work.
Even with GrapheneOS or Linux, there are still problems with smartphones that are baked into the hardware that are not easy to get around.
There is a new cell service company called Cape that claims to rotate or randomize your IMSI and MEID. Their plan costs $99/month, and it's not immediately clear if that functionality is available with just their plan, or if you need their special phone + plan that they don't even advertise a price for. Joseph Cox looked into this company as well.
“Dumb” Phones
Switching to a “dumb” phone might get rid of the MAID, but lots of dumb phone operating systems like KaiOS (what Nokia and other companies use) have OS-level ads and track the hell out of you, too. They're even more difficult to reason about than Android because they're just not as common, so they get less attention. The BananaHackers mods for KaiOS can block ads and probably block tracking, but it's all very murky.
I considered switching to something like a Nokia 800 Tough for a while, normally keeping it off and in a Faraday bag, and I still might, but only for cost savings ($100 for the phone and $8/month for phone service) and long battery life. The weirdness with KaiOS and the lack of hardware support puts me off, though.
Mudita is a dumb-phone manufacturer that uses their own open-source operating system which makes their devices potentially a better option. Unfortunately their Mudita Pure phone has not been well received, even by people working on the project, so it's safe to say they have some growing pains.
They have a new device coming out this year, the Mudita Kompakt, that they claim will fix a lot of the issues that people had with the Pure, but I'll remain skeptical until it gets fully reviewed. One feature that makes the Kompakt a potentially very interesting device is the “Offline+” feature they are shipping with it that is both a hardware and a software switch to power off the modem and microphones on the device. This could potentially replace the need for a Faraday bag and could be awesome.
What To Do, Then?
My current plan is to keep my Pixel, get a Faraday bag, treat it like a dumb phone, and supplement it with a Tangara portable music player for podcasts and music, a digital camera, and a MNT Pocket Reform laptop.
If the Mudita Kompakt is any good, I'll probably switch to that eventually and get the cheapest cell service available.
With this plan in mind, I've been combing through all of the apps I use to come up with a way to perform those functions without a smartphone. The biggest pain-points I've found are public transit which is increasingly requiring a smart phone (which is absolutely insane), concert venues which are doing the same, and my local grocery store which is increasingly locking “member deals” behind an app specifically designed to track you. I'm not the only one frustrated about this.
Thankfully my local transit agency will give you a card to use instead of a phone if you order it online. I had to wait a month for mine to come in the mail, though. The small concerts that I care about still let you purchase tickets with cash day-of, so I'll just be doing that. As for my grocery store, I'll just be paying more for groceries and looking for alternative stores.
Also Worth a Look
The Precursor device is very cool. It's nowhere near becoming a phone replacement, but maybe it will be something like that in a decade. It's something I'll be keeping my eye on for a while.
My homepage: https://jevans.bio What I'm up to right now: https://jevans.bio/now ⁂ Find me on mastodon: @jevans@climatejustice.social
⁂ Follow this blog on mastodon! Search for https://blog.jevans.bio/ in your mastodon instance.