Privacy FAQ

A privacy phone is a smartphone that has been fundamentally transformed at the operating system level — not just tweaked with settings. Instead of running Android or iOS as Google or Apple intended, it runs a privacy-focused open-source OS like GrapheneOS or /e/OS that eliminates built-in surveillance by design.

Key differences from a standard smartphone:

• No Google or Apple services running in the background collecting your data
• Full control over permissions — you decide what every app can access
• Sandboxed app environments — apps can’t communicate with each other without your explicit consent
• No data collection — the OS doesn’t phone home with usage data
• Regular security updates without the surveillance payload

The hardware is typically the same — a Pixel phone is just a Pixel phone. What changes is the software running on it. Privacell installs and configures a privacy OS so you get maximum protection without the technical complexity.

Not as hard as you think — and Privacell makes the transition even smoother by handling the technical setup for you. The honest answer is there’s a short adjustment period. You’re used to Google and Apple’s ecosystems, so switching to something different feels unfamiliar at first. But “different” doesn’t mean “harder” — it means re-learning a few habits.

What’s easy from day one:

• Making calls and sending texts — identical to any Android phone
• Using most apps — the vast majority work without any changes
• Camera, music, maps, calendar — all work as expected
• Wi-Fi, Bluetooth, mobile data — standard setup

What takes a little getting used to:

• Installing apps from alternative sources (F-Droid, Aurora Store)
• Managing app permissions more deliberately
• Not having Google Assistant or Siri (by design)

That’s like saying you don’t need a lock because you have nothing worth stealing. CRA audits aren’t about guilt — they’re about statistical profiling. The Canada Revenue Agency’s algorithms flag contractors with unusual deduction patterns. The burden of proof then falls on YOU to explain your transactions. Your financial data is evidence whether you’re innocent or not.

The uncomfortable truth:

• You don’t decide who’s guilty — algorithms and auditors do. A string of legitimate business deductions can look suspicious to a risk model.
• Innocent people get audited — the CRA’s software makes mistakes. Having your privacy protected means less data for these systems to misinterpret.
• Your data travels further than you think — Canadian tax data gets shared with US authorities under the FATCA agreement. Cross-border transactions create records that multiple governments can access.
• Border crossings leave marks — Every time you cross the US-Canada border, your device is searched. Your travel history, contacts, and messages are recorded. This data enters the Five Eyes intelligence network.

What helps:

• A privacy-hardened phone minimizes logs at the hardware level
• Air-gapped computers for sensitive work (contractor bids, financial records)
• Knowing your rights at the border (searching your phone requires suspicion — but “suspicion” is broadly defined)
• Understanding what data you’re generating — and who else has copies

The hard truths about iPhones:

• Even when POWERED OFF, iPhones can still report your location via Bluetooth and UWB chips
• iCloud backups are NOT end-to-end encrypted by default — Apple can read them
• You have ZERO ability to truly modify or privatize the operating system
• Apple collects device analytics, app usage patterns, and Siri queries by default
• Every app you install is filtered through Apple’s App Store — giving Apple visibility into your software choices

But Apple says they protect my privacy…

Apple does protect you from other companies — and they charge you a premium for it. But they don’t protect you from Apple itself. That’s not a coincidence. It’s their business model. You can reduce iPhone surveillance with careful settings — but you can never eliminate it. The architecture itself is designed against you. No setting can fix that.

Dumb phones — basic phones without internet connectivity or apps — are experiencing a genuine revival among privacy-conscious people. And honestly? For some people, it’s the right call.

The case FOR a dumb phone:

• Minimal attack surface — can’t run malicious apps, can’t be tracked via app data
• Dramatically reduces screen addiction and distraction
• Longer battery life, lower cost
• Forces you to be present in the real world

The case AGAINST (for most people):

• Modern life depends on smartphones — banking, 2FA, navigation, work communication
• Carrier networks still track your location via cell towers — dumb phones aren’t invisible
• You lose the privacy tools that actually protect you (Signal, encrypted email, VPN apps)
• Most people can’t or won’t sustain the lifestyle change

This is one of the most common — and most understandable — points of confusion. We’re recommending a Google phone to escape Google. Here’s why it makes perfect sense:

It’s about the hardware, not the software

When Privacell sets up your phone, we completely replace the operating system. Google’s software is gone. What remains is just the hardware — and Pixel hardware is the best available for privacy OS installation because:

• Titan M2 security chip — best-in-class hardware security module, essential for GrapheneOS
• Verified boot support — allows re-locking the bootloader after installation, maintaining full hardware security
• Long support lifecycles — Pixels receive security updates for 7 years, meaning your privacy phone stays protected longer
• GrapheneOS officially supports only Pixel — the most trusted privacy OS only runs on Pixel hardware by design
• Wide availability — easy to source new or refurbished at reasonable prices

Think of it like buying a Ford truck and replacing the engine with something better. Ford built a solid chassis — you’re just not keeping their drivetrain.

The vast majority of apps work fine. This is one of the biggest myths about privacy phones — that you’ll be stuck with a crippled device that can’t run normal apps. That’s not reality.

Apps that work without any special setup:

• Most messaging apps (Signal, WhatsApp, Telegram)
• Navigation (Google Maps, Organic Maps, OsmAnd)
• Streaming (Netflix, Spotify, YouTube)
• Social media (if you choose to use it)
• Productivity apps (email clients, calendars, note-taking)
• Most games

Apps that need a special approach:

Some apps rely on Google Play Services to function. On a privacy phone, you have two options:

• Sandboxed Google Play — install a sandboxed version of Google Play Services that runs isolated from the rest of your phone. It satisfies app requirements without giving Google system-level access. This is GrapheneOS’s elegant solution.
• App alternatives — many Google-dependent apps have privacy-respecting alternatives (e.g., Aurora Store instead of Play Store, Organic Maps instead of Google Maps)

Banking apps are the #1 concern we hear — and the good news is that most major banking apps work on GrapheneOS with the right setup.

Why banking apps are tricky:

Banking apps use Google’s SafetyNet / Play Integrity API to verify the device hasn’t been tampered with. On a standard privacy phone, this check fails — and the app refuses to run.

GrapheneOS’s solution:

GrapheneOS has built-in support for passing these integrity checks even with a relocked bootloader. When you install Sandboxed Google Play and grant the banking app the right permissions:

• The Play Integrity check passes ✓
• The banking app runs normally ✓
• Google Play Services remains sandboxed — no system-level access ✓

Canadian banks we’ve tested:

• TD Bank — works ✓
• RBC — works ✓
• Scotiabank — works ✓
• BMO — works ✓
• CIBC — works ✓

Honestly? A little — at first. Google built genuinely useful products. But most people discover that the things they actually valued have good alternatives, and the things they thought they’d miss turn out not to matter much.

What you’ll replace and with what:

• Google Search → DuckDuckGo, Brave Search, or Startpage (Google results without the tracking)
• Google Maps → Organic Maps (offline, no tracking) or OsmAnd for advanced routing
• Gmail → Proton Mail or Tutanota (actually encrypted)
• Google Calendar → Proton Calendar or a local calendar app
• Google Drive → Proton Drive or Nextcloud
• Google Photos → Ente Photos (encrypted, private) or local storage
• Google Assistant → Nothing. You regain the ability to think for yourself. 😄
• Chrome → Firefox (with uBlock Origin) or Brave
• YouTube → Still works — via browser or NewPipe (no ads, no tracking)

The one genuine loss: Google’s AI-powered search quality. Privacy-focused search engines are improving rapidly but aren’t identical. If that matters for specific research, Startpage gives you Google results without the tracking profile.

Unfortunately, this is one area where we have to be straight with you: we can’t safely install GrapheneOS on just any phone. GrapheneOS officially supports only Pixel devices — specifically because of their superior hardware security features and long update support windows.

Your options:

• Upgrade to a Pixel with GrapheneOS — the cleanest solution. A refurbished Pixel 6, 7, or 8 is affordable and gets 7 years of security updates. Privacell handles the full setup.
• Check if your device supports /e/OS — /e/OS supports a wider range of devices than GrapheneOS, though with fewer security guarantees. Worth checking at doc.e.foundation/devices.
• Interim hardening — if you must keep your current phone temporarily, we can advise on minimizing your exposure while you plan an upgrade.

Migration is one of the things Privacell handles as part of our setup service — you don’t have to figure it out alone. Here’s how it typically works:

Contacts & Calendar

• Export your contacts as a .vcf file from your current phone or Google account
• Import directly into your privacy phone’s contacts app
• Calendar events export similarly via .ics format

Photos & Files

• Transfer via USB cable to your computer, then to the new phone
• Or use a local network transfer app (no cloud required)
• We recommend this opportunity to audit what you actually want to keep

Apps

• Make a list of apps you actually use (most people use fewer than 15 regularly)
• We install equivalents — privacy-respecting where possible, or the original via sandboxed Play Store where needed

Messages (SMS/Signal)

• SMS history can be exported and imported via backup apps
• Signal has a built-in encrypted transfer feature — your chat history moves with you

Better than most people expect — especially for a privacy phone use case where you don’t need the latest camera or AI features.

The case for refurbished Pixels:

• Significant cost savings — a refurbished Pixel 7 can cost half the price of a new Pixel 9
• Still gets full security updates — Google’s 7-year update policy means even older Pixels are well-supported
• GrapheneOS runs identically — the privacy OS performs the same on a Pixel 7 as a Pixel 9
• Environmentally responsible — extending the life of existing hardware reduces e-waste
• Proven reliability — refurbished doesn’t mean broken; quality-graded units are thoroughly tested

What you might give up:

• The absolute latest camera hardware (though Pixel cameras are excellent across generations)
• The newest Tensor chip (performance difference is negligible for everyday use)
• A slightly shorter remaining support window

Because the surveillance economy never stops evolving — and neither do the threats to your privacy. Getting a privacy phone is a powerful first step, but it’s not a finish line.

Why it’s ongoing:

• New apps introduce new risks — every app you install is a potential data leak point
• Platforms change their policies — what was private yesterday may not be today
• Your habits matter as much as your tools — a privacy phone can’t protect you if you log into Google on your browser
• Data brokers are relentless — they continuously aggregate data from dozens of sources
• New tracking technologies emerge — fingerprinting, ultrasonic tracking, and AI profiling are constantly evolving

What the journey looks like in practice:

1. Foundation — privacy phone, encrypted communications, private DNS
2. Accounts — replace Google/Apple accounts with privacy-respecting alternatives
3. Habits — adjust browsing, app usage, and data-sharing behaviors
4. Maintenance — periodic reviews of app permissions, account exposure, and data broker opt-outs
5. Awareness — stay informed about new threats and tools

Data brokers are companies that collect, aggregate, and sell your personal information — your name, address, phone number, relatives, income estimates, browsing habits, and more. Most people have profiles on dozens of these sites without knowing it.

DIY approach (free but slow):

• Search your name on sites like Spokeo, WhitePages, BeenVerified, Intelius, MyLife
• Find and follow each site’s opt-out process (usually buried in their privacy policy)
• Repeat every few months — data reappears as brokers share with each other
• Use a dedicated email address for opt-out requests to track them

Automated approach (paid but efficient):

• DeleteMe — submits opt-outs on your behalf, monitors for reappearance (~$100/year)
• Kanary — similar service with good Canadian coverage
• Privacy Bee — broader coverage, higher cost

Key sites to prioritize:

• Spokeo, WhitePages, Intelius, BeenVerified, MyLife, PeopleFinders, Radaris
• Google yourself and tackle whatever appears on the first page first

Privacy isn’t free. It’s worth being honest about the real costs — in money, convenience, and effort. Anyone who tells you privacy is effortless is selling something.

Financial costs:

• Privacy phone setup — hardware plus installation service
• Encrypted services — Proton Mail, Proton VPN, and similar services have monthly fees (typically $5–15/month)
• Data broker removal — automated services cost $100–200/year
• Ongoing education — staying informed takes time, which has value

Convenience costs:

• Some apps require extra steps to install or configure
• Signing into new privacy-respecting services takes initial effort
• Occasional friction when a service requires Google login (use an alias or alternative)
• You’ll need to actively manage permissions rather than accepting defaults

What you get in return:

• Your location, habits, and communications stay yours
• Reduced targeted advertising and manipulation
• Protection against data breaches exposing your personal information
• Peace of mind that’s hard to quantify but very real
• Digital sovereignty — you own your data

Not all privacy operating systems are equal. Here’s an honest comparison of the main options:

🥇 GrapheneOS — Recommended

• Security: Best in class — hardened memory allocator, sandboxed Google Play, verified boot with re-locking
• Privacy: No Google services by default; granular permission controls beyond stock Android
• Usability: Closest to stock Android — minimal learning curve
• App compatibility: Excellent — sandboxed Play gives access to nearly all apps
• Supported devices: Pixel phones only (by design)
• Updates: Rapid, security-focused, community-driven
• Verdict: The gold standard. What Privacell installs by default.

🥈 /e/OS (Murena) — Good Alternative

• Security: Good — based on LineageOS with de-Googled patches
• Privacy: Replaces Google services with microG (open-source compatibility layer)
• Usability: Polished UI, beginner-friendly, comes with its own app store
• App compatibility: Good — microG handles most Google-dependent apps
• Supported devices: Wide range — Pixels, Samsung, Fairphone, OnePlus, and more
• Updates: Regular but slightly behind GrapheneOS on security patches
• Verdict: Best choice if your device isn’t a Pixel. More beginner-friendly than GrapheneOS.

❌ LineageOS — Not Recommended for Privacy

• Popular but not designed with privacy as its primary goal
• No hardening beyond stock Android, often lacks verified boot
• Good for reviving old hardware, not for serious privacy protection