What is de-Googled

Summary A de-Googled Android phone runs without proprietary Google services. You keep Android's kernel and drivers, but you avoid Google Play Services, backup, telemetry, and account lock-in.

Why it matters

• Reduce data exhaust and cross-service correlation.
• Retain app choice via FOSS stores and direct APK signatures.
• Control network flows with a firewall and a strict VPN.

Trade-offs

• Push: some apps need Play Services for push. Alternatives exist.
• Maps: use FOSS maps; offline works best; POI quality varies.
• Payments: banking apps may refuse; NFC tap-to-pay may fail.
• Casting/DRM: media casting and Widevine L1 may be limited.

Boot chain (simplified)

┌──────────┐     ┌────────────┐     ┌────────────┐     ┌────────────┐
│ Boot ROM │  →  │ Bootloader │  →  │ AVB/vbmeta │  →  │ system.img │
└──────────┘     └────────────┘     └────────────┘     └────────────┘
    (ROM)            (locked)         (verified)         (Calyx/LO)

What Zer0 adds

• Bootloader locked, verified boot, FDE by default.
• Official images; signatures and hashes published.
• Curated app sources: Andromeda + FOSS stores.
• Optional network add-ons: data eSIM, prepaid SIM, WireGuard VPN.

Limits you must understand

• Baseband stays proprietary; carriers see IMEI, SIM IDs, cell sites.
• Location leaks if radios are on (LTE/5G, Wi-Fi, Bluetooth).
• VPN improves privacy, but becomes a trust anchor for traffic.
• Apps vary in risk; permissions and network habits matter.

[WARN] This phone reduces tracking; it does not make you invisible.

Links

• OS Options
• Security
• Docs: OPSEC 101
• Docs: First Boot