In the GrapheneOS development room there’s a lot of talk about finding an OEM to get security partner status from and/or to design a grapheneos specific device. I saw they were tentatively chatting to the CEO of Mecha (currently crowdfunding for a Linux handheld called the comet) as well as another anonymous Android OEM lead. So I’d say be patient, wait and see. I’m confident the project will continue, hopefully with full support for pixels via a partnership but potentially on their own hardware.

As somebody else mentioned, using a computer and just taking calls there would work and give you solid control over microphone activation etc. If you really want the landline experience, look into adding a USB handset to that setup. It’ll just act like a mic and headphone from your computer but in the classic phone form factor

Just make sure they know anything they put on these big tech platforms are there forever, regardless of what claims they make about “disappearing messages” etc. Do your best to guide them towards encrypted services for their own protection. As much as I hate this, iPhones are a decent recommendation in the US since almost every young person uses iMessage as the default, and that has end to end encryption available. Work to inform them on the dangers of corporate spying and profiling, as well as data leaks and security, and let them have some sovereignty over their platforms. Keeping an eye on them is good; isolating them from important modern social circles isn’t. Inform and educate first and foremost

Vaultwarden is perfect imo

This is accurate. Additionally, the WebKit rendering engine that they have to use is open source, so not too bad imo

Random applications that use the play integrity API won’t work on any third party OSes or ROMs. For example I tried to install some Intuit app on my GOS Pixel a while back (credit karma I think?) and it didn’t work at all

Mostly LibreWolf, but I’ve been enjoying Zen Browser recently. It’s based on Firefox but with lots of cool extra functionality baked in. It is still in alpha though and I’ve experienced some bugs, including it crashing my whole system a couple of times, but it’s very promising

They’re agreeing with you…

On the topic of struggling to connect to self hosted services without a VPS or domain: check out mesh VPNs like ZeroTier or Tailscale. I access all my internal services over Tailscale these days and it’s super simple

By default Apple holds your iCloud encryption keys. So if you message somebody who uses iCloud without advanced data protection turned on then that encryption isn’t worth a whole lot, they can unlock it and have given up that data many times

As somebody who has used graphene for a long time, it certainly comes with sacrifices compared to stock android or iOS just by the nature of being a non-stock OS due to Google’s integrity stuff. The biggest thing I miss from my iPhone is putting my cards into my phone’s wallet and using tap to pay. Graphene can do concert tickets, boarding passes etc but not full GPay functionality. However that’s my biggest gripe. I still use iMessage for group chats that I’ve had for years where people won’t migrate; I host a BlueBubbles server at home and it forwards it all to my pixel. Never had a yubikey so I can’t speak to that issue unfortunately. I wish you the best of luck in finding workarounds or converting back, whatever is best for you. Remember that privacy is about balance; clarify your threat model and your social needs and work to find an appropriate compromise

You should look into Gadgetbridge for your smart watch needs. I don’t think it’s compatible with that watch but if you get one that does work with it, it allows you to use it pretty much like normal but without any proprietary companion apps

its open source and well audited, so no I don’t think they have it backdoored. they get all the info they want from people using google play services at a privileged level, running chrome, and using their other dozen services that come bundled with stock android