This is accurate. Additionally, the WebKit rendering engine that they have to use is open source, so not too bad imo

Random applications that use the play integrity API won’t work on any third party OSes or ROMs. For example I tried to install some Intuit app on my GOS Pixel a while back (credit karma I think?) and it didn’t work at all

Mostly LibreWolf, but I’ve been enjoying Zen Browser recently. It’s based on Firefox but with lots of cool extra functionality baked in. It is still in alpha though and I’ve experienced some bugs, including it crashing my whole system a couple of times, but it’s very promising

They’re agreeing with you…

On the topic of struggling to connect to self hosted services without a VPS or domain: check out mesh VPNs like ZeroTier or Tailscale. I access all my internal services over Tailscale these days and it’s super simple

By default Apple holds your iCloud encryption keys. So if you message somebody who uses iCloud without advanced data protection turned on then that encryption isn’t worth a whole lot, they can unlock it and have given up that data many times

As somebody who has used graphene for a long time, it certainly comes with sacrifices compared to stock android or iOS just by the nature of being a non-stock OS due to Google’s integrity stuff. The biggest thing I miss from my iPhone is putting my cards into my phone’s wallet and using tap to pay. Graphene can do concert tickets, boarding passes etc but not full GPay functionality. However that’s my biggest gripe. I still use iMessage for group chats that I’ve had for years where people won’t migrate; I host a BlueBubbles server at home and it forwards it all to my pixel. Never had a yubikey so I can’t speak to that issue unfortunately. I wish you the best of luck in finding workarounds or converting back, whatever is best for you. Remember that privacy is about balance; clarify your threat model and your social needs and work to find an appropriate compromise

You should look into Gadgetbridge for your smart watch needs. I don’t think it’s compatible with that watch but if you get one that does work with it, it allows you to use it pretty much like normal but without any proprietary companion apps

its open source and well audited, so no I don’t think they have it backdoored. they get all the info they want from people using google play services at a privileged level, running chrome, and using their other dozen services that come bundled with stock android