Murena is in the business of deGoogling Android smartphones in the name of privacy. The French/European firm has been doing this for around five years, as a not-for-profit foundation — but also, in more recent years, opening a for-profit arm that sells devices running its alternative, anti-tracking OS.
It’s hardware agnostic, loading its open source smartphone OS onto a variety of new or refurbished handsets, including ethical smartphone maker Fairphone’s kit; and its own brand, eponymous mid-range handset. Murena can even sell you a deGoogled (Google) Pixel which comes purged of the usual Google services — with no Play Store, Chrome browser, Google Maps etc — and running its alternative /e/OS, rather than mainstream Android. (Albeit /e/OS is a fork of an Android-based OS which was based on another fork of Android… ). And, well, a deGoogled Pixel does feel like quite the flex.
We recently got our hands on a Fairphone 4 running Murena’s tracker-blocking /e/OS. Our curiosity was piqued to see an alternative OS running on alt hardware. The combo seems a bit of a throwback to ideas that swirled around the Android-compatible Sailfish OS and Jolla Phone — remember ’em! — which were also pitched as a plucky alternative to mainstream Android a decade or so ago (yet never managed to be more than a niche proposition). But if you’ve been in tech long enough you’ll be familiar with such back-and-forth product cycles. And our sense is, on the software side, a Google-free/Google-lite Android-compatible smartphone may command more demand now vs back then, given increased awareness of the privacy risks posed by tracking.
The core promise for Murena’s (open source) OS is no phoning home to Google or any other third parties by default. It says the user can be assured the OS itself is locked down. (And, being open source, it invites others to audit its privacy-by-design claims.) It also offers tools to help users limit tracking by third party apps, while recognizing they may sometimes need to use apps and services that could compromise their privacy. But the goal is to offer increased control over such privacy incursions.
First up, instead of the usual Google gubbins, replete with the adtech giant’s commercial trackers, /e/OS users will find a set of native open source apps and services Murena has developed to replace all that. This includes a browser, messages app, camera software, contacts and so on. (Maps is an exception, though, as it’s preloading a third party app called Magic Earth that’s not open source — but it says the app publisher has agreed to provide a privacy report detailing its personal data collection.)
All of these native apps seemed functional, enough, in a ‘no frills’/zero bells-and-whistles kind of way. Although performance did seem rather laggy, at times — but it was hard to know if that was a software or hardware issue with Fairphone’s mid-tier handset.
The default search engine on /e/OS is a meta search engine called Spot which aggregates results from third party search engines while anonymizing requests to protect against tracking. Users can also pick from other anti-tracking choices, via the settings, including (for now) DuckDuckGo, Qwant and Mojeek.
“By default, we’re looking at matching basically what people get on a standard phone or standard Google device. And by default, this environment is not scanning what people do on the device,” is Murena’s top-line claim for /e/OS.
“We don’t look at what apps are installed on the phone, we don’t really care. We don’t scan the device location, we don’t scan the phone usage,” it also tells TechCrunch, fleshing out the core differentiation and contrast vs the Google-configured mainstream flavor of Android OS — which, by merit of its adtech giant owner’s surveillance-based business model, embeds default data collection into the platform.
Murena even argues software running on Apple’s iOS may be “phoning home”, or else leaking to third parties such as data brokers (albeit Apple’s App Tracking Transparency feature does require third party apps to request iOS users’ permission to creep on their activity). Plus it sounds a sceptical note over the iPhone maker’s brand positioning as a pro-privacy champion, pointing to Cupertino’s choice of default search engine being Google’s (a default product placement for which Apple is handsomely paid — even as iOS users can switch to a non-Google alternative if they dig in and change the setting). Whereas the whole raison d’être for /e/OS is no default scanning.
Murena’s tracking-free app offerings even stretch to a suite of cloud services that /e/OS users can sign up for (with 1GB of free storage and paid plans on offer to expand that) — which enables it to extend the available portfolio of alternatives to cover utilities like Gmail, Google Docs, Google Calendar and even Microsoft Office. (Google isn’t the only mainstream tech giant that’s also in the business of tracking users, after all.)
So far, so deGoogled. However smartphones running Murena’s /e/OS can’t entirely cut the data umbilical cord back to Mountain View. The sticky issue of third party apps makes stepping off that ledge essentially commercial suicide. No one is going to buy or even use a smartphone that can’t access popular mainstream apps. So this is where the inexorable compromise has to happen — and explains why a “deGoogled” OS still asks the user whether they want to log in with, er, a Google account! This is Murena’s rather gigantic workaround for enabling users to access third party apps they’ve previously paid for via Google Play.
The app store you’ll find on an /e/OS device is not Google Play, of course; it’s an alternative Murena has built — which is calls the App Lounge. This offers open source apps (which it’s fetching from the F-Droid store); and “progressive web apps” (basically app-like web experiences), as it looks for ways to try to wean users off full-fat apps to try to weaken the aforementioned chain-link back to Google’s dominant OS. It also allows for anonymous browsing if you’re willing to abstain from paid apps. But access to paid commercial apps via the App Lounge requires signing in with a Google account and having access to Google Play on a separate Android device in order to make the purchase using the Google account before you can download it on the Murena device…
So this is where the dream of deGoogling Google Android breaks down into a series of compromising glitches.
If you select the Google Account option, Murena’s OS pops up with a recommendation to use a “dedicated” Google account to mitigate tracking (i.e. by avoiding linking any existing Google account you may have to your activity on the device) — but also to “limit impact in case this account is restricted by Google”, which suggests ToS issues could be a risk. (XDA‘s assessment of Murena’s App Lounge is that it looks much like the Aurora Store, another unofficial Google Play client which also pulls apps from Google’s servers but lives in what its report dubs “a grey area” of likely T&Cs violations that could get your Google account banned.)
Murena’s documentation isn’t illuminating on this point. It does say that commercial apps on its App Lounge come directly via Google’s Play API. But does not discuss the risk of having your account banned by Google if you sign into its store with a Google account and try to download previously purchased apps.
When we asked Murena about this concern it denied there are T&Cs issues with its hybrid store, claiming: “We have ensured that App Lounge T&Cs are compatible with Google’s T&Cs so that users can use the service with confidence.” It also suggested the warning /e/OS serves to users who sign in with a Google Account is just a cautionary step, saying: “Google has hardened its usage policy with Google accounts this year and we have been aware that some people had some restrictions with many different usages or lack of usage. So it’s our role to warn users about this. This is not specific to App Lounge usage, as so far we have not been reported any usage restriction related to the use of App Lounge.”
So, well, the official line from Murena on baked-in risk warnings about Google account restriction is merely that they’re displayed out of an abundance of caution. How reassuring you find that explanation is up to you. But there’s no getting around the fact you will have to use a Google account to get paid Android apps on a device running /e/OS. Which does dent the USP for a “deGoogled” operating system whose headline pitch is that it lets you “escape digital surveillance now”. Evidently, the reality — and the escape — is a bit less clear cut.
Elsewhere, the main privacy-focused add-ons to /e/OS include a privacy score for commercial apps that’s shown within the App Lounge. This privacy rating is automated and does not seem to appear for every app. Per Murena it’s based on an assessment of how many trackers are baked into third party apps. Where it is shown, the rating can throw up some major oddities — such as scoring the Facebook app 9/10! Um… ! (Given Meta is the cardinal example of surveillance capitalism it’s obviously a problem if your privacy rating can’t reflect that.)
“This feature is based on tracker detection. Facebook/WhatsApp technically don’t use trackers so they are green flagged regarding privacy,” Murena offered when we queried the high score for the Facebook app, adding: “We will improve this score by adding more information about personal data collection that can be found in apps Terms of Services.”
Murena also bakes a set of “advanced” private browsing features into the OS, including a tracker blocker; a location faking option; and the ability to hide your IP address. This means that a mobile running /e/OS comes preloaded with a suite of anti-tracking tools that users might otherwise have to procure from a number of third parties. Here they are easy to access and enable — so full marks for convenience at least — albeit, again, not without some risk of usability trade-offs.
The tools are displayed in a widget on the /e/OS homescreen that lets you toggle them on or off, with the platform popping up concise explainers about the impact of enabling the features. This includes warnings that some apps may not work properly with the setting enabled. Or — in the case of hiding your IP — the recommendation is to only use it “for specific applications” as enabling the feature is “likely” to reduce your Internet speed.
On the flip side, when all the switches are set to off each one displays a one-word warning — either “Vulnerable” or “Exposed” — giving users a visible nudge to think about how their online activity might be compromising their privacy. And this tension between locking everything down (to achieve perfect privacy) and opening select hatches (to boost utility) remains the core confounder for such an ambitious against-the-mainstream-grain tech endeavour.
Ultimately, it’s also a balance that every mobile user has to figure out for themselves. And for many, or even perhaps most, mainstream tech users the obvious/best answer to this privacy vs utility conundrum might well be (another compromise step of) locking themselves into Apple’s mobile ecosystem and letting a different tech giant worry about protecting their privacy for them.
Some performance hit with Murena’s anti-tracking flavor of Android does seem unavoidable, even if the hardware you plump for to run /e/OS is a lot beefier than Fairphone’s mid-range fare. And given our test kit was a mid range handset we’re reserving finer judgement on this aspect. But unless you’re willing to not use the baked-in tracker blocking (or other privacy add-ons) then expecting some interference with app performance and/or smooth running elsewhere on the mobile web is probably sensible. (Albeit, if you opt out of those features you will of course be risking more of your privacy when/if you use third party apps and websites.)
During testing with the Fairphone 4 web pages did often feel slow and unresponsive. We queried this with Murena — after noticing it seemed to be worse if we had the tracker blocker enabled — but it couldn’t offer a clear diagnosis. It did say that while the tracker blocker feature “can potentially interfere” with browsing it also claimed this is “not something that our users have reported” so we were left to speculate about which particular aspect of this alternative mobile package might be making the web browsing experience feel a bit frustrating. We did also find the touchscreen interface somewhat fiddly/unresponsive at times when swiping/tapping. But, again, it was hard to know how much might be a software issue vs performance issues related to the mid-range hardware.
The look and feel of /e/OS generally is of a pared back Android experience. There’s not much to love or hate. It’s, well, a smartphone OS — with familiar looking icons and widgets. Overall the impression we came away with is a smartphone experience that seemed — at best — boringly normal. Utilitarian, even. If sometimes a bit plodding. But maybe boring is, in itself, an achievement when your business depends on convincing consumers they can safely move away from mainstream software and hardware without giving up essential functionality.
The wider question is how much highly motivated demand there is to put in the small amount of extra effort required (and possibly also shell out some additional cost) to tread an alternative, less feature-rich path — if, at the end of the day, all you get for your effect is a product that won’t look or feel especially thrilling. Even while, yes, beneath the surface, Murena swears there’s a whole lot less data mining going on.
Bottom line: Top notch privacy alone remains a hard to sell unless there’s something tangible to show for it. Which is why Apple’s combo of premium hardware, friction-free software and privacy smarts is so hard to beat.
Murena, meanwhile, has to fly in the face of all this embedded mainstream tech, grappling with the inevitable Big Tech switching inertia while navigating the complexities of supporting a range of hardware-software combos — so the growth challenge is real. It says it’s taking a “pragmatic” approach, which includes building tools to help users migrate off services like Gmail by helping them to transfer their data. And, really, it’s incredible how many apps and services the team has had to build, replicating reams of existing software functionality, just to be in a position to pitch “freedom of choice” to over-surveilled mobile users. Albeit it’s a pitch that’s still not, even now, entirely compromise-free. The scale of the /e/OS endeavour certainly underlines quite how vast is the Big Tech sprawl.
Is there a market for Android devices which — out of the box — don’t expose users quite so utterly to Google’s trackers yet do still require a compromising workaround requiring use of Google services to access paid apps? That’s perhaps the trickiest question here. The most tech-savvy Android users won’t be impressed (and will, in any case, know how to flash a custom ROM themselves so aren’t the obvious target for Murena’s privacy hand-holding). So its conviction of where the mobile puck is headed must be that there’s a growing pool of mainstream Android users with an appetite for iOS-style ‘low friction’ privacy delivered outside Apple’s walled ecosystem.
In short the shot is: Openness plus privacy. For now, though, it’s not disclosing how many users /e/OS has so the bet remains open.