Part 1: What you’re getting into
See also: Part 2: Nice Apps from F-Droid
Standard Android is bad: not only is its source not available, it also spies on you—through many apps that are often preinstalled by vendors or provides as well as the operating system itself.
Over the past year I’ve eliminated nearly all non-free (as in Freedom) components on my Nexus 5 and replaced them with Free Software—software that respects your rights and freedoms.
A word of advice: If you plan to free your device as well, there is no need to do it all at once. Start by replacing isolated programs one-by-one and your ride will be much smoother.
This is my blogpost about this topic. There are many like it, but this one is mine.
Operating System: LineageOS
The core of Android is Free Software. One of the major distributions of it is LineageOS, formerly CyanogenMod. Installing it (or any other AOSP distro) requires you to unlock your bootloader and flashing the ROM. If you are doing this the first time, make sure to make a backup, as unlocking the bootloader will erase your memory.
One of the (in my opinion) greatest advantages of LineageOS, besides providing a mostly standard feeling and looking experience, are their privacy enhancements. You can individually block apps (even system apps) from accessing your location, contacts, messages and whatnot. You’ll be surprised just how many applications are siphoning off your personal data.
By default, LineageOS does not install any of Google’s Apps (Play Store, Youtube, Search App, etc.pp.). More on that later.
F-Droid: Your Google Play alternative
Replacing proprietary apps is probably the hardest change usability-wise: Alternatives aren’t the original, of course.
Getting them is very easy: F-Droid is a community-run project that provides an App Store, as well as manages a repository of spyware-free and Open Source software.
Some interesting and useful apps will be discussed in part two of this series
Google Play Services (or: how Google made Android less Free)
Google has moved many of the functionality you have grown accustomed to into their proprietary Google Play Services. This includes for example the map widget you see embedded into many applications, high resolution Geolocation, as well as tracking and advertisement functionality.
Abstaining from using them is—from a privacy perspective—your best option, although this comes with some caveats.
There are ways to reintroduce the useful parts of its functionality with microG, although this project is in an early stage of development. In case you need access to the Play Store, the app Yalp (available from F-Droid) is your friend.
In case you can’t live without Google’s proprietary services (for example because an app you’re using requires them), you can use the (improperly named) OpenGApps package to install it (and other Google apps), if you must. Be aware though, that this enables Big Goog’ to spy on you, so you might want to remove them again later on (this is the approach I’ve taken).
Not everything will work out of the box. Be prepared to spend a little bit of time researching beforehand.
Recently, installing alternative versions of Android on the latest phones has gotten harder, because vendors actively try to prevent you from unlocking your bootloader. The LineageOS compatibility list is a good starting point, as well as forums like XDA developers.
If you’re finding replacements for proprietary apps, they might not have 100% of the features or a different UI. Many projects are happy to receive feedback; and F-Droid links you to their bug tracker.
Not everything can be Free
Sadly, many device manufacturers and their suppliers don’t play along nicely with the Free Software community: they don’t publish sources.
This is especially bad when chipset vendors don’t disclose their sources (and violate the GPL with it), because this means, you are stuck with the kernel version your device shipped with. And such a kernel can be very old: my Nexus 5 still runs Linux 3.4.0 from 2012—that’s over a year before the phone was released!
Not being able to upgrade your kernel comes with security risks, of course. Some of those might be patched by the LineageOS team, but many (most?) will probably go unnoticed. LineageOS provided a tracker for the vulnerabilities discovered in their kernels, which was depressing. (It is now offline due to inaccuracy problems)