At the same time, doesn't a "typical person" wanting Facebook, Uber, etc apps running kind of counter to the type of people that would want or need something like Graphene?
It's about the war, not the individual. If you're completely compromised by and beholden to google, then you've already lost. For many people, the threat model is protecting the commons and keeping the future possibility of commerce without a 30% tax collected by some middleman in california.
If people start from a device they own, then they can actually fight the other battles. Install facebook in a work profile for now but try and get some friends to move to xmpp. Install uber if and only if you're stuck and public transport has stopped for the night (and uninstall it after). Or any other compromise between complete submission and full device ownership.
Graphene as a project doesn't really seem aligned with this idea. Calyx and /e/ are a bit better.
If you have to compromise your values to allow such things, an example might be TikTok with Play Services on Graphene is possible, but you will be permanently banned shortly for not being spyable enough and failing modified ROM detection, would you want to compromise by re-adding what's basically a vulnerability if it increases userbase?
If it means that I only have to convince someone to give up a tiktok account they don't have rather than tiktok and pinterest amd facebook and whatsapp (and subsequently the ability to communicate with any of the local community groups) and the local covid app that allows you to leave the house and their university app and any kind of paid media, then yes.
A phone that my partner owns that I can actually realistically ask her to use is better than one that is secure against an attack that isn't even in my threat model and is a complete non starter.
> you will be permanently banned shortly for not being spyable enough and failing modified ROM detection
Wait, do they actually do this too, or is this a hypothetical you made up for the example? Or did you mean Snapchat instead of TikTok, which I know does actually do that?
I picked it as a random example but yes, it does do safetynet/aggressive device fingerprinting/bans root (magiskhide used to work for a bit afaik)/collecting as many identifiers as possible based on version of android.