Hello, making this post to get some honest, and technical opinions about GrapheneOS. Please do not be bother by this question. No drama here pls 🙏. I’ve heard that there is some of the google code into the “sandbox” feature. Say your opinion below! 👇👇
Well it’s open source android, if the code is bad, it’s jettisoned. While I cannot stand Google, not every line of code they write is trash.
The sandbox is good and you do not need to install Play if you do not want to. I use f droid where possible.
I want Linux Mobile but it is not ready yet. In the mean time, this is the best we have.
Okay but all the apps developed for android will now being useless?
What do you mean?
You can use sandboxes play store if you wish.
So you will have to emulate all this apps? Like I’m not talking about these on the play store like games or others, I’m talking about the great apps that you can find on fdroid
Depends on what you are referring to. If Linux Mobile, Android apps can be run on Waydroid and there is a compatibility layer like Wine available. However, for Linux Mobile, you’ll open up Gnome and KDE apps. In Plasma, you have kirigami which enables convergent apps (that work on desktop, mobile and tablet). As it matures, more apps will be developed that supports it.
The world and ecosystem now doesn’t define the ecosystems of the future.
if you have a pixel theres absolutely no reason why you shouldnt use it.
if you dont i dont think its worth to buy one just for graphene
if you have a pixel theres absolutely no reason why you shouldnt use it.
Plenty reasons to not use it on a pixel…I had horrible compatibility with all sorts of banking apps, government 2FA and traffic warning systems, to the point where they just couldn’t work at all. Their sandboxed play services breaks a shitload of day to day convenience and even necessities to increase privacy.
this is a problem with all ROMs, actually.
banking apps especially do everything in their power to block every phone that isn’t stock.
Did you try reading through the FAQ?
No and now I’ve answers to a lot of my questions
Its always better to try and get firsthand knowledge through the FAQ then rely on, possibly inaccurate, Lemmy users. I would also seek answers on their official forum over Lemmy as well.
I’ve been using GrapheneOS for over a year. I cannot complain about it, it works as advertised and it does it the best way possible. However, here’s the list of things I find annoying/missing. Keep in mind, this is a subjective list.
- some (quite a lot of for me) apps require Google Play Framework (or whatever the name is) to work properly
- Aurora store tends to be unavailable randomly, which makes installation/updates difficult sometimes
- some features are wonky, e.g. GrapheneOS has no issues with disabling wifi when leaving my home but I was never able to enable wifi when I’m back home.
- default apps work ok-ish but it’s far from good old iOS/Android experience
- Android Auto experience was a shitshow for me
+1 for the first 2, maybe 1 year or longer user too (others points doesnt apply for me as I not use them)
It’s a middleground between a regular stock spyware ROM and a degoogled one with pretty good security thanks to lockable bootloader.
P. S. I can hear the drama coming unfortunately. This ROM’s devs have haters.
I’ve seen that you basically have two choice (more but not very relevant) GrapheneOS for security and /e/OS for privacy. Thoughts on it?
/e/OS is not for privacy but more for anonymization. It has a built in VPN and a ton of spoofing stuff afaik. It’s closer to Qubes if you ask me. And I heard it had proprietary software so ehh it’s made to make you look like the most average internet user so you can search anonymously. I don’t have enough information about this ROM but I wouldn’t use it on my main device.
Why you wouldn’t use it on main device?
Convenience, proprietary software and because it’s not completely degoogled. I use LineageOS on my device and I’m happy with it. I can use Qubes or a VPN if I want an anonymous search.
LineageOS is more degoogled than others like eOS?
Like the other reply said, Lineage doesn’t do a whole lot in terms of degoogling. I quite enjoy DivestOS, it’s a project that takes Lineage as a base and strips out as much Google and proprietary code as possible.
In fact, it’s so Google-free that neither sandboxed Play Services nor MicroG are officially supported, though the latter can still be installed and used just fine, though with a few drawbacks.Same as Lineage, it runs on more devices, but certain features like bootloader relocking depend on the phone.
LineageOS actually seems to be getting less degoogled recently. They’re adding stuff for better Google apps support (that can be installed manually). But I believe it’s as degoogled as reasonable custom ROMs get. Not much advanced privacy/anonymization features though and no stuff like Play Integrity support obviously. It’s a ROM for these who don’t need gapps at all. And if you do, just buy a second hand device with the stock ROM and put your banking apps there. Play Integrity doesn’t work well on any custom ROMs now anyways.
EDIT: also EOS is EndeavourOS that is a Linux distro.
E often falls behind on patch levels, see the page here https://divestos.org/pages/patch_history
It’s not a ROM
I think you may be right but everyone’s used to calling it a ROM. Now with increasing popularity of EROFS it makes more sense to call it that way.
There’s a lot of false information in your statements, GrapheneOS is not spyware, and it does a better job at degoogling than any other ROM mentioned in this thread, the only one that comes close is DivestOS, and no eOS is NOT like Qubes…
GOS wanted to reduce the attack surface as much as possible so they removed all the unecessary Bloat, it doesn’t even ship with wallpapers !!
This list is not exhaustive and covers a tiny bit of the differences between these custom ROMs but it’s a good place to start
What I meant by a “middleground” is that GOS has gapps, even though they are sandboxed. There is no way it can be more degoogled than LOS or any other fully vanilla ROM that’s actually degoogled.
That’s also not accurate, GOS comes fully degoogled, and doesn’t include any GAPPS or Google Play services, you have to install them yourself if you want compatibility with Google Apps or some banking apps
even though they are sandboxed. There is no way it can be more degoogled than LOS
That’s just false, even LOS isn’t fully degoogled and it still connects to Google in the background for necessary connectivity checks ( e.g. DNS ) and Esim activation for example
Oh ok then. If it has a vanilla version then it is degoogled and can be more degoogled than LOS. What I meant was if GOS was microg only, it couldn’t be as degoogled as LOS because LOS is vanilla. Still it’s a shame that LOS can’t find a better supporter than Google.
it couldn’t be as degoogled as LOS because LOS is vanilla
This is about to change since LOS are about to include MicroG by default in future releases… Or so I heard from some Mastodon users who shared screenshots about an LOS update that installed MicroG
GOS is private and secure more than any other ROM, but once you install the Unprivileged play store you lose some of that privacy while retaining security, MicroG is private but not as secure
Still it’s a shame that LOS can’t find a better supporter than Google
Wdym?
This is about to change since LOS are about to include MicroG by default in future releases
Should I bet all my savings this isn’t gonna happen? Just don’t trust unverified rumors and never ever spread them as the truth.
more than any other ROM
ROMs without network support.
Wdym?
I believe LOS uses Google stuff because they get money for doing it, especially for making it the default search engine in the default browser.
never ever spread them as the truth.
How did you know it’s not the truth…because I implied it wasn’t… and I don’t see it as something that couldn’t happen, people asked for MicroG support for years…
ROMs without network support.
I’m not a huge fan of trolling
because they get money for doing it,
I can tell you no Open source ROM gets funds by Google, unless if it’s a program… For example GOS received many rewards for discovering vulnerabilities in AOSP
Not much to comment on the technical side, but quite a bit of things get upstreamed or reported from GrapheneOS. I believe they really know what they’re doing. You can ignore the rest if you don’t care for the general opinion.
Yes, there’s probably Google code in the sandbox feature, it’s basically the stock Android userland app sandbox. The magic is the compatibility layer that allows Google apps to run as regular userland apps.
...
I bought a Pixel 7a, just so I could try GrapheneOS.
Installed it straight after unboxing, with Play services. Ended up using it pretty much like any Android phone. Installation is simple using the web installer. On recent versions, even Android Auto works, so the only thing you’re really giving up is NFC payments. Some banking apps may don’t work, but I’m lucky (or rather not unlucky) that the ones I use do. I believe those rare apps are somewhat lazily developed, and rely / trust on Google to do security for them.
Some months later, I went back to the stock ROM, mostly for comparison. Stock Pixel OS has a lot of appealing features, but most of those are just “nice to have” things. Stayed on stock for a few months, but the plethora of obscure Google “privacy settings” put me back to GrapheneOS, and finally off Google. Reverting to stock was also simple, just as easy as flashing GrapheneOS.
Now I don’t have Play services at all anymore, and have cleared most Google services (gmail, photos, drive…) so at least not much new data will go there. I do use Google Camera, and have Photos installed since I think the post-processing happens in Photos. Both have network permission denied, which is one of the nicest added features of GrapheneOS. The stock GOS camera is OK, but that’s one thing I think Google does better, though this is a subjective thing.
The only thing I kind of miss is Google’s find my phone stuff. Even though it’s quite invasive, I have needed it once and it resulted in me getting a lost phone back. A simple solution is not to lose your phone.
Apart from the per-app network permission, another really nice feature in GrapheneOS are the settings to toggle WiFi and Bluetooth off automatically. Why these are not in any “official” ROM tells a tall tale about how much they care about your privacy. The auto reboot if not unlocked in a while also brings some assurance regarding losing your phone, at least the storage will automatically back in encrypted unlocked state.
Vanadium might be the best browser I know for Android. Pretty much Chrome without all the things that make Chrome one of the worst browsers. Vanadium’s point is security, privacy (e.g. adblockers) is not the main focus. I’m not sure if there actually even is adblock features bundled nowadays.
If you want all the nice modern bells and whistles, stay on some other OS. If the benefits above appeal to you, there’s really not much you give up in the end with GrapheneOS. It requires a bit more technical mindset, but not really even technical know-how. I haven’t noticed bugs or broken stuff anywhere, with or without Play services. Android Auto (requires Play services) gets stuck sometimes, but that may also be my low-tier car too.
The “sandboxed” Google Play refers to the apps running as user installed apps vs the system-wide root-access-to-everything apps they are on stock. The same limitations you can apply to any other app you install apply to GSF apps too. So even if you install Play services, you are severely limiting the scope of data Google gets from you. It’s a solid middle ground between full degoogling and stock OS.
I’m not even an Android app developer, and will gladly admit technical mistakes. If you want something negative, the vocal minority of GOS users is really vocal and really full of themselves.
Louis Rossman got threatened by the GrapheneOS dev
And is GrapheneOS Dev threatened by Louis Rossman?
No the dev is very sensitive to criticism https://www.youtube.com/watch?v=4To-F6W1NT0
Its all google code what are you talking about.
I used it for quite a while, but with most of the Google apps. One morning RCS chat stopped working and would not reconnect, since I use RCS for texting most people I’m back on stock for now. I know it’s not graphenes fault, but I didn’t want to have to keep dealing with Google randomly disabling stuff. Up until then, everything worked as it was described
There’s also CalyxOS, low drama and very reliable. Https://www.calyxos.org
Calyx is unfortunately pretty slow to release security patches, uses privileged apps with root access like microG and the F-Droid privileged extension by default and doesn’t really provide any unique features. All of the privacy features of Calyx are either already present or can be easily replicated in a better form on GrapheneOS. Take Datura Firewall, it’s yet another privileged app with root access which adds unnecessary attack surface, and is less secure than the Graphene equivalent. GrapheneOS implements a network permission toggle, which is embedded in Android’s native permission manager and uses the INTERNET permission to restrict network access. It disables both direct and indirect network access, including the local device network (localhost). GrapheneOS also has a bunch of unique security features, that can’t be found on any other Android ROM, like for example a hardened memory allocator, hardened kernel, secure app spawning, improved SELInux policies, Duress PIN/Password, driver-level USB-C control, Storage Scopes, Contact Scopes and soon App Communication Scopes. GrapheneOS also includes Sandboxed Google Play services, a better GMS implementation than microG, which doesn’t require root and has better app compatibility.
All your points are true, yet still depend on Google in sandboxed form. That negates everything else for me, who wants a reasonably secure device that works out of the box and also respects my privacy.
If a nation-state wants into my phone, it’s delusional to believe even graphene can hold them off, you need real opsec for that, and unfortunately all I’ve seen thus far from graphene guys is cosplaying that the NSA wants your porn selfies.
Graphene and micro g? Cool. Sandboxed Google? Nope.
All your points are true, yet still depend on Google in sandboxed form. That negates everything else for me, who wants a reasonably secure device that works out of the box and also respects my privacy.
Graphene doesn’t “depend” on Sandboxed Play services. In fact, it’s not installed by default, and it is totally optional. Also, Sandboxed Play services doesn’t make your device less secure in any way, it can be installed as a normal user app, you can fully control access to sensitive parts of your device like the microphone, camera, location, etc. through the Android permission manager, and Play services don’t have any special permissions, since it’s not installed as a system app. As far as I’m aware (correct me if I’m wrong) you can’t remove microG on Calyx, since it’s installed as a system app and even granted root privileges. microG is a cheap, hacked together workaround, which requires root to function correctly. This greatly expanded attack surface makes it inherently insecure. microG also requires proprietary Google code to be run, in order to work (most of microG is open source, but it still uses some Google blobs). As far as I’m aware, this Google code is not sandboxed, and simply executed as a child process of microG (which runs as root), meaning that this Google blob is also run as root. This makes microG much more insecure than Sandboxed Google Play services, and it potentially gives Google much greater access to your device compared to the sandboxed approach.
If a nation-state wants into my phone, it’s delusional to believe even graphene can hold them off
The GrapheneOS team never claims that their OS is “NSA-proof”, but they actually look at which parts of the OS are commonly exploited by (nation-state) hackers, and massively improve them. As you can see in this spreadsheet, created by Google’s Project Zero, most vulnerabilities in Android come from memory corruption. That’s why GrapheneOS’s biggest and most important feature is their custom hardened memory allocator. It protects against most memory-related exploits, and is even stronger when used on a device with hardware memory tagging, which is the reason why GrapheneOS currently only supports Google Pixel devices.
Another significant security feature is secure app spawning. Creating new processes via exec (instead of using the traditional Zygote model on Android) randomizes the initial memory layout, which also helps to defend against memory-related vulnerabilities. The aspects I just mentioned are important protections about malware/remote code execution.GrapheneOS also protects your device against physical attacks, e.g. by implementing a driver-based control mechanism for the USB-C port, making it impossible to connect to the device while it’s locked. This protects against forensic data extraction, e.g. using Cellebrite or XRY hardware.
Graphene even has a feature that protects you, when you are forced to give up your password. The Duress feature let’s you set a second PIN/password, which will cause the device to entirely wipe all the encryption keys, which are used for unlocking the device, from the secure element. This process is irreversible, can’t be interrupted and happens instantaneously, making the data impossible to recover.
No one claims that GrapheneOS is 100% secure and will absolutely protect you against NSA hackers, but it is by far the best and most secure mobile OS that’s currently out there. It is easy to use for everyone, and secure enough to be used by high-profile targets like Edward Snowden.
you need real opsec for that
Good OPSEC includes a secure operating system. Calyx is not security focused whatsoever, it rolls back standard AOSP security features, significantly increases attack surface, and doesn’t release security patches regularly.
Happy cake day btw!
Sorry, “google blobs”? A lot of work went into MicroG, and I think it’s a shame that you’d minimize so much good work to reimplement the lynchpin of Google’s control on your devices.
At this point I’ll presume you’re just misinformed, as no proprietary google code operates within microG unless you decide to run with device attestation, and there it’s running as a sandboxed service. At any other time, you are able to run open source code which spoofs your device details to Google, and spoofs google to all these other closed source apps in a reliable and readable, much smaller codebase.
Honestly, the irony of running blobs, when one is completely closed source vs the other which is fully open. Hahaha.
Everything on Android is half-assed but that’s not Graphene’s fault.
Right
Left
Even more right 👍
Ask me when the NSA knocks at your door, what I think about it? I think it’s a big honeypot.
Think about it, if you were the NSA or the CIA would you push a privacy oriented OS? Honeypot vibes get stronger
I don’t trust the google kernel when it comes to privacy or security. You think with how many people use Android and with how bad actors Google are they wouldn’t put a backdoor somewhere?
its open source and well audited, so no I don’t think they have it backdoored. they get all the info they want from people using google play services at a privileged level, running chrome, and using their other dozen services that come bundled with stock android
Unless you want to tell me that the Android kernel is the first OS kernel without bugs, it takes at the very least one bug to be left intentionally unfixed and shared with the feds to introduce a backdoor. I wouldn’t consider it infeasible with how large the android kernel is, and how high a barrier of entry kernel dev is. If the bug is found, just move to the next one. Normally I wouldn’t be so paranoid, but this is Google we’re dealing with, on one of, if not the most popular kernels on the planet.
Right