Been using this for about a year on a p9 pro. It works very well. I hear the google tap to pay does not work, but I've never tried it. However Vipps with their tap to pay works fine. BankID works but not with biometric login, which some things require IIRC. And for some reason DnB private works fine, but you are not allowed in on the corp app.
It's mind boggingly stupid that they lock down apps like this, when you can just open the thing in a website anyway. I can use my bank on some linux distro, crazy that they trust me since it is not Windows - the truly secure OS!
Knew about those things before I started, so all in all I'm pretty happy. I'd recommend NOT using different users for different things (I started with banking etc in one profile, that ended up being a huge PITA and according to their docs it is mostly security theater anyway). Happy tinkering!
madeforhnyo 49 minutes ago [-]
A collegue of mine was tech lead at a large online bank. For the mobile app, the first and foremost threat that security auditors would find was "The app runs on a rooted phone!!!". Security theater at its finest, checkboxes gotta be checked. The irony is that the devs were using rooted phones for QA and debugging.
sunaookami 30 minutes ago [-]
Yeah that's the first thing a pentest will complain about, had the same problem too. I pushed back enough so that it's trivial to bypass but the bank and pentesters also agreed with me that it's security theater or else I would never had the chance.
hparadiz 4 minutes ago [-]
I always ask them if they have root/admin on their computer. Then follow up playing dumb with "shouldn't we lock out PCs too?". Watching them stammer is worth the 30 second aside.
zobzu 43 minutes ago [-]
ive seen:
-"but ios can be jailbroken and it doesnt have an AV!" while the MDM does not allow jailbroken devices, and they also allowed sudo on linux.
auditors are clueless parasites as far as im concerned. the whole thing is always a charade where the compliance team, who barely knows any better tries to lie to yhe auditor, and the auditor pick random items they dont understand anyway. waste of time, money and humans.
ACCount37 34 minutes ago [-]
Oh how I fucking wish "security" wasn't a stupid cargo cult checkbox list 3/4 of the times.
Unfortunately, the rot runs too deep.
empyrrhicist 15 minutes ago [-]
Your password must be between 8 and 12 characters, and must have lowercase, uppercase, numbers, and punctuation.
Pick up the can!
InitialLastName 7 minutes ago [-]
My favorite is when it must have punctuation, but certain punctuation is silently banned, so I have to keep refreshing my password generator until it gives me an acceptable combination.
barbazoo 8 minutes ago [-]
> Pick up the can!
Gotta admit, this triggered me. I don’t think those are the same thing. If no one had a good password we wouldn’t affect each other negatively. If no one picked up trash, we would.
fodmap 3 hours ago [-]
> It's mind boggingly stupid that they lock down apps like this, when you can just open the thing in a website anyway. I can use my bank on some linux distro...
Not in Spain. I can access my bank's website but I can't do anything without their bank app. Even sometimes they require to confirm my identity using their app in order to access their website.
I have several linux phones but I can only do banking with their app downloaded from Aurora Store in my Vollaphone.
shevy-java 2 hours ago [-]
This should be illegal that the government forces people into apps controlled by private, commercial entities. I call such a government corrupt.
Here in central Europe I can still access the bank website fine without smartphone. I need a physical device to yield a TAN though, but I can access and do online transactions fine. So I think something is wrong with the spanish government. People need to protest.
dotancohen 1 hours ago [-]
> This should be illegal that the government forces people into apps controlled by private, commercial entities. I call such a government corrupt.
Or how about schools requiring parents to use WhatsApp to receive updates and information? Luckily my ex forwards to me the important stuff, but not everyone is as lucky to have an ex like mine ))
phantom784 1 hours ago [-]
Especially in Europe! They shouldn't be forcing you to run an OS from an American company.
wolvoleo 1 hours ago [-]
Even the EU initiative Wero requires Google or Apple. You can't even use it on a desktop pc and you're not even allowed to have developer options on. Ridiculous. I've never seen any app that is so strict.
microtonal 1 hours ago [-]
My bank still supports TAN codes with a device too. Unfortunately, once it breaks or the battery goes dead you cannot get a new one and have to use their app. Fortunately, their app works on GrapheneOS without issues.
Mindwipe 1 hours ago [-]
The DSA European digital wallet spec currently requires Google or Apple attestation, so not for much longer.
And that is mandated by the EU.
iamgrootali 52 minutes ago [-]
test
Tharre 3 hours ago [-]
> Not in Spain. I can access my bank's website but I can't do anything without their bank app.
I don't know about Spain specifically, but as far as I understand it no bank in the European Economic Area + UK should allow banking via just the website alone anymore, because of the "Revised Payment Services Directive" (PSD2) regulation.
Essentially, banks are required to implement "strong customer authentication", which in essence is just multi-factor authentication with a password + either biometrics or a security device of some sort.
And in practise that means a banking app, because most people do not want a separate token they have to buy and can lose. Though a lot of banks do offer those as well.
askonomm 2 hours ago [-]
In Estonia you can easily do banking via the website on all the banks (LHV, Swedbank, SEB). That said, we do have it all integrated with our digital-ID (which every ID card has private keys encoded into with a PIN you know) so it's not like you can access it with a simple password (our online voting works the same way).
edoceo 10 minutes ago [-]
Can the PIN change? How to issue new key if needed? How does it integrate with the voting?
gunapologist99 2 hours ago [-]
TOTP not accepted?
(When will people learn that biometrics are not another factor: they're entirely public and irrevocable. It's not just security theater, but Apple & Google know that this forces you into their ecosystem, which should be illegal. Of course, Brussels is full of rubes anyway.)
Tharre 52 minutes ago [-]
The question is what generated that TOTP code. The banks must ensure that they "are independent, in that the breach of one does not compromise the reliability of the others," as article 4(30) states. That text is vague as hell, but published opinion of the European Banking Authority on the matter[0] is:
"a device could be used as evidence of possession, provided that there is a ‘reliable means to confirm possession through the generation or receipt of a dynamic validation element on the device’"
So in essence the TOTP has to be bound to the device in a way that prevents users from just extracting the secret and putting in in their password manager. Hypothetically that would still allow Yubikeys and other security keys that provide attestation from the factory, but in practise banks probably don't want to deal with the support headache and just provide their own, like the TAN generator mentioned by other commentors.
Two other highlights from the interpretation of the EBA:
"App installed on the device" -> not compliant
"In the case of an SMS, and as highlighted in Q&A 4039, the possession element
‘would not be the SMS itself, but rather, typically, the SIM-card associated with the respective
mobile number’."
"SIM-card associated with the mobile number" - is that even technically possible? Do mobile carriers provide a API for banks to verify that a number still corresponds to the same SIM card? If so I've never heard of it.
TOTP not accepted, because the confirmation for payment must include the amount to be paid, which cannot be done under TOTP as far as I know.
severino 58 minutes ago [-]
> And in practise that means a banking app, because most people do not want a separate token they have to buy and can lose.
It can be SMS. As said in another comment, the main banks in Spain offer this authentication method while being PSD2 compliant. Some also offer a card with coordinates. So it's not mandatory in any way to use a banking app.
Tharre 36 minutes ago [-]
Probably not for much longer though. Several countries, including mine, have already banned SMS 2FA for banking, and it's likely that that will be implemented for all of Europe in the near future, possibly with PSD3. Not that SMS 2FA was ever a good idea in the first place.
But yes banking apps are not mandatory, and likely won't be in the near future either, though the alternatives are treated a bit like second class citizens.
severino 2 hours ago [-]
I don't know which banks you are using but in my case I work with five Spanish banks and I can do everything from their websites, no app required. Yes, they try to push you to use their app, some tried to activate mobile 2fa for me when this psd2 thing became mandatory but I always told them their app doesn't work on my phone (which is true) and they offered me alternate methods like sms.
dotancohen 1 hours ago [-]
In my country we have a large religious population who eschew the smartphone. This means that no government, banking, or other services require a smartphone.
lejalv 2 hours ago [-]
> Not in Spain. I can access my bank's website but I can't do anything without their bank app. Even sometimes they require to confirm my identity using their app in order to access their website.
- RBC 2FA is that if I try to login through my browser, the phone app will ask if I authorize the login. I think I can disable this and use sms/call, but that's even more insecure, so I don't.
- TD lets me login fine and do everything in the browser. But any online transaction that is moderately large or presumably fishy, will force me to authorize the transaction via the app.
These are among the largest banks in Canada.
FullMetalBitch 3 hours ago [-]
I have been using GrapheneOS for a few months in Spain with and out of three banking apps only one gave me trouble, I had to enable "Exploit Protection Compatibility Mode" on "app information". Personally I refuse to pay with the phone so I am okay not having that option.
If someone wants to try Graphene os maybe that option will work on their banks too.
b112 3 hours ago [-]
Not in Spain. I can access my bank's website but I can't do anything without their bank app. Even sometimes they require to confirm my identity using their app in order to access their website.
I've seen this elsewhere, and it's absolutely ridiculous.
Why?
Because in almost all cases, the apps may only be installed with Google Play, and require the framework to work correctly. And that means?
If you are not in good standing with Google, you cannot bank!!
I cannot stress how inane it is, to have Google or Apple as the gatekeeping to identify verification. How not having an active, in good standing account with one of these two, means you cannot bank.
And it's happening more and more.
Meanwhile, banks -- which tend to make billions in profits quarterly, do this to save on infrastructure costs. They do it so they don't have to stand up their own push servers, or have an app which doesn't require firebase.
Well cry me a river, boo-hoo Mr Banker, I'm not even remotely interested in you saving on infra-structure costs at the loss of autonomy. And on top of this, many banks are reducing hours, closing branches, claiming that they don't need them.
Leaving absolutely no other choice.
This sort of thing should be illegal. Being in Spain, but requiring a US megacorp to tell your own bank, that you're you.
jlokier 2 hours ago [-]
> They do it so they don't have to stand up their own push servers
I don't agree with this dependency on being in good standing with Google either.
But there is a technical reason that isn't wanting to avoid using their push servers. It is about battery usage and radio bandwidth.
Keeping open an idle connection over WebSocket, long-poll HTTP or TCP/IP needs regular pings (typically 30 seconds are used), one ping per connection. Otherwise your app can't be sure to receive messages from the server in real time, as the connection can disappear into CGNAT or similar hole where it doesn't receive messages sent by the server. To an app not using pings to check, such a blackholed connection is indisinguishable from an idle connection with no pending messages.
Waking the radio every 30 seconds, times 2 (back and forth), times the number of registered applications, would be quite battery draining. It drains battery both for background CPU usage and radio processing. Those pings in aggregate can even amount to a significant amount of data usage for users on smaller plans.
So there is a battery and radio advantage in using a shared push service, which only need a single idle connection to be kept live with 30 second pings.
There's another level to this, not available to regular developers using TCP/IP, HTTP or WebSockets.
The mobile network itself has to maintain handset connection liveness to the nearest tower, at a lower level than IP pings, and this is obviously optimised for battery and radio performance, and always running.
With arrangements in place with the mobile networks (which Google and Apple have), the mobile OS can leverage that for more reliable, lower power push notifications, by either guaranteeing the network will send something technically similar to a low-level SMS when there's an outstanding message, or by guaranteeing their special push IP connection will stay live by itself (no CGNAT blackhole) or be notified if something happens to it.
This allows the mobile OS to offer a shared push service that's fairly reliable at real-time notifications, with zero continuous CPU and radio power overhead for the idle connection.
dotancohen 57 minutes ago [-]
Why does a banking app that I'm not currently using need to ping a server occasionally?
When I want to do banking I'll open the app, do my business, then close the app. A banking application does not need push notifications.
jlokier 13 minutes ago [-]
My comment was about push service sharing generally, not banks, from a technical point of view that many people aren't aware of but may find interesting.
Clearly, real-time notifications are useful with many apps, notably real-time messaging, even if you don't think they have a place with bank apps.
For bank and credit card apps, I find their push notifications to be very useful. They are among the most useful notifications I get, because they tell me about things I find important, which I wouldn't notice otherwise.
They tell me things about transactions that have gone through, sometimes after a long delay, transactions that need confirmation right now or they will be blocked, balance being too low, or too high (credit cards), payments that are required today, refunds that came through after a product was returned, transfers that completed on the receiving said, payment received from a client, direct debits that are going out tomorrow so I will need to make sure there's enough in the account, customer service messages that require a response from me or they will eventually close the account, and so forth.
"Just open the app" doesn't work: All of those, except transaction confirmations, are things where I wouldn't know to open the app if I didn't get a message of some kind to tell me.
These days, in some juristictions it's also required to send real-time notification to confirm some purchases, because the phone's security is considered better than card details alone. Depending on how the purchase is made (e.g. in-person vs online, different payment terminals), you might not know the reason a transaction is blocked or held is because it's waiting for you to confirm in the app, so the notification is useful for this.
All these used to be done by SMS, and that was useful too. But SMSs are just push notificatons with a worse UI and worse visual cues.
dotancohen 6 minutes ago [-]
> But SMSs are just push notificatons with a worse UI and worse visual cues.
... and no dependence on Google or Apple.
vbarrielle 44 minutes ago [-]
Unfortunately it needs push notifications to authorize online payments.
dotancohen 14 minutes ago [-]
So open the app when performing an online payment.
afpx 2 hours ago [-]
I thought this was what Larry meant when he said surveillance will keep citizens on their best behavior. If one’s reputation score is low, sorry no money. Also, if anyone in one’s network has bad behavior, no money and no friends. Maybe the kids will learn to accept it, but being of the last analog generation, to me it seems like a painful future.
vladms 2 hours ago [-]
As far as I remember, last time I needed to use Google play on a shared phone I could just create a random Google address (I mean, completely invented name, etc.) and it allowed me to do anything, just as my normal Android.
I am too lazy to test, but did this change? Can't you just make a "fake" account and continue with your life? The phone company knows where you are, the bank knows what you purchase. Compared to that Google will know far less (ofc, if you don't activate everything)
I find it much more insane that it was possible for so long to do banking WITHOUT strong authentication (however implemented) by just providing those 3 numbers on the back of the card (strong security!)
ImPostingOnHN 1 hours ago [-]
No, they will either immediately or shortly thereafter require you to link a phone number, etc
vladms 7 minutes ago [-]
The original comment was saying:
> If you are not in good standing with Google, you cannot bank!!
> I cannot stress how inane it is, to have Google or Apple as the gatekeeping to identify verification. How not having an active, in good standing account with one of these two, means you cannot bank.
Having to register some phone number (does not need to be your main number, a sim card is quite cheap) to a "fake/unused" email address (even if as you say you are required yo) does not require you to "be in good standing with Google" and they are not gatekeepers of identity.
At this point in time I feel the banks and the mobile phone operators are much worse managers of identity, because, for example they even accept stolen identifiers to make an account in "your name" - for me that's more ridiculous, not that they require some multiple factor of authentication.
bytejanitor 2 hours ago [-]
In Germany for some banks you can buy a TAN generator and then you do not need a smartphone app anymore.
Is this an option in your area as well?
derbOac 2 hours ago [-]
It seems like the right time to advocate for open standards in things like banking.
FullMetalBitch 3 hours ago [-]
Why? Technofeudalism is not going to impose itself
bergheim 3 hours ago [-]
Especially with how things are currently, I whole heartedly agree - you cannot operate as a human being in Europe without having a good standing with either Alphabet or Apple.
Absolute madness.
6LLvveMx2koXfwn 2 hours ago [-]
Absolute madness or complete nonsense - I have neither an Apple account or device, nor a Google account or mandated device (e/os on Fairphone 3+) and operate perfectly successfully in the UK with (almost [1.]) zero friction.
1. Revolut app stopped working so I emptied my account and opened a Wise account which is fully administer-able from their website. Revolut has subsequently started working again after a couple of app/OS updates.
pmontra 2 hours ago [-]
> I can use my bank on some linux distro,
Yes, I've been doing that since 2009 on Ubuntu and Debian but there are several caveats.
One of those banks has its own TOTP device and they won't replace it when the battery dies. It's almost 20 years old now. Then it's the fingerprint sensor on my phone.
The other banks authenticate accesses and many operations with either their app + fingerprint (all of them) or SMS (some of them). So basically I would still need a phone with a blessed OS. I could buy the cheapest one and store it in a drawer, but it's still a dependency on Google or Apple.
GrapheneOS requirement of Pixel devices is a dependency on Google too.
microtonal 1 hours ago [-]
GrapheneOS requirement of Pixel devices is a dependency on Google too.
They are currently working with an OEM to release a non-Pixel GrapheneOS phone in the future.
dotancohen 1 hours ago [-]
I hope and pray that is a Samsung S Ultra device. The built-in stylus transforms the whole user experience, I would not go back to a device that I must swipe my dirty fingers across.
dangus 57 minutes ago [-]
I’m just imagining myself pulling out the stylus on the train/plane, dropping it, and watching it roll away forever.
dotancohen 9 minutes ago [-]
They thought of that! The cutaway of the stylus is a rounded rectangle, comfortable in the fingers but does not roll.
In any case, replacement stylii are very cheap online. Less than a screen protector.
BLKNSLVR 3 hours ago [-]
I'd also recommend to slowly migrate to GrapheneOS, getting to know where the boundaries are for specific apps. Once you've got your 'dailies' all up and running predictably, then you're good to go, but it could take a few days depending on how much spare time you have to find said boundaries. Having said that, I turn on most of the higher level security protections, which quite a few apps need exceptions from.
But, yes, you can't tap to pay and it's unlikely you ever will. Banking apps will be hit and miss depending on their (generally hypocritical) paranoia levels.
I pay with a tap-to-pay card, and I have never needed to do banking related things immediately, I've always done it via the bank's website.
I also still have a not-very-old 'normal' android phone for some edge cases - which are few and far between (actually, I think it's usually to cast youtube to the TV since I only have the revanced youtube app on the GrapheneOS device).
P.S. On the use of profiles, I use them to separate work apps and notifications from personal, from sporting club, from X, Y, and Z. Yes, they're a pain in the arse to switch between, but I'd argue it's more of a pain in the arse to have them all jumbled together causing even more notifications, frustrations, and distractions from whatever one should actually be concentrating on in the present moment.
vages 4 hours ago [-]
Thanks for the Norwegian perspective.
I agree that the locking down is truly stupid. For what it’s worth, the reasoning for locking down mobile apps is allegedly that mobile users are a less technologically competent demographic than desktop users. I do not think so myself, given the difficulty in trying Graphene vs. Desktop Linux.
microtonal 55 minutes ago [-]
I agree that the locking down is truly stupid.
I don't agree that it is stupid. Both banking on a Windows PC or on an unlocked + rooted phone is potentially catastrophic. Windows because of the prevalence of malware, unlocked phones with custom AOSP forks because people download 'ROMs' (as they call them) from the most shady sites.
Once 10,000s of Euros are siphoned from a bank account, it's usually the bank that has to deal with the mess. Especially if they cannot prove the transactions were done in on an insecure platform.
Phones are generally safer (though there is a huge variance between the safety of different Android phones) because they use verified boot and strong application sandboxing.
I think it is possible to believe the following two things a the same time:
- Banking apps should only run on locked phones with secure boot.
- Banking apps should not be limited to the Apple/Google duopoly.
The solution is that there is some validation of alternative OS vendors, e.g. in the form of an audit, and that banks are required to approve apps on their platforms after the audit. This would be fairly straightforward tech-wise, because e.g. GrapheneOS supports remote attestation, but banking apps need to add/allow the hashes of the official boot keys: https://grapheneos.org/articles/attestation-compatibility-gu...
malfist 3 hours ago [-]
Those people who root their phone and install alternate OSes sure are less technologically competent than someone with a browser and a laptop
UqWBcuFx6NV4r 2 hours ago [-]
“Installing alternate OSs” is juicy bait for “tech enthusiasts” who know just enough to be effectively worse off than someone with a browser, yes, and at its core is this holier than thou attitude.
jlokier 3 hours ago [-]
> when you can just open the thing in a website anyway. I can use my bank on some linux distro
Unfortunately not.
I'm in the UK. Two of my personal banks, all four business banks that I need to use, and several credit cards, require authentication using their phone app to confirm login on their website.
None of those I've seen are using TOTP or SMS, for which I could use a general security service. All use their own phone or tablet app. One does something interesting where the website shows a unique QR code on each login, the phone app reads it with the phone camera, and then website login proceeds instantly without clicking anything.
Oh, and some of them also require phone app confirmation for card purchase transactions.
When my last phone's screen stopped working, I called one bank's "phone banking" line (using another phone of course) to make an urgent transaction, and they told me they can't do that, as only service they offer by phone is registering a new phone or tablet. They told me explicitly that it's not possible to login to their web-based banking service without using their app for authentication, and on a registered device.
It's the reason I have my current phone. I had to buy a cheap-ish Android in a hurry from a local shop, in order to proceed with my bank transaction.
Back to the main topic: I love the idea of a properly open source phone, I used to own not one but two Nokia N900s, and I once toyed with the idea of building my own Linux phone from scratch, big project though that is.
But the security ecosystem around logins has changed, and so have the services I depend on. These days I use many bank and other financial-service related apps, and I'm not, in practice, free to switch providers. So I couldn't use a Nokia N900 or modern equivalent any more as my only mobile device. I'd have to carry a second phone as well.
(Banking and other service authentications are also the only reason I have my current passport. I resented having to pay to renew my expired passport, given I had no plans to travel (small children) and the expired passport used to be accepted, but I found some banks, credit cards and even government services increasingly requiring to see a non-expired passport from time to time. When I asked one of them what do they do for the large number of people who don't have one, they simply told me they close those people's accounts and that's ok, they don't need to serve everyone. But that's another story.)
eloisius 3 hours ago [-]
> require authentication using their phone app
And banks often have their apps region locked, so if you live abroad or have accounts in more than one country, you’re fucked.
birdsongs 4 hours ago [-]
I was the one that submitted the DNB Bedrift app report to the sec dev repo! I contacted DNB but they never responded to my email. I wonder if we can find a dev? I believe that's how the private app got fixed.
Want to use Vipps tæpp so much but I have Nordea for private and they don't allow it on their cards, for whatever godforsaken reason.
bergheim 3 hours ago [-]
Ah. Where did you send this in?
I wouldn't mind sending in a complaint to both BankID (allow biometric login) and of course DnB corpo edition.
birdsongs 3 hours ago [-]
Oh! Sorry, you described the current state of things so well I assumed you were close to the project.
Hah - both were in my browser history, yes I know them :) I misunderstood and thought you had sent direct emails to relevant parties arguing for why they should be allowed on grapheneos.
Thanks anyway!
birdsongs 3 hours ago [-]
Oh I also misunderstood! I did send an email to DNB Bedrift customer service about Graphene support, citing the private app fix. They technically gave me a response that it would be looked into, but it felt very handwavy, and that was 3 months ago. It was via the bedrift portal, there is a "Send E-Post" button.
I don't know how to contact the engineering team. IIRC that is how the private app got fixed, someone got word to someone on the inside.
omgmajk 3 hours ago [-]
Does the Nordea app work on Graphene? I am curious because I have been itching to switch my main phone to an alternate OS.
birdsongs 3 hours ago [-]
Yep! Perfectly, I use it daily. (The private customer one, not sure about business.)
baq 3 hours ago [-]
> I can use my bank on some linux distro, crazy that they trust me
enjoy it while it lasts. hardware attestation requirement for (at least) banking apps is a question of 'when', not 'if'.
BLKNSLVR 3 hours ago [-]
I hope this isn't going to be the case universally. If my bank cuts off my access from my browser-on-linux setup, then I'm finding an alternative bank (hopefully some will always exist), which I don't say lightly since I've been with my current bank since I was old enough to have a bank account.
3 hours ago [-]
Neil44 3 hours ago [-]
Same with Lineage OS, may daughter has an old Samsung with Lineage on it and the Wallet app doesn't work because the phone's been rooted.
Brybry 2 hours ago [-]
You're doomed to this issue with old phones in general.
Even un-modified you'll then be stuck with an old version of Android that doesn't support the latest versions of apps and the old versions of apps won't work properly.
It's really a shame because a lot of old phones work perfectly fine otherwise.
gunapologist99 2 hours ago [-]
Generally Lineage is the latest. Unfortunately, there are other issues (such as the blobs that Lineage needs drifting out of date, and it's usually suggested that you'll should backup and then wipe to upgrade to the next major release, etc.)
dotancohen 1 hours ago [-]
I have a few features that I need that I'm not sure if Graphene supports. If you could check that would help!
Can you record phone calls? Do third party voice recorders continue recording even when the screen is locked? Thank you!
Cider9986 1 hours ago [-]
Yes to both.
dotancohen 55 minutes ago [-]
Thank you!
iamgrootali 1 hours ago [-]
test
ghrl 1 hours ago [-]
"Break free from Google" and buy a Pixel phone from them to do so.
But unironically Pixels are currently some of the best actually open phones.
They do not lock down or require shady practices for unlocking the bootloader (although they do require a network check once that happens automatically, but it will permanently allow unlocking the bootloader if successful once. Pixels are very easy to restore and almost un-brickable, allow bypassing the boot screen warning by pressing the power button twice, actually allow relocking the bootloader and don't void your warranty unlocking it, don't have a shady one-time fuse like Samsung phones do with Knox, etc.
microtonal 46 minutes ago [-]
Pixels are really great despite being from Google. I hope they will continue to make them unlockable/relockable. As you say they are also surprisingly hard to brick. Here is someone trying to break it intentionally during the GrapheneOS install:
If you don't like giving money to Google, plenty of companies offer refurbished Pixel phones.
neelc 13 minutes ago [-]
In the US, many refurbished Pixel phones are Verizon variants which disallow OEM unlocking.
When was in college and had Sprint this was a nightmare since then I wanted root for unlimited hotspot (Sprint made it easy that way), but most refurbished Pixels were Verizon variants.
And I couldn't just use OnePlus because they were only designed GSM networks or later Verizon CDMA-less. Then, new Pixels were unaffordable for me, but parents insisted on using Sprint.
I ended up getting a Pixel 3 off Mercari (which I still own) just to keep root.
Now, I can afford a Pixel 10 Pro new (which I am right now), alongside spare Pixel 9 and OnePlus 13R units. But even then (a) my income is lower than when I worked at Microsoft and (b) The OnePlus was from a trade-in deal.
aktenlage 27 minutes ago [-]
I have a Pixel 6a with GrapheneOS. Runs great for years, except for one or two apps that require an "official" Android.
Anyway, I now need to get the battery replaced, because apparently they are dangerous and Google pays for the replacement. Unfortunately, the replacement process requires the stock android to be installed. Meaning, I would need to backup the whole phone, reinstall stock android, then restore everything - and hope the whole ordeal works out.
hydrogen7800 53 minutes ago [-]
I've wanted to try this on my old Pixel 5, but it has the dreaded screen/motherboard failure. It appears there is no solution for that short of replacing the screen/mobo, which i've already done once after cracking it.
1 hours ago [-]
sandreas 4 hours ago [-]
I personally tend to own two Phones. One all-day carry GrapheneOS device (Pixel 8) and an older WiFi and at home only iPhone for all payment and ensurance stuff.
This is inconvenient in some ways, but at least it is sort of privacy as good as it gets while still being able to run official apps when I need them at home.
To de-google the phone, I use F-Droid as primary App store, Aurora as fallback for non-f-droid Apps and as a last resort Obtainium to install Apps that are not in these stores.
The only google App I really "need" (kind of) is the Camera App, which is sandboxed via GrapheneOS Storage Spaces and without Network permission (why would a camera need internet?).
To backup my phone, I use the integrated GrapheneOS Solution (seedvault!?) for storage and apps, immich for Photos and MyPhoneExplorer for Contacts.
Sometimes it is a bit hard to find good apps for specific purposes, so for everyone interested, here is a list of Apps that I personally use or have used.
Newpipe - Youtube Client
Audiobookshelf - Audiobooks
Voice (PaulWoitaschek) - Local Audiobook Player
Substreamer - Music
DSub - Music (alternative)
VLC - Video-Player
Organic Maps - Google Maps alternative (not as good)
PDF Doc Scanner - Open Source Document Scanner
Wireguard - VPN
Immich - Photo Backup / Viewer
LocalSend - File Transfer
K9 Mail / FairMail - Email Client
KOReader - Ebooks
Binary Eye - QRCodes and Barcodes
Pure Todo - Self hosted PWA PHP Todo List
Signal - Messenger
Open Camera - Open Source Camera App
goda90 1 minutes ago [-]
What would sandboxing an app like Google Maps look like? There are definitely situations where a sub-par map app would be detrimental. Obviously it's going to send data to Google, but do I have to sign into an account or will it have some other way of identifying my phone if I used a one-off account just for it?
* KeePassDX -- password manager, shares DB with KeePassXC on desktop, which is synced via NextCloud. Also functions as a TOTP authenticator. (https://www.keepassdx.com/)
* DAVx5 -- CalDAV and CardDAV client; keeps mobile calendar and contact list synced with private NextCloud server. (https://www.davx5.com/)
And I don't see F-Droid itself mentioned -- it's the most popular repository of FOSS software for Android, with an accompanying app: https://f-droid.org.
compass_copium 2 hours ago [-]
I also like AntennaPod for audiobooks--fewer apps that way.
72deluxe 3 hours ago [-]
I like Organic Maps because it isn't full of the social things. Every time I open Google Maps it shows that card at the bottom with "what's popular in your area", full of pictures of people's breakfasts and other nonsense. Organic Maps is free of this noise.
Also, the desktop client on Linux is quite useful.
Alternatives for Windows etc. are Cruiser Maps, a Java application (and also available as an Android app).
sandreas 3 hours ago [-]
All map apps I tested so far were kind of usable but nowhere near Apple or Google maps. Especially for longer trips I often got lost and had to re-navigate by different reasons (voice announcement too late, no lane instructions, etc.).
However, I listed it because it is a "usable" alternative that works offline.
itissid 3 hours ago [-]
Google maps discover feature is a dumpster fire for fomo driven brain fog
nickorlow 3 hours ago [-]
Grayjay is another good YouTube (and other streaming platform) client made by the company that owns Immich
sandreas 3 hours ago [-]
Uh this looks nice. Thank you.
walthamstow 3 hours ago [-]
Voice audiobook player is so nice and simple, a pleasure to use
sandreas 3 hours ago [-]
I recently PR'ed some improvements within the search (series and part are now searchable).
I also made a custom fork with some quality of life improvements, like series and part visible on screen, headset remote click patterns (tap for play/pause, double-tap for next, etc.).
Been running GrapheneOS for a while on a Pixel 9, and extremely happy with it! Apart from the usual perks of the FOSS ecosystem, there are a few things specific to GrapheneOS that are not immediately apparent but have turned out to work very well -
1. The Pixel camera app works, including all modes and settings. A camera that takes good photos was absolutely a requirement for me, and the FOSS camera apps are not quite as good yet.
2. I don't have Google Photos and the pixel camera app tries to launch google photos when you want to review the picture you just took. But there is a FOSS app called GPhotosShim that uses the same namespace as google photos and thus fools the camera into launching that app instead. Once launched, it just launches whatever media management app you actually have configured, so it's seamless.
3. Android Auto works!
4. Android QuickShare works!
5. NFC tags / Yubikey integration works!
6. Screencasting works!
7. Sensor access and internet access can be disabled for apps by default (and I do).
kwhat4 12 minutes ago [-]
> 3. Android Auto works!
Does this require installing google play and other google services to work?
8. External storage works. This is the only mobile OS I've found that has stable support for an External SSD.
I bought a second hand Pixel 7 to test this and an exFat SanDisk Extreme Portable 2TB works with reads/writes perfectly.
rcMgD2BwE72F 2 hours ago [-]
>4. Android QuickShare works!
Does that require being logged into a Google account? How to ensure Google knows nothing about your shares?
I have Graphene w/ Google Play Services (required for my job) and would love a easy way to share files/info with various devices (incl. iOS/macOS which I remember should work with QuickShare in the future) but will avoid a service that shares data with Google.
greenie_beans 20 minutes ago [-]
wish my yubikey would work with bitwarden
kakacik 2 hours ago [-]
A quick question from potential buyer of next generation of pixel phones, since samsung keeps disappointing hard with their top line - is there any difference in quality between default photo app and what graphene os bundles with?
Pixel are supposed to be very good in photography, part hardware and part software, and my concern would be degradation of that software part. With small kids, there is nothing more important on phone for me than photos/video quality these days (apart from never going into apple ecosystem, I am just incompatible with that company' philosophy).
Or its just about slapping some commercial photo app (like I heard from other photographers is often done on apple to get most out of it, but forgot the name of the app) and not caring about this?
gunapologist99 2 hours ago [-]
Yes, it's a huge difference. However, you can install the very latest Google Camera app through the Aurora app (or Play Market), and it works perfectly except you don't get photo preview within that app; to fix that minor issue, you can install the Gphotoshim which someone else mentioned in the comments.
On the other hand, if you switch to the latest Google camera app, you will not really be participating in making the open source version better.
If photos are important for you GCam is a must, you can download it
haskman 3 hours ago [-]
And once you are on GrapheneOS, break free from your proprietary watch ecosystem and switch to GadgetBridge (https://gadgetbridge.org/)
I run a Thinkpad with NixOS and KDE, a Pixel 9 with GrapheneOS, and an Amazfit watch paired with GadgetBridge on my phone.
It's a testament to the hard work of the FOSS maintainers of these projects, and the spirit of open source, that everything works flawlessly together without any cloud service sucking up my data. For example, I can control youtube and music playback on my laptop with my watch because KDE Connect syncs my laptop and my phone, and gadgetbridge syncs the phone and the watch. The breezy weather app on my phone can automatically push its data to gadgetbridge which in turn pushes the data to the watch. And so on. So many little things, developed independently, working like a single well oiled machine.
rcMgD2BwE72F 1 hours ago [-]
I tried GadgetBridge because it cannot sync the activity files (.fit and/or .gpx) so I still had to plug the watch into a computer to keep the actual data.
So I ended installing ActivityLog2[0] to do something with the files I had to have on desktop and GadgetBridge was of little use because relying on GadgetBridge without actually syncing the files might make me forget about doing the backup to a device I control (GrapheneOS or a computer).
As soon as GadgetBridge support syncing the files from the watch to the app (or any local folder on Android), I'll install it again and stop doing the manual backups over USB. Syncthing will do it automatically.
Garmin watches seem quite open even without that. I have all my data syncing to influxdb every 15min for a Grafana dashboard and it works great.
In background I also have Withings scale sync the measurements a couple of times a day to Garmin.
pscanf 36 minutes ago [-]
How do you sync the data out of Garmin? Something like https://github.com/matin/garth, or syncing directly from the watch?
haskman 3 hours ago [-]
Probably the reason why Garmin watches are well supported by GadgetBridge
BLKNSLVR 3 hours ago [-]
I didn't need anything more on my to-do list, but this is intriguing.
haskman 3 hours ago [-]
Setting up GadgetBridge is very easy since it's just an android app. No flashing firmware etc. However, not all gadgets are equally supported, and you should check the support status of your device - https://gadgetbridge.org/gadgets/ (I bought my watch only after checking that page for compatibility).
p-e-w 3 hours ago [-]
> And once you are on GrapheneOS, break free from your proprietary watch ecosystem and switch to GadgetBridge
Then switch back to Google/Apple after half a year when you discover that you can’t run
- your banking app
- any government app
- the app required to access large sports events
- the pandemic tracking app without which you can’t enter an airport
- various other random apps
because they ALL detect that you’re running on a phone with an unlocked bootloader and will flat out refuse to start. And for many of those, there is no legal alternative.
(The extent of this varies depending on where you live, of course.)
neobrain 2 hours ago [-]
> - the pandemic tracking app without which you can’t enter an airport
Not sure if airports specifically used another mechanism, but the Android contact tracing APIs were actually reimplemented in microG, allowing these apps to work even on custom roms.
Your other examples don't hold universally either (banking apps are compatible with un-rooted custom ROMs more often than not, and not sure how many sports event apps use integrity checks), but your general point stands that it may come with trade-offs.
jhasse 2 hours ago [-]
You can lock the bootloader again with GrapheneOS and many banking apps work.
Mindwipe 51 minutes ago [-]
You won't pass Google Play hardware attestation that way, and you won't find a bank in Europe or the UK that doesn't require that to log on to their website within five years.
microtonal 42 minutes ago [-]
My bank works fine after relocking (in NL, Europe). And last time I checked all Dutch banks work. My VISA credit card app (from ICS) also works. Same for the government identification app, the government message app, our insurance app. In fact, I haven't encountered anything outside of Google Pay that didn't work.
(I don't deny that there are apps that won't work. Best to check before switching full-time.)
haskman 2 hours ago [-]
YMMV. I run sandboxed Google Play Services on GrapheneOS so almost every app works. My digital payments app works, and the same with most government apps I have tried. My private bank's app doesn't work, but I just use their website for the handful of times a year I need to access it.
PenguinCoder 2 hours ago [-]
Does NFC work with those digital payment apps on Graphene?
haskman 2 hours ago [-]
In India we use QR codes for payments. NFC in general does work (for example, I use a yubikey for 2FA).
kakacik 2 hours ago [-]
No banking app on phone because why; no government app because oh fuck why, whats wrong with your government (at least in primary phone and I never needed secondary); app for sport events - thats just me but I prefer doing sports rather than passively watch them, so 0 loss; pandemic what? its 2026 and I never saw such requirement in Europe, Africa nor Asia; no other app requires that.
Thats not coming from some paranoid security person, just regular (software dev) joe.
neelc 18 minutes ago [-]
About his comment:
> Unfortunately, I must recommend Windows 10/11 here, because then you don’t have to mess around with any drivers; it’s the simplest option.
When I worked at Microsoft but ran FreeBSD at home, I often used my work Windows laptop to install custom ROMs. This is because FreeBSD was finicky with adb.
Now I run Fedora and the Android drivers are pre-installed. I installed GrapheneOS on both a Pixel 10 Pro (main) and Pixel 9 (spare) that way.
On Windows, I've had more trouble with Android drivers than I did on non-Windows.
mentalgear 5 hours ago [-]
This is especially interesting in regard to the recent HN dicussion on spyware by for-profit intel firms having access to Whatsapp, Telegram, Signal, etc. (https://news.ycombinator.com/item?id=47033976) through OS-level no-click hijacks.
I wonder how secure GrapheneOS is in that regard, and what the other contenders are?
subscribed 4 hours ago [-]
Hard to say how it fares against those specific attacks but some of the vulnerabilities that will go out in the mid-2026 on the mainstream handsets are already patched: https://grapheneos.org/releases#2026021200
(it's not magic. All big vendors have these details, just choose to take their sweet time to patch them. GOS has partnered with a major OEM vendor who provides them with access)
GrapheneOS themselves dont pretend that their secure from that level of attack, but its about evaluating your own threat level. State sponsered actors aren't burning zero days on the vast majority of people, and you only need to look at how badly several european governments want to ban graphene and similar to see that such exploits aren't even being burned on organised crime. Realistically unless you're a journalist or considered a political target you're gonna be fine with graphene.
mentalgear 56 minutes ago [-]
Thank you for the insight. Indeed, a concerning state of the world where criminals are less at risk from spyware than journalists and activists.
ozlikethewizard 32 minutes ago [-]
Its definitely a scary world, safe to assume all your online activity could be hacked if so wanted. Just gotta hope its not wanted and that it doesnt become possible to do it on a mass scale (UK is currently pushing to ban E2E lol, and I know the EU has contemplated similar. If you do fall into the wanted category, face 2 face is really the only option. I know a lot of politcal/investigative journalists also constantly cycle and maintain burner devices but even thats a risk of just how long is a safe time before a device is considered burned.
cartoonworld 4 hours ago [-]
GrapheneOS have hardened_malloc which is a huge advantage, I think. It makes the weird machines problem much harder. I would say be very careful, because you can still get previews of images, or old and weird media formats that could be exploitable, and android/GrapheneOS doesn't have the same sorts of policy as say Apple with the iMessage blast door. They control safari, etc.
Android's attack surface seems pretty jagged. For example there is only one webrender engine on iOS, where you can run anything you like on Android/GrapheneOS.
zozbot234 4 hours ago [-]
It's quite secure against casual attacks, but a proprietary mobile platform has inherent issues wrt. withstanding even mildly sophisticated attackers, including mercenary spyware services. You still have a huge attack surface from all sorts of proprietary firmware blobs and hardware IP blocks that are running directly on the SoC. It's not clear that it's really worth even trying to secure it as opposed to just treating it like an untrusted toy.
cartoonworld 2 hours ago [-]
well, a concerted attack could easily subvert the baseband if you have a few million dollars and the correct letterhead or private contacts.
GrapheneOS really wants the software in the phone to not pwn the phone. This is good. Its a different, and much more difficult problem to secure the connection to the telco, and the larger internet, because the transport is attacker controlled.
Think of it this way: Say you use Qubes because security is valued very highly for you. Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?
mentalgear 55 minutes ago [-]
Interesting. What are the alternatives to GrapheneOS that you wouldn't consider a "toy" ?
StilesCrisis 2 hours ago [-]
It's just an Android fork. Almost certainly it's equally affected.
microtonal 36 minutes ago [-]
That's too simple. First of all, Pixel (which GrapheneOS requires) is one of the few Android phones with a separate secure enclave. GrapheneOS also applies a lot of hardening that other vendors do not: https://grapheneos.org/features#exploit-protection
That said, if a state-level actor is up against you, then it's hard to defend yourself against that.
danielmartins 14 minutes ago [-]
I had a Pixel 6a with Graphene OS for a year before the phone started to glitch and eventually die. It ran pretty hot; sometimes it was hard to even hold the phone in my hands without burning myself.
I could not get a replacement as I bought the phone in a foreign country (Google doesn’t sell Pixels here in Brazil).
So as much as I love the idea of running a more private phone, I found the hardware extremely fragile and poorly designed, so I will not buy from them again anytime soon.
codethief 3 hours ago [-]
I've used GrapheneOS on a Pixel 3a, 5, 8 and 10 Pro so far and it's worked really well. I couldn't imagine going back.
The only things I'm missing (which don't exist in other OS'es either):
- Being able to configure contact scopes in such a way that the app in question only gets access to the phone numbers of the contacts belonging to the label I specified, e.g. "WhatsApp", nothing more. Yes, one can of course add contacts' phone numbers to the contact scopes "by hand" but 1) there is a limit on the number of contacts/phone numbers configured this way, and 2) AFAIK there is no way to back up that list.
- Being able to install browser extensions in Vanadium.
- Being able to configure multiple VPNs at once, e.g. for Tailscale, ad filtering, blocking HackerNews during times when I should be doing something more productive :) etc., especially since the Vanadium browser doesn't support extensions (see above). I was hoping that the Rethink app might implement something like this (https://github.com/celzero/rethink-app/issues/1047) but it doesn't look like it's coming and it'd probably be much better to do this at the OS level.
blahaj 51 minutes ago [-]
You can use labels for contact scope.
paul_h 3 hours ago [-]
Note to self: look for second hand unlocked Pixel 10 pro!
6jQhWNYh 5 hours ago [-]
It's a shame only Pixel phones are supported. I have PWM sensitivity and Pixel phones are notoriously bad for this, my eyes hurt when I look at one for more than 30mn. Due to the lack of good, secure alternative, I have had to give up on privacy in exchange for manufacturer updates.
sudonem 5 hours ago [-]
The Pixel limitations has been my main concern as well.
The good news is that they are actively working on developing their own hardware. The bad news is that it’s been delayed. But I’m watching closely.
That article speculates the OEM is Samsung but I find that very hard to believe. Samsung is totally beholden to Google. The discontinued their own DeX and Tizen smartwatch OS for Google alternatives and as for their "AI" features most of them actually come from Google.
Google would not allow this and they're way too entangled with Samsung.
6jQhWNYh 3 hours ago [-]
Interesting article. Let's now hope for a reasonable price, even though it will be challenging for their team. It would be a shame if the target audience is limited to overpaid nerds like most of HN.
lejalv 4 hours ago [-]
> when I look at one for more than 30mn
That limitation might be doing you a favor, as these things go...
Even if Pixels hadn't PWM a larger screen (or, dare I say, a book) will be an improvement for longer reading sessions.
wishfish 3 hours ago [-]
I'm in the same boat. Bought a 9 Pro XL and had to return it. Hope their OEM will use DC dimming for the screens or have an IPS option.
In the meantime, I use a Motorola G Power 2024 which has IPS. I'm very much a non-expert but made a minor hobby out of trying to de-google it as much as possible.
Never signed into Google with it. Using NetGuard with a whitelist to prevent most of the phoning home. Uninstalled or disabled most built-in apps. The apps I use are installed via either Obtanium or Fdroid. Have Dropbox from Aurora. Use Motorola's private space for keeping some data and apps in a separate, supposedly secure locker.
I'm sure this doesn't come close to GrapheneOS's security level but it's the best I can do within the limitations of this device. It was a fun mini-project. NetGuard is invaluable for this purpose. Almost feels like the phone is truly mine.
ktm5j 2 hours ago [-]
Seriously. Especially if you're someone who wants to cut ties with Google.
microtonal 30 minutes ago [-]
So, buy it refurbished? Google doesn't directly profit from it, you create less pollution, and once you have GrapheneOS on it you can leave Google out the door.
The problem with nearly every other phone, except maybe Samsung flagships, is that they don't fulfill the security requirements. And Samsung is hostile against unlocking (even when it was still possible, it would burn a Knox eFuse).
backscratches 3 hours ago [-]
Seconded. Really hope the new Graphene device does not have terrible PWM. Battery benefit to OLED is great but not if I can't look at my phone.
Myzel394 5 hours ago [-]
I've been using GrapheneOS for about 3 years now. For the most part, it works very well. I don't have any issues with banking apps, nor any other closed source apps. I'm using two profiles both with sandboxed Google play installed. I'm logged in into my private Google account on the work profile.
However, there was one case that lead me to thinking about ditching grapheneos to this day.
I installed Uber on my phone and I was able to successfully create an account and use it. When it came to booking a ride, the app crashed and I had to log in again. Once I did that, I was told that my account has been suspended for violating the terms of services. All I did to that point was creating an account and booking a ride.
I was able to resolve the issue luckily after a few days and going back and fourth a couple of times with the Uber support, however, the risk of getting banned on any such platform is still risky, and thus I'm not sure if grapheneos is usable if you need to use such services.
rcMgD2BwE72F 5 hours ago [-]
That's clearly a Uber problem. I'm also a GrapheneOS and used Uber once -- it worked.
HunOL 3 hours ago [-]
It's clearly end user problem who is not able to book a ride. Root cause is on Uber side.
ozlikethewizard 4 hours ago [-]
Maybe not being able to use Uber isn't the downside you think it is though. UK centric view but call a cab and pay in cash, you haven't comprimised your security and you're not engaging with an unethical business.
rationalist 3 hours ago [-]
Well, you still might engage with an unethical business, but at least the chance goes from 100% to somewhere between 0% and 100%.
I've run into my share of scammy taxi drivers.
ozlikethewizard 37 minutes ago [-]
Right but at least then you are the one being scammed, and can decline to be scammed if you wish. As opposed to willingly partaking in a shitty system.
prmoustache 38 minutes ago [-]
Last time I checked you could still book a ride using the website.
peanut_merchant 5 hours ago [-]
I regularly use Uber on Graphene OS and have had no issues.
budududuroiu 5 hours ago [-]
I'm a new GrapheneOS user and stopped using Uber as altogether. Taxis aren't that bad where I'm at, and cheaper than Uber
palata 5 hours ago [-]
No problem here with Uber on GrapheneOS.
subscribed 3 hours ago [-]
Same. Using it (rarely) off the secondary profile and everything works.
backscratches 4 hours ago [-]
Uber works in browser on mobile (and desktop). Last I checked lift did not.
rationalist 3 hours ago [-]
Lyft app works on GrapheneOS.
ThePowerOfFuet 5 hours ago [-]
>there was one case that lead me to thinking about ditching grapheneos to this day
Your aim is misplaced: ditch Uber, not GrapheneOS.
franga2000 5 hours ago [-]
What exactly is the risk of getting temporarily banned on Uber? You have to use a different taxi app? As if such a thing even exists?!? Unacceptable!!
Every app on my phone has at least one other app, usually already installed, that can replace it. This wasn't intentional, it just happened naturally. Unless all two or three apps in a category get blocked for me at the same time, this already unlikely situation is barely an inconvenience.
simonh 4 hours ago [-]
The key phrase there is "such services". It's not just about one problem once with Uber, it's the risk of problems like this with any service of that kind, or really any service you rely on.
If using GrapheneOS significantly increases the risk a person won't be able to use a service they rely on, that may be unacceptable.
franga2000 3 hours ago [-]
But that's my point, what one irreplacable app/service do people rely on? The only thing that comes to my mind is messaging apps, but even there, almost everyone I need to talk to is reachable on at least one other app. I have multiple taxi apps because I compare prices and availability, like any reasonable consumer should. I have two banks, but even if I didn't, I can pay by cash or card, not just phone. If I need to make a bank transfer, I can go to a branch or do it online. I have two map and navigation apps because they have different strengths and weaknesses. My email is accessible by browser if the app breaks.
I'm not doing this on purpose, I just now scrolled through my app list looking for one app that would actually fuck me up if I lost it in an instant. There are none. And I'm not currently even running graphene or anything else, just a stock Samsung.
SadErn 3 hours ago [-]
[dead]
g947o 4 hours ago [-]
If the same thing happens with the Lyft app, you may be stuck at your current location indefinitely, especially in less populated areas/late hours.
gf000 1 hours ago [-]
And what is preventing Lyft/Uber whatever's algorithm to have a bug and just falsely flag your account after registration? Like there is no guarantee it works on a stock android/apple device either and I'm fairly sure they have a long list of false flaggings that support has to unlock day-to-day.
voxadam 5 hours ago [-]
While I admire GrapheneOS and its goals, I feel that until we free the proprietary baseband processors and their RTOS from the grips of Qualcomm and friends it's a pyrrhic victory, at best.
palata 5 hours ago [-]
When there isn't a perfect solution, the next best thing is... the next best thing :-).
5 hours ago [-]
darkwater 4 hours ago [-]
Unless the next best thing makes you think you are already achieving the "perfect solution" for what you think you care about, but in truth does not.
I'm not a mobile phone security expert but my feeling is that in the case of GrapheneOS - which target is probably high-profile people at risk of state actors et similia attacks - a zero-day in the closed source firmware from Qualcomm will probably screw you anyway.
I understand that you are anyway reducing the attack surface (now they need to target the modem firmware specifically), I understand the concept of security in depth and I also understand that by using GrapheneOS you are already placing mitigations for many other known and unknown attack vectors. But still...
Tharre 3 hours ago [-]
> a zero-day in the closed source firmware from Qualcomm will probably screw you anyway.
All the devices that GrapheneOS supports implement a clear separation of the baseband and the CPU in the form of SMMU, ARMs version of IOMMU. So a zero-day in the baseband does not immediately screw you - unless the code on the CPU side also contains vulnerabilities or there is a major flaw in the SMMU implementation that somehow breaks isolation.
darkwater 3 hours ago [-]
Thanks for the clarification (and to the others that answered as well).
I probably explained myself in a shitty manner, I didn't try to downplay GrapheneOS efforts, and I should have kept my initial statement about "next best thing can create a false sense of completeness" as a generic remark and not specific to GrapheneOS, for which I don't have enough knowledge to know if it applies or not.
cartoonworld 4 hours ago [-]
fyi a Cell Site Simulator can masquerade as the legitimate telco operator and push type 0 messages to the handset.
What that means is they can push malicious settings and configurations (Definitely) and probably malicious firmware to the handset at will. They don't need to code this, they buy the software packages from the usual suspects. Adversary simply needs to put a drt box or a hailstorm or what-not close enough to the handset to do the work.
The baseband can do a lot, it has dma (if I recall correctly) and can almost certainly screen look, and extract information from some but not all base bands. This varies.
GrapheneOS cannot really influence this, but hardened_malloc could conceivably help. What would be great is a bench firmware re-flash, but I don't want to do this every single day.
ylk 3 hours ago [-]
> The baseband can do a lot, it has dma
There's an IOMMU:
> Is the baseband isolated?
> Yes, the baseband is isolated on all of the officially supported devices. Memory access is partitioned by the IOMMU and limited to internal memory and memory shared by the driver implementations. [...]
> GrapheneOS cannot really influence this, but hardened_malloc could conceivably help.
They can and do, see above. But I don't see how hardened_malloc is related to the baseband doing DMA.
cartoonworld 2 hours ago [-]
Thanks, this is very good information!
To answer your question, I thought it might just be slightly harder to extract secrets or exploit a running process directly. Thats all I was saying.
evolve2k 2 hours ago [-]
I don’t have the source (I’ll have to try find it), but I read that the cell site simulators can work on 4G and earlier but don’t work on 5G. So one thing folks can do is set ur phone to use 5G networks only (unless ur stuck and then u can make it looser but be aware your less protected at that time).
I do this on iOS I’m sure it’s do-able on GrapheneOS and hopefully on Android too.
cartoonworld 2 hours ago [-]
5G CSS is harder yes, but keep in mind that most 5G is the 5G_NSA variety, and is really just riding on the same cell bands, no mmwave here. You probably notice that your phone often slips out of 5g, or you inhabit different modes here.
Essentially, 5G is sort of a lie. Phones spend a lot of time exchanging information via 4g/lte, and just like 2g/3g and 3g/4g, there are simply downgrades that can be performed in the field, without getting too far into the weeds.
5G matters not for this.
subscribed 4 hours ago [-]
So no, their target is people who marginally care about privacy and security but don't want to use iOS. I don't think they target any particular demographic but I see security engineers and activists among users.
And it's not only security - simple stuff like USB data off unless the phone is unlocked, native call recording, much enhanced user profiles (to separate data mining apps like Uber or Instagram from your financial affairs), etc.
And yes, it's about reducing the attack vector. On most other handsets you'll get most of the fixes 6 months or a year later. At best.
1dom 4 hours ago [-]
I think the appeal and use case for Graphene and similar OS for most users is the Google/privacy/ownership type argument.
I do understand your point that people at risk of state level attacks might get a false surface level appearance of defence from this. But then anyone who's a target of state level attacks and is making OS decisions based on a surface level understanding of the tech is not going to have a good time anyway.
BirAdam 50 minutes ago [-]
Don't allow perfect to be the enemy of good.
nickorlow 3 hours ago [-]
iirc Graphene is in talks with an unnamed HW vendor to make a grapheneos specific phone. They refer to the vendor as someone who makes phones and you've likely heard of, but haven't given any more info otherwise.
That and blocking the query all apps feature on android
direwolf20 3 hours ago [-]
Do you also need the WiFi chip to be fully free?
thisislife2 5 hours ago [-]
GrapheneOS' approach is to focus more on security than privacy, because they believe increased security leads to increased privacy. Unfortunately, that means their hardware requirements pretty much limit the hardware that you can run it on (currently only the Pixel phone range). Worse, it also means they stop supporting a device when it reaches End-Of-Life as software security updates stop for it (see How long can GrapheneOS support my device for? - https://grapheneos.org/faq#device-lifetime ). Sad though - GrapheneOS on Sony Open Devices ( https://developer.sony.com/open-source/aosp-on-xperia-open-d... ) would have been nice.
palata 4 hours ago [-]
The whole reason why GrapheneOS is superior to its alternative is because they do all that.
I also with they could support non-Google phones, but that's a problem coming from the manufacturers, not from GrapheneOS.
My understanding is that there are close to half a million GrapheneOS users. And many potential users don't want to buy a Google phone. So it feels like it is starting to become worth considering for manufacturers...
I don't get why Fairphone doesn't look into that. Is it because they are not aware, or is it too hard for them to make hardware that is compliant with what GrapheneOS requires? Hundreds of thousands of devices may not count so much for Samsung, but they must definitely count for Fairphone.
stephenr 4 hours ago [-]
I'm not sure I fully understand this.
Why are GrapheneOS releases dependant on Google releases?
palata 4 hours ago [-]
They are dependent on the AOSP releases (which Google develops) and on the manufacturer updates (and because GrapheneOS runs on Pixels, then it goes back to Google again).
stephenr 3 hours ago [-]
I can understand relying on an OEM to provide hardware support for a given model - but I'm finding it hard to understand why they're unable to continue supporting a release just because the upstream removes support for something.
I'm not even really sure what you mean by "manufacturer updates".
The more I hear about this project, the less is sounds like an alternative OS and more it sounds like a thin skin around whatever shit Google throws out, to be honest.
andrewaylett 2 hours ago [-]
They rely on manufacturer support for device firmware, just like anyone else.
palata 3 hours ago [-]
> why they're unable to continue supporting a release just because the upstream removes support for something.
If you have an EOL Pixel and a new major version of Android is released, Google will not port this new version of Android (and therefore AOSP) to it. So GrapheneOS would have to do it. GrapheneOS just say they don't have the resources to do that, so they follow the Google releases. Could you keep an EOL Pixel without receiving updates? Sure. But then it's not supported anymore, it's just outdated, insecure software.
> I'm not even really sure what you mean by "manufacturer updates".
There are the AOSP updates (which bring new features, but importantly in our case bring security fixes) that come from Google, but your phone is more than that. There is a bunch of hardware running in your phone and a bunch of firmwares exposing it. Say your camera, or your wifi module, etc. If there is a security issue in the firmware of the camera, then it won't be fixed in the AOSP codebase. You need the camera manufacturer to fix it and release a firmware, pass it to the phone manufacturer who will then deploy it on your phone.
Google split both of those concepts years ago in order to deploy Android updates faster and make everybody more secure, because manufacturers had a tendency to lag a lot. Some still do but the situation generally improved, I think. Anyway, you need to receive those security updates from your manufacturer because they are independent from Google.
> the less is sounds like an alternative OS and more it sounds like a thin skin around whatever shit Google throws out, to be honest.
If you think that AOSP is shit, then sure. I mean, if you think that the Linux kernel is shit, maybe you don't want to run a Linux distribution.
I personally think that AOSP is pretty great, and vastly superior to Linux on mobile (among other because it has a much better security model). I am not a big fan of Google being root on my phone (with Android and system apps like Play Services), which is something that GrapheneOS fixes (by making Play Services run like any other, unprivileged app). GrapheneOS is also adding privacy features, be it by proxying your location requests (so that they go through the GrapheneOS servers instead of directly to Google) or by adding features like "scopes", where you can choose exactly which contact you share with an app, for instance, or refuse Internet access to an app without breaking it (GrapheneOS will just make the app believe that it has the permission to access the internet but there is just no connection right now). And of course GrapheneOS hardens the system in terms of security (e.g. with a hardened malloc or memory tagging stuff that Apple recently introduced as well).
So yeah, it is relatively thin, because AOSP is a huge codebase. But it doesn't mean that it's worthless: this skin makes it more secure, more private, and for me more enjoyable than Android.
stephenr 50 minutes ago [-]
Sounds a bit disingenuous then for an article to have a title that includes the phrase "break free from Google".
microtonal 7 minutes ago [-]
I think they mean breaking free from Google Analytics, Google Play Services, Google Play, Google Location Services, etc. Play Services and Play are not installed on GrapheneOS by default, so it is possible to run your phone with just GrapheneOS with your choice of open/closed source apps on top.
I think breaking away from open source Google code is not really meaningful. It's kinda like saying "I don't want to run Linux because it contains code from IBM/Google/Meta". AOSP is a great and useful project. If the day that Google stops releasing AOSP ever comes, a consortium of interested organizations can fork it. But it does not make a whole lot of sense to start a new mobile ecosystem completely from scratch, if one that is great and open source already exists and buys you compatibility with millions of apps.
palata 29 minutes ago [-]
It was first "break free from Android", but somebody complained so they changed it. Titles are hard, I guess :-).
Ajedi32 33 minutes ago [-]
The list of open source apps in this article was very informative and something you can benefit from even if you don't use GrapheneOS. Many of the apps listed I hadn't heard of.
edbaskerville 1 hours ago [-]
Switched to this from Apple a year and a half ago. Works for most things. Unexpectedly, replacement apps lack polish. Also, RCS works very inconsistently (been without it for months), seems to be Google's fault. There may be workarounds, but I haven't had the energy to try the more complicated suggestions.
I am probably going to switch back to a used old iPhone for "phone appliance" tasks, but keep around the Pixel for other things.
My main takeaway from the experience is that iMessage is an even bigger weapon than I thought.
microtonal 4 minutes ago [-]
Are you in the US? I get the impression that iMessage and RCS are only big there. Almost nobody uses them here in Europe. (It's mostly WhatsApp where I live and Signal is slowly getting more popular.)
As an aside, from the latest release notes: Sandboxed Google Play compatibility layer: add toggle for granting Play services access to ICC auth in order to support RCS with carriers requiring it for RCS in Google Messages including T-Mobile (see RCS usage guide)
The RCS issue is why I switched back to iPhone, reluctantly.
If anything, iOS seems buggier and less reliable, but I know (and am related to) a lot of people who insist on using iMessage/RCS, and I can't be missing messages.
RRRA 2 hours ago [-]
Until these OS also start putting forward something like WebOS that tried to get phones back to on open web, there is no breaking the binary format and Appstore monopoly.
I wish Europe would have forced that 10 years ago since the US is beyond saving.
gf000 1 hours ago [-]
What binary format?? Go read facebook's "source code", is that any more open than a random apk? If anything, apks decompile quite well.
ordainedclicks 5 hours ago [-]
One of the only big downsides I've noticed with GrapheneOS is that several banking apps don't work with it at all thanks to being tied to Google's verification ecosystem.
Luckily I have hardware 2FA keys from my bank so I can authenticate using that. It also slightly decreases the suck-factor from whenever the phone decides to fly off down a drain. This may not be the case for you, so do your research on what you need for daily living.
rcMgD2BwE72F 5 hours ago [-]
I contacted my bank, insisting that GrapheneOS is one of the most secure OS on the market and therefore should be supported if they actually care about users' security (it's actually far more secure than all the old, far less secure but Google-approved devices out there). They acknowledged an fixed their app, one of the most popular in France.
Still missing Android Pay but that's due to Android Pay being closed. I wish banks would do something and support NFC payment systems that don't require the device to be controlled by Google (how can we be okay with this?!)
> I wish banks would do something and support NFC payment systems that don't require the device to be controlled by Google
There are countries where it's possible to pay everywhere with the banking app scanning a QR code. No need for NFC :-).
yason 2 hours ago [-]
The point of NFC-on-a-phone is that you don't need the damn banking apps and internet and retailer support for all that to validate a simple transaction. My credit card has NFC, no internet and no app, and it's universal.
stephenr 4 hours ago [-]
I use qr based payments regularly where I live, and in my home country I use nfc payments (watch/phone/card) essentially always, when we visit.
NFC is by far more convenient and reliable.
palata 4 hours ago [-]
I can't say about "convenient" because I don't use it, but I have been using QR codes for years and I haven't had a single issue. I don't know anyone who has.
QR codes are reliable.
landgenoot 3 hours ago [-]
You need an active internet connection to pay via QR.
NFC (EMV) works offline.
palata 2 hours ago [-]
Got it, that's a good point! It's so much not an issue where I live that I hadn't realised :-). But it is an issue nonetheless.
stephenr 3 hours ago [-]
It's regularly unreliable here, because it's reliant on a bank app which in turn is reliant on an internet connection, and banks here are kind of shit.
It's pretty common here that people will be told they need to turn off an otherwise working Wifi connection when facing problems because bank apps will often just not work properly on wifi.
But as I said, even without that, the convenience level is ridiculously different. It's arguably quicker to open your wallet and use a debit card with an NFC chip than it is to use QR codes, before we even talk about the convenience of watch/phone payments using NFC.
palata 2 hours ago [-]
> It's regularly unreliable here, because it's reliant on a bank app which in turn is reliant on an internet connection
Got it, that's a fair point!
> But as I said, even without that, the convenience level is ridiculously different. It's arguably quicker to open your wallet and use a debit card with an NFC chip than it is to use QR codes
This part sounds like those people who use a different unit system than I do and explain to me how my unit system is objectively more inconvenient than theirs. To which I answer: "I think I know better than you what is more convenient for me, given that I use it everyday" :-).
I use QR codes instead of opening my wallet, which kind of hints towards the former being more convenient than the latter for me. And for the millions of people who also do that.
stephenr 34 minutes ago [-]
Did you miss the part where I said I use both?
I'm not saying "yours" is less convenient. I'm saying the one you and I both use regularly is less convenient than anything NFC based, which I also use semi-regularly.
palata 18 minutes ago [-]
I'm confused. You say:
> It's arguably quicker to open your wallet and use a debit card with an NFC chip than it is to use QR codes
So I assume that even though QR codes are available where you live, you use your debit card with an NFC chip because it is quicker than using QR codes...
Anyway, the important part is that NFC doesn't require an internet connection, and I had missed that. Now I wonder why a QR code couldn't work without an internet connection just the same. I'll have to look into that!
yep - tried GrapheneOS for the first time today and my banking app detected that the phone was jailbroken.
joebe89 4 hours ago [-]
What about the small matter of having to purchase a Google phone in the first place?
backscratches 3 hours ago [-]
Most anti-google move: buy a second hand pixel, they receive no revenue on the device which is (assumed) already highly subsidized by google so that they can profit off users' data, then you use their subsidized hardware without running their spyware OS. Google only loses money in this scenario, it is a great protest.
palata 4 hours ago [-]
I see it as a necessity, because the Google phone is the only one worth it if you care about security.
The problem is not GrapheneOS, but rather that phone manufacturers other than Google don't care. Now if there were millions of GrapheneOS users, it would start becoming interesting for other phone manufacturers to care.
My point being that I buy Pixel in order to give more weight to GrapheneOS, in the hope that other manufacturers will eventually realise that.
direwolf20 3 hours ago [-]
Google makes high quality hardware and untrustworthy software. Graphene's approach is to take the hardware and leave the software.
adezxc 5 hours ago [-]
Yup, also Google Pay doesn't work, though there are other providers which work fine (Curve Pay I think works in all of EU), but it just made me carry my wallet everywhere and I understood I don't mind that at all.
stinos 5 hours ago [-]
Author is installing Google Play Services it seems, wouldn't that work around this?
In any case, for me this also sort of defeats the purpose: I'd rather break free from Google and Apple, not just (stock) Android and iOS.
UnreachableCode 5 hours ago [-]
No, because most banking apps call upon the Google Play Integrity API, which GrapheneOS doesn't (or can't?) use. There's a decent list kicking around of which ones work (Monzo, for instance).
Not really. On GrapheneOS, the Play Services/Play Store run as sandboxed apps, i.e. they are not system apps like on Android. They just run like a normal, unprivileged app. That's a lot better than on Android.
> I'd rather break free from Google and Apple, not just (stock) Android and iOS
If you want to break free, you don't have to install the Play Services / Play Store on GrapheneOS, just like you don't have to install microG on LineageOS. There is a misconception that microG is better than sandboxed Play, but I disagree. With microG, your apps still connect to the Google servers, so you're not "breaking free".
dgxyz 5 hours ago [-]
Does anyone know if HSBC's UK app works on it? I've seen inconsistent reports that it does and doesn't.
Edit: ignore this - there's a list elsewhere in this thread!
zhouzhao 5 hours ago [-]
Of course that is highly depdendet on the bank used, but so far none of my banking apps didn't work!
If you are using a rather popular banking app, chances are high that it has been discussed in the GrapheneOS forum.
Anyway, with google play services installed, mine have worked out of the box.
SirMaster 59 minutes ago [-]
How does this break free from Google? Isn't the Android that Google themselves writes and maintains the upstream of Graphene? Are they going to disconnect completely from upstream Android or something?
dangus 54 minutes ago [-]
The article directly answers your questions, specifically in the “what is GrapheneOS?” section.
For the end user, breaking free from Google means exiting from Google’s services surveillance system wherever possible. It doesn’t mean complete elimination of the use of source code written by Google employees.
GrapheneOS is really the most private option of all viable daily drivable smartphone operating systems available, because your only other options generally involve Apple and Google services dependency.
You can use GrapheneOS and never send any user information to Google, that’s how you “break free.”
nisten 4 minutes ago [-]
I switch from iPhone to a pixel 9 fold, and installed graphene after 2 weeks on stock android.
Look, it's better than stock android overall, UI much more simplified even though it gives you a lot more security control, battery feels slightly longer, but there are drawbacks, i.e. twitter/x wouldn't install, neither would my bank's app. However from time to time I go to use iOS on the iphone and it just feels like better software, with better ergonomics overall, the combination of the xnu kernel plus the design and feel of the..buttons.. on iOS is still years ahead in my opinion. So keep that in mind if you're switching away from apple to it, as android still feels like decade plus old software.
Now for the upsides.. there's a built in terminal and debian vm you can install and run your agentic AI tools (claude code,opencode etc) in a portable sandboxed environment which you just don't get onios. You can even fire up a graphical xfce session albeit that takes quite a bit of work to get it to go.
As for the tablet form factor of the phone itself when unfolded, i found it amazing the first few weeks and then later found myself rarely using it.
Overall I'm going to stick with itand will never go back to stock android, but am quite annoyed at how much better it could actually be.
rubymamis 5 hours ago [-]
We need Linux OSes and phones to catch up to really break free from this duopoly. Only when there is enough traction, essential infrastructure like banks will start supporting Oses like that. It's a chicken and egg kind of problem.
gf000 5 hours ago [-]
Android is a Linux OS and is eons ahead anything that would sit on top of "GNU/Linux" userspace.
Why start from scratch?
pelzatessa 3 hours ago [-]
I think that the main problem is that android has a lot of weird modifications that are not consistent with the rest of linux distros. The user data is suddenly in /data instead of /home, theres no package manager, no systemd (for better or worse), and there's hella lotta security gotchas, for example call recording is impossible without root as far as I know. I'm not saying that Android is not hackable, but it's a different type of hackability than desktop linux, you have to learn it all over again and in my opinion it's much harder to master than desktop linux.
I've been on ubports for 3 years and while it also has some weird caveats like read only rootfs, no working package manager (due to read-only fs. however ubports has pretty cool support for lxc containers where you can use apt). Due to chronic lack of time I haven't been able to sit down on my phone to play with it a bit (for example id like to install waydroid), but it seems a lot easier than android. For example, while there isn't an app for call recording, some guy worked around it by writing a systemd user service as a workaround[1]. This is exactly the type of thing I'm thinking about when talking "linux phone".
For me as a linux user, the difference if ubports was a human, I'd think that perhaps they were sick, whereas if android was a human, i'd shoot them in the face :)
Yeah, just need to decide where to start the fork. The larger problem is radio firmware. FCC regs were the initial excuse, for wifi and Bluetooth too, but we need to open up the source for all of these and allocate money for enforcement if we are truly worried people are going to start adding wifi channels etc. Open firmware phone radios would let you do things like truly turning off the radio when wifi was present, no gps ping even.
palata 4 hours ago [-]
The good news being that the work made by Linux on Mobile projects regarding the radio firmware benefits AOSP projects, and inversely, right?
palata 5 hours ago [-]
While I respect the Linux on Mobile work, I believe that AOSP is a lot better, with a much better security model.
Remember that GrapheneOS is not Android: it's an AOSP-based OS.
Hackbraten 3 hours ago [-]
You’re not wrong. The thing that bothers me is that AOSP is being developed behind close doors and controlled by a single company which wields way too much power and control over our daily lives, and which has a track record of abusing that power.
palata 2 hours ago [-]
Agreed. Though my hope is that AOSP could be forked. Without the contributions from Google, it would surely move slower, but... well it may work.
I actually had hopes that Huawei would start that with HarmonyOS.
svilen_dobrev 2 hours ago [-]
what happened to Sailfish? the successor of meego et-al
It is finnish, anyone knows how are they going?
i used that for 2 years, it's linux+kde bottom to top, a terminal + shell is a builtin, though only supporting 5+ years old Sony phones got tiresome.
Still.. it seems the only one that's usable enough apart of the duopoly. May have to switch to it again.
ttkari 2 hours ago [-]
There's a new Jolla Phone in pre-marketing phase right now (almost 9000 phones have been pre-ordered so far). First device deliveries are scheduled for this summer and this should easily be the new benchmark for officially supported SailfishOS devices.
The situation with Sony Xperia devices is not great, the best experience is still on the X10III (from 2021 I think) and there are significant issues with the support of 10 IV and V generation devices (a free beta release is available for those as well).
It seems that recently there has been quite a lot of buzz in the Sailfish community compared to the past few years. In the public repos there are some interesting contributions like xdg-shell support for Lipstick, which looks set to enable compiling many previously unavailable Linux apps natively if that will actually be integrated in an upcoming OS version.
Paianni 2 hours ago [-]
They have been underfunded for a decade now, with some unfortunate consequences - the web browser is based on Gecko 91.
Cider9986 60 minutes ago [-]
One thing that is a game changer on GrapheneOS is the network toggle for apps. Turn off network access for your keyboard, camera app, calculator, files, etc.
Gud 35 minutes ago [-]
Is there a great phone with high end specs this runs on?
Currently have an iPhone 16 pro, and probably my next phone will be something like this.
I need to be able to share photos easily with my wife, typically I’ve been using airdrop.
ramon156 5 hours ago [-]
Does anyone have a good grasp of the differences between GOS and /e/OS? I'm buying a Fairphone soon and was wondering what both are like
palata 4 hours ago [-]
I have been using /e/OS for 5 years, and also GOS. My take is:
- If your phone is supported by GOS, you should go for GOS.
- If your phone is not supported by GOS, you should look carefully and compare between /e/OS and Stock Android.
I had a Fairphone 3, and after 5 years, /e/OS was outdated by 4 years w.r.t. the manufacturer updates. In other words, Stock Android coming from Fairphone was more secure than /e/OS on that Fairphone.
In my experience, /e/OS has a tendency to claim that they support everything, but they just can't, there is too much. And then they complain when GrapheneOS criticises the fact that some /e/OS users believe their phone is well supported but actually isn't. And GrapheneOS is not wrong: I realised I was in that case after 4 years with /e/OS.
gnufx 2 hours ago [-]
> I had a Fairphone 3, and after 5 years, /e/OS was outdated by 4 years w.r.t. the manufacturer updates
Mine is running /e/ and reporting Android 13, which appears to be the last one Fairphone support. /e/ said it was too difficult to support 14 with the kernel involved. It's had continual security updates apart from the Android version.
Edit: Murena make it clear which phones are officially supported and which have "community" support.
palata 48 minutes ago [-]
> Mine is running /e/ and reporting Android 13, which appears to be the last one Fairphone support.
This is not the manufacturer updates. I was talking about the manufacturer updates. I just checked and someone complained a few months ago and they updated them. Before that, they had not been updated in years on /e/OS, but they were up-to-date on Stock Android.
> Edit: Murena make it clear which phones are officially supported and which have "community" support.
I bought a phone to Murena, advertised by Murena, through Murena. It really felt like it would be officially supported, otherwise they should have made it clear that they advertise and sell something that they won't support, wouldn't you say? My feeling is that they just stopped supporting it after a while.
Also I would assume that "supported" means that it receives both the LineageOS updates and the manufacturer updates. Apparently they have a different definition of "supported" (which is fine, maybe it's just "we will continue sending you our own updates"). It's just that in my book, if I get more security updates with the Stock Android than with /e/OS, then Stock Android is more secure.
In regular use, main difference will be that /e/OS comes with access to the alternative cloud service that project provides. It uses the default FOSS solution microG for google api compatibility, unlike GrapheneOS with their sandbox approach. /e/OS sets on AppLounge to install and upgrade both play store or F-Droid apps. Graphene has a small curated app repo instead.
I'd never use GrapheneOS since I don't trust the project. /e/OS is also not my favorite since it feels like it is developing slowly, having had issues with outdated software versions - though it does work well in practice. Have a look at iode for an alternative.
gf000 5 hours ago [-]
> GrapheneOS claims to be a lot more secure
That's not just a claim, this is an objective fact. GrapheneOS has a excellent track record when it comes to security, they have made several patches that got upstreamed to Android, etc.
palata 4 hours ago [-]
> I'd never use GrapheneOS since I don't trust the project
Fair enough, you choose what you trust.
But personally, I have never seen a technical claim from GrapheneOS that was wrong or misleading. But I have seen many claims from /e/OS that were technically wrong or misleading. So I trust GrapheneOS more.
Then there is the drama, and all sides annoy me when they behave like this. But I have seen drama coming from all sides.
onli 4 hours ago [-]
I have never seen drama from /e/ or any other project GrapheneOS attacks, like Calyx. Please link me to it - I asked this several times, people never can follow up. So far?
palata 3 hours ago [-]
> Please link me to it - I asked this several times, people never can follow up. So far?
Sorry, I won't spend 30 minutes digging to find that :-). I follow /e/OS, GrapheneOS and (followed) Calyx. I have seen messages from all of those either on forums, Mastodon, etc.
Also, whenever GrapheneOS makes a technical point (which is often a blunt "GrapheneOS is superior because [...] does it wrong"), many users of those projects answer aggressively (and of course many GrapheneOS participate as well).
And on top of that, a lot of messages criticising some GOS people or the entire project and calling them "toxic" whenever GrapheneOS is mentioned.
I have no skin in this game, so it doesn't touch me. But I could understand that the GOS people feel "harassed" by this. If everywhere I went people said "have you seen this guy? I hear he's toxic", I would consider it harassment, I think?
onli 3 hours ago [-]
Sorry, but then I take this as the usual - GOS is attacking other projects, that I can easily see in all their socials, and the other projects have done nothing wrong. GOS always claims that the other projects attack them since years, and never shows any proof. And indeed, I still never have seen any attack against GOS. Seems like this won't change today.
You or other readers can check https://github.com/mozilla/ichnaea/issues/2065 for a public display on how GOS attacks work when they are mixed into technical debates, how they destroy any chance of cooperation.
palata 3 hours ago [-]
> Sorry, but then I take this as the usual
Sure, you're free to do what you want. Just sharing my opinion given that I follow those projects from the outside.
> You or other readers can check
I guess what I am trying to say is that it takes multiple sides to argue.
For what it's worth, your link shows the founder of /e/OS engaging there. I have seen both technically wrong and misleading claims from the founder of /e/OS on Mastodon, then GrapheneOS explaining why they thought it was wrong on their forum, and then the founder of /e/OS calling them toxic and complaining about those attacks. And then /e/OS users would join the party and start attacking GrapheneOS, fully trusting those claims from the /e/OS founder. I can't really say that he didn't have any responsibility in the drama under those conditions...
Again, GrapheneOS tend to be blunt, but it doesn't make it technically wrong. And when the message is "it is unacceptable to us in terms of security", then it will be blunt anyway. I realised after years of using a phone I bought to Murena that my system (that they installed and sold to me) was entirely breaking the AOSP security model: it was signed with the Google testing keys and the bootloader was unlocked (and just couldn't be relocked, and anyway it wouldn't matter because of those keys that are not meant for production).
In other words, I bought a product to Murena that was unacceptable to me in terms of security, but genuinely thought it was better than Stock Android because of Murena / /e/OS marketing. I genuinely feel either they tricked me, or they didn't know it themselves. I have personally seen multiple /e/OS phones in a state where they were objectively less secure than Stock Android. I get that they don't like it when GrapheneOS says it, but that is not wrong.
onli 1 hours ago [-]
I still haven't seen what you describe, the behaviour of other projects. And I dont believe it without proof (since it was claimed so often by GOS without proof being shown, or in some cases with it obviously not existing).
For the security thing: It is wrong to claim that an unlocked bootloader completely breaks the android security model. If anything, it breaks one specific aspect, one that doesn't matter for many attacker models. Besides, on some phones the bootloader just can't be relocked, that's on the phone vendor though. Signing keys for bootloaders might just not matter if change detection was working or the bootloader was not relockable, but maybe I'm missing some specifics there.
So imho what you describe as catastrophic scenario likely wasn't one.
palata 43 minutes ago [-]
> It is wrong to claim that an unlocked bootloader completely breaks the android security model.
You seem knowledgeable about this, so I'll take the opportunity to ask: if I install a malicious app and it manages to escape the sandbox and alter the system, my understanding is that it will be detected next time I boot it (because the image hash won't match). Isn't that true?
> Signing keys for bootloaders might just not matter
Again a question, I haven't found it in the official documentation: aren't those keys the "system keys"? As in, if my system is signed with some keys and an app is signed with those same keys, doesn't it allow this app to be a system app?
I like GrapheneOS but they fail to understand in this post that the #1 security concern an android user face is the lack of privacy.
Sure they have hardened everything but realistically, that's not the main threat for your average user.
Their top contribution to android is the sandboxed Google Play, by far.
palata 4 hours ago [-]
I think it's more of a marketing claim from less secure systems that "privacy is not security, and GrapheneOS focuses on security while we focus on privacy".
GrapheneOS does care about both, quite obviously. And GrapheneOS tends to say that if your security is bad, then it is affecting your privacy too. Whereas others say "sure, we break the Android security model by unlocking the bootloader and signing our system with the Google test keys, but your apps will contact Google through microG instead of the Play Services, so it's more private". Which is worth what it is worth...
ForHackernews 2 hours ago [-]
This is only my opinion, but GrapheneOS's approach to privacy seems obtuse to me. They will claim that an unlocked bootloader is a risk, but then turn around and recommend you install proprietary apps GApps in their sandbox. The sandbox doesn't matter if all the private data is in the same sandbox!
Feels like you don't know what "the sandbox" is. It's not "their" sandbox, it's from AOSP.
When you run an app on Android, it runs in a sandbox. Meaning that your social media app cannot access the files of your banking app by default. They are "sandboxed".
On a normal Android, the Play Services are installed as a system app. It is privileged app that has "system" access. A system app is not sandboxed.
GrapheneOS allows you to install the Play Services and the Play Store as "sandboxed" apps in that they run unprivileged, just like WhatsApp or TikTok or your banking app.
So running the proprietary Google apps in the sandbox is obviously more private than running them as system apps, wouldn't you say?
ForHackernews 34 minutes ago [-]
If the Tiktok app passes your data to Play Services (say, to support notifications with GCM) then it doesn't make any difference that Play Services is nominally "sandboxed".
I agree there's some marginal benefit that sandboxed GApps need to prompt the user for permissions (rather than having privileged system level access) but at the end of the day, Google Maps will get GPS perms and Google will know everywhere your phone goes.
palata 24 minutes ago [-]
> If the Tiktok app passes your data to Play Services (say, to support notifications with GCM) then it doesn't make any difference that Play Services is nominally "sandboxed".
Sure, but that's the same if you run TikTok with microG (which will relay your data to the Google servers just like the Play Services) or in waydroid on a Mobile Linux. But you can't blame the system for what the apps are allowed to do by the user.
Take your Google Maps example: if the user wants to run Google Maps, obviously they will be sharing data with Google. It's very weird to blame the system for that.
What the sandbox brings is that for users who want to run the Play Services (because they want to run TikTok, knowing that it will share data with some servers, including but not limited to the Google servers through the Play Services), then at least the Play Services are not root on their OS. So then instead of running microG, you can run the Play Services and have the same kind of benefits.
Now if you don't want your apps to contact Google, then by all means, don't install the Play Services! But don't install microG either! And don't install Google Maps!
It's all about trade-offs, it's not an all or nothing situation. Sandboxed Play Services is better than privileged Play Services.
gf000 1 hours ago [-]
They recommend you install google play services if you need it. Privacy is in no small part a user-decision - no matter how secure your device is if you just scroll Facebook all day.
gf000 4 hours ago [-]
privacy != security.
And sandboxed Google Play services serve both goals -- it runs the service as a regular android service, not an exceptional one that has a bunch of extra permissions. So you can allow/restrict it as you seem fit, while not "getting behind" on features/apps that mandate it.
realusername 4 hours ago [-]
I disagree, privacy is an essential part of security, if there's no privacy, then there's no security.
That's also why I don't keep anything important on my phone as I don't trust what's going on there despite having all the secure features that you would want.
scheeseman486 4 hours ago [-]
Other way around, actually. It's possible to make concessions to privacy, like providing crash reports, or running applications in sandboxes which limits what they can harvest, while keeping the platform secure.
Any privacy you have on a system is reliant on no one tampering with that system and on software behaving itself. Without security, you can't trust the system to implement any privacy.
realusername 4 hours ago [-]
I also disagree with that, I trust my Linux distribution to behave well much more than I trust any Android platform and it doesn't even have much app sandboxing at all.
You can't fix a lack of trust like you have in Android with technical solutions. The flaw in Android is fundamentally a social problem.
scheeseman486 4 hours ago [-]
That reads more as sports team flag wavey thoughts and feelings trust than anything actually backed by objective data.
realusername 4 hours ago [-]
That's the difference between trusted computing (Linux distribution) and untrusted computing (Android).
If you want something backed by objective data, my phone has an advertising ID built in the OS and my laptop doesn't. My phone had 100s of privacy scandals and my laptop doesn't have one.
I do applaud GrapheneOS don't get me wrong but I have a feeling that they are fighting a losing battle.
noirscape 5 hours ago [-]
GOS creates a complete bunker of a phone that can provide defense against pretty much all but the most dedicated state level actors. If you're worried that someone would steal your phone specifically to target you, Graphene will protect against that. Securitywise it's hard to argue against them, although GOS tends to sacrifice usability in favor of security, which leads to odd decisions. Their device depreciation timeline is also pretty aggressive and really just matches that of the Pixel. (You're also buying the Google phone... to not want Google in your life; this bizarre paradox will always be strange). It's not exactly a recommendation for long-term support. Worth noting however is that usage of GOS is also seen as a signal in and of itself for the authorities that you may have something unsavory to hide, so using it stands out in that regard; some law enforcement officers (I think it was in Spain?) have said that the OS is popular with organized crime. GOS obviously denies the connection and they're probably honest in that the OS isn't deliberately designed for criminals, but it's worth noting at the very least. (Basically GOS is the paradox where someone trying their hardest to be anonymous ends up standing out way too much from the crowd and drawing attention to themselves.)
/e/OS (and similar "non-LineageOS" ROMs really) instead focus more on de-Googling. They're still generally security focused, but the priority is less "someone's after you" and more "corporate surveillance is kinda scary innit". The aim is less to avoid someone actively trying to drain your phone of data and more to prevent your phone from passively sending everything it can possibly find to the Big G's ad machine (as well as whatever other trackers get snuck into apps.) Because of this, they usually have better depreciation timelines and support a lot more devices compared to GOS who only support the Pixel line (which is an increasingly awful set of phones truth be told); their scope is much smaller.
Finally, it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS. It's extremely maximalist, tends to get very upset at other projects whenever they get attention (see sibling reply to this, where they pretty much melted down because an outlet dared to recommend a Fair phone+/e/OS) and the projects official channels have generally encouraged this sort of behavior. It doesn't really damage the software itself, but it's worth considering.
palata 4 hours ago [-]
I have been a user of /e/OS for 5 years, and also of GOS and would like to share my opinion on this:
> it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS
What I have seen (and I am not involved in any of those projects) is that GOS does care a lot about security, has a higher quality in that regard than anything else, and tends to be blunt about "inferior" projects communicating about security.
Not that they couldn't improve their communication style, but usually when they call out technical limitations of other projects (e.g. /e/OS), they are right. And I mean the technical arguments. Then I have seen a bunch of drama, but to be fair I have seen those other communities show toxic behaviour towards GOS just as much as the opposite.
It feels like it is GOS vs "the others", because the others don't criticise each other, and GOS bluntly criticises when they see claims they find are wrong (I have seen claims by /e/OS going from misleading to downright wrong).
On my particular phone, after 5 years with /e/OS, the Fairphone updates were outdated by 4 years. In terms of security I would have been better with the Stock Android. It depends on the phone of course, because /e/OS tends to claim that they support everything and they just can't. Even on a phone that /e/OS supports well, GrapheneOS is superior, period.
But I agree, I could do without all the drama. I guess my point is that it goes both ways.
zwarag 49 minutes ago [-]
I guess on /e/OS you can just run Google Maps in a browser if you really want Google Maps features (like searching for a restaurant).
Organicmaps works fine if you just need to get from A to B. It does lack live traffic, but you'll have to live with fewer features if you really want to not use Google for most stuff.
lejalv 4 hours ago [-]
/e/OS/ was bad with updates for a long time (I had to switch 2022). IodéOS is very good at it, in my experience (I have used all three)
palata 4 hours ago [-]
> /e/OS/ was bad with updates for a long time (I had to switch 2022).
In my case, it was a few months ago, so end of 2025.
I think it's just that they can't possibly support thousands of Android devices. I just don't like that they are not being very clear about it. You would think that buying a phone through Murena would guarantee some kind of support, but it actually doesn't.
ForHackernews 2 hours ago [-]
The main difference is that GrapheneOS prioritizes security hardening first and foremost (above usability or compatibility). /e/OS focuses on privacy (i.e. reducing data leakage to adtech) and usability over security.
To put it concretely, GrapheneOS recommends running all the proprietary Google apps in a locked "sandbox" so they can't read data on the phone outside the sandbox -- but obviously Google still gets to see everything you do in their apps. /e/OS tries to provide [largely but not entirely FLOSS] alternatives (e.g. their own Maps app, their own email, their own calendar) that make your phone usable out of the box without Google software.
gf000 55 minutes ago [-]
> but obviously Google still gets to see everything you do in their apps
Well, the actually scary part of google services is that they have this quasi-elevated access in your phone where it can do a lot of stuff ordinary android services just can't do. E.g. google maps' location sharing works this way (but don't quote me on that).
GrapheneOS managed to "put it back into the bottle", and it runs as a regular android service anyone could write, with the same rules applying. So you have much more control on what you allow it, and this will also limit what data apps relying on google services can leak about you.
There's several AOSP based ROMs in forums like xda. Mostly developed by enthusiasts.
Recall using one years ago on my Samsung device with happy results. That was long before banking apps etc. Wondering what's the difference with this? Extra security?
h4x0rr 5 hours ago [-]
"Break Free from Android and iOS"
looks inside
- Android
mft_ 5 hours ago [-]
It should probably be "break free from Google and Apple"?
g947o 4 hours ago [-]
As long as it is based on AOSP, it is at the mercy of Google to release source code and updates. Given recent trends, I wouldn't be surprised if Google stops shipping Android source completely.
mvanbaak 2 hours ago [-]
how will it help you to break free from apple if it only supports pixel phones?
mft_ 1 hours ago [-]
One reason that people use Apple phones is they are seen as a less privacy-invasive option than Android/Google.
So it would follow that a valid privacy-respecting third option would potentially help Apple customers as well as Google customers.
to3k 5 hours ago [-]
You are right! I will change the title :)
palata 4 hours ago [-]
GrapheneOS is not Android. It's AOSP-based.
seba_dos1 3 hours ago [-]
You may be surprised to learn what that "A" stands for.
Do they just not have ANY screenshots of the OS anywhere on the web site
OuterVale 1 hours ago [-]
It is just Android. If you're familiar with the usual Material styling of Android, you're familiar with what Graphene looks like.
matthewkayin 1 hours ago [-]
It looks about the same as stock android.
1 hours ago [-]
HunOL 4 hours ago [-]
It's not breaking free from Google, but pretending it does not affect you. You are still at mercy of app developers and Google which may introduce some changes that will affect you. Additionally you never know what will work or stop working.
Tepix 3 hours ago [-]
If something truly unacceptable happens, you still have a while to switch to something else, in the meantime you will still have a working system.
_heimdall 3 hours ago [-]
That's pretty unavoidable at that level unless you are able and willing to build your own phone hardware, OS, and all the apps you need.
What about device attestation? Will you be able to run banking apps and Netflix et. al.?
For me the biggest concern is that while you may be able to use and run your own device, you will be locked out of most propietary services. Much like how more and more websites simply don't work with Firefox anymore.
galangalalgol 5 hours ago [-]
I only use Firefox. It has been years since I ran into a chrome only website. Though recently I ran into an edge only websit on my corporate network, not even sure how that happens.
buzzwords 5 hours ago [-]
This might be one of those things were if there is big enough user base, companies will start to take it seriously.
domh 3 hours ago [-]
Here's a community maintained list of apps and whether or not they work:
Am I the only one who finds monospace font barely readable for articles? Good for code, bad for longer forms of text.
agile-gift0262 2 hours ago [-]
I've been using it for more than 2 years, and I can't think of ever going back to a stock OS. I had to send my phone for a screen repair, in the meantime I picked up my old Samsung, and the sheer amount of apps I didn't want, notifications and dark patterns to tricking me into handing over my data made me anxious. I couldn't finish setting the phone up and drove to my parent's home to pick up their old, remotely nerfed by Google, Pixel 4a so I could install GrapheneOS into it and use it while I waited for my repaired Pixel 8.
iugtmkbdfil834 2 hours ago [-]
~6 months here. In my case, it became almost a full daily driver ( putting corporate spyware on it would kinda defeat the purpose ). It is by no means perfect, but I can recommend it ( and I could not do the same with other phones that should have been better on paper -- linux phones like pinephone or purism ).
netbioserror 2 hours ago [-]
Same. Not only has using it been no trouble, but having a barebones core app selection, a few picks from F-Droid, and using the browser for the rest makes my phone feel refreshingly under my control. It lasts for 3-4 days of low usage to boot, when nothing is phoning home constantly.
the_arun 34 minutes ago [-]
My observation is - It is the ecosystem that is sticky not just the OS.
empyrrhicist 18 minutes ago [-]
You can install Google Apps as a regular set of user apps rather than a system-level admin monstrosity, and it mostly works - Play Store included.
Whether or not that defeats the purpose is an exercise left to the reader.
gargan 2 hours ago [-]
Break free from Google by paying money to Google for a Pixel phone? Even with a used Pixel, you're helping prop up their used market value which helps Google
paulnpace 2 hours ago [-]
This statement implies ignorance to the reasons the project selected Pixel devices.
palantird 4 hours ago [-]
> "Perplexity - I switched to Gemini, but I confirm it works"
Oh the irony.
raincole 4 hours ago [-]
Where is it? I had a really hard time finding the irony.
rcMgD2BwE72F 1 hours ago [-]
If they switch mostly for privacy reason, then starting using Gemini might be counter productive as Google might learn far more about the end-user than if they just did some basic search on any other Android devices. To enable Gemini, one was to accept some crazy T&C and accept that Google collects an incredible amount of personal data.
I prefer to use intermediaries like Kagi Assistant, thanks to the strict privacy conditions of the API and the mixing of queries from thousands of users.
raincole 6 minutes ago [-]
I mean... yes? But I really don't think there is any 'irony' here. The author clearly stated:
> It’s thanks to them that we even have the option of at least partially freeing ourselves from Google (Android) and Apple (iOS)
partially. And I do think they successfully did this. Asking Gemini questions when you really have something to ask is very different from integrating your whole digital life with Google.
randusername 2 hours ago [-]
How are the cameras on the latest devices running GrapheneOS? My last Android experience was the Oneplus One and the experience left me with the feeling that cameras are just too proprietary to work well once you go tinkering with custom ROMs and camera apps.
I'm not a photographer or anything, I just want to quickly point and shoot and get on with whatever I'm doing without thinking too hard.
gf000 52 minutes ago [-]
You can run the proprietary Pixel camera software on GrapheneOS just fine (properly sandboxed).
ForHackernews 2 hours ago [-]
GrapheneOS only works on Pixel devices so it only targets a very limited set of Android camera hardware.
lpcvoid 5 hours ago [-]
Been using GOS since roughly 2020. I refuse to use a Phone without GOS on it. It's been amazing.
palata 4 hours ago [-]
I am really hoping that other phone manufacturers will eventually realise that and start making phones that can be supported by GOS.
mnmatin 4 hours ago [-]
Wallet Apps and Tap-to-pay do not work. Even got banned from PayPal. Android needs an architectural change from the ground up.
dopidopHN2 4 hours ago [-]
I'm happy with grapheneOS as a daily driver.
Can you elaborate on being banned from paypal so I don't do the same ?
ozlikethewizard 4 hours ago [-]
I mean you're not degoogling yourself if you put all your transactions through a google server. Cash if possible, card if not.
(Also it is possible to do these things if you root your phone, but caries its own risks and I wouldn't recommend. Ending your dependency on third party processors is probably the best outcome)
Tepix 3 hours ago [-]
If you don't use the paypal app, you should be fine, right?
pickleglitch 2 hours ago [-]
I had to replace my old phone a few months back and I went with a used Pixel 8 pro from Backmarket specifically so I could try GrapheneOS. I'll never go back if I can help it. I love this OS.
OptionX 1 hours ago [-]
"Break free from Google"
All supported devices are exclusively Pixels.
wseqyrku 3 hours ago [-]
It's weird that here on HN some people are trying to break free from Google and Apple and on the other side some people are married to Gemini, and both look like to be the majority at times.
bo1024 3 hours ago [-]
What is the smallest phone that Graphene will run on? I would love to switch but these massive pixel phones are a no go for me.
kevin_thibedeau 3 hours ago [-]
> Break free from Google and Apple
Step 1: Buy a Google phone
daoboy 5 hours ago [-]
Many are complaining about banking app compatability, but I've never felt compelled to use anything other than my browser for banking. What's the big deal with the banking apps?
Am missing out on some huge advantage here?
dgan 5 hours ago [-]
Some banks force you to validate transfers on your phone; unfortunately its not the user who decides
rationalist 3 hours ago [-]
Depositing checks by taking a picture of them.
haunter 5 hours ago [-]
Break free from Android... by installing Android? I'm not sure it's really breaking free when the first task to do is intall Google Play Services so your banking app works.
Even then banking would probably only work through the browser... Sad state of the world really.
arein3 5 hours ago [-]
And the 50% of banking apps still wont work because it wants an android signed by google.
And no tap to pay.
Hopefully the new EU banking system will work on Graphene and Ill switch back
lejalv 4 hours ago [-]
I would put the focus on having capable web-banking. I never install the banking app on my phone.
I must also be getting old, because I don't get the big fuss about NFC payments. Firstly, I'd never use them if they go through Google/Apple. But even when/if they don't, it's not a big deal to use a card, isn't it (if you hate cash)?
palata 4 hours ago [-]
Agreed about NFC, I'm happy to scan a QR code.
> But even when/if they don't, it's not a big deal to use a card, isn't it (if you hate cash)?
Card is usually linked to the US. Some people would like to not depend on that. But the rational solution IMO is for the banking system to use QR codes instead of NFC. Some countries do that and it just works.
lejalv 2 hours ago [-]
> Card is usually linked to the US. Some people would like to not depend on that.
You have a point, and even though it looks like it will be a very corporate-driven system, and possibly dependent on Google or Apple, there seems to be an EU payment system on the making (if it ends up depending on Google or Apple, that will be the irony of leaving VISA/Mastercard to fall in the fangs of Google / Apple, but... oh well, one step at a time).
I think the name is Wero, it was on HN a few days ago.
palata 4 hours ago [-]
> And the 50% of banking apps still wont work because it wants an android signed by google.
Where do you get that number from? All the banking apps I've tried work on GrapheneOS.
> And no tap to pay.
There are countries where the payment terminals show QR codes, and banking apps work by scanning it. No need for NFC :-).
Maken 4 hours ago [-]
The new payment networks are not an independent app. They are a protocol your banking app has to implement, so unless your bank supports non-Google phones you are out of luck (not my case, thankfully).
wisplike 5 hours ago [-]
[dead]
palata 4 hours ago [-]
You're confused. GrapheneOS is not Android, it's an AOSP-based OS.
> I'm not sure it's really breaking free when the first task to do is intall Google Play Services so your banking app works.
sandboxed Google Play Services. It's an important difference.
hengistbury 3 hours ago [-]
What is the difference here between "Android" and "AOSP" (Android
Open Source Project)?
palata 2 hours ago [-]
AOSP is Android without the Google proprietary stuff (and without the manufacturer proprietary stuff, e.g. Samsung's). If you install bare AOSP, it will look like the Android on a Pixel phone, but the biggest difference you will see is that it won't have the Play Services or some Google apps.
If you want to be a certified Android system (like all Android manufacturers do), you have to port AOSP to your hardware, install the Play Services as a system app (giving Google root access), install the system apps you want (e.g. Samsung have their own UI, maybe their own camera, their own store that they want to be installed as system apps), pass some conformity tests by Google (Google wants to ensure that it's good enough to be called "Android") and pay a ton of money to Google for the licence.
But as an individual, you can just download the AOSP sources, build them and install them on your phone. It's AOSP, but not Android.
GrapheneOS is based on AOSP. /e/OS is based on LineageOS which is based on AOSP. Those are not Android systems, they are AOSP-based systems. In a way like Linux Mint is based on Ubuntu which is based on Debian. Those are different layers. If you hate Canonical, it doesn't mean that you have to hate Debian, even though Canonical does contribute to software that runs in Debian (like the Linux kernel). The comparison is worth what it's worth, but I hope you get my point :-).
GrapheneOS is Android isn't it? Same binary blob issues and such? Or is that not an issue on Pixel devices?
palata 4 hours ago [-]
It is not. GrapheneOS is AOSP-based.
But yeah, same binary blob issues for firmwares, but Linux on Mobile has the same issues.
dizhn 15 minutes ago [-]
It's not very important but what are you referring to with "it is not" ? AOSP is Android (it's in the name) so I don't get it. Are you talking about blobs re Pixel devices?
arbirk 2 hours ago [-]
If Apple partners with Starlink, this is my next mobile OS
mrcwinn 29 minutes ago [-]
I really doubt they have an issue tracking you despite all this added effort.
lambdaone 4 hours ago [-]
It's a sign of how far we've come that this article says "Break Free from Google and Apple", not "Break Free from Google, Apple and Microsoft".
nusl 4 hours ago [-]
People seem to fondly remember the Microsoft phones. If they made them now though, I can't really imagine what sort of Copilot-filled abomination they would be.
guerrilla 4 hours ago [-]
Yeah that's not actually good. As much as I'd never use anything from Microsoft, having less diversity is not a step in the right direction.
Tepix 3 hours ago [-]
I heard that Windows on phones is about to make a return later this year, thanks to NexPhone.
trvhar 3 hours ago [-]
Breaking free from Google by using a Google phone with a Google designed processor
yamapikarya 2 hours ago [-]
is it worth to buy google pixel just for installing grapheneos? in my country, it is kinda pricey and of course it cannot install bank apps because almost all of them are must non root phone.
riedel 2 hours ago [-]
Break free from Google by buying their hardware and be dependant on them to actively support the device. Things are absurd at this stage. I guess there is different motivations behind mobile OSes.
xvilka 5 hours ago [-]
They should get the same level of financing (donations) as Tor project at least. Some big organization like Open Technology Fund or NLnet should give them yearly grants.
It's very annoying that they restrict themselves to Pixels. I get they can't guarantee all the security features they want on other phones, but even a subset of those security features and the other advantages like the lack of cruft would make it very attractive to be able to run on other phones.
zer0zzz 50 minutes ago [-]
Why is it that Google find my doesn’t work? I can’t get it running on my pixel, seems like a known issue.
lanfeust6 51 minutes ago [-]
I use this and lineage, but in a few years time this could be moot if Google decides to completely lock down devices. That leaves commercial options like Fairphone
jokethrowaway 2 hours ago [-]
I really don't want to give Google money so the Pixel is off for me until GrapheneOS supports something else.
For now I consider smartphones as disposable toys that can't be trusted with anything sensitive and use a computer for privacy.
I also don't like the idea of running Android, I still hope for a real linux phone at some point.
>Because google actually cares about hardware and software security.
That statement might not have aged so well, especially consindering googles attempt to lock out apps from their devices, If the developers do not comply with being oficially registered.
lowdude 5 hours ago [-]
There is a difference between security and privacy or freedom of use. Locking down the device to only allow a subset of apps that Google has some control over (by requiring developers to register) is a measure that can increase security, even though it obviously takes some control away from the end-user.
The fact that the play store is not exactly known for exceptionally high standards w.r.t. malware, or that there are lots of valid concerns that come along with a company controlling who is allowed to supply apps for the device is a different topic.
izacus 5 hours ago [-]
Don't mix security and freedom. They're commonly opposed to each other.
palata 4 hours ago [-]
This is true, I don't get the downvotes.
erremerre 5 hours ago [-]
I believe (as it's open source) there is nothing impeding anybody else to compile grapheneOS in a samsung S10, which would not be as secure, but should still work as any lineage
However I haven't seen anybody try
anal_reactor 4 hours ago [-]
Because phones have device-specific code. Effectively, each single model is running its own fork of Android. Naturally, Google has no incentive to change this - it makes it difficult to update (planned obsolescence) and install other software (like GrapheneOS).
StilesCrisis 2 hours ago [-]
I can't take this seriously when their mission statement is to "break free from Google and Apple" and their entire output is a fork of a Google repo.
If you're based on AOSP, the project is still 100% reliant on Google!
It seems extremely cynical to me to depend on the work of a thousand-man team to build your OS, then patch out a couple of lines and claim you've broken free from them. Without Google, none of this project could exist.
niam 2 hours ago [-]
You'd be pleased to hear, then, that "break free from Google and Apple" is not Graphene's mission statement, because this is a blog.
m00dy 1 hours ago [-]
If you are using social media, you might get a shadowban, just because you needed to unlock your bootloader to install this OS.
the OS is great, but too risky in certain situations.
bohdokas 3 hours ago [-]
Hah, just talked with my colleague, his feedback is that it’s too raw to be used daily
rationalist 3 hours ago [-]
You might want to reconsider trusting your colleague's technical opinions.
axegon_ 4 hours ago [-]
For some (and other not-so) obvious reasons I switched to Graphene a few weeks ago. For years I've been pushing towards de-cloudifying my digital life and there were several reasons for it: On one hand it was the constant content subscription which gave me 0 guarantees that what I am interested in will still be available the next morning, even though I've paid for it, and the other was, you guessed it, the idiotic LLMs everywhere and subsequently the complete annihilation of security practices by giving a probabilistic model unrestricted access to all of your data.
First things, first, kudos to the GrapheneOS team for making it this easy to install and the surprisingly rapid support for new devices. Sure, there are features which I otherwise liked in the stock android that came with Pixel phones(swipe typing is something I very much enjoyed) but all in all, I can't say I miss much from it otherwise. I've slimmed down my list of apps to basic functionalities backed by self-hosted services (nextcloud, immich, jellifin, etc. along with a VPN I maintain myself) and I honestly don't miss much from the stock Android.
I want to point out that for a very long time I worked for a company that developed games for mobile devices and while the data we collected was mostly anonymous(*unless you logged in with facebook and by implications we had your facebook id) and it was never even utilized all that much beyond bad attempts at maximizing sales(not effectively anyway cause the people in charge were as incompetent as they could get), I can say that we collected ungodly amounts of data: most of the cloud bills were storage for that specific reason. While we did not have bad intentions and had to operate under strict GDPR regulations, this was a large company that was constantly monitored. Small companies can fly under the radar and get away with not abiding by the rules and laws and commonly they are not even aware what the repercussions could be. Similarly, the US and Asia-based giants can simply shrug it off and toss a few billions in fines. Make no mistake, no company is looking for your best interest and with that in mind, I couldn't recommend GrapheneOS (and self-hosting everything) enough, assuming you know what you are doing.
8K832d7tNmiQ 4 hours ago [-]
Check out FUTO Keyboard, It has swipe-typing feature.
PlatoIsADisease 3 hours ago [-]
Anyone like GrapheneOS better? Like it has some features? Or is it a locked down version of Android?
MattTheRealOne 5 minutes ago [-]
I love the ability to block apps from accessing the network. There is no reason apps like the keyboard, camera, or other offline apps and games need access to the internet.
deafpolygon 4 hours ago [-]
GrapheneOS is like using Firefox. Works on most sites, but those few things just don’t. Maybe it’s a dealbreaker for some. And they’re dependent on Google.
user3939382 4 hours ago [-]
What you want is a solar 6502 with lots of memory and GMRS mesh
villgax 5 hours ago [-]
Unless govts make web a primary citizen of information dissemination and acceptance, it will be only apple/google on the sim card linked access
kittbuilds 28 minutes ago [-]
[dead]
thomassmith65 3 hours ago [-]
Full control over app permissions
GrapheneOS allows for full control over what permissions each application can have.
For example, in conventional Android forks, every application by default has granted
Network (internet access) and Sensors [...] permissions.
Has anyone ever wondered if all apps on a phone need Internet access?
Well, Apple made privacy a major selling point, so I'm sure you can do this on iOS, too. /s
Break free from Google and Apple by buying a phone from Google /s
backscratches 3 hours ago [-]
I commented elsewhere but GrapheneOS on Pixels actively siphon resources from Google and is arguably a good protest against google.
They subsidize Pixel hardware (to incentivize users to adopt their spyware OS), you (buying used obviously) take their subsidized hardware and do not repay them by using their spyware, replacing it with Graphene. Only google loses. Their hardware is technically very good otherwise (in fact no other hardware fits the strict graphene security requirements).
imcritic 2 hours ago [-]
How about they start supporting more devices instead?
to3k 6 hours ago [-]
[flagged]
5 hours ago [-]
Rendered at 15:42:37 GMT+0000 (Coordinated Universal Time) with Vercel.
It's mind boggingly stupid that they lock down apps like this, when you can just open the thing in a website anyway. I can use my bank on some linux distro, crazy that they trust me since it is not Windows - the truly secure OS!
Knew about those things before I started, so all in all I'm pretty happy. I'd recommend NOT using different users for different things (I started with banking etc in one profile, that ended up being a huge PITA and according to their docs it is mostly security theater anyway). Happy tinkering!
auditors are clueless parasites as far as im concerned. the whole thing is always a charade where the compliance team, who barely knows any better tries to lie to yhe auditor, and the auditor pick random items they dont understand anyway. waste of time, money and humans.
Unfortunately, the rot runs too deep.
Pick up the can!
Gotta admit, this triggered me. I don’t think those are the same thing. If no one had a good password we wouldn’t affect each other negatively. If no one picked up trash, we would.
Not in Spain. I can access my bank's website but I can't do anything without their bank app. Even sometimes they require to confirm my identity using their app in order to access their website.
I have several linux phones but I can only do banking with their app downloaded from Aurora Store in my Vollaphone.
Here in central Europe I can still access the bank website fine without smartphone. I need a physical device to yield a TAN though, but I can access and do online transactions fine. So I think something is wrong with the spanish government. People need to protest.
And that is mandated by the EU.
I don't know about Spain specifically, but as far as I understand it no bank in the European Economic Area + UK should allow banking via just the website alone anymore, because of the "Revised Payment Services Directive" (PSD2) regulation.
Essentially, banks are required to implement "strong customer authentication", which in essence is just multi-factor authentication with a password + either biometrics or a security device of some sort.
And in practise that means a banking app, because most people do not want a separate token they have to buy and can lose. Though a lot of banks do offer those as well.
(When will people learn that biometrics are not another factor: they're entirely public and irrevocable. It's not just security theater, but Apple & Google know that this forces you into their ecosystem, which should be illegal. Of course, Brussels is full of rubes anyway.)
"a device could be used as evidence of possession, provided that there is a ‘reliable means to confirm possession through the generation or receipt of a dynamic validation element on the device’"
So in essence the TOTP has to be bound to the device in a way that prevents users from just extracting the secret and putting in in their password manager. Hypothetically that would still allow Yubikeys and other security keys that provide attestation from the factory, but in practise banks probably don't want to deal with the support headache and just provide their own, like the TAN generator mentioned by other commentors.
Two other highlights from the interpretation of the EBA:
"App installed on the device" -> not compliant
"In the case of an SMS, and as highlighted in Q&A 4039, the possession element ‘would not be the SMS itself, but rather, typically, the SIM-card associated with the respective mobile number’."
"SIM-card associated with the mobile number" - is that even technically possible? Do mobile carriers provide a API for banks to verify that a number still corresponds to the same SIM card? If so I've never heard of it.
[0] https://web.archive.org/web/20191207213213/https://eba.europ...
It can be SMS. As said in another comment, the main banks in Spain offer this authentication method while being PSD2 compliant. Some also offer a card with coordinates. So it's not mandatory in any way to use a banking app.
But yes banking apps are not mandatory, and likely won't be in the near future either, though the alternatives are treated a bit like second class citizens.
https://triodos.es has 2FA via SMS, for what is worth.
- RBC 2FA is that if I try to login through my browser, the phone app will ask if I authorize the login. I think I can disable this and use sms/call, but that's even more insecure, so I don't.
- TD lets me login fine and do everything in the browser. But any online transaction that is moderately large or presumably fishy, will force me to authorize the transaction via the app.
These are among the largest banks in Canada.
If someone wants to try Graphene os maybe that option will work on their banks too.
I've seen this elsewhere, and it's absolutely ridiculous.
Why?
Because in almost all cases, the apps may only be installed with Google Play, and require the framework to work correctly. And that means?
If you are not in good standing with Google, you cannot bank!!
I cannot stress how inane it is, to have Google or Apple as the gatekeeping to identify verification. How not having an active, in good standing account with one of these two, means you cannot bank.
And it's happening more and more.
Meanwhile, banks -- which tend to make billions in profits quarterly, do this to save on infrastructure costs. They do it so they don't have to stand up their own push servers, or have an app which doesn't require firebase.
Well cry me a river, boo-hoo Mr Banker, I'm not even remotely interested in you saving on infra-structure costs at the loss of autonomy. And on top of this, many banks are reducing hours, closing branches, claiming that they don't need them.
Leaving absolutely no other choice.
This sort of thing should be illegal. Being in Spain, but requiring a US megacorp to tell your own bank, that you're you.
I don't agree with this dependency on being in good standing with Google either.
But there is a technical reason that isn't wanting to avoid using their push servers. It is about battery usage and radio bandwidth.
Keeping open an idle connection over WebSocket, long-poll HTTP or TCP/IP needs regular pings (typically 30 seconds are used), one ping per connection. Otherwise your app can't be sure to receive messages from the server in real time, as the connection can disappear into CGNAT or similar hole where it doesn't receive messages sent by the server. To an app not using pings to check, such a blackholed connection is indisinguishable from an idle connection with no pending messages.
Waking the radio every 30 seconds, times 2 (back and forth), times the number of registered applications, would be quite battery draining. It drains battery both for background CPU usage and radio processing. Those pings in aggregate can even amount to a significant amount of data usage for users on smaller plans.
So there is a battery and radio advantage in using a shared push service, which only need a single idle connection to be kept live with 30 second pings.
There's another level to this, not available to regular developers using TCP/IP, HTTP or WebSockets.
The mobile network itself has to maintain handset connection liveness to the nearest tower, at a lower level than IP pings, and this is obviously optimised for battery and radio performance, and always running.
With arrangements in place with the mobile networks (which Google and Apple have), the mobile OS can leverage that for more reliable, lower power push notifications, by either guaranteeing the network will send something technically similar to a low-level SMS when there's an outstanding message, or by guaranteeing their special push IP connection will stay live by itself (no CGNAT blackhole) or be notified if something happens to it.
This allows the mobile OS to offer a shared push service that's fairly reliable at real-time notifications, with zero continuous CPU and radio power overhead for the idle connection.
When I want to do banking I'll open the app, do my business, then close the app. A banking application does not need push notifications.
Clearly, real-time notifications are useful with many apps, notably real-time messaging, even if you don't think they have a place with bank apps.
For bank and credit card apps, I find their push notifications to be very useful. They are among the most useful notifications I get, because they tell me about things I find important, which I wouldn't notice otherwise.
They tell me things about transactions that have gone through, sometimes after a long delay, transactions that need confirmation right now or they will be blocked, balance being too low, or too high (credit cards), payments that are required today, refunds that came through after a product was returned, transfers that completed on the receiving said, payment received from a client, direct debits that are going out tomorrow so I will need to make sure there's enough in the account, customer service messages that require a response from me or they will eventually close the account, and so forth.
"Just open the app" doesn't work: All of those, except transaction confirmations, are things where I wouldn't know to open the app if I didn't get a message of some kind to tell me.
These days, in some juristictions it's also required to send real-time notification to confirm some purchases, because the phone's security is considered better than card details alone. Depending on how the purchase is made (e.g. in-person vs online, different payment terminals), you might not know the reason a transaction is blocked or held is because it's waiting for you to confirm in the app, so the notification is useful for this.
All these used to be done by SMS, and that was useful too. But SMSs are just push notificatons with a worse UI and worse visual cues.
I am too lazy to test, but did this change? Can't you just make a "fake" account and continue with your life? The phone company knows where you are, the bank knows what you purchase. Compared to that Google will know far less (ofc, if you don't activate everything)
I find it much more insane that it was possible for so long to do banking WITHOUT strong authentication (however implemented) by just providing those 3 numbers on the back of the card (strong security!)
> If you are not in good standing with Google, you cannot bank!!
> I cannot stress how inane it is, to have Google or Apple as the gatekeeping to identify verification. How not having an active, in good standing account with one of these two, means you cannot bank.
Having to register some phone number (does not need to be your main number, a sim card is quite cheap) to a "fake/unused" email address (even if as you say you are required yo) does not require you to "be in good standing with Google" and they are not gatekeepers of identity.
At this point in time I feel the banks and the mobile phone operators are much worse managers of identity, because, for example they even accept stolen identifiers to make an account in "your name" - for me that's more ridiculous, not that they require some multiple factor of authentication.
Absolute madness.
1. Revolut app stopped working so I emptied my account and opened a Wise account which is fully administer-able from their website. Revolut has subsequently started working again after a couple of app/OS updates.
Yes, I've been doing that since 2009 on Ubuntu and Debian but there are several caveats.
One of those banks has its own TOTP device and they won't replace it when the battery dies. It's almost 20 years old now. Then it's the fingerprint sensor on my phone.
The other banks authenticate accesses and many operations with either their app + fingerprint (all of them) or SMS (some of them). So basically I would still need a phone with a blessed OS. I could buy the cheapest one and store it in a drawer, but it's still a dependency on Google or Apple.
GrapheneOS requirement of Pixel devices is a dependency on Google too.
They are currently working with an OEM to release a non-Pixel GrapheneOS phone in the future.
In any case, replacement stylii are very cheap online. Less than a screen protector.
But, yes, you can't tap to pay and it's unlikely you ever will. Banking apps will be hit and miss depending on their (generally hypocritical) paranoia levels.
I pay with a tap-to-pay card, and I have never needed to do banking related things immediately, I've always done it via the bank's website.
I also still have a not-very-old 'normal' android phone for some edge cases - which are few and far between (actually, I think it's usually to cast youtube to the TV since I only have the revanced youtube app on the GrapheneOS device).
P.S. On the use of profiles, I use them to separate work apps and notifications from personal, from sporting club, from X, Y, and Z. Yes, they're a pain in the arse to switch between, but I'd argue it's more of a pain in the arse to have them all jumbled together causing even more notifications, frustrations, and distractions from whatever one should actually be concentrating on in the present moment.
I agree that the locking down is truly stupid. For what it’s worth, the reasoning for locking down mobile apps is allegedly that mobile users are a less technologically competent demographic than desktop users. I do not think so myself, given the difficulty in trying Graphene vs. Desktop Linux.
I don't agree that it is stupid. Both banking on a Windows PC or on an unlocked + rooted phone is potentially catastrophic. Windows because of the prevalence of malware, unlocked phones with custom AOSP forks because people download 'ROMs' (as they call them) from the most shady sites.
Once 10,000s of Euros are siphoned from a bank account, it's usually the bank that has to deal with the mess. Especially if they cannot prove the transactions were done in on an insecure platform.
Phones are generally safer (though there is a huge variance between the safety of different Android phones) because they use verified boot and strong application sandboxing.
I think it is possible to believe the following two things a the same time:
- Banking apps should only run on locked phones with secure boot.
- Banking apps should not be limited to the Apple/Google duopoly.
The solution is that there is some validation of alternative OS vendors, e.g. in the form of an audit, and that banks are required to approve apps on their platforms after the audit. This would be fairly straightforward tech-wise, because e.g. GrapheneOS supports remote attestation, but banking apps need to add/allow the hashes of the official boot keys: https://grapheneos.org/articles/attestation-compatibility-gu...
Unfortunately not.
I'm in the UK. Two of my personal banks, all four business banks that I need to use, and several credit cards, require authentication using their phone app to confirm login on their website.
None of those I've seen are using TOTP or SMS, for which I could use a general security service. All use their own phone or tablet app. One does something interesting where the website shows a unique QR code on each login, the phone app reads it with the phone camera, and then website login proceeds instantly without clicking anything.
Oh, and some of them also require phone app confirmation for card purchase transactions.
When my last phone's screen stopped working, I called one bank's "phone banking" line (using another phone of course) to make an urgent transaction, and they told me they can't do that, as only service they offer by phone is registering a new phone or tablet. They told me explicitly that it's not possible to login to their web-based banking service without using their app for authentication, and on a registered device.
It's the reason I have my current phone. I had to buy a cheap-ish Android in a hurry from a local shop, in order to proceed with my bank transaction.
Back to the main topic: I love the idea of a properly open source phone, I used to own not one but two Nokia N900s, and I once toyed with the idea of building my own Linux phone from scratch, big project though that is.
But the security ecosystem around logins has changed, and so have the services I depend on. These days I use many bank and other financial-service related apps, and I'm not, in practice, free to switch providers. So I couldn't use a Nokia N900 or modern equivalent any more as my only mobile device. I'd have to carry a second phone as well.
(Banking and other service authentications are also the only reason I have my current passport. I resented having to pay to renew my expired passport, given I had no plans to travel (small children) and the expired passport used to be accepted, but I found some banks, credit cards and even government services increasingly requiring to see a non-expired passport from time to time. When I asked one of them what do they do for the large number of people who don't have one, they simply told me they close those people's accounts and that's ok, they don't need to serve everyone. But that's another story.)
And banks often have their apps region locked, so if you live abroad or have accounts in more than one country, you’re fucked.
Want to use Vipps tæpp so much but I have Nordea for private and they don't allow it on their cards, for whatever godforsaken reason.
I wouldn't mind sending in a complaint to both BankID (allow biometric login) and of course DnB corpo edition.
Here is the github repo where banking app compatibilities are tracked: https://github.com/PrivSec-dev/banking-apps-compat-report
And it's rendered to a page here: https://privsec.dev/posts/android/banking-applications-compa...
Thanks anyway!
I don't know how to contact the engineering team. IIRC that is how the private app got fixed, someone got word to someone on the inside.
enjoy it while it lasts. hardware attestation requirement for (at least) banking apps is a question of 'when', not 'if'.
Even un-modified you'll then be stuck with an old version of Android that doesn't support the latest versions of apps and the old versions of apps won't work properly.
It's really a shame because a lot of old phones work perfectly fine otherwise.
Can you record phone calls? Do third party voice recorders continue recording even when the screen is locked? Thank you!
But unironically Pixels are currently some of the best actually open phones. They do not lock down or require shady practices for unlocking the bootloader (although they do require a network check once that happens automatically, but it will permanently allow unlocking the bootloader if successful once. Pixels are very easy to restore and almost un-brickable, allow bypassing the boot screen warning by pressing the power button twice, actually allow relocking the bootloader and don't void your warranty unlocking it, don't have a shady one-time fuse like Samsung phones do with Knox, etc.
https://www.youtube.com/watch?v=ik0AiO0WtuU
If you don't like giving money to Google, plenty of companies offer refurbished Pixel phones.
When was in college and had Sprint this was a nightmare since then I wanted root for unlimited hotspot (Sprint made it easy that way), but most refurbished Pixels were Verizon variants.
And I couldn't just use OnePlus because they were only designed GSM networks or later Verizon CDMA-less. Then, new Pixels were unaffordable for me, but parents insisted on using Sprint.
I ended up getting a Pixel 3 off Mercari (which I still own) just to keep root.
Now, I can afford a Pixel 10 Pro new (which I am right now), alongside spare Pixel 9 and OnePlus 13R units. But even then (a) my income is lower than when I worked at Microsoft and (b) The OnePlus was from a trade-in deal.
Anyway, I now need to get the battery replaced, because apparently they are dangerous and Google pays for the replacement. Unfortunately, the replacement process requires the stock android to be installed. Meaning, I would need to backup the whole phone, reinstall stock android, then restore everything - and hope the whole ordeal works out.
This is inconvenient in some ways, but at least it is sort of privacy as good as it gets while still being able to run official apps when I need them at home.
To de-google the phone, I use F-Droid as primary App store, Aurora as fallback for non-f-droid Apps and as a last resort Obtainium to install Apps that are not in these stores.
The only google App I really "need" (kind of) is the Camera App, which is sandboxed via GrapheneOS Storage Spaces and without Network permission (why would a camera need internet?).
To backup my phone, I use the integrated GrapheneOS Solution (seedvault!?) for storage and apps, immich for Photos and MyPhoneExplorer for Contacts.
Sometimes it is a bit hard to find good apps for specific purposes, so for everyone interested, here is a list of Apps that I personally use or have used.
Aegis - 2FA (https://github.com/beemdevelopment/Aegis)
Breezy Weather - A very good looking weather app (https://github.com/breezy-weather/breezy-weather)
OnlyOffice Documents - MS Office suite replacement (https://github.com/ONLYOFFICE/documents-app-android)
Fossify Calendar (https://github.com/FossifyOrg/Calendar)
Fossify Messages (https://github.com/FossifyOrg/Messages)
Aves - Local gallery with great organization (https://github.com/deckerst/aves)
Termux - Terminal emulator (https://github.com/termux/termux-app/)
Unexpected Keyboard - A unique keyboard that pairs nicely with Termux (https://github.com/Julow/Unexpected-Keyboard)
WG Tunnel - WireGuard client (https://github.com/wgtunnel/wgtunnel)
These are all easily installed through Obtainium: https://obtainium.imranr.dev/
* NextCloud -- client for personal NextCloud server; this app is used primarily for file sync, with other features accessed with other apps. (https://nextcloud.com/features/?filter=Clients#android-clien...)
* KeePassDX -- password manager, shares DB with KeePassXC on desktop, which is synced via NextCloud. Also functions as a TOTP authenticator. (https://www.keepassdx.com/)
* DAVx5 -- CalDAV and CardDAV client; keeps mobile calendar and contact list synced with private NextCloud server. (https://www.davx5.com/)
* AntennaPod -- excellent FOSS podcatcher. (https://antennapod.org/)
* KDE Connect -- desktop sync tool; allows file/clipboard/keyboard/audio/etc. sharing between phone and a Linux desktop. (https://kdeconnect.kde.org/)
* Kore -- remote control app for a Kodi instance running on your LAN. (https://kodi.wiki/view/Kore)
And I don't see F-Droid itself mentioned -- it's the most popular repository of FOSS software for Android, with an accompanying app: https://f-droid.org.
Also, the desktop client on Linux is quite useful.
Alternatives for Windows etc. are Cruiser Maps, a Java application (and also available as an Android app).
However, I listed it because it is a "usable" alternative that works offline.
I also made a custom fork with some quality of life improvements, like series and part visible on screen, headset remote click patterns (tap for play/pause, double-tap for next, etc.).
Currently I'm working on a totally DIY build offline audio (book) player with the footprint a bit bigger than the iPod Nano 7g that maybe never will be finished, but ATM it is fun to work on... (see https://github.com/sandreas/rust-slint-riscv64-musl-demo for the testing repo and https://github.com/nanowave-player/nanowave-ui for the latest code I'm working on)
1. The Pixel camera app works, including all modes and settings. A camera that takes good photos was absolutely a requirement for me, and the FOSS camera apps are not quite as good yet.
2. I don't have Google Photos and the pixel camera app tries to launch google photos when you want to review the picture you just took. But there is a FOSS app called GPhotosShim that uses the same namespace as google photos and thus fools the camera into launching that app instead. Once launched, it just launches whatever media management app you actually have configured, so it's seamless.
3. Android Auto works!
4. Android QuickShare works!
5. NFC tags / Yubikey integration works!
6. Screencasting works!
7. Sensor access and internet access can be disabled for apps by default (and I do).
Does this require installing google play and other google services to work?
Edit: https://grapheneos.org/usage#android-auto
I bought a second hand Pixel 7 to test this and an exFat SanDisk Extreme Portable 2TB works with reads/writes perfectly.
Does that require being logged into a Google account? How to ensure Google knows nothing about your shares?
I have Graphene w/ Google Play Services (required for my job) and would love a easy way to share files/info with various devices (incl. iOS/macOS which I remember should work with QuickShare in the future) but will avoid a service that shares data with Google.
Pixel are supposed to be very good in photography, part hardware and part software, and my concern would be degradation of that software part. With small kids, there is nothing more important on phone for me than photos/video quality these days (apart from never going into apple ecosystem, I am just incompatible with that company' philosophy).
Or its just about slapping some commercial photo app (like I heard from other photographers is often done on apple to get most out of it, but forgot the name of the app) and not caring about this?
On the other hand, if you switch to the latest Google camera app, you will not really be participating in making the open source version better.
https://play.google.com/store/apps/details?id=com.google.and...
I run a Thinkpad with NixOS and KDE, a Pixel 9 with GrapheneOS, and an Amazfit watch paired with GadgetBridge on my phone.
It's a testament to the hard work of the FOSS maintainers of these projects, and the spirit of open source, that everything works flawlessly together without any cloud service sucking up my data. For example, I can control youtube and music playback on my laptop with my watch because KDE Connect syncs my laptop and my phone, and gadgetbridge syncs the phone and the watch. The breezy weather app on my phone can automatically push its data to gadgetbridge which in turn pushes the data to the watch. And so on. So many little things, developed independently, working like a single well oiled machine.
So I ended installing ActivityLog2[0] to do something with the files I had to have on desktop and GadgetBridge was of little use because relying on GadgetBridge without actually syncing the files might make me forget about doing the backup to a device I control (GrapheneOS or a computer).
As soon as GadgetBridge support syncing the files from the watch to the app (or any local folder on Android), I'll install it again and stop doing the manual backups over USB. Syncthing will do it automatically.
[0] https://github.com/alex-hhh/ActivityLog2
In background I also have Withings scale sync the measurements a couple of times a day to Garmin.
Then switch back to Google/Apple after half a year when you discover that you can’t run
- your banking app - any government app - the app required to access large sports events - the pandemic tracking app without which you can’t enter an airport - various other random apps
because they ALL detect that you’re running on a phone with an unlocked bootloader and will flat out refuse to start. And for many of those, there is no legal alternative.
(The extent of this varies depending on where you live, of course.)
Not sure if airports specifically used another mechanism, but the Android contact tracing APIs were actually reimplemented in microG, allowing these apps to work even on custom roms.
Your other examples don't hold universally either (banking apps are compatible with un-rooted custom ROMs more often than not, and not sure how many sports event apps use integrity checks), but your general point stands that it may come with trade-offs.
(I don't deny that there are apps that won't work. Best to check before switching full-time.)
Thats not coming from some paranoid security person, just regular (software dev) joe.
> Unfortunately, I must recommend Windows 10/11 here, because then you don’t have to mess around with any drivers; it’s the simplest option.
When I worked at Microsoft but ran FreeBSD at home, I often used my work Windows laptop to install custom ROMs. This is because FreeBSD was finicky with adb.
Now I run Fedora and the Android drivers are pre-installed. I installed GrapheneOS on both a Pixel 10 Pro (main) and Pixel 9 (spare) that way.
On Windows, I've had more trouble with Android drivers than I did on non-Windows.
I wonder how secure GrapheneOS is in that regard, and what the other contenders are?
(it's not magic. All big vendors have these details, just choose to take their sweet time to patch them. GOS has partnered with a major OEM vendor who provides them with access)
Other than the specific patches above, there's a list of generic GOS features: https://grapheneos.org/features#exploit-protection
All in all you're probably much safer.
Android's attack surface seems pretty jagged. For example there is only one webrender engine on iOS, where you can run anything you like on Android/GrapheneOS.
GrapheneOS really wants the software in the phone to not pwn the phone. This is good. Its a different, and much more difficult problem to secure the connection to the telco, and the larger internet, because the transport is attacker controlled.
Think of it this way: Say you use Qubes because security is valued very highly for you. Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?
This does make a material difference, e.g.: https://x.com/MetroplexGOS/status/1982163802188575178
That said, if a state-level actor is up against you, then it's hard to defend yourself against that.
I could not get a replacement as I bought the phone in a foreign country (Google doesn’t sell Pixels here in Brazil).
So as much as I love the idea of running a more private phone, I found the hardware extremely fragile and poorly designed, so I will not buy from them again anytime soon.
The only things I'm missing (which don't exist in other OS'es either):
- Being able to configure contact scopes in such a way that the app in question only gets access to the phone numbers of the contacts belonging to the label I specified, e.g. "WhatsApp", nothing more. Yes, one can of course add contacts' phone numbers to the contact scopes "by hand" but 1) there is a limit on the number of contacts/phone numbers configured this way, and 2) AFAIK there is no way to back up that list.
- Being able to install browser extensions in Vanadium.
- Being able to configure multiple VPNs at once, e.g. for Tailscale, ad filtering, blocking HackerNews during times when I should be doing something more productive :) etc., especially since the Vanadium browser doesn't support extensions (see above). I was hoping that the Rethink app might implement something like this (https://github.com/celzero/rethink-app/issues/1047) but it doesn't look like it's coming and it'd probably be much better to do this at the OS level.
The good news is that they are actively working on developing their own hardware. The bad news is that it’s been delayed. But I’m watching closely.
https://www.galaxus.at/en/page/grapheneos-postpones-pixel-al...
Google would not allow this and they're way too entangled with Samsung.
That limitation might be doing you a favor, as these things go...
Even if Pixels hadn't PWM a larger screen (or, dare I say, a book) will be an improvement for longer reading sessions.
In the meantime, I use a Motorola G Power 2024 which has IPS. I'm very much a non-expert but made a minor hobby out of trying to de-google it as much as possible.
Never signed into Google with it. Using NetGuard with a whitelist to prevent most of the phoning home. Uninstalled or disabled most built-in apps. The apps I use are installed via either Obtanium or Fdroid. Have Dropbox from Aurora. Use Motorola's private space for keeping some data and apps in a separate, supposedly secure locker.
I'm sure this doesn't come close to GrapheneOS's security level but it's the best I can do within the limitations of this device. It was a fun mini-project. NetGuard is invaluable for this purpose. Almost feels like the phone is truly mine.
The problem with nearly every other phone, except maybe Samsung flagships, is that they don't fulfill the security requirements. And Samsung is hostile against unlocking (even when it was still possible, it would burn a Knox eFuse).
However, there was one case that lead me to thinking about ditching grapheneos to this day. I installed Uber on my phone and I was able to successfully create an account and use it. When it came to booking a ride, the app crashed and I had to log in again. Once I did that, I was told that my account has been suspended for violating the terms of services. All I did to that point was creating an account and booking a ride. I was able to resolve the issue luckily after a few days and going back and fourth a couple of times with the Uber support, however, the risk of getting banned on any such platform is still risky, and thus I'm not sure if grapheneos is usable if you need to use such services.
I've run into my share of scammy taxi drivers.
Your aim is misplaced: ditch Uber, not GrapheneOS.
Every app on my phone has at least one other app, usually already installed, that can replace it. This wasn't intentional, it just happened naturally. Unless all two or three apps in a category get blocked for me at the same time, this already unlikely situation is barely an inconvenience.
If using GrapheneOS significantly increases the risk a person won't be able to use a service they rely on, that may be unacceptable.
I'm not doing this on purpose, I just now scrolled through my app list looking for one app that would actually fuck me up if I lost it in an instant. There are none. And I'm not currently even running graphene or anything else, just a stock Samsung.
I'm not a mobile phone security expert but my feeling is that in the case of GrapheneOS - which target is probably high-profile people at risk of state actors et similia attacks - a zero-day in the closed source firmware from Qualcomm will probably screw you anyway.
I understand that you are anyway reducing the attack surface (now they need to target the modem firmware specifically), I understand the concept of security in depth and I also understand that by using GrapheneOS you are already placing mitigations for many other known and unknown attack vectors. But still...
All the devices that GrapheneOS supports implement a clear separation of the baseband and the CPU in the form of SMMU, ARMs version of IOMMU. So a zero-day in the baseband does not immediately screw you - unless the code on the CPU side also contains vulnerabilities or there is a major flaw in the SMMU implementation that somehow breaks isolation.
I probably explained myself in a shitty manner, I didn't try to downplay GrapheneOS efforts, and I should have kept my initial statement about "next best thing can create a false sense of completeness" as a generic remark and not specific to GrapheneOS, for which I don't have enough knowledge to know if it applies or not.
What that means is they can push malicious settings and configurations (Definitely) and probably malicious firmware to the handset at will. They don't need to code this, they buy the software packages from the usual suspects. Adversary simply needs to put a drt box or a hailstorm or what-not close enough to the handset to do the work.
The baseband can do a lot, it has dma (if I recall correctly) and can almost certainly screen look, and extract information from some but not all base bands. This varies.
GrapheneOS cannot really influence this, but hardened_malloc could conceivably help. What would be great is a bench firmware re-flash, but I don't want to do this every single day.
There's an IOMMU:
> Is the baseband isolated? > Yes, the baseband is isolated on all of the officially supported devices. Memory access is partitioned by the IOMMU and limited to internal memory and memory shared by the driver implementations. [...]
https://grapheneos.org/faq#baseband-isolation
> GrapheneOS cannot really influence this, but hardened_malloc could conceivably help.
They can and do, see above. But I don't see how hardened_malloc is related to the baseband doing DMA.
To answer your question, I thought it might just be slightly harder to extract secrets or exploit a running process directly. Thats all I was saying.
I do this on iOS I’m sure it’s do-able on GrapheneOS and hopefully on Android too.
Essentially, 5G is sort of a lie. Phones spend a lot of time exchanging information via 4g/lte, and just like 2g/3g and 3g/4g, there are simply downgrades that can be performed in the field, without getting too far into the weeds.
5G matters not for this.
And it's not only security - simple stuff like USB data off unless the phone is unlocked, native call recording, much enhanced user profiles (to separate data mining apps like Uber or Instagram from your financial affairs), etc.
And yes, it's about reducing the attack vector. On most other handsets you'll get most of the fixes 6 months or a year later. At best.
I do understand your point that people at risk of state level attacks might get a false surface level appearance of defence from this. But then anyone who's a target of state level attacks and is making OS decisions based on a surface level understanding of the tech is not going to have a good time anyway.
I also with they could support non-Google phones, but that's a problem coming from the manufacturers, not from GrapheneOS.
My understanding is that there are close to half a million GrapheneOS users. And many potential users don't want to buy a Google phone. So it feels like it is starting to become worth considering for manufacturers...
I don't get why Fairphone doesn't look into that. Is it because they are not aware, or is it too hard for them to make hardware that is compliant with what GrapheneOS requires? Hundreds of thousands of devices may not count so much for Samsung, but they must definitely count for Fairphone.
Why are GrapheneOS releases dependant on Google releases?
I'm not even really sure what you mean by "manufacturer updates".
The more I hear about this project, the less is sounds like an alternative OS and more it sounds like a thin skin around whatever shit Google throws out, to be honest.
If you have an EOL Pixel and a new major version of Android is released, Google will not port this new version of Android (and therefore AOSP) to it. So GrapheneOS would have to do it. GrapheneOS just say they don't have the resources to do that, so they follow the Google releases. Could you keep an EOL Pixel without receiving updates? Sure. But then it's not supported anymore, it's just outdated, insecure software.
> I'm not even really sure what you mean by "manufacturer updates".
There are the AOSP updates (which bring new features, but importantly in our case bring security fixes) that come from Google, but your phone is more than that. There is a bunch of hardware running in your phone and a bunch of firmwares exposing it. Say your camera, or your wifi module, etc. If there is a security issue in the firmware of the camera, then it won't be fixed in the AOSP codebase. You need the camera manufacturer to fix it and release a firmware, pass it to the phone manufacturer who will then deploy it on your phone.
Google split both of those concepts years ago in order to deploy Android updates faster and make everybody more secure, because manufacturers had a tendency to lag a lot. Some still do but the situation generally improved, I think. Anyway, you need to receive those security updates from your manufacturer because they are independent from Google.
> the less is sounds like an alternative OS and more it sounds like a thin skin around whatever shit Google throws out, to be honest.
If you think that AOSP is shit, then sure. I mean, if you think that the Linux kernel is shit, maybe you don't want to run a Linux distribution.
I personally think that AOSP is pretty great, and vastly superior to Linux on mobile (among other because it has a much better security model). I am not a big fan of Google being root on my phone (with Android and system apps like Play Services), which is something that GrapheneOS fixes (by making Play Services run like any other, unprivileged app). GrapheneOS is also adding privacy features, be it by proxying your location requests (so that they go through the GrapheneOS servers instead of directly to Google) or by adding features like "scopes", where you can choose exactly which contact you share with an app, for instance, or refuse Internet access to an app without breaking it (GrapheneOS will just make the app believe that it has the permission to access the internet but there is just no connection right now). And of course GrapheneOS hardens the system in terms of security (e.g. with a hardened malloc or memory tagging stuff that Apple recently introduced as well).
So yeah, it is relatively thin, because AOSP is a huge codebase. But it doesn't mean that it's worthless: this skin makes it more secure, more private, and for me more enjoyable than Android.
I think breaking away from open source Google code is not really meaningful. It's kinda like saying "I don't want to run Linux because it contains code from IBM/Google/Meta". AOSP is a great and useful project. If the day that Google stops releasing AOSP ever comes, a consortium of interested organizations can fork it. But it does not make a whole lot of sense to start a new mobile ecosystem completely from scratch, if one that is great and open source already exists and buys you compatibility with millions of apps.
I am probably going to switch back to a used old iPhone for "phone appliance" tasks, but keep around the Pixel for other things.
My main takeaway from the experience is that iMessage is an even bigger weapon than I thought.
As an aside, from the latest release notes: Sandboxed Google Play compatibility layer: add toggle for granting Play services access to ICC auth in order to support RCS with carriers requiring it for RCS in Google Messages including T-Mobile (see RCS usage guide)
https://grapheneos.org/releases#2026021200
https://grapheneos.org/usage#rcs
If anything, iOS seems buggier and less reliable, but I know (and am related to) a lot of people who insist on using iMessage/RCS, and I can't be missing messages.
I wish Europe would have forced that 10 years ago since the US is beyond saving.
Luckily I have hardware 2FA keys from my bank so I can authenticate using that. It also slightly decreases the suck-factor from whenever the phone decides to fly off down a drain. This may not be the case for you, so do your research on what you need for daily living.
Still missing Android Pay but that's due to Android Pay being closed. I wish banks would do something and support NFC payment systems that don't require the device to be controlled by Google (how can we be okay with this?!)
There are countries where it's possible to pay everywhere with the banking app scanning a QR code. No need for NFC :-).
NFC is by far more convenient and reliable.
QR codes are reliable.
NFC (EMV) works offline.
It's pretty common here that people will be told they need to turn off an otherwise working Wifi connection when facing problems because bank apps will often just not work properly on wifi.
But as I said, even without that, the convenience level is ridiculously different. It's arguably quicker to open your wallet and use a debit card with an NFC chip than it is to use QR codes, before we even talk about the convenience of watch/phone payments using NFC.
Got it, that's a fair point!
> But as I said, even without that, the convenience level is ridiculously different. It's arguably quicker to open your wallet and use a debit card with an NFC chip than it is to use QR codes
This part sounds like those people who use a different unit system than I do and explain to me how my unit system is objectively more inconvenient than theirs. To which I answer: "I think I know better than you what is more convenient for me, given that I use it everyday" :-).
I use QR codes instead of opening my wallet, which kind of hints towards the former being more convenient than the latter for me. And for the millions of people who also do that.
I'm not saying "yours" is less convenient. I'm saying the one you and I both use regularly is less convenient than anything NFC based, which I also use semi-regularly.
> It's arguably quicker to open your wallet and use a debit card with an NFC chip than it is to use QR codes
So I assume that even though QR codes are available where you live, you use your debit card with an NFC chip because it is quicker than using QR codes...
Anyway, the important part is that NFC doesn't require an internet connection, and I had missed that. Now I wonder why a QR code couldn't work without an internet connection just the same. I'll have to look into that!
The problem is not GrapheneOS, but rather that phone manufacturers other than Google don't care. Now if there were millions of GrapheneOS users, it would start becoming interesting for other phone manufacturers to care.
My point being that I buy Pixel in order to give more weight to GrapheneOS, in the hope that other manufacturers will eventually realise that.
In any case, for me this also sort of defeats the purpose: I'd rather break free from Google and Apple, not just (stock) Android and iOS.
https://privsec.dev/posts/android/banking-applications-compa...
Not really. On GrapheneOS, the Play Services/Play Store run as sandboxed apps, i.e. they are not system apps like on Android. They just run like a normal, unprivileged app. That's a lot better than on Android.
> I'd rather break free from Google and Apple, not just (stock) Android and iOS
If you want to break free, you don't have to install the Play Services / Play Store on GrapheneOS, just like you don't have to install microG on LineageOS. There is a misconception that microG is better than sandboxed Play, but I disagree. With microG, your apps still connect to the Google servers, so you're not "breaking free".
Edit: ignore this - there's a list elsewhere in this thread!
If you are using a rather popular banking app, chances are high that it has been discussed in the GrapheneOS forum.
Anyway, with google play services installed, mine have worked out of the box.
For the end user, breaking free from Google means exiting from Google’s services surveillance system wherever possible. It doesn’t mean complete elimination of the use of source code written by Google employees.
GrapheneOS is really the most private option of all viable daily drivable smartphone operating systems available, because your only other options generally involve Apple and Google services dependency.
You can use GrapheneOS and never send any user information to Google, that’s how you “break free.”
Look, it's better than stock android overall, UI much more simplified even though it gives you a lot more security control, battery feels slightly longer, but there are drawbacks, i.e. twitter/x wouldn't install, neither would my bank's app. However from time to time I go to use iOS on the iphone and it just feels like better software, with better ergonomics overall, the combination of the xnu kernel plus the design and feel of the..buttons.. on iOS is still years ahead in my opinion. So keep that in mind if you're switching away from apple to it, as android still feels like decade plus old software.
Now for the upsides.. there's a built in terminal and debian vm you can install and run your agentic AI tools (claude code,opencode etc) in a portable sandboxed environment which you just don't get onios. You can even fire up a graphical xfce session albeit that takes quite a bit of work to get it to go.
As for the tablet form factor of the phone itself when unfolded, i found it amazing the first few weeks and then later found myself rarely using it.
Overall I'm going to stick with itand will never go back to stock android, but am quite annoyed at how much better it could actually be.
Why start from scratch?
I've been on ubports for 3 years and while it also has some weird caveats like read only rootfs, no working package manager (due to read-only fs. however ubports has pretty cool support for lxc containers where you can use apt). Due to chronic lack of time I haven't been able to sit down on my phone to play with it a bit (for example id like to install waydroid), but it seems a lot easier than android. For example, while there isn't an app for call recording, some guy worked around it by writing a systemd user service as a workaround[1]. This is exactly the type of thing I'm thinking about when talking "linux phone".
For me as a linux user, the difference if ubports was a human, I'd think that perhaps they were sick, whereas if android was a human, i'd shoot them in the face :)
[1] https://forums.ubports.com/post/75157
Remember that GrapheneOS is not Android: it's an AOSP-based OS.
I actually had hopes that Huawei would start that with HarmonyOS.
It is finnish, anyone knows how are they going?
i used that for 2 years, it's linux+kde bottom to top, a terminal + shell is a builtin, though only supporting 5+ years old Sony phones got tiresome.
Still.. it seems the only one that's usable enough apart of the duopoly. May have to switch to it again.
The situation with Sony Xperia devices is not great, the best experience is still on the X10III (from 2021 I think) and there are significant issues with the support of 10 IV and V generation devices (a free beta release is available for those as well).
It seems that recently there has been quite a lot of buzz in the Sailfish community compared to the past few years. In the public repos there are some interesting contributions like xdg-shell support for Lipstick, which looks set to enable compiling many previously unavailable Linux apps natively if that will actually be integrated in an upcoming OS version.
Currently have an iPhone 16 pro, and probably my next phone will be something like this.
I need to be able to share photos easily with my wife, typically I’ve been using airdrop.
- If your phone is supported by GOS, you should go for GOS.
- If your phone is not supported by GOS, you should look carefully and compare between /e/OS and Stock Android.
I had a Fairphone 3, and after 5 years, /e/OS was outdated by 4 years w.r.t. the manufacturer updates. In other words, Stock Android coming from Fairphone was more secure than /e/OS on that Fairphone.
In my experience, /e/OS has a tendency to claim that they support everything, but they just can't, there is too much. And then they complain when GrapheneOS criticises the fact that some /e/OS users believe their phone is well supported but actually isn't. And GrapheneOS is not wrong: I realised I was in that case after 4 years with /e/OS.
Mine is running /e/ and reporting Android 13, which appears to be the last one Fairphone support. /e/ said it was too difficult to support 14 with the kernel involved. It's had continual security updates apart from the Android version.
Edit: Murena make it clear which phones are officially supported and which have "community" support.
This is not the manufacturer updates. I was talking about the manufacturer updates. I just checked and someone complained a few months ago and they updated them. Before that, they had not been updated in years on /e/OS, but they were up-to-date on Stock Android.
> Edit: Murena make it clear which phones are officially supported and which have "community" support.
I bought a phone to Murena, advertised by Murena, through Murena. It really felt like it would be officially supported, otherwise they should have made it clear that they advertise and sell something that they won't support, wouldn't you say? My feeling is that they just stopped supporting it after a while.
Also I would assume that "supported" means that it receives both the LineageOS updates and the manufacturer updates. Apparently they have a different definition of "supported" (which is fine, maybe it's just "we will continue sending you our own updates"). It's just that in my book, if I get more security updates with the Stock Android than with /e/OS, then Stock Android is more secure.
In regular use, main difference will be that /e/OS comes with access to the alternative cloud service that project provides. It uses the default FOSS solution microG for google api compatibility, unlike GrapheneOS with their sandbox approach. /e/OS sets on AppLounge to install and upgrade both play store or F-Droid apps. Graphene has a small curated app repo instead.
I'd never use GrapheneOS since I don't trust the project. /e/OS is also not my favorite since it feels like it is developing slowly, having had issues with outdated software versions - though it does work well in practice. Have a look at iode for an alternative.
That's not just a claim, this is an objective fact. GrapheneOS has a excellent track record when it comes to security, they have made several patches that got upstreamed to Android, etc.
Fair enough, you choose what you trust.
But personally, I have never seen a technical claim from GrapheneOS that was wrong or misleading. But I have seen many claims from /e/OS that were technically wrong or misleading. So I trust GrapheneOS more.
Then there is the drama, and all sides annoy me when they behave like this. But I have seen drama coming from all sides.
Sorry, I won't spend 30 minutes digging to find that :-). I follow /e/OS, GrapheneOS and (followed) Calyx. I have seen messages from all of those either on forums, Mastodon, etc.
Also, whenever GrapheneOS makes a technical point (which is often a blunt "GrapheneOS is superior because [...] does it wrong"), many users of those projects answer aggressively (and of course many GrapheneOS participate as well).
And on top of that, a lot of messages criticising some GOS people or the entire project and calling them "toxic" whenever GrapheneOS is mentioned.
I have no skin in this game, so it doesn't touch me. But I could understand that the GOS people feel "harassed" by this. If everywhere I went people said "have you seen this guy? I hear he's toxic", I would consider it harassment, I think?
You or other readers can check https://github.com/mozilla/ichnaea/issues/2065 for a public display on how GOS attacks work when they are mixed into technical debates, how they destroy any chance of cooperation.
Sure, you're free to do what you want. Just sharing my opinion given that I follow those projects from the outside.
> You or other readers can check
I guess what I am trying to say is that it takes multiple sides to argue.
For what it's worth, your link shows the founder of /e/OS engaging there. I have seen both technically wrong and misleading claims from the founder of /e/OS on Mastodon, then GrapheneOS explaining why they thought it was wrong on their forum, and then the founder of /e/OS calling them toxic and complaining about those attacks. And then /e/OS users would join the party and start attacking GrapheneOS, fully trusting those claims from the /e/OS founder. I can't really say that he didn't have any responsibility in the drama under those conditions...
Again, GrapheneOS tend to be blunt, but it doesn't make it technically wrong. And when the message is "it is unacceptable to us in terms of security", then it will be blunt anyway. I realised after years of using a phone I bought to Murena that my system (that they installed and sold to me) was entirely breaking the AOSP security model: it was signed with the Google testing keys and the bootloader was unlocked (and just couldn't be relocked, and anyway it wouldn't matter because of those keys that are not meant for production).
In other words, I bought a product to Murena that was unacceptable to me in terms of security, but genuinely thought it was better than Stock Android because of Murena / /e/OS marketing. I genuinely feel either they tricked me, or they didn't know it themselves. I have personally seen multiple /e/OS phones in a state where they were objectively less secure than Stock Android. I get that they don't like it when GrapheneOS says it, but that is not wrong.
For the security thing: It is wrong to claim that an unlocked bootloader completely breaks the android security model. If anything, it breaks one specific aspect, one that doesn't matter for many attacker models. Besides, on some phones the bootloader just can't be relocked, that's on the phone vendor though. Signing keys for bootloaders might just not matter if change detection was working or the bootloader was not relockable, but maybe I'm missing some specifics there.
So imho what you describe as catastrophic scenario likely wasn't one.
You seem knowledgeable about this, so I'll take the opportunity to ask: if I install a malicious app and it manages to escape the sandbox and alter the system, my understanding is that it will be detected next time I boot it (because the image hash won't match). Isn't that true?
> Signing keys for bootloaders might just not matter
Again a question, I haven't found it in the official documentation: aren't those keys the "system keys"? As in, if my system is signed with some keys and an app is signed with those same keys, doesn't it allow this app to be a system app?
/e/OS community talking about it: https://community.e.foundation/t/article-from-grapheneos-abo...
And then maybe this: https://eylenburg.github.io/android_comparison.htm
Hope that helps.
Sure they have hardened everything but realistically, that's not the main threat for your average user.
Their top contribution to android is the sandboxed Google Play, by far.
GrapheneOS does care about both, quite obviously. And GrapheneOS tends to say that if your security is bad, then it is affecting your privacy too. Whereas others say "sure, we break the Android security model by unlocking the bootloader and signing our system with the Google test keys, but your apps will contact Google through microG instead of the Play Services, so it's more private". Which is worth what it is worth...
Reminds me of https://xkcd.com/1200/
When you run an app on Android, it runs in a sandbox. Meaning that your social media app cannot access the files of your banking app by default. They are "sandboxed".
On a normal Android, the Play Services are installed as a system app. It is privileged app that has "system" access. A system app is not sandboxed.
GrapheneOS allows you to install the Play Services and the Play Store as "sandboxed" apps in that they run unprivileged, just like WhatsApp or TikTok or your banking app.
So running the proprietary Google apps in the sandbox is obviously more private than running them as system apps, wouldn't you say?
I agree there's some marginal benefit that sandboxed GApps need to prompt the user for permissions (rather than having privileged system level access) but at the end of the day, Google Maps will get GPS perms and Google will know everywhere your phone goes.
Sure, but that's the same if you run TikTok with microG (which will relay your data to the Google servers just like the Play Services) or in waydroid on a Mobile Linux. But you can't blame the system for what the apps are allowed to do by the user.
Take your Google Maps example: if the user wants to run Google Maps, obviously they will be sharing data with Google. It's very weird to blame the system for that.
What the sandbox brings is that for users who want to run the Play Services (because they want to run TikTok, knowing that it will share data with some servers, including but not limited to the Google servers through the Play Services), then at least the Play Services are not root on their OS. So then instead of running microG, you can run the Play Services and have the same kind of benefits.
Now if you don't want your apps to contact Google, then by all means, don't install the Play Services! But don't install microG either! And don't install Google Maps!
It's all about trade-offs, it's not an all or nothing situation. Sandboxed Play Services is better than privileged Play Services.
And sandboxed Google Play services serve both goals -- it runs the service as a regular android service, not an exceptional one that has a bunch of extra permissions. So you can allow/restrict it as you seem fit, while not "getting behind" on features/apps that mandate it.
That's also why I don't keep anything important on my phone as I don't trust what's going on there despite having all the secure features that you would want.
Any privacy you have on a system is reliant on no one tampering with that system and on software behaving itself. Without security, you can't trust the system to implement any privacy.
You can't fix a lack of trust like you have in Android with technical solutions. The flaw in Android is fundamentally a social problem.
If you want something backed by objective data, my phone has an advertising ID built in the OS and my laptop doesn't. My phone had 100s of privacy scandals and my laptop doesn't have one.
I do applaud GrapheneOS don't get me wrong but I have a feeling that they are fighting a losing battle.
/e/OS (and similar "non-LineageOS" ROMs really) instead focus more on de-Googling. They're still generally security focused, but the priority is less "someone's after you" and more "corporate surveillance is kinda scary innit". The aim is less to avoid someone actively trying to drain your phone of data and more to prevent your phone from passively sending everything it can possibly find to the Big G's ad machine (as well as whatever other trackers get snuck into apps.) Because of this, they usually have better depreciation timelines and support a lot more devices compared to GOS who only support the Pixel line (which is an increasingly awful set of phones truth be told); their scope is much smaller.
Finally, it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS. It's extremely maximalist, tends to get very upset at other projects whenever they get attention (see sibling reply to this, where they pretty much melted down because an outlet dared to recommend a Fair phone+/e/OS) and the projects official channels have generally encouraged this sort of behavior. It doesn't really damage the software itself, but it's worth considering.
> it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS
What I have seen (and I am not involved in any of those projects) is that GOS does care a lot about security, has a higher quality in that regard than anything else, and tends to be blunt about "inferior" projects communicating about security.
Not that they couldn't improve their communication style, but usually when they call out technical limitations of other projects (e.g. /e/OS), they are right. And I mean the technical arguments. Then I have seen a bunch of drama, but to be fair I have seen those other communities show toxic behaviour towards GOS just as much as the opposite.
It feels like it is GOS vs "the others", because the others don't criticise each other, and GOS bluntly criticises when they see claims they find are wrong (I have seen claims by /e/OS going from misleading to downright wrong).
On my particular phone, after 5 years with /e/OS, the Fairphone updates were outdated by 4 years. In terms of security I would have been better with the Stock Android. It depends on the phone of course, because /e/OS tends to claim that they support everything and they just can't. Even on a phone that /e/OS supports well, GrapheneOS is superior, period.
But I agree, I could do without all the drama. I guess my point is that it goes both ways.
In my case, it was a few months ago, so end of 2025.
I think it's just that they can't possibly support thousands of Android devices. I just don't like that they are not being very clear about it. You would think that buying a phone through Murena would guarantee some kind of support, but it actually doesn't.
To put it concretely, GrapheneOS recommends running all the proprietary Google apps in a locked "sandbox" so they can't read data on the phone outside the sandbox -- but obviously Google still gets to see everything you do in their apps. /e/OS tries to provide [largely but not entirely FLOSS] alternatives (e.g. their own Maps app, their own email, their own calendar) that make your phone usable out of the box without Google software.
Well, the actually scary part of google services is that they have this quasi-elevated access in your phone where it can do a lot of stuff ordinary android services just can't do. E.g. google maps' location sharing works this way (but don't quote me on that).
GrapheneOS managed to "put it back into the bottle", and it runs as a regular android service anyone could write, with the same rules applying. So you have much more control on what you allow it, and this will also limit what data apps relying on google services can leak about you.
https://eylenburg.github.io/android_comparison.htm
In short, GrapheneOS is vastly superior.
Recall using one years ago on my Samsung device with happy results. That was long before banking apps etc. Wondering what's the difference with this? Extra security?
So it would follow that a valid privacy-respecting third option would potentially help Apple customers as well as Google customers.
https://inteltechniques.com/blog/2026/01/05/grapheneos-2026-...
Are there valid reasons to only support pixels?
https://www.androidauthority.com/graphene-os-major-android-o...
For me the biggest concern is that while you may be able to use and run your own device, you will be locked out of most propietary services. Much like how more and more websites simply don't work with Firefox anymore.
https://privsec.dev/posts/android/banking-applications-compa...
This is linked to from the Banking Apps section on GrapheneOS docs: https://grapheneos.org/usage#banking-apps
Sample size of 1: my UK banking apps all work fine.
I've had less issues than with CalyxOS for example, where more apps broke.
https://grapheneos.org/articles/attestation-compatibility-gu...
https://privsec.dev/posts/android/banking-applications-compa...
Whether or not that defeats the purpose is an exercise left to the reader.
Oh the irony.
I prefer to use intermediaries like Kagi Assistant, thanks to the strict privacy conditions of the API and the mixing of queries from thousands of users.
> It’s thanks to them that we even have the option of at least partially freeing ourselves from Google (Android) and Apple (iOS)
partially. And I do think they successfully did this. Asking Gemini questions when you really have something to ask is very different from integrating your whole digital life with Google.
I'm not a photographer or anything, I just want to quickly point and shoot and get on with whatever I'm doing without thinking too hard.
(Also it is possible to do these things if you root your phone, but caries its own risks and I wouldn't recommend. Ending your dependency on third party processors is probably the best outcome)
All supported devices are exclusively Pixels.
Step 1: Buy a Google phone
Sounds like we can't actually breaking free from Android and iOS. Maybe with Linux like the Fedora Atomic for mobile devices? https://github.com/pocketblue/pocketblue Or PostmarketOS? https://postmarketos.org/
Even then banking would probably only work through the browser... Sad state of the world really.
And no tap to pay.
Hopefully the new EU banking system will work on Graphene and Ill switch back
I must also be getting old, because I don't get the big fuss about NFC payments. Firstly, I'd never use them if they go through Google/Apple. But even when/if they don't, it's not a big deal to use a card, isn't it (if you hate cash)?
> But even when/if they don't, it's not a big deal to use a card, isn't it (if you hate cash)?
Card is usually linked to the US. Some people would like to not depend on that. But the rational solution IMO is for the banking system to use QR codes instead of NFC. Some countries do that and it just works.
You have a point, and even though it looks like it will be a very corporate-driven system, and possibly dependent on Google or Apple, there seems to be an EU payment system on the making (if it ends up depending on Google or Apple, that will be the irony of leaving VISA/Mastercard to fall in the fangs of Google / Apple, but... oh well, one step at a time).
I think the name is Wero, it was on HN a few days ago.
Where do you get that number from? All the banking apps I've tried work on GrapheneOS.
> And no tap to pay.
There are countries where the payment terminals show QR codes, and banking apps work by scanning it. No need for NFC :-).
> I'm not sure it's really breaking free when the first task to do is intall Google Play Services so your banking app works.
sandboxed Google Play Services. It's an important difference.
If you want to be a certified Android system (like all Android manufacturers do), you have to port AOSP to your hardware, install the Play Services as a system app (giving Google root access), install the system apps you want (e.g. Samsung have their own UI, maybe their own camera, their own store that they want to be installed as system apps), pass some conformity tests by Google (Google wants to ensure that it's good enough to be called "Android") and pay a ton of money to Google for the licence.
But as an individual, you can just download the AOSP sources, build them and install them on your phone. It's AOSP, but not Android.
GrapheneOS is based on AOSP. /e/OS is based on LineageOS which is based on AOSP. Those are not Android systems, they are AOSP-based systems. In a way like Linux Mint is based on Ubuntu which is based on Debian. Those are different layers. If you hate Canonical, it doesn't mean that you have to hate Debian, even though Canonical does contribute to software that runs in Debian (like the Linux kernel). The comparison is worth what it's worth, but I hope you get my point :-).
https://blog.tomaszdunia.pl/ubuntu-touch-eng/
https://blog.tomaszdunia.pl/droidian-eng/
But yeah, same binary blob issues for firmwares, but Linux on Mobile has the same issues.
For now I consider smartphones as disposable toys that can't be trusted with anything sensitive and use a computer for privacy.
I also don't like the idea of running Android, I still hope for a real linux phone at some point.
That statement might not have aged so well, especially consindering googles attempt to lock out apps from their devices, If the developers do not comply with being oficially registered.
The fact that the play store is not exactly known for exceptionally high standards w.r.t. malware, or that there are lots of valid concerns that come along with a company controlling who is allowed to supply apps for the device is a different topic.
However I haven't seen anybody try
If you're based on AOSP, the project is still 100% reliant on Google!
It seems extremely cynical to me to depend on the work of a thousand-man team to build your OS, then patch out a couple of lines and claim you've broken free from them. Without Google, none of this project could exist.
the OS is great, but too risky in certain situations.
First things, first, kudos to the GrapheneOS team for making it this easy to install and the surprisingly rapid support for new devices. Sure, there are features which I otherwise liked in the stock android that came with Pixel phones(swipe typing is something I very much enjoyed) but all in all, I can't say I miss much from it otherwise. I've slimmed down my list of apps to basic functionalities backed by self-hosted services (nextcloud, immich, jellifin, etc. along with a VPN I maintain myself) and I honestly don't miss much from the stock Android.
I want to point out that for a very long time I worked for a company that developed games for mobile devices and while the data we collected was mostly anonymous(*unless you logged in with facebook and by implications we had your facebook id) and it was never even utilized all that much beyond bad attempts at maximizing sales(not effectively anyway cause the people in charge were as incompetent as they could get), I can say that we collected ungodly amounts of data: most of the cloud bills were storage for that specific reason. While we did not have bad intentions and had to operate under strict GDPR regulations, this was a large company that was constantly monitored. Small companies can fly under the radar and get away with not abiding by the rules and laws and commonly they are not even aware what the repercussions could be. Similarly, the US and Asia-based giants can simply shrug it off and toss a few billions in fines. Make no mistake, no company is looking for your best interest and with that in mind, I couldn't recommend GrapheneOS (and self-hosting everything) enough, assuming you know what you are doing.
https://news.ycombinator.com/item?id=40667147
They subsidize Pixel hardware (to incentivize users to adopt their spyware OS), you (buying used obviously) take their subsidized hardware and do not repay them by using their spyware, replacing it with Graphene. Only google loses. Their hardware is technically very good otherwise (in fact no other hardware fits the strict graphene security requirements).