- cross-posted to:
- privacy@lemmy.ca
- cross-posted to:
- privacy@lemmy.ca
Here’s a summary of the article and the seven key points mentioned about switching to GrapheneOS:
Summary: The article discusses GrapheneOS, a secure, privacy-focused mobile operating system based on Android. It highlights the benefits of switching to GrapheneOS, its features, compatibility, and user experience. The article also addresses potential concerns and provides information on reverting to standard Android if desired.
The seven things you should know before switching to GrapheneOS:
-
Compatibility: Currently only supported on Google Pixel devices (Pixel 3 or newer) due to their strong hardware-based security features.
-
App compatibility: Most apps are compatible, but some may require alternatives. A sandboxed version of Google Play can be installed for popular apps.
-
User interface: Similar to standard Android, but with enhanced privacy controls and a decluttered, ad-free experience.
-
Regular updates: Frequent security updates are provided to protect against the latest threats.
-
Community support: A dedicated community of users and developers is available to offer help and tips.
-
Reversibility: It’s possible to switch back to standard Android if you don’t like GrapheneOS.
-
Privacy and security features: Includes end-to-end encryption, revocable permissions, randomized MAC addresses, and strict app data access controls.
Ty for the summary ChatGPT
Haha no worries 😅 I always appriciate summarys myself so I thought I would pay it forward
It’s a bad joke ✌️
That’s actually pretty rude to call someone a bot.
Ok bot
Fuck you too
Thank you for this.
No problems 😄
good human
standard android?
you/they mean the OEM operating system right?
Yes. You can go back to stock.
My point is that “stock” is not a “standard”. If anything GrapheneOS is more standard.
True. It’s close to AOSP. Don’t understand the downvotes.
Its pedantic and distracts from the real conversation happening. I’ve always considered “stock” to mean how the device ships from the factory (that’s how the term is used in the automobile world), whereas I would think it fair to consider AOSP a standard, it’s something you can compare other ROMs against.
Regardless of mine or anyone else’s opinion, we’re just ultimately wanting to talk about how GrapheneOS is much closer to the clean and uncluttered experience AOSP offers
Fair
Or any other rom, really. Stock, which is the Google version of Android, but the pixel line is well supported by lineage and other variants.
The summary kind of makes it sound like there’s a switch in settings and poof! you’re back at stock android. But I imagine you need to flash the new ROM and start from scratch.
Right. It’s different in that it lacks Google Framework Service, and adds a bunch of privacy controls, like additional quick toggles to control the cameras, and microphone, the way other Android can quick toggle the flashlight and location servcies and bluetooth.
The biggest thing is substantially more granular per app permissions, controlled from a calentral interface in settings.
No mention of the mental instability of the founder and the toxicity of the Dev team?
this could be said about many popular open source projects
…like Lemmy.
Pointing the blame away is not the right answer. Also it does not happen in Lineage OS, Calyx OS and many other similar projects.
I wasn’t trying to do that, just making a general statement
Generally irrelevant is kind of our point.
and its one of the “things you should know”
-
I love graphene as much as the next guy, but this article is pretty terrible. Badly researched, just spitting out talking points that are either flat out wrong, not the point of graphene or just scratching the surface. Look up the graphene homepage, if you actually want useful info.
It Feels Almost Like Android… But It Isn’t
So what is it?
I think what they attribute to that “android feel”, is google spying on them at every turn.
Can someone give an example of an app that doesn’t work? I always hear about apps that do work, but is it mostly banking or some other category that doesn’t work typically?
Anything that uses NFC payments.
<end of list>
Some banking apps allegedly don’t work but i have never encountered one. If your bank has a mobile accessible website, it’s basically a non-issue.
More specifically, Play Integrity API will fail on the Play Service integrity check. If I recall correctly, this is why Google Pay won’t work on GrapheneOS.
Some banks require the app to be used as second factor to log into their website.
Can you work around it with magisk like rooted stock android? I bought my pixel specifically for graphene but google pay is the main thing preventing me from switching
You cannot root grapheneos, so the answer is no. That method does work on other rom’s like lineage.
Last time I checked, it was broken for years already. It’s been a while though. edit: Confirmed: https://xdaforums.com/t/module-play-integrity-fix-safetynet-fix.4607985/ Only basic/device attestation is working.
I’m currently getting MEETS_DEVICE_INTREGRITY with play integrity fix, which is enough for Google Pay to work. The only thing that I haven’t been able to do is drive for Uber or use RCS oddly enough. RCS happened to fix itself about a month ago as well.
As far as I’m aware, there are no work-arounds that allow for circumventing the Play Integrity API. Probably because you cannot avoid the involvement of a Google backend API that is accessed by the app’s backend. It works like this: Play Services hands a token to the app, the app sends it to the app backend, and then the app backend lets a Google backend verify the token, which results in a verdict. You cannot manipulate the token.
google wallet is not required to be tied to any bank accounts, and US does not even support NFC within banking apps.
Both true statements. The banking apps that don’t work aren’t because google wallet doesn’t work, but because they use the same trust policies that Wallet requires in order to run (which GrapheneOS cannot meet because its not a “trusted” OS, per Google)
Like you said, banking apps. The logic behind that is they use google to security check their apps. A random non-bank example would be the slick deals app. Without play services it would just open then crash.
Many apps use play services for their notification system. So for instance, proton mail works fine but notifications do not.
NFC is not supported, so anything that uses that won’t work.
Not an app, but I was surprised that widgets don’t work unless you’re in the primary profile. Technically they work on any profile, but they randomly get deleted, and frequently. It’s a known bug that probably will never get fixed because the source of it comes from stock android.
I will mention that you can have a profile running play services, which gives you access to many apps that wouldnt normally work. And it’s sandboxed so it has less impact on your information (I don’t know all the specifics but it does limit in some way how much it can snoop into the rest of the OS). Then you can also set up granular controls on your apps to limit them from snooping.
Thanks! I don’t think this will work for me. Where I live, most of the payments are made directly through banking apps by scanning a qr-code.
Yeah, that’s why I mentioned having a secondary profile. Some stuff like bank apps you just can’t get away from so a profile with play services running is a workable solution. If you have a pixel phone already, you can give it a shot. One very nice feature of GOS is that it’s super easy to install - and uninstall if it’s not for you.
Sadly, I don’t have a pixel.
Random applications that use the play integrity API won’t work on any third party OSes or ROMs. For example I tried to install some Intuit app on my GOS Pixel a while back (credit karma I think?) and it didn’t work at all
I would love to make the switch, but I am certain that absolutely zero of my government mandated apps will run on this thing.
WTF do you mean “gvt mandated apps” !?!
Mandated is the wrong word. “Required for absolutely everything” is more precise. In Denmark you need an app called “MitID” to do any kind of digital verification. You can’t do online purchases, banking or digital bureaucracy without it.
Well sorry to hear that, it sounds like a special kind of hell.
It’s not really. Much better then US’ lack of any one consistent system (or even lack of electronic option) and random OTP generators. But makes switching phone OS feel like a pretty big risk.
I mean it may be pretty well done and thus ‘safe’ (curious if said app is open source?), but it sounds like you, as an individual, are tracked for most of your activities. Is cash still a mainstream option for payment?
Also, it’s probably a costly stretch and really depends on your threat model, but could still have a phone with said app for any activity that requires it, and another one running GOS for a more private use.
You can still use cash. It’s just for electronic payments and ID verification. Though cash is exceedingly rare.
A unified ID system just means you use the same login details for each government agency (tax office, dmv, healthcare, etc…) Instead of a different system for each. It’s also a stand in for a physical signature. It also ensures your data is consistent through the entire government as it’s the same database.
I think it’s significantly more secure for the individual than in the US and, as far as tracking, it’s not like the US’ insecure identity verification systems make it more difficult to track you. The US makes it easier for others to steal you’re identity, and for you to get screwed because an employee misread your name on a net form they have to manually copy into their cobal database or whatever.
Fair enough. I’m not in the US & I don’t know how things are going there, but here we also have the opportunity to use the same ID for different gvt services (or to use specific ID), but nothing is required for electronic payment (although the credit card is obviously linked to your identity), and overall I barely have to use my account on any of these services, unless I have a request which really occurs a couple times a year max.
And we can log on the website, no need to use any app, which work juste fine even with a VPN.
How do people who don’t have smartphones do it? Is there some harder roundabout way?
You can use a keychain OTP generator (in Norway). I have no clue how it generates verifiable codes. The phone app is more convenient, and to the point at hand, actually connected to the internet/NFC. In any case it’s factor 1 in a 2FA (And then some), so the same way any 2FA would work.
My government ID app works fine. Maybe try it first?
mitid recently implemented play integrity, it should still work if previously installed but new installations don’t work (https://discuss.grapheneos.org/d/1520-status-of-mitid-app/279)
While it’s not nearly as customizable as an Ubuntu kernel, it’s still easy to make your GrapheneOS look and feel exactly how you want it to, within reason.
WTF is it supposed to mean?
Does android auto work? Last I herd it did not…
It does
Neat.
Well, now I know what my next phone is. Does it work on the latest Pixel or does it have to be a previous version?
It works on the latest pixels
Thanks!
It does work on the Pixel 9 Generation and even on the Pixel Fold 9 and Pixel Tab.
Thanks!
I have the 8 Pro, and my wife has the 7 Pro, so I can confirm it works on those. No idea on the latest generation, but it’s likely that it works too.
If you want to know if an app works, you can start here: https://plexus.techlore.tech/ Still a young project so contributions are welcomed!
If you don’t have a Pixel like me, you can check out: https://e.foundation/ Runs since 3 years on my Fairphone 3 and gets better with every update
Ironically, Plexus currently crashes and won’t open on GrapheneOS. Both 2.0.3 on F-Droid and 2.0.6 on IzzyOnDroid.
I’m not sure how to read the Plexus entries, and they don’t seem to be clickable. Would you mind explaining how to use the site in a meaningful way?
Unfortunately, Tinder doesn’t work and that is helpful to get in touch with the ladies. That app is too hell bent on location data which GOS handles more privately.
NFC should work, it is just scheduled to be deactivated after 3 months if not used for security reasons.
I think GOS is very user friendly and has many positive privacy and security enhancements. I would like to see if they can surpass sandboxed Google Play and officially support other repositories and updaters like Accrescent. Also, a standard way of securing traffic beyond encrypted DNS would be good such as a tor client like Orbot.
Looking into the Veilid ecosystem might also be a source for further development ideas.
just use grindr instead like I do
GrapheneOS also made me give up my heterosexuality /j
One group of people who ain’t suffering from being lonely in today’s America
Removed by mod
Here’s some completely unrelated crap
ArE yOU StILL prO GAY!!??
Yes? People should have the right to be gay
CW: SA
The fact that some men rape and assault other people has nothing to do with anyone else being gay or not.
It would also be helpful for you to know that most pedophiles who attack boys (and probably the men doing the raping in prison) are actually straight. [1] Again, nothing to do with gay.
Wtf are you on lol
[1] https://www.splcenter.org/fighting-hate/intelligence-report/2011/10-anti-gay-myths-debunked
Anti-gay activists who make that claim allege that all men who molest male children should be seen as homosexual. But research by A. Nicholas Groth, a pioneer in the field of sexual abuse of children, shows that is not so. Groth found that there are two types of child molesters: fixated and regressive. The fixated child molester — the stereotypical pedophile — cannot be considered homosexual or heterosexual because “he often finds adults of either sex repulsive” and often molests children of both sexes. Regressive child molesters are generally attracted to other adults, but may “regress” to focusing on children when confronted with stressful situations. Groth found, as Herek notes, that the majority of regressed offenders were heterosexual in their adult relationships.
The Child Molestation Research & Prevention Institute notes that 90% of child molesters target children in their network of family and friends, and the majority are men married to women. Most child molesters, therefore, are not gay people lingering outside schools waiting to snatch children from the playground, as much religious-right rhetoric suggests.
They won’t let me reproduce
I have a lot of questions but the answer to those questions is probably incel bs so I’m not gonna start haha
Removed by mod
deleted by creator
you can setup seperate peofiles and jeep your GOS apps seperate from your open source app profile. that’s what I do.
Also accresent is already a part if the GrapheneOS appstore.
Removed by mod
I’ve almost never had an issue. Like ever, unless I forget to set my phone on a charger when I went to bed. And even then, it would just be in the single digits by the end of the second night.
I think I’ve had my phone die on me twice since I’ve had it (Pixel 6 Pro).
Removed by mod
Great. I don’t need that. That’s not even close to a selling point.
I guess if I needed to hike without a power source for a week, it would be.
Removed by mod
I disagree. I think that claiming something “sucks balls” because it will only last two days of normal use before dying, if you don’t charge it all all, is absolutely ludicrous.
If I just text and leave my screen dim, I could get a whole week out of my phone. But that’s not why I got a smart phone. I got a smart phone so I could use it, not see how long I could get the battery to last.
Removed by mod
For the record, I looked it up. The pixel falls in line with most other mainstream phones. Depending on the model it can be in the lower half, sometimes upper half, but always top ten.
Your phone seems to be specifically designed for ruggedness and battery life.
In fact of all the reviews I can find, about your phone they essentially say: it works ok as a phone but hey, I can throw it against a wall and it has awesome battery life.
So calling out the Pixel specifically and using the Oukitel as a metric is just straight up fuckery.
That’s the kind of crap that needs to be left on Reddit. Go back there to post your gatekeeping bullshit.
Do you mean that it’s worse on GrapheneOS in comparison to stock?
Removed by mod
As a GrapheneOS user, I approve this message.
For how long will the older pixel phones be supported? Is it worth it to buy a cheaper older model like pixel 6 and have graphene in it?
Cause I’m not giving more than 200-300 for a phone. I’ll stick to cheap android phones that lack nothing compared to expensive phones for my needs.
https://endoflife.date/pixel This is for googles support. GOS may support a specific device a little longer than google but does not promise to and recomends getting a newer device.
Pixel 8a looks real good right now.
5a is EoL so no headphone jack for you. This is a nonstarter for portable devices to me.
USB C to AUX adapters work for me.
Having a secure and up to date device should likely be more important
It is great that works for you. However, you are not everyone
Flimsy awkward adapters + having to choose between charging or audio? But they had matching earbuds with irreplaceable batteries to sell…
Ugreen sells a dual adapter. I’m sure other make one too. Don’t choose, just have both.
https://www.amazon.com/UGREEN-Magnetic-Adapter-Charger-Charging/dp/B0CJXWJ596/
As for flimsy, unless you get apple’s piece of crap, they are resonably durable. Headphone cables were never know for duarbilty either.
Lastly, just leave the adapter plugged into your headphones or aux cable.
I’ll agree, they are awkward and I do miss my headphone port, but the
solutionwork around is not that deep.While the greater knowledge tells us the jack integration costs the manufacturer less than a greenback, the narrator buys @ 20× the price a dangling dongle whose DAC quality is an unknown. Strolling with cellular apparatus in hand, the narrator’s new phone tails are inserted—one side waving in the wind & the other causing a weird, uncomfortable cinch in the junction with 3.5mm jack. Additional stress is forced upon the singlar USB-C port. Who will last longer on this phone, port, battery, screen? “This is fine” he tells himself lifting the screen searching “best Bluetooth headphone 2024” just to see what’s out there—even tho his headphones have no performance issues & a replaceable, detachable cable already built to last.
Wait what do the android updates have to do with Graphene? Does the phone need to still be supported by Google and android for Graphene to be secure and work?
Yes. Many security updates come from upstream AOSP and then are put into GOS.
So when a device has stopped getting AOSP updates, it is unreasonable for GOS to continue support it. They can and I believe they have applied more critical security patches to just barely EOL devices, but this isn’t promised or expected.
They could just apply the patches they do have like the main android ones. I think that is BS personally
Graphene stops shipping any updates after the Google deadline
They have a list of dates on their FAQ for different devices. It sounds like you may get a few more years beyond when Google cuts off official support. https://grapheneos.org/faq#device-lifetime
My 7a cost $300 this summer. Very expensive for me but I don’t regret. 8 is around $400 in that store now that 9 is out, maybe it would drop in price with time (or as 9a comes out?).
You can just run Lineage OS with MicroG or Calyx OS. If you have all Foss apps you probably don’t even need MicroG
Tried to switch to graphene for a bit. Way too many apps don’t work in it.
Could you elaborate? I’ve switched just to check it out and never moved back.
But out of curiosity what apps didn’t work for you that were deal breakers?
Oh. I tried a bit before giving up. But lack of compatibility plus the insanely unreliable pixel battery just made me switch back to iPhone.
Thank you for the link though.
NFC payments also don’t work. Non-starter for me
Is it because of your particular bank or is that a general problem?
google wallet in general will not work.
also bank apps utilizing NFC is not a thing in the US
Ah yes, a feature that I’d never be able to live without /s
The university that I’m at is trying to get new students to use a digital student id that uses google wallet for scanning I think. They aren’t giving any new students physical student id’s unless they need it for something that doesn’t work with the digital ones.
So yeah some people do need google wallet.
Google Wallet works though. It’s just NFC and credit card payments that don’t. If you can add tickets and passes with barcodes, student ID will work.
The student id’s use nfc here. Nothing to scan.
Cal state northridge?
Why not? You van set up a separate profile and install gplay services so pretty much anything would work under these conditions I assume
“I assume” is doing a lot of heavy lifting here.
as someone who runs GrapheneOS and looked into the possibility of doing contactless payments: no. it simply does not work. all the contactless payment apps can somehow detect you’re not running the stock OS for the phone and choose to lock themselves down.
cashapp and venmo will also freeze your accounts almost immediately upon installation and login and, in my case with cashapp, insinuate you may be reported to law enforcement for fraud when you appeal with info about your phone lmao
Didnkot expect that, thanks for the details.
Android Auto is borked and most camera features
Android Auto works fine for me and google camera also works fine.
The camera works but I was talking about it but the Google image processing features.
You can install the Google Camera app and get those.
Android auto also works fine for me. I haven’t used an android phone in years so I can only compair it to apple car play. There are extra configuration steps to make it work but its not hard (just have to read some messages and go through some menus)
Apple car play “just works”.
Comment on GrapheneOS, an Android custom ROM while touting Apple in same thread.
👍
I’m not touting apple. Its just a fact.Graphene has you check boxes so you know you’re giving permissions to your car. It informs you what information you’re giving to android auto. And, if you’ve installed apps through alternate sources, you do have to go through developer mode in Android Auto to enable apps from alternative sources. It takes less than 5 mins and you only have to do it once, but if you don’t, you’ll end up thinking android auto is broken in graphene, like the poster I was responding to believed.
I don’t think there is a better solution for graphene - it works fine after minimal setup. I’d gladly do that to preserve my privacy when it matters.
Apple doesn’t give a shit about informing you what it does with your info so it doesn’t do that. I’m not saying its better I’m just being honest. Its quick and dirty.