I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can’t just “install Linux” on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP’s latest version, imptoves upon it’s security and significantly hardens it. There’s hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you’re using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can’t work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn’t the friendliest but you can get help. Just don’t try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let’s have a discussion!

4 points

A simple search will tell you a ton of people here use GrapheneOS and other custom ROMs. Are you karma farming?

permalink
report
reply
-2 points

I use an iphone LMAO

permalink
report
reply
4 points
4 points

Yeah :(

permalink
report
parent
reply
46 points

I post someone’s comment on a controversial topic about google and GOS. I saved it because that’s exactly how I feel.


Step 1 of installing GrapheneOS for de-googling your life: Buy a Google Pixel phone

Look - I know, I know. I get it. Google allows you to unlock the bootloader while maintaining the phone’s unique and excellent hardware security features. The argument makes sense. It is compelling. Other manufacturers do not give you this freedom. I am not arguing about that. I have a Pixel phone running GrapheneOS myself.

However… It is just so very obviously ironic that one needs to trust Google’s hardware and purchase a Google product to de-google their life through GrapheneOS. I think that it is a perfectly valid position for someone to raise their eyebrows, laugh, and remain skeptical of the concept either because they do not want to support Google at all, or because they simply will not trust Google’s hardware.

The reason why I think that this is “controversial” is because I have seen multiple instances of someone pointing out the irony, followed by someone getting defensive about it and making use of the technical security arguments in an attempt to patch up the irony.

https://mander.xyz/comment/15084264

permalink
report
reply
7 points

This is exactly why I don’t have graphene os, the irony of having to support google is too much for me call me paranoid but i also dont trust them with the hardware piece either lol. I’ve been running lineage os without gapps and its honestly great, updates and patches are every few weeks, super stable and awesome.

permalink
report
parent
reply
9 points

I assume you’re using it with bootloader unlocked. The issue is somehow some malware injects your phone and roots it, it can just install itself as a system service and just live there and you’ll never know. The security feature that protects against it is disabled once bootloader is unlocked.

Also I’ve heard that LineageOS has not all security updates present since some firmware updates needs to be provided by the specific manufacturer. For Pixel, Google provides it and GOS uses it.

permalink
report
parent
reply
3 points

Yes, a lot of people in this thread should look up the difference between a hardware based secure element and a salted hash.

https://en.m.wikipedia.org/wiki/Secure_element

permalink
report
parent
reply
23 points

If your objective is to punish Google, or to have nothing to do with Google. I completely agree with you using a pixel phone just doesn’t make any sense. You shouldn’t do it

If your objective is to have the most security possible… Then you should install graphene on a Pixel phone.

permalink
report
parent
reply
2 points

With the lack of any other viable option, I struggle to see the point of the arguement.

permalink
report
parent
reply
22 points

Yeah it’s ironic but what is the alternative? At least we CAN remove Google’s known spyware from the device, and there’s no evidence of firmware level spying. If you get Samsung, or some chinese crap, you can’t remove Google period, and you might get spied by the manufacturer as a cherry on top. There is no way to have a perfect solution, well unless Samsung starts to provide Custom ROM support or something.

permalink
report
parent
reply
0 points

I’m using a Fairphone with /e/os. No Google at all.

permalink
report
parent
reply
11 points

Not hardened though. I was heavily considering fairphone but over the back and forth between them discussing with Graphene developers, their hardware is not secure enough yet for graphene to be made for the fairphones. If and when fairphones are on graphene then I will definitely buy them.

Also, even though I commend their phone, the accessories for earbuds and headphones certainly bring up some questions as to their intentions.

permalink
report
parent
reply
33 points

I think buying a Pixel phone second hand solves this issue and reduces a little e-waste at the same time.

permalink
report
parent
reply
6 points

This. I never buy a Pixel new.

permalink
report
parent
reply
3 points

I use GrapheneOS but I don’t like how Google Play-centric it is. It is geared towards people installing their “normal” apps with the GrapheneOS special sauce sandboxing. No F-Droid by default where all of the FOSS apps are.

permalink
report
reply
2 points

By default there is nothing, it’s a blank slate. It’s up to you to decide what apps to use.

permalink
report
parent
reply
2 points
*

Screenshot for you. Google is explicitly linked to for easy setup. F-Droid is not. “There is nothing” is simply disingenuous.

permalink
report
parent
reply
2 points

It’s not installed.

permalink
report
parent
reply
2 points

Agreed. The Google implementations are there for folks who absolutely cannot go without certain apps only available from the Play Store. Upon installation, all that’s there is the OS with the necessary apps (camera, phone, browser, etc) with the security on these individual apps additionally patched.

With the sandboxing of Google Play and Services AND the option to further house these apps from the Play Store in a separate profile, you have a perfectly working device that the individual user can customise to their needs.

Its a great project and a real asset to the FOSS, privacy and security community against big tech/govt surveillance.

The phone is only as good as how you choose to set it up and use it.

permalink
report
parent
reply
1 point

They are very security fovused and is against f-droid’s poor security practices. They do push accrescent through their stores tho

permalink
report
parent
reply
17 points

I’m pretty sure that every Android Lemmy user has a Custom ROM installed on their device. Currently daily driving GrapheneOS on my Pixel 7 Pro.

permalink
report
reply
1 point

sadly i dont. my phone doesnt have custom roms.

permalink
report
parent
reply
1 point

Sending this from Lineage OS 21 ^^

permalink
report
parent
reply
1 point

I feel called out…

permalink
report
parent
reply
7 points
*

Not me unfortunately … I used to have a Samsung Galaxy S9+ with an unofficial port of LineageOS. Nowadays I’m using a Samsung Galaxy S21 Ultra with the stock OS.

Maybe a Pixel should be my next phone, so that I get proper support for most custom ROMs.

permalink
report
parent
reply

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 5.5K

    Monthly active users

  • 1.8K

    Posts

  • 27K

    Comments