I’m considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.
For those who don’t know, it’s one of the most secure and private mobile operating systems out there. Some things that I took away:
-
They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it’s standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don’t leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are “off,” stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google’s database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.
-
They have their own reverse proxies that they use to talk to Google on your behalf when needed.
-
Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn’t violate the 5th Amendment because it’s physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That’s considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.56K Posts
- 115K Comments
- Modlog
2 months GOS user here on Pixel 9. So far so good. You do have a lot more controls over the traditional Android phones. In fact, you have too much that for average user, i think it can be a bit overwhelmed.
PROFILES
For eg, you can easily install Google apps and use them like a normal phone. Problem is on Graphene, you have many ways to set this up. You can:
a) install in your main profile and be done
b) install Gapps in main the private space within main profile
c) some crazy stuff like install Gapps in the private space of a secondary profile, which you lock using a completely different password.
I spent too much time in this loop lol. Finally i settle on: all daily apps in main profile and sensitive apps live in a separate profile (banks, important docs).
SECURITY
Next the security features in GOS are amazing. You can control every single permissions that an app can do. I mean every thing including the system Phone app. I can go 100% paranoid and prevent the Phone app from Phone logs, microphone and Phone. Essentially making the Phone app useless… Very very nice but you need to experiment with your apps and see which permisions you can deny and which you cant. On normal Android? You can deny some apps but the system ones, you cant.
I especially like the USB c feature. I leave mine on Charge only. So the port only functions to charge my phone. This cuts off every other connections: plug into PC, plug into car for Android Auto…etc. I like it that way. .
Btw, Android auto works great too if you need it. .
OS is so minimal that you will need to install essential apps on your own. For eg, i use Florisboard for keyboard, MiX for file manager.
a) your usual password, pin, fingerprint
AND
b) a secondary pin that can be scrambled at random. So you unlock with your fingerprint then you need to enter that 2nd pin or password to enter the phone. EVERY single time. And it is scrambled too so you dont have to worry about people tracing your fingers.
AND
c) the Duress pin. This is like the nuke PIN. You set this up and hypothetically you are in a dangerous situations (thieves want you to unlock, local police abuse your phones…etc), you can enter this instead of your normal screen lock pin/password and every data is nuked. I havent tried it yet because i spent too much time set my phone rhe way I like it lol. If somebody tries it out, pls let me know.
INSTALLATIONS
Stupidly easy. On the OG Pixel, if you want to install LineageOS, you have to be very careful. Beside downloading the ROM, you need to flash a custom recovery like TWRP. Then becaude it is a Pixel, you nees to be careful which slot to flash the ROM. Flashing to the wrong one will brick the phone.
On Graphene? It is literally plug your phone in and open the browser where the install notes are. The ONLy technical thing I need to do during the process waa enable bootloader unlock. Everything else was like “GOS finishes this, GOS finishes that, can you press this button, GOS is rebooting…”. .Very very simple.
**SOME HELPFUL POINTS (i hope) **
dont treat this as a Degoogle phone. .You can but the strong point of GOS is security.
some features are not available compare to like.Samsung’s ONE UI . For eg, only allows an app to connect to 5G and not wifi.
dont create a super complicate setup. The backup process will a pain.