I’m considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.
For those who don’t know, it’s one of the most secure and private mobile operating systems out there. Some things that I took away:
-
They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it’s standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don’t leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are “off,” stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google’s database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.
-
They have their own reverse proxies that they use to talk to Google on your behalf when needed.
-
Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn’t violate the 5th Amendment because it’s physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That’s considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.64K Posts
- 117K Comments
- Modlog
mostly the answer is no. it has the same permission controls for apple’s own apps as third-party apps, but ofc graphene has a couple more options there too. filesystem access is limited to the file picker and the app’s own data directory, which i assume is a tiny bit more restrictive to the user than storage scopes. the scope concept also exists for contacts, pictures, health, and maybe a few other things. user profiles don’t exist on iphones; i think they might on ipads but i don’t have one. sandboxes are pretty locked down but not controllable by the user. then there’s “lockdown mode” which disables a whole bunch of shit and is supposed to harden your phone to highly-motivated attackers
Yeah, thanks. The more I research and ask knowledgeable Apple users, the more I’m convinced that if GOS did not exist I would either move to iPhone or just get a dumb phone for calls and rely on Linux computers for everything else. In Android, everything outside GOS is worse than stock android, let that sink in 😕
actually i’m thinking of switching to graphene eventually myself. is there anything you can tell me about that?
Compared to iOS? There’s nothing I can say other than what I’ve researched and asked around, which makes it an acceptable second after GOS. Now, about any other bloat-ridden mobile OS out there, including some claiming to be private, secure or both (yes, I’m talking about e/OS, Iodè, brax and others), it’s incredibly customizable from any standpoint (taste, security, privacy), super fast, ridiculously minimalist, however you can run over 99%of all android apps out there (some may require tweaking, for example, Exploit Protection Compatibility mode, which is how I actually got the Chase app to work, which was the one android app that didn’t).
You could say that, it’s not just the most secure mobile OS out there, but also the one that allows for more convenience as well (knowing convenience tends to sometimes drop security levels as well as privacy levels). The best part is how you get to choose how you segregate what you allow apps and services across profiles, or even in the same profile.
Honestly, I tried going back tk stock to see if I was missing out on something, and after less than 24 hours I couldn’t take it anymore, the control I lost by trying was making me anxious.
that makes sense, thanks. is it still difficult to get tap-to-pay to work on graphene? i try to use cash and i assume most grapheneos users do too so there’s not a whole lot of information on it
Tap-to-pay directly from my bank apps work, as well as from my Garmin watch. As far as I’m aware, Google pay does not work, but I haven’t really tried since the Pixel 8 Pro came out. One place to ask would be in the Matrix GOS channels. Maybe in General https://matrix.to/#/#general:grapheneos.org
works for me, thanks!