Hello, making this post to get some honest, and technical opinions about GrapheneOS. Please do not be bother by this question. No drama here pls 🙏. I’ve heard that there is some of the google code into the “sandbox” feature. Say your opinion below! 👇👇

Ask me when the NSA knocks at your door, what I think about it? I think it’s a big honeypot.

Think about it, if you were the NSA or the CIA would you push a privacy oriented OS? Honeypot vibes get stronger

Louis Rossman got threatened by the GrapheneOS dev

foremanguy
creator
link
fedilink
16M

And is GrapheneOS Dev threatened by Louis Rossman?

No the dev is very sensitive to criticism https://www.youtube.com/watch?v=4To-F6W1NT0

There’s also CalyxOS, low drama and very reliable. Https://www.calyxos.org

Calyx is unfortunately pretty slow to release security patches, uses privileged apps with root access like microG and the F-Droid privileged extension by default and doesn’t really provide any unique features. All of the privacy features of Calyx are either already present or can be easily replicated in a better form on GrapheneOS. Take Datura Firewall, it’s yet another privileged app with root access which adds unnecessary attack surface, and is less secure than the Graphene equivalent. GrapheneOS implements a network permission toggle, which is embedded in Android’s native permission manager and uses the INTERNET permission to restrict network access. It disables both direct and indirect network access, including the local device network (localhost). GrapheneOS also has a bunch of unique security features, that can’t be found on any other Android ROM, like for example a hardened memory allocator, hardened kernel, secure app spawning, improved SELInux policies, Duress PIN/Password, driver-level USB-C control, Storage Scopes, Contact Scopes and soon App Communication Scopes. GrapheneOS also includes Sandboxed Google Play services, a better GMS implementation than microG, which doesn’t require root and has better app compatibility.

All your points are true, yet still depend on Google in sandboxed form. That negates everything else for me, who wants a reasonably secure device that works out of the box and also respects my privacy.

If a nation-state wants into my phone, it’s delusional to believe even graphene can hold them off, you need real opsec for that, and unfortunately all I’ve seen thus far from graphene guys is cosplaying that the NSA wants your porn selfies.

Graphene and micro g? Cool. Sandboxed Google? Nope.

All your points are true, yet still depend on Google in sandboxed form. That negates everything else for me, who wants a reasonably secure device that works out of the box and also respects my privacy.

Graphene doesn’t “depend” on Sandboxed Play services. In fact, it’s not installed by default, and it is totally optional. Also, Sandboxed Play services doesn’t make your device less secure in any way, it can be installed as a normal user app, you can fully control access to sensitive parts of your device like the microphone, camera, location, etc. through the Android permission manager, and Play services don’t have any special permissions, since it’s not installed as a system app. As far as I’m aware (correct me if I’m wrong) you can’t remove microG on Calyx, since it’s installed as a system app and even granted root privileges. microG is a cheap, hacked together workaround, which requires root to function correctly. This greatly expanded attack surface makes it inherently insecure. microG also requires proprietary Google code to be run, in order to work (most of microG is open source, but it still uses some Google blobs). As far as I’m aware, this Google code is not sandboxed, and simply executed as a child process of microG (which runs as root), meaning that this Google blob is also run as root. This makes microG much more insecure than Sandboxed Google Play services, and it potentially gives Google much greater access to your device compared to the sandboxed approach.

If a nation-state wants into my phone, it’s delusional to believe even graphene can hold them off

The GrapheneOS team never claims that their OS is “NSA-proof”, but they actually look at which parts of the OS are commonly exploited by (nation-state) hackers, and massively improve them. As you can see in this spreadsheet, created by Google’s Project Zero, most vulnerabilities in Android come from memory corruption. That’s why GrapheneOS’s biggest and most important feature is their custom hardened memory allocator. It protects against most memory-related exploits, and is even stronger when used on a device with hardware memory tagging, which is the reason why GrapheneOS currently only supports Google Pixel devices.
Another significant security feature is secure app spawning. Creating new processes via exec (instead of using the traditional Zygote model on Android) randomizes the initial memory layout, which also helps to defend against memory-related vulnerabilities. The aspects I just mentioned are important protections about malware/remote code execution.

GrapheneOS also protects your device against physical attacks, e.g. by implementing a driver-based control mechanism for the USB-C port, making it impossible to connect to the device while it’s locked. This protects against forensic data extraction, e.g. using Cellebrite or XRY hardware.

Graphene even has a feature that protects you, when you are forced to give up your password. The Duress feature let’s you set a second PIN/password, which will cause the device to entirely wipe all the encryption keys, which are used for unlocking the device, from the secure element. This process is irreversible, can’t be interrupted and happens instantaneously, making the data impossible to recover.

No one claims that GrapheneOS is 100% secure and will absolutely protect you against NSA hackers, but it is by far the best and most secure mobile OS that’s currently out there. It is easy to use for everyone, and secure enough to be used by high-profile targets like Edward Snowden.

you need real opsec for that

Good OPSEC includes a secure operating system. Calyx is not security focused whatsoever, it rolls back standard AOSP security features, significantly increases attack surface, and doesn’t release security patches regularly.

Happy cake day btw!

Sorry, “google blobs”? A lot of work went into MicroG, and I think it’s a shame that you’d minimize so much good work to reimplement the lynchpin of Google’s control on your devices.

At this point I’ll presume you’re just misinformed, as no proprietary google code operates within microG unless you decide to run with device attestation, and there it’s running as a sandboxed service. At any other time, you are able to run open source code which spoofs your device details to Google, and spoofs google to all these other closed source apps in a reliable and readable, much smaller codebase.

Honestly, the irony of running blobs, when one is completely closed source vs the other which is fully open. Hahaha.

Can it run problem bank apps? I need a bank auth app for work as the bank stopped fobs and it just would not run on LineageOS. It refused to run because “the phone is insecure”. I tried Magisk hiding stuff and MicroG, and a number of way of tricking methods. That’s why I ended up on GrapheneOS, as a compromise without feeling too compromised. Everything seams to think it’s on a normal Android phone, but I’ve sandboxed the Google tentacles. But it would be better if mandating OS wasn’t allowed. If I want to run a “insecure” phone, that’s my “problem”.

Agreed, it shouldn’t be their problem. But, I am using applications just fine that are sensitive to root, even device attestation, but I don’t recommend attestation just out of principle.

Even pokemon go seem to run ok with just micro g and aurora.

@RubberElectrons @privacy @foremanguy92_
I’ve been using CalyxOS for a year now and I like it so much. I also tried GrapheneOS but I consider that sandboxed apps are harder to manage than microG in Calyx. I chose simplicity.

I’ve been using GrapheneOS for over a year. I cannot complain about it, it works as advertised and it does it the best way possible. However, here’s the list of things I find annoying/missing. Keep in mind, this is a subjective list.

  • some (quite a lot of for me) apps require Google Play Framework (or whatever the name is) to work properly
  • Aurora store tends to be unavailable randomly, which makes installation/updates difficult sometimes
  • some features are wonky, e.g. GrapheneOS has no issues with disabling wifi when leaving my home but I was never able to enable wifi when I’m back home.
  • default apps work ok-ish but it’s far from good old iOS/Android experience
  • Android Auto experience was a shitshow for me
@Freuks@lemmy.ml
link
fedilink
2
edit-2
3M

deleted by creator

StormWalker
link
fedilink
226M

I have been using GrapheneOS on a Pixel 7 Pro for 3 months now. I am BLOWN AWAY at how good it is. I have 3 user profiles. Main profile has no google services at all, and 95% of my apps are running there. Then I have a second user I can switch to that has sandboxed google services and my banking apps on it. I then have a third user that also has sandboxed google services running where I can install any random app that demands google services. (I have only 1 app on that user) . So 99.9% of the time my phone is running with no google services at all. (Side note: without even the sandboxed google services installed, apps need to be left open in the app switcher in order to receive notifications. If you swipe all your apps away, then you won’t receive notifications. This is not a problem for me, as I just keep my messaging apps open in the app switcher. But if it is a problem for you, you would need to run the sandboxed google services).

I see GrapheneOS as a way of removing 99% of all the tracking, spyware and things that I dont like, while still having the convenience of having all the apps and features that are available on a regular smartphone.

There is a learning curve, and many settings to learn and customize. But definitely worth it.

To get a Pixel, instead of paying £900 for a new pixel 8 pro, I paid £300 for a second hand Pixel 7 Pro on eBay that was in perfect condition. So for £300 I now have a privacy phone and an AMAZING camera, which was very important for me the camera.

Not much to comment on the technical side, but quite a bit of things get upstreamed or reported from GrapheneOS. I believe they really know what they’re doing. You can ignore the rest if you don’t care for the general opinion.

Yes, there’s probably Google code in the sandbox feature, it’s basically the stock Android userland app sandbox. The magic is the compatibility layer that allows Google apps to run as regular userland apps.

...

I bought a Pixel 7a, just so I could try GrapheneOS.

Installed it straight after unboxing, with Play services. Ended up using it pretty much like any Android phone. Installation is simple using the web installer. On recent versions, even Android Auto works, so the only thing you’re really giving up is NFC payments. Some banking apps may don’t work, but I’m lucky (or rather not unlucky) that the ones I use do. I believe those rare apps are somewhat lazily developed, and rely / trust on Google to do security for them.

Some months later, I went back to the stock ROM, mostly for comparison. Stock Pixel OS has a lot of appealing features, but most of those are just “nice to have” things. Stayed on stock for a few months, but the plethora of obscure Google “privacy settings” put me back to GrapheneOS, and finally off Google. Reverting to stock was also simple, just as easy as flashing GrapheneOS.

Now I don’t have Play services at all anymore, and have cleared most Google services (gmail, photos, drive…) so at least not much new data will go there. I do use Google Camera, and have Photos installed since I think the post-processing happens in Photos. Both have network permission denied, which is one of the nicest added features of GrapheneOS. The stock GOS camera is OK, but that’s one thing I think Google does better, though this is a subjective thing.

The only thing I kind of miss is Google’s find my phone stuff. Even though it’s quite invasive, I have needed it once and it resulted in me getting a lost phone back. A simple solution is not to lose your phone.

Apart from the per-app network permission, another really nice feature in GrapheneOS are the settings to toggle WiFi and Bluetooth off automatically. Why these are not in any “official” ROM tells a tall tale about how much they care about your privacy. The auto reboot if not unlocked in a while also brings some assurance regarding losing your phone, at least the storage will automatically back in encrypted unlocked state.

Vanadium might be the best browser I know for Android. Pretty much Chrome without all the things that make Chrome one of the worst browsers. Vanadium’s point is security, privacy (e.g. adblockers) is not the main focus. I’m not sure if there actually even is adblock features bundled nowadays.

If you want all the nice modern bells and whistles, stay on some other OS. If the benefits above appeal to you, there’s really not much you give up in the end with GrapheneOS. It requires a bit more technical mindset, but not really even technical know-how. I haven’t noticed bugs or broken stuff anywhere, with or without Play services. Android Auto (requires Play services) gets stuck sometimes, but that may also be my low-tier car too.

The “sandboxed” Google Play refers to the apps running as user installed apps vs the system-wide root-access-to-everything apps they are on stock. The same limitations you can apply to any other app you install apply to GSF apps too. So even if you install Play services, you are severely limiting the scope of data Google gets from you. It’s a solid middle ground between full degoogling and stock OS.

I’m not even an Android app developer, and will gladly admit technical mistakes. If you want something negative, the vocal minority of GOS users is really vocal and really full of themselves.

@ssm@lemmy.sdf.org
link
fedilink
-1
edit-2
4M

deleted by creator

featured [he/him]
link
fedilink
2
edit-2
6M

its open source and well audited, so no I don’t think they have it backdoored. they get all the info they want from people using google play services at a privileged level, running chrome, and using their other dozen services that come bundled with stock android

@ssm@lemmy.sdf.org
link
fedilink
0
edit-2
4M

deleted by creator

foremanguy
creator
link
fedilink
16M

Right

Possibly linux
link
fedilink
-12
edit-2
6M

Toxic culture run by someone who is questionable at best. Honestly I don’t see a need for it. It is certainly not the only option.

Autonomous User
link
fedilink
0
edit-2
6M

They will never be more toxic than proprietary software.

Sips'
link
fedilink
36M

The person you are referring to did actually step down as lead developer… Best to be more informed before making claims. Could you elaborate on why you consider it toxic? I’ve yet to find the Graphene community toxic myself.

They still have a lot of control though. Also I find that Graphene community thinks it is better than everyone else. I don’t have a problem with people being proud the problem is that Graphene is spreading false information like every other ROM is insecure. That’s not the case especially in terms of security as anything but stock is less secure. From a privacy perspective non google is better than Google but everyone seems to skip over that. People will say “Lineage OS uses Google DNS” but in reality your ISP could be using Google DNS the key it to setup Private DNS which takes only a few minutes to do. Graphene isn’t the only option. In reality there are tradeoffs everywhere.

The fact that the larger community only knows of Graphene OS and stock is a bit scary.

Can you elaborate on that? What do you mean?

@user@lemmy.world
link
fedilink
6
edit-2
6M

Not the only one but its factually the best one. Questionable to me is your expertise on this topic when you deter people from using the best option, based on your unrelated, subjective, non-technical views.

Possibly linux
link
fedilink
-1
edit-2
6M

There isn’t a factual"best" one as peoples needs vary completely. That’s why I say the Graphene community is toxic. They are convinced that there is only one way to do things.

Graphene is useless to me because I have no need or want for a Pixel or even a new phone. How can it be the “best” for me if I can’t even use it? As it turns out there is no right answer. It might work for you but that doesn’t make it the best for everyone.

Sour grapes

The Cuuuuube
link
fedilink
16M

I like it

if you have a pixel theres absolutely no reason why you shouldnt use it.

if you dont i dont think its worth to buy one just for graphene

if you have a pixel theres absolutely no reason why you shouldnt use it.

Plenty reasons to not use it on a pixel…I had horrible compatibility with all sorts of banking apps, government 2FA and traffic warning systems, to the point where they just couldn’t work at all. Their sandboxed play services breaks a shitload of day to day convenience and even necessities to increase privacy.

this is a problem with all ROMs, actually.

banking apps especially do everything in their power to block every phone that isn’t stock.

There a lot of ethical reasons to not use it. Also the community tends to be a bit toxic.

Could you elaborate on the ethical part, please?

They encourage proprietary software and locked down systems. For instance, they use Google play services instead of microG and they promote the play store. I personally think that F-droid apps are much better from both an software freedom perspective and a privacy perspective. I’m not against people installing proprietary apps as I realize sometimes that is unavoidable but they could at least encourage the use of Foss. Graphene could simply have both F-droid and Aurora store by default and on setup explain the difference. They could even allow the install of Play services instead. However, they don’t even really try. They focus on security which at the end of the day is subjective.

Most likely talking about how the lead developer had a mental health crisis and lost his marbles. From what I’ve heard, he has stepped off to take care of that and the project is still going great.

Name only one reason that is relevant from a technical standpoint.

I said ethical not technical. Anyway from a technical perspective Graphene os is only supported on a handful of devices so it is off the table for many people.

By this logic rpiOS sucks because its only supported on Raspberry PIs. Only Pixel hardware meets the security requirements of Graphene.

Raspberry Pis suck in general as they lack open firmware. You are stuck with the Raspberry Pi kernel and all of its blobs. “Security requirements” is something Microsoft says about Windows 11. If you are concerned about security your best bet is stock software as it is maintained by Google.

Again, you demonstrate that you don’t have the sufficient knowledge. There is no commerical device with open-source firmware. “Security Requirements” are not some kind of marketing bullshit as you seem to think. Graphene’s can be found here: https://grapheneos.org/faq#future-devices

I doubt you understand what any of them mean, since you seemingly think Windows 11 requirements are just random things that are just there to hurt you.

You thinking that Stock Google devices are more secure than GOS simply shows that you fundamentally lack the understanding of how things work. They are built on the same core but Graphene has massively reduced attack surface and fewer ways to exploit remotely. And then we didn’t even talk about the hardened kernel and such.

I wouldn’t try to discredit projects I don’t know anything about if I were you.

https://www.fsf.org/resources/hw/single-board-computers (2021)

https://pine64.org/documentation/ROCK64/

Pine64 boards rarely need proprietary software and they don’t need it to boot like the raspberry pi does. However, that is a discussion for another time.

You are also illustrating my point. The Graphene community has a my way or the highway mentality. As it turns out stock will often be more secure as it will have the latest security updates and will have less people handing it in general so less risk of supply chain attack from a bad actor in the community. However, this is a non issue. I find a lot of the so called security holes to be fairly mild as they require very specific targeting to exploit.

In general, the people around Graphene os and Divest OS are very toxic. In the F-droid board meeting the issue was brought up that the is censorship is promotion happing for Divest OS. People who criticized Divest OS were getting banned. The person who brought this complaint has a page where they go over there beliefs and bring forward evidence. I think they are a bit harsh but they do have a point.

http://opinionplatform.org/

What are the ethical reasons to not use it?

None. This person doesn’t know what they are talking about and they try to discredit the project based on their personal views and demonize the dev team.

I used it for quite a while, but with most of the Google apps. One morning RCS chat stopped working and would not reconnect, since I use RCS for texting most people I’m back on stock for now. I know it’s not graphenes fault, but I didn’t want to have to keep dealing with Google randomly disabling stuff. Up until then, everything worked as it was described

FYI, there’s a workaround for RCS in the graphene forums. Graphene changed some defaults to block IMEI reading (a hidden permission), which RCS needs in order to activate…

https://discuss.grapheneos.org/d/1353-using-rcs-with-google-messages-on-grapheneos/308

That should take you to the post that worked for me.

Will look into it, thank you!

deleted by creator

GrapheneOS has something in store for everyone. The fully de-googled setup by the common definition a lot of people strive for is a fully supported configuration, it comes that way out of the box in fact, making zero connections to Google - unlike many other operating systems. But you can also transform it into a more “regular” phone by installing Google Play and all the bells and whistles and enjoy the benefits while still feeling save, thanks to the app sandbox applying to it. So you can take away its permissions and feel rest assured it can’t snoop on you even if it wanted to. Or you take a middleground somewhere inbetween if that’s your cup of tea; functionality is an important factor for many, and there’s little you need to sacrifice.

Thats good to know. Thanks for sharing

krolden
link
fedilink
16M

Its all google code what are you talking about.

Lemongrab
link
fedilink
66M

I assume they mean proprietary code blobs.

Kairos
link
fedilink
16M

Everything on Android is half-assed but that’s not Graphene’s fault.

foremanguy
creator
link
fedilink
16M

Right

@ssm@lemmy.sdf.org
link
fedilink
1
edit-2
4M

deleted by creator

foremanguy
creator
link
fedilink
16M

Even more right 👍

Did you try reading through the FAQ?

foremanguy
creator
link
fedilink
-46M

No and now I’ve answers to a lot of my questions

Its always better to try and get firsthand knowledge through the FAQ then rely on, possibly inaccurate, Lemmy users. I would also seek answers on their official forum over Lemmy as well.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.13K Posts
  • 78.3K Comments
  • Modlog