no other manufacturer than google ever will have graphnene os support. their requirements cannot be met unless you are a tech gian, and with exceptionally good connections to the hardware manufacturers
Graphene isn’t the best choice for everything. It doesn’t have good backup solutions nor device to device backup or anything solid for complete snapshots and when restoring your so called backups you’ll realize what all it truly lacks.
It’s hardened and has a lot of security and privacy features but none of that matters if your opsec is bad, or it’s feature set doesn’t match your threat model. I am not knocking it at all. It just isn’t the white knight for every case.
The project has sort of silo’d itself into security which is only one part of the equation. Rather than overall completeness, functionality, maintainability. It’s lacking major fundamental feature sets. Thus its more of a tails meets whonix/Qubes right now not a all in one bow wrapped package to save the day for its consumer base. Many many other issues/bugs I didnt list. Perhaps I’ll add more tomorrow. If everyone wants.
And that’s exactly what it should be IMO. I prefer a project with narrow goals to one that does everything, but poorly.
If I want backups, I can use something like Syncthing. When moving to a new device, I prefer to install everything from scratch because I generally don’t use most of the apps I have anyway. I don’t put anything critical on it, so why would I need to restore from a snapshot?
If you want those features, it’s not the ROM for you.
I just want a simple device with a long support cycle and no spyware, and GrapheneOS delivers. I have Google Play Services on a seperate profile, and my main profile is completely free of that crap. I want a Linux phone, but every phone has serious limitations, like missing audio, sketchy calls, or completely broken camera. GrapheneOS is the closest experience I have to that.
If I want backups, I can use something like Syncthing.
syncthing cant backup your device. that is a file transfer app. for backing up the device you need either appmanager and root, or good old dd and root (and a half shutdown system)
I don’t put anything critical on it, so why would I need to restore from a snapshot?
because not everyone uses the device the same way as you
snapshots are always complete. file based backups are not because of metadata changes. seedvault even less because it picks apps except this and that, and an unknown subset of the settings, and shared storage for the files that you have enabled
If you want those features, it’s not the ROM for you.
currently there’s no ROM on which you could execute a real backup, thanks to encrypted storage with keys stored in TPM. TPM sees a change, and now your backup is a useless blob of practically random data
I just want a simple device with a long support cycle and no spyware, and GrapheneOS delivers.
as does calyx os
I have Google Play Services on a sperate profile, and my main profile is completely free of that crap. I want a Linux phone, but every phone has serious limitations, like missing audio, sketchy calls, or completely broken camera.
with microg, this can be done on calyx too. there’s even a few options on how much you want google to know.
and if your point is that not all apps work with microg, then you would never actually move to a linux phone because that will never have google play services (hopefully, else something has gone way wrong), probably not even microg or apps that would depend on it
syncthing cant backup your device. that is a file transfer app.
That’s exactly what backup software is, it’s keeping copies of important data in multiple places so if one dies/gets stolen, you have backup copies.
I can tell syncthing to copy all my important data to another device.
I don’t need all the installed apps or a disk image, that’s way overkill. I could do that, but it’ll get way more than I need.
as does calyx os
You’re right, Calyx OS is also a good choice.
I went with GrapheneOS for two reasons:
sandboxed Google Play vs microG - no option AFAIK to disable it
faster security updates
My goal is a baby step toward Linux phones, not compatibility with Android. I only have Google Play Services on a separate profile, and I spend 95% of my time on the profile without it. The less I rely on Google Play Services, the easier it’ll be for me to transition to Linux alternatives.
Better app compatibility is a nice side effect. I have a handful of apps that rely on Google Play Services, and there’s a decent chance they wouldn’t work on microG. But I rarely use them and I’m willing to go without if it means I can have a Linux phone.
sandboxed Google Play vs microG - no option AFAIK to disable it
you mean disabling microg?
if so you can refuse installation at profile setup. if you make a new profile, you can choose to install it there. then in microg settings there are some toggles for functionality
Google Watch - only use for payments, app is needed to refresh payment tokens
Sensi - smart thermostat - I had trouble adding to Home Assistant, will probably try again at some point
a few random apps I can live without
If I had a viable Linux phone, I’d keep my old Android device around for the above, assuming they don’t work with the emulator (Google Watch probably won’t).
And that’s cool that microG can be disabled. I could maybe live with slower updates, so it sounds viable, assuming the above work.
Generally speaking privacy and security are related but not really linked to each other. Google services might be very secure, but a privacy nightmare for example.
In this particular case, even more, because the chances that using a “googled” phone will mean data collection (I.e. privacy issues) are almost certain, while the risks we are talking about are much more niche and - as I elaborated on another comment - in my opinion not really in most people threat model.
I would like to hear your perspective instead, because I am not really into using authority arguments, but as a security engineer I believe to at least understand well the issue with security updates, vulnerabilities and exploits. So yes, I do think to know what I am talking about.
That is not the only issue, it’s just one of the more major ones that shouldn’t be dismissed like it’s nothing. Another major one is the unlocked bootloader. You can take a look at all the Android ROMS here.
I think people should treat carefully when changing the OS of a mobile device. Changing your OS to something less secure just because you want to shove it to Google and Apple is not enough to warrant it. Better to stay with something safe that you know than with something insecure like /e/OS.
Luckily we have Graphene so you can actually switch to a more secure and private OS that is not made by an American corporation hungry for data.
I am not dismissing it, I am saying that is not as big as you make it to be. Most users lag behind in updates anyway, besides using minimal and trusted applications, the outside exposure to exploitation is relatively small, for a device without a public address. I am not the one APTs are going to use the SMS no-click 0-day against.
Similarly for the bootloader issue. The kind of attacks mitigated by this are not in most people threat models. They just are not.
As someone else wrote, it’s possible to relock the bootloader anyway with official builds (such as my FP3). But anyway, even for myself the chance that my phone gets modified by physical access without my knowledge is a fraction of a fraction compared to the chance that someone will snatch the phone in my hand while unlocked, for example (a recent pattern).
If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.
If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.
We do. I can’t in good conscience recommend it as an alternative to friends or relatives when even stock Android has improved security. I can’t speak for your social circle, but all the people I know update their phones accordingly. Maybe they delay the update for a few days, but they don’t stay months with their phones like that. Fairphones improve the situation a bit since you can lock the bootloader, but the substantial delay in security updates is still a major risk.
I don’t get why anyone would choose /e/OS over Graphene if they had the option. Graphene offers the highest security and privacy, it works wonderful and most banking apps support it. /e/OS just has the advantage of supporting more models, but if you can get a Pixel what’s the point?
Shame there is no Graphene OS support for it
no other manufacturer than google ever will have graphnene os support. their requirements cannot be met unless you are a tech gian, and with exceptionally good connections to the hardware manufacturers
Was thinking the same thing. Not Graphenes fault though but a failing of OEMs to provide what’s necessary.
Graphene isn’t the best choice for everything. It doesn’t have good backup solutions nor device to device backup or anything solid for complete snapshots and when restoring your so called backups you’ll realize what all it truly lacks.
It’s hardened and has a lot of security and privacy features but none of that matters if your opsec is bad, or it’s feature set doesn’t match your threat model. I am not knocking it at all. It just isn’t the white knight for every case.
Agreed.
That said, it would be awesome to have an alternative to Pixel devices if you do want GrapheneOS.
The project has sort of silo’d itself into security which is only one part of the equation. Rather than overall completeness, functionality, maintainability. It’s lacking major fundamental feature sets. Thus its more of a tails meets whonix/Qubes right now not a all in one bow wrapped package to save the day for its consumer base. Many many other issues/bugs I didnt list. Perhaps I’ll add more tomorrow. If everyone wants.
And that’s exactly what it should be IMO. I prefer a project with narrow goals to one that does everything, but poorly.
If I want backups, I can use something like Syncthing. When moving to a new device, I prefer to install everything from scratch because I generally don’t use most of the apps I have anyway. I don’t put anything critical on it, so why would I need to restore from a snapshot?
If you want those features, it’s not the ROM for you.
I just want a simple device with a long support cycle and no spyware, and GrapheneOS delivers. I have Google Play Services on a seperate profile, and my main profile is completely free of that crap. I want a Linux phone, but every phone has serious limitations, like missing audio, sketchy calls, or completely broken camera. GrapheneOS is the closest experience I have to that.
syncthing cant backup your device. that is a file transfer app. for backing up the device you need either appmanager and root, or good old dd and root (and a half shutdown system)
currently there’s no ROM on which you could execute a real backup, thanks to encrypted storage with keys stored in TPM. TPM sees a change, and now your backup is a useless blob of practically random data
as does calyx os
with microg, this can be done on calyx too. there’s even a few options on how much you want google to know.
and if your point is that not all apps work with microg, then you would never actually move to a linux phone because that will never have google play services (hopefully, else something has gone way wrong), probably not even microg or apps that would depend on it
That’s exactly what backup software is, it’s keeping copies of important data in multiple places so if one dies/gets stolen, you have backup copies.
I can tell syncthing to copy all my important data to another device.
I don’t need all the installed apps or a disk image, that’s way overkill. I could do that, but it’ll get way more than I need.
You’re right, Calyx OS is also a good choice.
I went with GrapheneOS for two reasons:
My goal is a baby step toward Linux phones, not compatibility with Android. I only have Google Play Services on a separate profile, and I spend 95% of my time on the profile without it. The less I rely on Google Play Services, the easier it’ll be for me to transition to Linux alternatives.
Better app compatibility is a nice side effect. I have a handful of apps that rely on Google Play Services, and there’s a decent chance they wouldn’t work on microG. But I rarely use them and I’m willing to go without if it means I can have a Linux phone.
you mean disabling microg?
if so you can refuse installation at profile setup. if you make a new profile, you can choose to install it there. then in microg settings there are some toggles for functionality
btw, which of your apps nead google services?
If I had a viable Linux phone, I’d keep my old Android device around for the above, assuming they don’t work with the emulator (Google Watch probably won’t).
And that’s cool that microG can be disabled. I could maybe live with slower updates, so it sounds viable, assuming the above work.
You could always go for /e/os though
Edit: Didn’t know it was this bad…
/e/os is a security dumpster fire. It’s even worse than stock Android. Stay away from it.
Can you explain?
Every other version of Android gets security updates out within a couple weeks of release at most.
/e/OS users are lucky if they get them within a couple months.
No offense, but that’s not what a security dumpster fire is. Security updates are important, of course, but they are also not the biggest deal.
In fact, I bet that the vast majority of users (on Android or otherwise) are lagging way behind in updates anyway.
So an OS that boasts about the “privacy” it offers… Doesn’t need routine and consistent security updates?
Sure thing bud, keep going on like you know what you’re talking about.
Generally speaking privacy and security are related but not really linked to each other. Google services might be very secure, but a privacy nightmare for example. In this particular case, even more, because the chances that using a “googled” phone will mean data collection (I.e. privacy issues) are almost certain, while the risks we are talking about are much more niche and - as I elaborated on another comment - in my opinion not really in most people threat model.
I would like to hear your perspective instead, because I am not really into using authority arguments, but as a security engineer I believe to at least understand well the issue with security updates, vulnerabilities and exploits. So yes, I do think to know what I am talking about.
That’s concerning to hear from a supposed “security engineer”.
If you really are, you should be familiar with the age old adage, “no security, no privacy.”
But even then, you seem very blasé about security, so again, really don’t trust you know what you’re talking about.
That is not the only issue, it’s just one of the more major ones that shouldn’t be dismissed like it’s nothing. Another major one is the unlocked bootloader. You can take a look at all the Android ROMS here.
I think people should treat carefully when changing the OS of a mobile device. Changing your OS to something less secure just because you want to shove it to Google and Apple is not enough to warrant it. Better to stay with something safe that you know than with something insecure like /e/OS.
Luckily we have Graphene so you can actually switch to a more secure and private OS that is not made by an American corporation hungry for data.
I am not dismissing it, I am saying that is not as big as you make it to be. Most users lag behind in updates anyway, besides using minimal and trusted applications, the outside exposure to exploitation is relatively small, for a device without a public address. I am not the one APTs are going to use the SMS no-click 0-day against.
Similarly for the bootloader issue. The kind of attacks mitigated by this are not in most people threat models. They just are not. As someone else wrote, it’s possible to relock the bootloader anyway with official builds (such as my FP3). But anyway, even for myself the chance that my phone gets modified by physical access without my knowledge is a fraction of a fraction compared to the chance that someone will snatch the phone in my hand while unlocked, for example (a recent pattern).
If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.
We do. I can’t in good conscience recommend it as an alternative to friends or relatives when even stock Android has improved security. I can’t speak for your social circle, but all the people I know update their phones accordingly. Maybe they delay the update for a few days, but they don’t stay months with their phones like that. Fairphones improve the situation a bit since you can lock the bootloader, but the substantial delay in security updates is still a major risk.
I don’t get why anyone would choose /e/OS over Graphene if they had the option. Graphene offers the highest security and privacy, it works wonderful and most banking apps support it. /e/OS just has the advantage of supporting more models, but if you can get a Pixel what’s the point?