Been using this for about a year on a p9 pro. It works very well. I hear the google tap to pay does not work, but I've never tried it. However Vipps with their tap to pay works fine. BankID works but not with biometric login, which some things require IIRC. And for some reason DnB private works fine, but you are not allowed in on the corp app.
It's mind boggingly stupid that they lock down apps like this, when you can just open the thing in a website anyway. I can use my bank on some linux distro, crazy that they trust me since it is not Windows - the truly secure OS!
Knew about those things before I started, so all in all I'm pretty happy. I'd recommend NOT using different users for different things (I started with banking etc in one profile, that ended up being a huge PITA and according to their docs it is mostly security theater anyway). Happy tinkering!
I'd also recommend to slowly migrate to GrapheneOS, getting to know where the boundaries are for specific apps. Once you've got your 'dailies' all up and running predictably, then you're good to go, but it could take a few days depending on how much spare time you have to find said boundaries. Having said that, I turn on most of the higher level security protections, which quite a few apps need exceptions from.
But, yes, you can't tap to pay and it's unlikely you ever will. Banking apps will be hit and miss depending on their (generally hypocritical) paranoia levels.
I pay with a tap-to-pay card, and I have never needed to do banking related things immediately, I've always done it via the bank's website.
I also still have a not-very-old 'normal' android phone for some edge cases - which are few and far between (actually, I think it's usually to cast youtube to the TV since I only have the revanced youtube app on the GrapheneOS device).
> It's mind boggingly stupid that they lock down apps like this, when you can just open the thing in a website anyway. I can use my bank on some linux distro...
Not in Spain. I can access my bank's website but I can't do anything without their bank app. Even sometimes they require to confirm my identity using their app in order to access their website.
I have several linux phones but I can only do banking with their app downloaded from Aurora Store in my Vollaphone.
I have been using GrapheneOS for a few months in Spain with and out of three banking apps only one gave me trouble, I had to enable "Exploit Protection Compatibility Mode" on "app information". Personally I refuse to pay with the phone so I am okay not having that option.
If someone wants to try Graphene os maybe that option will work on their banks too.
Not in Spain. I can access my bank's website but I can't do anything without their bank app. Even sometimes they require to confirm my identity using their app in order to access their website.
I've seen this elsewhere, and it's absolutely ridiculous.
Why?
Because in almost all cases, the apps may only be installed with Google Play, and require the framework to work correctly. And that means?
If you are not in good standing with Google, you cannot bank!!
I cannot stress how inane it is, to have Google or Apple as the gatekeeping to identify verification. How not having an active, in good standing account with one of these two, means you cannot bank.
And it's happening more and more.
Meanwhile, banks -- which tend to make billions in profits quarterly, do this to save on infrastructure costs. They do it so they don't have to stand up their own push servers, or have an app which doesn't require firebase.
Well cry me a river, boo-hoo Mr Banker, I'm not even remotely interested in you saving on infra-structure costs at the loss of autonomy. And on top of this, many banks are reducing hours, closing branches, claiming that they don't need them.
Leaving absolutely no other choice.
This sort of thing should be illegal. Being in Spain, but requiring a US megacorp to tell your own bank, that you're you.
Especially with how things are currently, I whole heartedly agree - you cannot operate as a human being in Europe without having a good standing with either Alphabet or Apple.
I agree that the locking down is truly stupid. For what it’s worth, the reasoning for locking down mobile apps is allegedly that mobile users are a less technologically competent demographic than desktop users. I do not think so myself, given the difficulty in trying Graphene vs. Desktop Linux.
I was the one that submitted the DNB Bedrift app report to the sec dev repo! I contacted DNB but they never responded to my email. I wonder if we can find a dev? I believe that's how the private app got fixed.
Want to use Vipps tæpp so much but I have Nordea for private and they don't allow it on their cards, for whatever godforsaken reason.
Hah - both were in my browser history, yes I know them :) I misunderstood and thought you had sent direct emails to relevant parties arguing for why they should be allowed on grapheneos.
I personally tend to own two Phones. One all-day carry GrapheneOS device (Pixel 8) and an older WiFi and at home only iPhone for all payment and ensurance stuff.
This is inconvenient in some ways, but at least it is sort of privacy as good as it gets while still being able to run official apps when I need them at home.
To de-google the phone, I use F-Droid as primary App store, Aurora as fallback for non-f-droid Apps and as a last resort Obtainium to install Apps that are not in these stores.
The only google App I really "need" (kind of) is the Camera App, which is sandboxed via GrapheneOS Storage Spaces and without Network permission (why would a camera need internet?).
To backup my phone, I use the integrated GrapheneOS Solution (seedvault!?) for storage and apps, immich for Photos and MyPhoneExplorer for Contacts.
Sometimes it is a bit hard to find good apps for specific purposes, so for everyone interested, here is a list of Apps that I personally use or have used.
Newpipe - Youtube Client
Audiobookshelf - Audiobooks
Voice (PaulWoitaschek) - Local Audiobook Player
Substreamer - Music
DSub - Music (alternative)
VLC - Video-Player
Organic Maps - Google Maps alternative (not as good)
PDF Doc Scanner - Open Source Document Scanner
Wireguard - VPN
Immich - Photo Backup / Viewer
LocalSend - File Transfer
K9 Mail / FairMail - Email Client
KOReader - Ebooks
Binary Eye - QRCodes and Barcodes
Pure Todo - Self hosted PWA PHP Todo List
Signal - Messenger
Open Camera - Open Source Camera App
I like Organic Maps because it isn't full of the social things. Every time I open Google Maps it shows that card at the bottom with "what's popular in your area", full of pictures of people's breakfasts and other nonsense. Organic Maps is free of this noise.
Also, the desktop client on Linux is quite useful.
Alternatives for Windows etc. are Cruiser Maps, a Java application (and also available as an Android app).
This is especially interesting in regard to the recent HN dicussion on spyware by for-profit intel firms having access to Whatsapp, Telegram, Signal, etc. (https://news.ycombinator.com/item?id=47033976) through OS-level no-click hijacks.
I wonder how secure GrapheneOS is in that regard, and what the other contenders are?
Hard to say how it fares against those specific attacks but some of the vulnerabilities that will go out in the mid-2026 on the mainstream handsets are already patched: https://grapheneos.org/releases#2026021200
(it's not magic. All big vendors have these details, just choose to take their sweet time to patch them. GOS has partnered with a major OEM vendor who provides them with access)
GrapheneOS have hardened_malloc which is a huge advantage, I think. It makes the weird machines problem much harder. I would say be very careful, because you can still get previews of images, or old and weird media formats that could be exploitable, and android/GrapheneOS doesn't have the same sorts of policy as say Apple with the iMessage blast door. They control safari, etc.
Android's attack surface seems pretty jagged. For example there is only one webrender engine on iOS, where you can run anything you like on Android/GrapheneOS.
GrapheneOS themselves dont pretend that their secure from that level of attack, but its about evaluating your own threat level. State sponsered actors aren't burning zero days on the vast majority of people, and you only need to look at how badly several european governments want to ban graphene and similar to see that such exploits aren't even being burned on organised crime. Realistically unless you're a journalist or considered a political target you're gonna be fine with graphene.
It's quite secure against casual attacks, but a proprietary mobile platform has inherent issues wrt. withstanding even mildly sophisticated attackers, including mercenary spyware services. You still have a huge attack surface from all sorts of proprietary firmware blobs and hardware IP blocks that are running directly on the SoC. It's not clear that it's really worth even trying to secure it as opposed to just treating it like an untrusted toy.
While I admire GrapheneOS and its goals, I feel that until we free the proprietary baseband processors and their RTOS from the grips of Qualcomm and friends it's a pyrrhic victory, at best.
Unless the next best thing makes you think you are already achieving the "perfect solution" for what you think you care about, but in truth does not.
I'm not a mobile phone security expert but my feeling is that in the case of GrapheneOS - which target is probably high-profile people at risk of state actors et similia attacks - a zero-day in the closed source firmware from Qualcomm will probably screw you anyway.
I understand that you are anyway reducing the attack surface (now they need to target the modem firmware specifically), I understand the concept of security in depth and I also understand that by using GrapheneOS you are already placing mitigations for many other known and unknown attack vectors. But still...
fyi a Cell Site Simulator can masquerade as the legitimate telco operator and push type 0 messages to the handset.
What that means is they can push malicious settings and configurations (Definitely) and probably malicious firmware to the handset at will. They don't need to code this, they buy the software packages from the usual suspects. Adversary simply needs to put a drt box or a hailstorm or what-not close enough to the handset to do the work.
The baseband can do a lot, it has dma (if I recall correctly) and can almost certainly screen look, and extract information from some but not all base bands. This varies.
GrapheneOS cannot really influence this, but hardened_malloc could conceivably help. What would be great is a bench firmware re-flash, but I don't want to do this every single day.
> Is the baseband isolated?
> Yes, the baseband is isolated on all of the officially supported devices. Memory access is partitioned by the IOMMU and limited to internal memory and memory shared by the driver implementations. [...]
> a zero-day in the closed source firmware from Qualcomm will probably screw you anyway.
All the devices that GrapheneOS supports implement a clear separation of the baseband and the CPU in the form of SMMU, ARMs version of IOMMU. So a zero-day in the baseband does not immediately screw you - unless the code on the CPU side also contains vulnerabilities or there is a major flaw in the SMMU implementation that somehow breaks isolation.
Thanks for the clarification (and to the others that answered as well).
I probably explained myself in a shitty manner, I didn't try to downplay GrapheneOS efforts, and I should have kept my initial statement about "next best thing can create a false sense of completeness" as a generic remark and not specific to GrapheneOS, for which I don't have enough knowledge to know if it applies or not.
So no, their target is people who marginally care about privacy and security but don't want to use iOS. I don't think they target any particular demographic but I see security engineers and activists among users.
And it's not only security - simple stuff like USB data off unless the phone is unlocked, native call recording, much enhanced user profiles (to separate data mining apps like Uber or Instagram from your financial affairs), etc.
And yes, it's about reducing the attack vector. On most other handsets you'll get most of the fixes 6 months or a year later. At best.
I think the appeal and use case for Graphene and similar OS for most users is the Google/privacy/ownership type argument.
I do understand your point that people at risk of state level attacks might get a false surface level appearance of defence from this. But then anyone who's a target of state level attacks and is making OS decisions based on a surface level understanding of the tech is not going to have a good time anyway.
iirc Graphene is in talks with an unnamed HW vendor to make a grapheneos specific phone. They refer to the vendor as someone who makes phones and you've likely heard of, but haven't given any more info otherwise.
I've been using GrapheneOS for about 3 years now. For the most part, it works very well. I don't have any issues with banking apps, nor any other closed source apps. I'm using two profiles both with sandboxed Google play installed. I'm logged in into my private Google account on the work profile.
However, there was one case that lead me to thinking about ditching grapheneos to this day.
I installed Uber on my phone and I was able to successfully create an account and use it. When it came to booking a ride, the app crashed and I had to log in again. Once I did that, I was told that my account has been suspended for violating the terms of services. All I did to that point was creating an account and booking a ride.
I was able to resolve the issue luckily after a few days and going back and fourth a couple of times with the Uber support, however, the risk of getting banned on any such platform is still risky, and thus I'm not sure if grapheneos is usable if you need to use such services.
Maybe not being able to use Uber isn't the downside you think it is though. UK centric view but call a cab and pay in cash, you haven't comprimised your security and you're not engaging with an unethical business.
What exactly is the risk of getting temporarily banned on Uber? You have to use a different taxi app? As if such a thing even exists?!? Unacceptable!!
Every app on my phone has at least one other app, usually already installed, that can replace it. This wasn't intentional, it just happened naturally. Unless all two or three apps in a category get blocked for me at the same time, this already unlikely situation is barely an inconvenience.
The key phrase there is "such services". It's not just about one problem once with Uber, it's the risk of problems like this with any service of that kind, or really any service you rely on.
If using GrapheneOS significantly increases the risk a person won't be able to use a service they rely on, that may be unacceptable.
But that's my point, what one irreplacable app/service do people rely on? The only thing that comes to my mind is messaging apps, but even there, almost everyone I need to talk to is reachable on at least one other app. I have multiple taxi apps because I compare prices and availability, like any reasonable consumer should. I have two banks, but even if I didn't, I can pay by cash or card, not just phone. If I need to make a bank transfer, I can go to a branch or do it online. I have two map and navigation apps because they have different strengths and weaknesses. My email is accessible by browser if the app breaks.
I'm not doing this on purpose, I just now scrolled through my app list looking for one app that would actually fuck me up if I lost it in an instant. There are none. And I'm not currently even running graphene or anything else, just a stock Samsung.
It's not breaking free from Google, but pretending it does not affect you. You are still at mercy of app developers and Google which may introduce some changes that will affect you. Additionally you never know what will work or stop working.
I've used GrapheneOS on a Pixel 3a, 5, 8 and 10 Pro so far and it's worked really well. I couldn't imagine going back.
The only things I'm missing (which don't exist in other OS'es either):
- Being able to configure contact scopes in such a way that the app in question only gets access to the phone numbers of the contacts belonging to the label I specified, e.g. "WhatsApp", nothing more. Yes, one can of course add contacts' phone numbers to the contact scopes "by hand" but 1) there is a limit on the number of contacts/phone numbers configured this way, and 2) AFAIK there is no way to back up that list.
- Being able to install browser extensions in Vanadium.
- Being able to configure multiple VPNs at once, e.g. for Tailscale, ad filtering, blocking HackerNews during times when I should be doing something more productive :) etc., especially since the Vanadium browser doesn't support extensions (see above). I was hoping that the Rethink app might implement something like this (https://github.com/celzero/rethink-app/issues/1047) but it doesn't look like it's coming and it'd probably be much better to do this at the OS level.
GrapheneOS' approach is to focus more on security than privacy, because they believe increased security leads to increased privacy. Unfortunately, that means their hardware requirements pretty much limit the hardware that you can run it on (currently only the Pixel phone range). Worse, it also means they stop supporting a device when it reaches End-Of-Life as software security updates stop for it (see How long can GrapheneOS support my device for? - https://grapheneos.org/faq#device-lifetime ). Sad though - GrapheneOS on Sony Open Devices ( https://developer.sony.com/open-source/aosp-on-xperia-open-d... ) would have been nice.
The whole reason why GrapheneOS is superior to its alternative is because they do all that.
I also with they could support non-Google phones, but that's a problem coming from the manufacturers, not from GrapheneOS.
My understanding is that there are close to half a million GrapheneOS users. And many potential users don't want to buy a Google phone. So it feels like it is starting to become worth considering for manufacturers...
I don't get why Fairphone doesn't look into that. Is it because they are not aware, or is it too hard for them to make hardware that is compliant with what GrapheneOS requires? Hundreds of thousands of devices may not count so much for Samsung, but they must definitely count for Fairphone.
They are dependent on the AOSP releases (which Google develops) and on the manufacturer updates (and because GrapheneOS runs on Pixels, then it goes back to Google again).
I can understand relying on an OEM to provide hardware support for a given model - but I'm finding it hard to understand why they're unable to continue supporting a release just because the upstream removes support for something.
I'm not even really sure what you mean by "manufacturer updates".
The more I hear about this project, the less is sounds like an alternative OS and more it sounds like a thin skin around whatever shit Google throws out, to be honest.
It's a shame only Pixel phones are supported. I have PWM sensitivity and Pixel phones are notoriously bad for this, my eyes hurt when I look at one for more than 30mn. Due to the lack of good, secure alternative, I have had to give up on privacy in exchange for manufacturer updates.
I'm in the same boat. Bought a 9 Pro XL and had to return it. Hope their OEM will use DC dimming for the screens or have an IPS option.
In the meantime, I use a Motorola G Power 2024 which has IPS. I'm very much a non-expert but made a minor hobby out of trying to de-google it as much as possible.
Never signed into Google with it. Using NetGuard with a whitelist to prevent most of the phoning home. Uninstalled or disabled most built-in apps. The apps I use are installed via either Obtanium or Fdroid. Have Dropbox from Aurora. Use Motorola's private space for keeping some data and apps in a separate, supposedly secure locker.
I'm sure this doesn't come close to GrapheneOS's security level but it's the best I can do within the limitations of this device. It was a fun mini-project. NetGuard is invaluable for this purpose. Almost feels like the phone is truly mine.
One of the only big downsides I've noticed with GrapheneOS is that several banking apps don't work with it at all thanks to being tied to Google's verification ecosystem.
Luckily I have hardware 2FA keys from my bank so I can authenticate using that. It also slightly decreases the suck-factor from whenever the phone decides to fly off down a drain. This may not be the case for you, so do your research on what you need for daily living.
I contacted my bank, insisting that GrapheneOS is one of the most secure OS on the market and therefore should be supported if they actually care about users' security (it's actually far more secure than all the old, far less secure but Google-approved devices out there). They acknowledged an fixed their app, one of the most popular in France.
Still missing Android Pay but that's due to Android Pay being closed. I wish banks would do something and support NFC payment systems that don't require the device to be controlled by Google (how can we be okay with this?!)
I can't say about "convenient" because I don't use it, but I have been using QR codes for years and I haven't had a single issue. I don't know anyone who has.
It's regularly unreliable here, because it's reliant on a bank app which in turn is reliant on an internet connection, and banks here are kind of shit.
It's pretty common here that people will be told they need to turn off an otherwise working Wifi connection when facing problems because bank apps will often just not work properly on wifi.
But as I said, even without that, the convenience level is ridiculously different. It's arguably quicker to open your wallet and use a debit card with an NFC chip than it is to use QR codes, before we even talk about the convenience of watch/phone payments using NFC.
Yup, also Google Pay doesn't work, though there are other providers which work fine (Curve Pay I think works in all of EU), but it just made me carry my wallet everywhere and I understood I don't mind that at all.
Most anti-google move: buy a second hand pixel, they receive no revenue on the device which is (assumed) already highly subsidized by google so that they can profit off users' data, then you use their subsidized hardware without running their spyware OS. Google only loses money in this scenario, it is a great protest.
I see it as a necessity, because the Google phone is the only one worth it if you care about security.
The problem is not GrapheneOS, but rather that phone manufacturers other than Google don't care. Now if there were millions of GrapheneOS users, it would start becoming interesting for other phone manufacturers to care.
My point being that I buy Pixel in order to give more weight to GrapheneOS, in the hope that other manufacturers will eventually realise that.
No, because most banking apps call upon the Google Play Integrity API, which GrapheneOS doesn't (or can't?) use. There's a decent list kicking around of which ones work (Monzo, for instance).
Not really. On GrapheneOS, the Play Services/Play Store run as sandboxed apps, i.e. they are not system apps like on Android. They just run like a normal, unprivileged app. That's a lot better than on Android.
> I'd rather break free from Google and Apple, not just (stock) Android and iOS
If you want to break free, you don't have to install the Play Services / Play Store on GrapheneOS, just like you don't have to install microG on LineageOS. There is a misconception that microG is better than sandboxed Play, but I disagree. With microG, your apps still connect to the Google servers, so you're not "breaking free".
I have been using /e/OS for 5 years, and also GOS. My take is:
- If your phone is supported by GOS, you should go for GOS.
- If your phone is not supported by GOS, you should look carefully and compare between /e/OS and Stock Android.
I had a Fairphone 3, and after 5 years, /e/OS was outdated by 4 years w.r.t. the manufacturer updates. In other words, Stock Android coming from Fairphone was more secure than /e/OS on that Fairphone.
In my experience, /e/OS has a tendency to claim that they support everything, but they just can't, there is too much. And then they complain when GrapheneOS criticises the fact that some /e/OS users believe their phone is well supported but actually isn't. And GrapheneOS is not wrong: I realised I was in that case after 4 years with /e/OS.
In regular use, main difference will be that /e/OS comes with access to the alternative cloud service that project provides. It uses the default FOSS solution microG for google api compatibility, unlike GrapheneOS with their sandbox approach. /e/OS sets on AppLounge to install and upgrade both play store or F-Droid apps. Graphene has a small curated app repo instead.
I'd never use GrapheneOS since I don't trust the project. /e/OS is also not my favorite since it feels like it is developing slowly, having had issues with outdated software versions - though it does work well in practice. Have a look at iode for an alternative.
> I'd never use GrapheneOS since I don't trust the project
Fair enough, you choose what you trust.
But personally, I have never seen a technical claim from GrapheneOS that was wrong or misleading. But I have seen many claims from /e/OS that were technically wrong or misleading. So I trust GrapheneOS more.
Then there is the drama, and all sides annoy me when they behave like this. But I have seen drama coming from all sides.
I have never seen drama from /e/ or any other project GrapheneOS attacks, like Calyx. Please link me to it - I asked this several times, people never can follow up. So far?
> Please link me to it - I asked this several times, people never can follow up. So far?
Sorry, I won't spend 30 minutes digging to find that :-). I follow /e/OS, GrapheneOS and (followed) Calyx. I have seen messages from all of those either on forums, Mastodon, etc.
Also, whenever GrapheneOS makes a technical point (which is often a blunt "GrapheneOS is superior because [...] does it wrong"), many users of those projects answer aggressively (and of course many GrapheneOS participate as well).
And on top of that, a lot of messages criticising some GOS people or the entire project and calling them "toxic" whenever GrapheneOS is mentioned.
I have no skin in this game, so it doesn't touch me. But I could understand that the GOS people feel "harassed" by this. If everywhere I went people said "have you seen this guy? I hear he's toxic", I would consider it harassment, I think?
Sorry, but then I take this as the usual - GOS is attacking other projects, that I can easily see in all their socials, and the other projects have done nothing wrong. GOS always claims that the other projects attack them since years, and never shows any proof. And indeed, I still never have seen any attack against GOS. Seems like this won't change today.
You or other readers can check https://github.com/mozilla/ichnaea/issues/2065 for a public display on how GOS attacks work when they are mixed into technical debates, how they destroy any chance of cooperation.
That's not just a claim, this is an objective fact. GrapheneOS has a excellent track record when it comes to security, they have made several patches that got upstreamed to Android, etc.
I think it's more of a marketing claim from less secure systems that "privacy is not security, and GrapheneOS focuses on security while we focus on privacy".
GrapheneOS does care about both, quite obviously. And GrapheneOS tends to say that if your security is bad, then it is affecting your privacy too. Whereas others say "sure, we break the Android security model by unlocking the bootloader and signing our system with the Google test keys, but your apps will contact Google through microG instead of the Play Services, so it's more private". Which is worth what it is worth...
And sandboxed Google Play services serve both goals -- it runs the service as a regular android service, not an exceptional one that has a bunch of extra permissions. So you can allow/restrict it as you seem fit, while not "getting behind" on features/apps that mandate it.
I disagree, privacy is an essential part of security, if there's no privacy, then there's no security.
That's also why I don't keep anything important on my phone as I don't trust what's going on there despite having all the secure features that you would want.
Other way around, actually. It's possible to make concessions to privacy, like providing crash reports, or running applications in sandboxes which limits what they can harvest, while keeping the platform secure.
Any privacy you have on a system is reliant on no one tampering with that system and on software behaving itself. Without security, you can't trust the system to implement any privacy.
I also disagree with that, I trust my Linux distribution to behave well much more than I trust any Android platform and it doesn't even have much app sandboxing at all.
You can't fix a lack of trust like you have in Android with technical solutions. The flaw in Android is fundamentally a social problem.
That's the difference between trusted computing (Linux distribution) and untrusted computing (Android).
If you want something backed by objective data, my phone has an advertising ID built in the OS and my laptop doesn't. My phone had 100s of privacy scandals and my laptop doesn't have one.
I do applaud GrapheneOS don't get me wrong but I have a feeling that they are fighting a losing battle.
GOS creates a complete bunker of a phone that can provide defense against pretty much all but the most dedicated state level actors. If you're worried that someone would steal your phone specifically to target you, Graphene will protect against that. Securitywise it's hard to argue against them, although GOS tends to sacrifice usability in favor of security, which leads to odd decisions. Their device depreciation timeline is also pretty aggressive and really just matches that of the Pixel. (You're also buying the Google phone... to not want Google in your life; this bizarre paradox will always be strange). It's not exactly a recommendation for long-term support. Worth noting however is that usage of GOS is also seen as a signal in and of itself for the authorities that you may have something unsavory to hide, so using it stands out in that regard; some law enforcement officers (I think it was in Spain?) have said that the OS is popular with organized crime. GOS obviously denies the connection and they're probably honest in that the OS isn't deliberately designed for criminals, but it's worth noting at the very least. (Basically GOS is the paradox where someone trying their hardest to be anonymous ends up standing out way too much from the crowd and drawing attention to themselves.)
/e/OS (and similar "non-LineageOS" ROMs really) instead focus more on de-Googling. They're still generally security focused, but the priority is less "someone's after you" and more "corporate surveillance is kinda scary innit". The aim is less to avoid someone actively trying to drain your phone of data and more to prevent your phone from passively sending everything it can possibly find to the Big G's ad machine (as well as whatever other trackers get snuck into apps.) Because of this, they usually have better depreciation timelines and support a lot more devices compared to GOS who only support the Pixel line (which is an increasingly awful set of phones truth be told); their scope is much smaller.
Finally, it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS. It's extremely maximalist, tends to get very upset at other projects whenever they get attention (see sibling reply to this, where they pretty much melted down because an outlet dared to recommend a Fair phone+/e/OS) and the projects official channels have generally encouraged this sort of behavior. It doesn't really damage the software itself, but it's worth considering.
I have been a user of /e/OS for 5 years, and also of GOS and would like to share my opinion on this:
> it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS
What I have seen (and I am not involved in any of those projects) is that GOS does care a lot about security, has a higher quality in that regard than anything else, and tends to be blunt about "inferior" projects communicating about security.
Not that they couldn't improve their communication style, but usually when they call out technical limitations of other projects (e.g. /e/OS), they are right. And I mean the technical arguments. Then I have seen a bunch of drama, but to be fair I have seen those other communities show toxic behaviour towards GOS just as much as the opposite.
It feels like it is GOS vs "the others", because the others don't criticise each other, and GOS bluntly criticises when they see claims they find are wrong (I have seen claims by /e/OS going from misleading to downright wrong).
On my particular phone, after 5 years with /e/OS, the Fairphone updates were outdated by 4 years. In terms of security I would have been better with the Stock Android. It depends on the phone of course, because /e/OS tends to claim that they support everything and they just can't. Even on a phone that /e/OS supports well, GrapheneOS is superior, period.
But I agree, I could do without all the drama. I guess my point is that it goes both ways.
> /e/OS/ was bad with updates for a long time (I had to switch 2022).
In my case, it was a few months ago, so end of 2025.
I think it's just that they can't possibly support thousands of Android devices. I just don't like that they are not being very clear about it. You would think that buying a phone through Murena would guarantee some kind of support, but it actually doesn't.
We need Linux OSes and phones to catch up to really break free from this duopoly. Only when there is enough traction, essential infrastructure like banks will start supporting Oses like that. It's a chicken and egg kind of problem.
I think that the main problem is that android has a lot of weird modifications that are not consistent with the rest of linux distros. The user data is suddenly in /data instead of /home, theres no package manager, no systemd (for better or worse), and there's hella lotta security gotchas, for example call recording is impossible without root as far as I know. I'm not saying that Android is not hackable, but it's a different type of hackability than desktop linux, you have to learn it all over again and in my opinion it's much harder to master than desktop linux.
I've been on ubports for 3 years and while it also has some weird caveats like read only rootfs, no working package manager (due to read-only fs. however ubports has pretty cool support for lxc containers where you can use apt). Due to chronic lack of time I haven't been able to sit down on my phone to play with it a bit (for example id like to install waydroid), but it seems a lot easier than android. For example, while there isn't an app for call recording, some guy worked around it by writing a systemd user service as a workaround[1]. This is exactly the type of thing I'm thinking about when talking "linux phone".
For me as a linux user, the difference if ubports was a human, I'd think that perhaps they were sick, whereas if android was a human, i'd shoot them in the face :)
Yeah, just need to decide where to start the fork. The larger problem is radio firmware. FCC regs were the initial excuse, for wifi and Bluetooth too, but we need to open up the source for all of these and allocate money for enforcement if we are truly worried people are going to start adding wifi channels etc. Open firmware phone radios would let you do things like truly turning off the radio when wifi was present, no gps ping even.
It's weird that here on HN some people are trying to break free from Google and Apple and on the other side some people are married to Gemini, and both look like to be the majority at times.
I mean you're not degoogling yourself if you put all your transactions through a google server. Cash if possible, card if not.
(Also it is possible to do these things if you root your phone, but caries its own risks and I wouldn't recommend. Ending your dependency on third party processors is probably the best outcome)
As long as it is based on AOSP, it is at the mercy of Google to release source code and updates. Given recent trends, I wouldn't be surprised if Google stops shipping Android source completely.
What about device attestation? Will you be able to run banking apps and Netflix et. al.?
For me the biggest concern is that while you may be able to use and run your own device, you will be locked out of most propietary services. Much like how more and more websites simply don't work with Firefox anymore.
I only use Firefox. It has been years since I ran into a chrome only website. Though recently I ran into an edge only websit on my corporate network, not even sure how that happens.
Many are complaining about banking app compatability, but I've never felt compelled to use anything other than my browser for banking. What's the big deal with the banking apps?
Am missing out on some huge advantage here?
People seem to fondly remember the Microsoft phones. If they made them now though, I can't really imagine what sort of Copilot-filled abomination they would be.
Break free from Android... by installing Android? I'm not sure it's really breaking free when the first task to do is intall Google Play Services so your banking app works.
I would put the focus on having capable web-banking. I never install the banking app on my phone.
I must also be getting old, because I don't get the big fuss about NFC payments. Firstly, I'd never use them if they go through Google/Apple. But even when/if they don't, it's not a big deal to use a card, isn't it (if you hate cash)?
> But even when/if they don't, it's not a big deal to use a card, isn't it (if you hate cash)?
Card is usually linked to the US. Some people would like to not depend on that. But the rational solution IMO is for the banking system to use QR codes instead of NFC. Some countries do that and it just works.
The new payment networks are not an independent app. They are a protocol your banking app has to implement, so unless your bank supports non-Google phones you are out of luck (not my case, thankfully).
They should get the same level of financing (donations) as Tor project at least. Some big organization like Open Technology Fund or NLnet should give them yearly grants.
For some (and other not-so) obvious reasons I switched to Graphene a few weeks ago. For years I've been pushing towards de-cloudifying my digital life and there were several reasons for it: On one hand it was the constant content subscription which gave me 0 guarantees that what I am interested in will still be available the next morning, even though I've paid for it, and the other was, you guessed it, the idiotic LLMs everywhere and subsequently the complete annihilation of security practices by giving a probabilistic model unrestricted access to all of your data.
First things, first, kudos to the GrapheneOS team for making it this easy to install and the surprisingly rapid support for new devices. Sure, there are features which I otherwise liked in the stock android that came with Pixel phones(swipe typing is something I very much enjoyed) but all in all, I can't say I miss much from it otherwise. I've slimmed down my list of apps to basic functionalities backed by self-hosted services (nextcloud, immich, jellifin, etc. along with a VPN I maintain myself) and I honestly don't miss much from the stock Android.
I want to point out that for a very long time I worked for a company that developed games for mobile devices and while the data we collected was mostly anonymous(*unless you logged in with facebook and by implications we had your facebook id) and it was never even utilized all that much beyond bad attempts at maximizing sales(not effectively anyway cause the people in charge were as incompetent as they could get), I can say that we collected ungodly amounts of data: most of the cloud bills were storage for that specific reason. While we did not have bad intentions and had to operate under strict GDPR regulations, this was a large company that was constantly monitored. Small companies can fly under the radar and get away with not abiding by the rules and laws and commonly they are not even aware what the repercussions could be. Similarly, the US and Asia-based giants can simply shrug it off and toss a few billions in fines. Make no mistake, no company is looking for your best interest and with that in mind, I couldn't recommend GrapheneOS (and self-hosting everything) enough, assuming you know what you are doing.
>Because google actually cares about hardware and software security.
That statement might not have aged so well, especially consindering googles attempt to lock out apps from their devices, If the developers do not comply with being oficially registered.
There is a difference between security and privacy or freedom of use. Locking down the device to only allow a subset of apps that Google has some control over (by requiring developers to register) is a measure that can increase security, even though it obviously takes some control away from the end-user.
The fact that the play store is not exactly known for exceptionally high standards w.r.t. malware, or that there are lots of valid concerns that come along with a company controlling who is allowed to supply apps for the device is a different topic.
I believe (as it's open source) there is nothing impeding anybody else to compile grapheneOS in a samsung S10, which would not be as secure, but should still work as any lineage
Because phones have device-specific code. Effectively, each single model is running its own fork of Android. Naturally, Google has no incentive to change this - it makes it difficult to update (planned obsolescence) and install other software (like GrapheneOS).
GrapheneOS is like using Firefox. Works on most sites, but those few things just don’t. Maybe it’s a dealbreaker for some. And they’re dependent on Google.
I commented elsewhere but GrapheneOS on Pixels actively siphon resources from Google and is arguably a good protest against google.
They subsidize Pixel hardware (to incentivize users to adopt their spyware OS), you (buying used obviously) take their subsidized hardware and do not repay them by using their spyware, replacing it with Graphene. Only google loses. Their hardware is technically very good otherwise (in fact no other hardware fits the strict graphene security requirements).
Been using this for about a year on a p9 pro. It works very well. I hear the google tap to pay does not work, but I've never tried it. However Vipps with their tap to pay works fine. BankID works but not with biometric login, which some things require IIRC. And for some reason DnB private works fine, but you are not allowed in on the corp app.
It's mind boggingly stupid that they lock down apps like this, when you can just open the thing in a website anyway. I can use my bank on some linux distro, crazy that they trust me since it is not Windows - the truly secure OS!
Knew about those things before I started, so all in all I'm pretty happy. I'd recommend NOT using different users for different things (I started with banking etc in one profile, that ended up being a huge PITA and according to their docs it is mostly security theater anyway). Happy tinkering!
I'd also recommend to slowly migrate to GrapheneOS, getting to know where the boundaries are for specific apps. Once you've got your 'dailies' all up and running predictably, then you're good to go, but it could take a few days depending on how much spare time you have to find said boundaries. Having said that, I turn on most of the higher level security protections, which quite a few apps need exceptions from.
But, yes, you can't tap to pay and it's unlikely you ever will. Banking apps will be hit and miss depending on their (generally hypocritical) paranoia levels.
I pay with a tap-to-pay card, and I have never needed to do banking related things immediately, I've always done it via the bank's website.
I also still have a not-very-old 'normal' android phone for some edge cases - which are few and far between (actually, I think it's usually to cast youtube to the TV since I only have the revanced youtube app on the GrapheneOS device).
> It's mind boggingly stupid that they lock down apps like this, when you can just open the thing in a website anyway. I can use my bank on some linux distro...
Not in Spain. I can access my bank's website but I can't do anything without their bank app. Even sometimes they require to confirm my identity using their app in order to access their website.
I have several linux phones but I can only do banking with their app downloaded from Aurora Store in my Vollaphone.
I have been using GrapheneOS for a few months in Spain with and out of three banking apps only one gave me trouble, I had to enable "Exploit Protection Compatibility Mode" on "app information". Personally I refuse to pay with the phone so I am okay not having that option.
If someone wants to try Graphene os maybe that option will work on their banks too.
Not in Spain. I can access my bank's website but I can't do anything without their bank app. Even sometimes they require to confirm my identity using their app in order to access their website.
I've seen this elsewhere, and it's absolutely ridiculous.
Why?
Because in almost all cases, the apps may only be installed with Google Play, and require the framework to work correctly. And that means?
If you are not in good standing with Google, you cannot bank!!
I cannot stress how inane it is, to have Google or Apple as the gatekeeping to identify verification. How not having an active, in good standing account with one of these two, means you cannot bank.
And it's happening more and more.
Meanwhile, banks -- which tend to make billions in profits quarterly, do this to save on infrastructure costs. They do it so they don't have to stand up their own push servers, or have an app which doesn't require firebase.
Well cry me a river, boo-hoo Mr Banker, I'm not even remotely interested in you saving on infra-structure costs at the loss of autonomy. And on top of this, many banks are reducing hours, closing branches, claiming that they don't need them.
Leaving absolutely no other choice.
This sort of thing should be illegal. Being in Spain, but requiring a US megacorp to tell your own bank, that you're you.
Especially with how things are currently, I whole heartedly agree - you cannot operate as a human being in Europe without having a good standing with either Alphabet or Apple.
Absolute madness.
Same with Lineage OS, may daughter has an old Samsung with Lineage on it and the Wallet app doesn't work because the phone's been rooted.
Thanks for the Norwegian perspective.
I agree that the locking down is truly stupid. For what it’s worth, the reasoning for locking down mobile apps is allegedly that mobile users are a less technologically competent demographic than desktop users. I do not think so myself, given the difficulty in trying Graphene vs. Desktop Linux.
I was the one that submitted the DNB Bedrift app report to the sec dev repo! I contacted DNB but they never responded to my email. I wonder if we can find a dev? I believe that's how the private app got fixed.
Want to use Vipps tæpp so much but I have Nordea for private and they don't allow it on their cards, for whatever godforsaken reason.
Does the Nordea app work on Graphene? I am curious because I have been itching to switch my main phone to an alternate OS.
Ah. Where did you send this in?
I wouldn't mind sending in a complaint to both BankID (allow biometric login) and of course DnB corpo edition.
Oh! Sorry, you described the current state of things so well I assumed you were close to the project.
Here is the github repo where banking app compatibilities are tracked: https://github.com/PrivSec-dev/banking-apps-compat-report
And it's rendered to a page here: https://privsec.dev/posts/android/banking-applications-compa...
Hah - both were in my browser history, yes I know them :) I misunderstood and thought you had sent direct emails to relevant parties arguing for why they should be allowed on grapheneos.
Thanks anyway!
> I can use my bank on some linux distro, crazy that they trust me
enjoy it while it lasts. hardware attestation requirement for (at least) banking apps is a question of 'when', not 'if'.
I personally tend to own two Phones. One all-day carry GrapheneOS device (Pixel 8) and an older WiFi and at home only iPhone for all payment and ensurance stuff.
This is inconvenient in some ways, but at least it is sort of privacy as good as it gets while still being able to run official apps when I need them at home.
To de-google the phone, I use F-Droid as primary App store, Aurora as fallback for non-f-droid Apps and as a last resort Obtainium to install Apps that are not in these stores.
The only google App I really "need" (kind of) is the Camera App, which is sandboxed via GrapheneOS Storage Spaces and without Network permission (why would a camera need internet?).
To backup my phone, I use the integrated GrapheneOS Solution (seedvault!?) for storage and apps, immich for Photos and MyPhoneExplorer for Contacts.
Sometimes it is a bit hard to find good apps for specific purposes, so for everyone interested, here is a list of Apps that I personally use or have used.
I like Organic Maps because it isn't full of the social things. Every time I open Google Maps it shows that card at the bottom with "what's popular in your area", full of pictures of people's breakfasts and other nonsense. Organic Maps is free of this noise.
Also, the desktop client on Linux is quite useful.
Alternatives for Windows etc. are Cruiser Maps, a Java application (and also available as an Android app).
[delayed]
Voice audiobook player is so nice and simple, a pleasure to use
[delayed]
Grayjay is another good YouTube (and other streaming platform) client made by the company that owns Immich
This is especially interesting in regard to the recent HN dicussion on spyware by for-profit intel firms having access to Whatsapp, Telegram, Signal, etc. (https://news.ycombinator.com/item?id=47033976) through OS-level no-click hijacks.
I wonder how secure GrapheneOS is in that regard, and what the other contenders are?
Hard to say how it fares against those specific attacks but some of the vulnerabilities that will go out in the mid-2026 on the mainstream handsets are already patched: https://grapheneos.org/releases#2026021200
(it's not magic. All big vendors have these details, just choose to take their sweet time to patch them. GOS has partnered with a major OEM vendor who provides them with access)
Other than the specific patches above, there's a list of generic GOS features: https://grapheneos.org/features#exploit-protection
All in all you're probably much safer.
GrapheneOS have hardened_malloc which is a huge advantage, I think. It makes the weird machines problem much harder. I would say be very careful, because you can still get previews of images, or old and weird media formats that could be exploitable, and android/GrapheneOS doesn't have the same sorts of policy as say Apple with the iMessage blast door. They control safari, etc.
Android's attack surface seems pretty jagged. For example there is only one webrender engine on iOS, where you can run anything you like on Android/GrapheneOS.
GrapheneOS themselves dont pretend that their secure from that level of attack, but its about evaluating your own threat level. State sponsered actors aren't burning zero days on the vast majority of people, and you only need to look at how badly several european governments want to ban graphene and similar to see that such exploits aren't even being burned on organised crime. Realistically unless you're a journalist or considered a political target you're gonna be fine with graphene.
It's quite secure against casual attacks, but a proprietary mobile platform has inherent issues wrt. withstanding even mildly sophisticated attackers, including mercenary spyware services. You still have a huge attack surface from all sorts of proprietary firmware blobs and hardware IP blocks that are running directly on the SoC. It's not clear that it's really worth even trying to secure it as opposed to just treating it like an untrusted toy.
While I admire GrapheneOS and its goals, I feel that until we free the proprietary baseband processors and their RTOS from the grips of Qualcomm and friends it's a pyrrhic victory, at best.
When there isn't a perfect solution, the next best thing is... the next best thing :-).
Unless the next best thing makes you think you are already achieving the "perfect solution" for what you think you care about, but in truth does not.
I'm not a mobile phone security expert but my feeling is that in the case of GrapheneOS - which target is probably high-profile people at risk of state actors et similia attacks - a zero-day in the closed source firmware from Qualcomm will probably screw you anyway.
I understand that you are anyway reducing the attack surface (now they need to target the modem firmware specifically), I understand the concept of security in depth and I also understand that by using GrapheneOS you are already placing mitigations for many other known and unknown attack vectors. But still...
fyi a Cell Site Simulator can masquerade as the legitimate telco operator and push type 0 messages to the handset.
What that means is they can push malicious settings and configurations (Definitely) and probably malicious firmware to the handset at will. They don't need to code this, they buy the software packages from the usual suspects. Adversary simply needs to put a drt box or a hailstorm or what-not close enough to the handset to do the work.
The baseband can do a lot, it has dma (if I recall correctly) and can almost certainly screen look, and extract information from some but not all base bands. This varies.
GrapheneOS cannot really influence this, but hardened_malloc could conceivably help. What would be great is a bench firmware re-flash, but I don't want to do this every single day.
> The baseband can do a lot, it has dma
There's an IOMMU:
> Is the baseband isolated? > Yes, the baseband is isolated on all of the officially supported devices. Memory access is partitioned by the IOMMU and limited to internal memory and memory shared by the driver implementations. [...]
https://grapheneos.org/faq#baseband-isolation
> GrapheneOS cannot really influence this, but hardened_malloc could conceivably help.
They can and do, see above. But I don't see how hardened_malloc is related to the baseband doing DMA.
> a zero-day in the closed source firmware from Qualcomm will probably screw you anyway.
All the devices that GrapheneOS supports implement a clear separation of the baseband and the CPU in the form of SMMU, ARMs version of IOMMU. So a zero-day in the baseband does not immediately screw you - unless the code on the CPU side also contains vulnerabilities or there is a major flaw in the SMMU implementation that somehow breaks isolation.
Thanks for the clarification (and to the others that answered as well).
I probably explained myself in a shitty manner, I didn't try to downplay GrapheneOS efforts, and I should have kept my initial statement about "next best thing can create a false sense of completeness" as a generic remark and not specific to GrapheneOS, for which I don't have enough knowledge to know if it applies or not.
So no, their target is people who marginally care about privacy and security but don't want to use iOS. I don't think they target any particular demographic but I see security engineers and activists among users.
And it's not only security - simple stuff like USB data off unless the phone is unlocked, native call recording, much enhanced user profiles (to separate data mining apps like Uber or Instagram from your financial affairs), etc.
And yes, it's about reducing the attack vector. On most other handsets you'll get most of the fixes 6 months or a year later. At best.
I think the appeal and use case for Graphene and similar OS for most users is the Google/privacy/ownership type argument.
I do understand your point that people at risk of state level attacks might get a false surface level appearance of defence from this. But then anyone who's a target of state level attacks and is making OS decisions based on a surface level understanding of the tech is not going to have a good time anyway.
iirc Graphene is in talks with an unnamed HW vendor to make a grapheneos specific phone. They refer to the vendor as someone who makes phones and you've likely heard of, but haven't given any more info otherwise.
Yeah spot on. I think this is the only thing that's been announced so far: https://www.androidauthority.com/graphene-os-major-android-o...
Do you also need the WiFi chip to be fully free?
That and blocking the query all apps feature on android
I've been using GrapheneOS for about 3 years now. For the most part, it works very well. I don't have any issues with banking apps, nor any other closed source apps. I'm using two profiles both with sandboxed Google play installed. I'm logged in into my private Google account on the work profile.
However, there was one case that lead me to thinking about ditching grapheneos to this day. I installed Uber on my phone and I was able to successfully create an account and use it. When it came to booking a ride, the app crashed and I had to log in again. Once I did that, I was told that my account has been suspended for violating the terms of services. All I did to that point was creating an account and booking a ride. I was able to resolve the issue luckily after a few days and going back and fourth a couple of times with the Uber support, however, the risk of getting banned on any such platform is still risky, and thus I'm not sure if grapheneos is usable if you need to use such services.
That's clearly a Uber problem. I'm also a GrapheneOS and used Uber once -- it worked.
It's clearly end user problem who is not able to book a ride. Root cause is on Uber side.
Maybe not being able to use Uber isn't the downside you think it is though. UK centric view but call a cab and pay in cash, you haven't comprimised your security and you're not engaging with an unethical business.
I regularly use Uber on Graphene OS and have had no issues.
I'm a new GrapheneOS user and stopped using Uber as altogether. Taxis aren't that bad where I'm at, and cheaper than Uber
Uber works in browser on mobile (and desktop). Last I checked lift did not.
>there was one case that lead me to thinking about ditching grapheneos to this day
Your aim is misplaced: ditch Uber, not GrapheneOS.
No problem here with Uber on GrapheneOS.
What exactly is the risk of getting temporarily banned on Uber? You have to use a different taxi app? As if such a thing even exists?!? Unacceptable!!
Every app on my phone has at least one other app, usually already installed, that can replace it. This wasn't intentional, it just happened naturally. Unless all two or three apps in a category get blocked for me at the same time, this already unlikely situation is barely an inconvenience.
The key phrase there is "such services". It's not just about one problem once with Uber, it's the risk of problems like this with any service of that kind, or really any service you rely on.
If using GrapheneOS significantly increases the risk a person won't be able to use a service they rely on, that may be unacceptable.
But that's my point, what one irreplacable app/service do people rely on? The only thing that comes to my mind is messaging apps, but even there, almost everyone I need to talk to is reachable on at least one other app. I have multiple taxi apps because I compare prices and availability, like any reasonable consumer should. I have two banks, but even if I didn't, I can pay by cash or card, not just phone. If I need to make a bank transfer, I can go to a branch or do it online. I have two map and navigation apps because they have different strengths and weaknesses. My email is accessible by browser if the app breaks.
I'm not doing this on purpose, I just now scrolled through my app list looking for one app that would actually fuck me up if I lost it in an instant. There are none. And I'm not currently even running graphene or anything else, just a stock Samsung.
If the same thing happens with the Lyft app, you may be stuck at your current location indefinitely, especially in less populated areas/late hours.
What is the smallest phone that Graphene will run on? I would love to switch but these massive pixel phones are a no go for me.
It's not breaking free from Google, but pretending it does not affect you. You are still at mercy of app developers and Google which may introduce some changes that will affect you. Additionally you never know what will work or stop working.
If something truly unacceptable happens, you still have a while to switch to something else, in the meantime you will still have a working system.
That's pretty unavoidable at that level unless you are able and willing to build your own phone hardware, OS, and all the apps you need.
I've used GrapheneOS on a Pixel 3a, 5, 8 and 10 Pro so far and it's worked really well. I couldn't imagine going back.
The only things I'm missing (which don't exist in other OS'es either):
- Being able to configure contact scopes in such a way that the app in question only gets access to the phone numbers of the contacts belonging to the label I specified, e.g. "WhatsApp", nothing more. Yes, one can of course add contacts' phone numbers to the contact scopes "by hand" but 1) there is a limit on the number of contacts/phone numbers configured this way, and 2) AFAIK there is no way to back up that list.
- Being able to install browser extensions in Vanadium.
- Being able to configure multiple VPNs at once, e.g. for Tailscale, ad filtering, blocking HackerNews during times when I should be doing something more productive :) etc., especially since the Vanadium browser doesn't support extensions (see above). I was hoping that the Rethink app might implement something like this (https://github.com/celzero/rethink-app/issues/1047) but it doesn't look like it's coming and it'd probably be much better to do this at the OS level.
GrapheneOS' approach is to focus more on security than privacy, because they believe increased security leads to increased privacy. Unfortunately, that means their hardware requirements pretty much limit the hardware that you can run it on (currently only the Pixel phone range). Worse, it also means they stop supporting a device when it reaches End-Of-Life as software security updates stop for it (see How long can GrapheneOS support my device for? - https://grapheneos.org/faq#device-lifetime ). Sad though - GrapheneOS on Sony Open Devices ( https://developer.sony.com/open-source/aosp-on-xperia-open-d... ) would have been nice.
The whole reason why GrapheneOS is superior to its alternative is because they do all that.
I also with they could support non-Google phones, but that's a problem coming from the manufacturers, not from GrapheneOS.
My understanding is that there are close to half a million GrapheneOS users. And many potential users don't want to buy a Google phone. So it feels like it is starting to become worth considering for manufacturers...
I don't get why Fairphone doesn't look into that. Is it because they are not aware, or is it too hard for them to make hardware that is compliant with what GrapheneOS requires? Hundreds of thousands of devices may not count so much for Samsung, but they must definitely count for Fairphone.
I'm not sure I fully understand this.
Why are GrapheneOS releases dependant on Google releases?
They are dependent on the AOSP releases (which Google develops) and on the manufacturer updates (and because GrapheneOS runs on Pixels, then it goes back to Google again).
I can understand relying on an OEM to provide hardware support for a given model - but I'm finding it hard to understand why they're unable to continue supporting a release just because the upstream removes support for something.
I'm not even really sure what you mean by "manufacturer updates".
The more I hear about this project, the less is sounds like an alternative OS and more it sounds like a thin skin around whatever shit Google throws out, to be honest.
It's a shame only Pixel phones are supported. I have PWM sensitivity and Pixel phones are notoriously bad for this, my eyes hurt when I look at one for more than 30mn. Due to the lack of good, secure alternative, I have had to give up on privacy in exchange for manufacturer updates.
I'm in the same boat. Bought a 9 Pro XL and had to return it. Hope their OEM will use DC dimming for the screens or have an IPS option.
In the meantime, I use a Motorola G Power 2024 which has IPS. I'm very much a non-expert but made a minor hobby out of trying to de-google it as much as possible.
Never signed into Google with it. Using NetGuard with a whitelist to prevent most of the phoning home. Uninstalled or disabled most built-in apps. The apps I use are installed via either Obtanium or Fdroid. Have Dropbox from Aurora. Use Motorola's private space for keeping some data and apps in a separate, supposedly secure locker.
I'm sure this doesn't come close to GrapheneOS's security level but it's the best I can do within the limitations of this device. It was a fun mini-project. NetGuard is invaluable for this purpose. Almost feels like the phone is truly mine.
The Pixel limitations has been my main concern as well.
The good news is that they are actively working on developing their own hardware. The bad news is that it’s been delayed. But I’m watching closely.
https://www.galaxus.at/en/page/grapheneos-postpones-pixel-al...
> when I look at one for more than 30mn
That limitation might be doing you a favor, as these things go...
Even if Pixels hadn't PWM a larger screen (or, dare I say, a book) will be an improvement for longer reading sessions.
Seconded. Really hope the new Graphene device does not have terrible PWM. Battery benefit to OLED is great but not if I can't look at my phone.
One of the only big downsides I've noticed with GrapheneOS is that several banking apps don't work with it at all thanks to being tied to Google's verification ecosystem.
Luckily I have hardware 2FA keys from my bank so I can authenticate using that. It also slightly decreases the suck-factor from whenever the phone decides to fly off down a drain. This may not be the case for you, so do your research on what you need for daily living.
I contacted my bank, insisting that GrapheneOS is one of the most secure OS on the market and therefore should be supported if they actually care about users' security (it's actually far more secure than all the old, far less secure but Google-approved devices out there). They acknowledged an fixed their app, one of the most popular in France.
Still missing Android Pay but that's due to Android Pay being closed. I wish banks would do something and support NFC payment systems that don't require the device to be controlled by Google (how can we be okay with this?!)
German bank Comdirect / Commerzbank did this as well, whitelisting GrapheneOS signing keys for their 2FA app. https://github.com/PrivSec-dev/banking-apps-compat-report/is...
> I wish banks would do something and support NFC payment systems that don't require the device to be controlled by Google
There are countries where it's possible to pay everywhere with the banking app scanning a QR code. No need for NFC :-).
I use qr based payments regularly where I live, and in my home country I use nfc payments (watch/phone/card) essentially always, when we visit.
NFC is by far more convenient and reliable.
I can't say about "convenient" because I don't use it, but I have been using QR codes for years and I haven't had a single issue. I don't know anyone who has.
QR codes are reliable.
It's regularly unreliable here, because it's reliant on a bank app which in turn is reliant on an internet connection, and banks here are kind of shit.
It's pretty common here that people will be told they need to turn off an otherwise working Wifi connection when facing problems because bank apps will often just not work properly on wifi.
But as I said, even without that, the convenience level is ridiculously different. It's arguably quicker to open your wallet and use a debit card with an NFC chip than it is to use QR codes, before we even talk about the convenience of watch/phone payments using NFC.
I’m interested which french bank is this?
"Banking Applications Compatibility with GrapheneOS" https://privsec.dev/posts/android/banking-applications-compa...
Yup, also Google Pay doesn't work, though there are other providers which work fine (Curve Pay I think works in all of EU), but it just made me carry my wallet everywhere and I understood I don't mind that at all.
What about the small matter of having to purchase a Google phone in the first place?
Most anti-google move: buy a second hand pixel, they receive no revenue on the device which is (assumed) already highly subsidized by google so that they can profit off users' data, then you use their subsidized hardware without running their spyware OS. Google only loses money in this scenario, it is a great protest.
I see it as a necessity, because the Google phone is the only one worth it if you care about security.
The problem is not GrapheneOS, but rather that phone manufacturers other than Google don't care. Now if there were millions of GrapheneOS users, it would start becoming interesting for other phone manufacturers to care.
My point being that I buy Pixel in order to give more weight to GrapheneOS, in the hope that other manufacturers will eventually realise that.
Google makes high quality hardware and untrustworthy software. Graphene's approach is to take the hardware and leave the software.
Author is installing Google Play Services it seems, wouldn't that work around this?
In any case, for me this also sort of defeats the purpose: I'd rather break free from Google and Apple, not just (stock) Android and iOS.
No, because most banking apps call upon the Google Play Integrity API, which GrapheneOS doesn't (or can't?) use. There's a decent list kicking around of which ones work (Monzo, for instance).
https://privsec.dev/posts/android/banking-applications-compa...
> this also sort of defeats the purpose
Not really. On GrapheneOS, the Play Services/Play Store run as sandboxed apps, i.e. they are not system apps like on Android. They just run like a normal, unprivileged app. That's a lot better than on Android.
> I'd rather break free from Google and Apple, not just (stock) Android and iOS
If you want to break free, you don't have to install the Play Services / Play Store on GrapheneOS, just like you don't have to install microG on LineageOS. There is a misconception that microG is better than sandboxed Play, but I disagree. With microG, your apps still connect to the Google servers, so you're not "breaking free".
Does anyone know if HSBC's UK app works on it? I've seen inconsistent reports that it does and doesn't.
Edit: ignore this - there's a list elsewhere in this thread!
Of course that is highly depdendet on the bank used, but so far none of my banking apps didn't work!
If you are using a rather popular banking app, chances are high that it has been discussed in the GrapheneOS forum.
Anyway, with google play services installed, mine have worked out of the box.
> Break free from Google and Apple
Step 1: Buy a Google phone
Does anyone have a good grasp of the differences between GOS and /e/OS? I'm buying a Fairphone soon and was wondering what both are like
I have been using /e/OS for 5 years, and also GOS. My take is:
- If your phone is supported by GOS, you should go for GOS.
- If your phone is not supported by GOS, you should look carefully and compare between /e/OS and Stock Android.
I had a Fairphone 3, and after 5 years, /e/OS was outdated by 4 years w.r.t. the manufacturer updates. In other words, Stock Android coming from Fairphone was more secure than /e/OS on that Fairphone.
In my experience, /e/OS has a tendency to claim that they support everything, but they just can't, there is too much. And then they complain when GrapheneOS criticises the fact that some /e/OS users believe their phone is well supported but actually isn't. And GrapheneOS is not wrong: I realised I was in that case after 4 years with /e/OS.
GrapheneOS claims to be a lot more secure, having additional hardening. See https://eylenburg.github.io/android_comparison.htm - keep in mind that it is not an independent comparison, the Graphene guys directly feed what this table is supposed to say in the issue tracker, https://github.com/eylenburg/eylenburg.github.io/issues/. But it gives a good representation of the state of the ROMs according to Graphene.
In regular use, main difference will be that /e/OS comes with access to the alternative cloud service that project provides. It uses the default FOSS solution microG for google api compatibility, unlike GrapheneOS with their sandbox approach. /e/OS sets on AppLounge to install and upgrade both play store or F-Droid apps. Graphene has a small curated app repo instead.
I'd never use GrapheneOS since I don't trust the project. /e/OS is also not my favorite since it feels like it is developing slowly, having had issues with outdated software versions - though it does work well in practice. Have a look at iode for an alternative.
> I'd never use GrapheneOS since I don't trust the project
Fair enough, you choose what you trust.
But personally, I have never seen a technical claim from GrapheneOS that was wrong or misleading. But I have seen many claims from /e/OS that were technically wrong or misleading. So I trust GrapheneOS more.
Then there is the drama, and all sides annoy me when they behave like this. But I have seen drama coming from all sides.
I have never seen drama from /e/ or any other project GrapheneOS attacks, like Calyx. Please link me to it - I asked this several times, people never can follow up. So far?
> Please link me to it - I asked this several times, people never can follow up. So far?
Sorry, I won't spend 30 minutes digging to find that :-). I follow /e/OS, GrapheneOS and (followed) Calyx. I have seen messages from all of those either on forums, Mastodon, etc.
Also, whenever GrapheneOS makes a technical point (which is often a blunt "GrapheneOS is superior because [...] does it wrong"), many users of those projects answer aggressively (and of course many GrapheneOS participate as well).
And on top of that, a lot of messages criticising some GOS people or the entire project and calling them "toxic" whenever GrapheneOS is mentioned.
I have no skin in this game, so it doesn't touch me. But I could understand that the GOS people feel "harassed" by this. If everywhere I went people said "have you seen this guy? I hear he's toxic", I would consider it harassment, I think?
Sorry, but then I take this as the usual - GOS is attacking other projects, that I can easily see in all their socials, and the other projects have done nothing wrong. GOS always claims that the other projects attack them since years, and never shows any proof. And indeed, I still never have seen any attack against GOS. Seems like this won't change today.
You or other readers can check https://github.com/mozilla/ichnaea/issues/2065 for a public display on how GOS attacks work when they are mixed into technical debates, how they destroy any chance of cooperation.
> GrapheneOS claims to be a lot more secure
That's not just a claim, this is an objective fact. GrapheneOS has a excellent track record when it comes to security, they have made several patches that got upstreamed to Android, etc.
Consider this (by Graphene OS): https://discuss.grapheneos.org/d/24134-devices-lacking-stand...
/e/OS community talking about it: https://community.e.foundation/t/article-from-grapheneos-abo...
And then maybe this: https://eylenburg.github.io/android_comparison.htm
Hope that helps.
I like GrapheneOS but they fail to understand in this post that the #1 security concern an android user face is the lack of privacy.
Sure they have hardened everything but realistically, that's not the main threat for your average user.
Their top contribution to android is the sandboxed Google Play, by far.
I think it's more of a marketing claim from less secure systems that "privacy is not security, and GrapheneOS focuses on security while we focus on privacy".
GrapheneOS does care about both, quite obviously. And GrapheneOS tends to say that if your security is bad, then it is affecting your privacy too. Whereas others say "sure, we break the Android security model by unlocking the bootloader and signing our system with the Google test keys, but your apps will contact Google through microG instead of the Play Services, so it's more private". Which is worth what it is worth...
privacy != security.
And sandboxed Google Play services serve both goals -- it runs the service as a regular android service, not an exceptional one that has a bunch of extra permissions. So you can allow/restrict it as you seem fit, while not "getting behind" on features/apps that mandate it.
I disagree, privacy is an essential part of security, if there's no privacy, then there's no security.
That's also why I don't keep anything important on my phone as I don't trust what's going on there despite having all the secure features that you would want.
Other way around, actually. It's possible to make concessions to privacy, like providing crash reports, or running applications in sandboxes which limits what they can harvest, while keeping the platform secure.
Any privacy you have on a system is reliant on no one tampering with that system and on software behaving itself. Without security, you can't trust the system to implement any privacy.
I also disagree with that, I trust my Linux distribution to behave well much more than I trust any Android platform and it doesn't even have much app sandboxing at all.
You can't fix a lack of trust like you have in Android with technical solutions. The flaw in Android is fundamentally a social problem.
That reads more as sports team flag wavey thoughts and feelings trust than anything actually backed by objective data.
That's the difference between trusted computing (Linux distribution) and untrusted computing (Android).
If you want something backed by objective data, my phone has an advertising ID built in the OS and my laptop doesn't. My phone had 100s of privacy scandals and my laptop doesn't have one.
I do applaud GrapheneOS don't get me wrong but I have a feeling that they are fighting a losing battle.
GOS creates a complete bunker of a phone that can provide defense against pretty much all but the most dedicated state level actors. If you're worried that someone would steal your phone specifically to target you, Graphene will protect against that. Securitywise it's hard to argue against them, although GOS tends to sacrifice usability in favor of security, which leads to odd decisions. Their device depreciation timeline is also pretty aggressive and really just matches that of the Pixel. (You're also buying the Google phone... to not want Google in your life; this bizarre paradox will always be strange). It's not exactly a recommendation for long-term support. Worth noting however is that usage of GOS is also seen as a signal in and of itself for the authorities that you may have something unsavory to hide, so using it stands out in that regard; some law enforcement officers (I think it was in Spain?) have said that the OS is popular with organized crime. GOS obviously denies the connection and they're probably honest in that the OS isn't deliberately designed for criminals, but it's worth noting at the very least. (Basically GOS is the paradox where someone trying their hardest to be anonymous ends up standing out way too much from the crowd and drawing attention to themselves.)
/e/OS (and similar "non-LineageOS" ROMs really) instead focus more on de-Googling. They're still generally security focused, but the priority is less "someone's after you" and more "corporate surveillance is kinda scary innit". The aim is less to avoid someone actively trying to drain your phone of data and more to prevent your phone from passively sending everything it can possibly find to the Big G's ad machine (as well as whatever other trackers get snuck into apps.) Because of this, they usually have better depreciation timelines and support a lot more devices compared to GOS who only support the Pixel line (which is an increasingly awful set of phones truth be told); their scope is much smaller.
Finally, it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS. It's extremely maximalist, tends to get very upset at other projects whenever they get attention (see sibling reply to this, where they pretty much melted down because an outlet dared to recommend a Fair phone+/e/OS) and the projects official channels have generally encouraged this sort of behavior. It doesn't really damage the software itself, but it's worth considering.
I have been a user of /e/OS for 5 years, and also of GOS and would like to share my opinion on this:
> it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS
What I have seen (and I am not involved in any of those projects) is that GOS does care a lot about security, has a higher quality in that regard than anything else, and tends to be blunt about "inferior" projects communicating about security.
Not that they couldn't improve their communication style, but usually when they call out technical limitations of other projects (e.g. /e/OS), they are right. And I mean the technical arguments. Then I have seen a bunch of drama, but to be fair I have seen those other communities show toxic behaviour towards GOS just as much as the opposite.
It feels like it is GOS vs "the others", because the others don't criticise each other, and GOS bluntly criticises when they see claims they find are wrong (I have seen claims by /e/OS going from misleading to downright wrong).
On my particular phone, after 5 years with /e/OS, the Fairphone updates were outdated by 4 years. In terms of security I would have been better with the Stock Android. It depends on the phone of course, because /e/OS tends to claim that they support everything and they just can't. Even on a phone that /e/OS supports well, GrapheneOS is superior, period.
But I agree, I could do without all the drama. I guess my point is that it goes both ways.
/e/OS/ was bad with updates for a long time (I had to switch 2022). IodéOS is very good at it, in my experience (I have used all three)
> /e/OS/ was bad with updates for a long time (I had to switch 2022).
In my case, it was a few months ago, so end of 2025.
I think it's just that they can't possibly support thousands of Android devices. I just don't like that they are not being very clear about it. You would think that buying a phone through Murena would guarantee some kind of support, but it actually doesn't.
Read this:
https://eylenburg.github.io/android_comparison.htm
In short, GrapheneOS is vastly superior.
We need Linux OSes and phones to catch up to really break free from this duopoly. Only when there is enough traction, essential infrastructure like banks will start supporting Oses like that. It's a chicken and egg kind of problem.
Android is a Linux OS and is eons ahead anything that would sit on top of "GNU/Linux" userspace.
Why start from scratch?
I think that the main problem is that android has a lot of weird modifications that are not consistent with the rest of linux distros. The user data is suddenly in /data instead of /home, theres no package manager, no systemd (for better or worse), and there's hella lotta security gotchas, for example call recording is impossible without root as far as I know. I'm not saying that Android is not hackable, but it's a different type of hackability than desktop linux, you have to learn it all over again and in my opinion it's much harder to master than desktop linux.
I've been on ubports for 3 years and while it also has some weird caveats like read only rootfs, no working package manager (due to read-only fs. however ubports has pretty cool support for lxc containers where you can use apt). Due to chronic lack of time I haven't been able to sit down on my phone to play with it a bit (for example id like to install waydroid), but it seems a lot easier than android. For example, while there isn't an app for call recording, some guy worked around it by writing a systemd user service as a workaround[1]. This is exactly the type of thing I'm thinking about when talking "linux phone".
For me as a linux user, the difference if ubports was a human, I'd think that perhaps they were sick, whereas if android was a human, i'd shoot them in the face :)
[1] https://forums.ubports.com/post/75157
Yeah, just need to decide where to start the fork. The larger problem is radio firmware. FCC regs were the initial excuse, for wifi and Bluetooth too, but we need to open up the source for all of these and allocate money for enforcement if we are truly worried people are going to start adding wifi channels etc. Open firmware phone radios would let you do things like truly turning off the radio when wifi was present, no gps ping even.
The good news being that the work made by Linux on Mobile projects regarding the radio firmware benefits AOSP projects, and inversely, right?
While I respect the Linux on Mobile work, I believe that AOSP is a lot better, with a much better security model.
Remember that GrapheneOS is not Android: it's an AOSP-based OS.
> "Perplexity - I switched to Gemini, but I confirm it works"
Oh the irony.
Where is it? I had a really hard time finding the irony.
It's weird that here on HN some people are trying to break free from Google and Apple and on the other side some people are married to Gemini, and both look like to be the majority at times.
Wallet Apps and Tap-to-pay do not work. Even got banned from PayPal. Android needs an architectural change from the ground up.
If you don't use the paypal app, you should be fine, right?
I'm happy with grapheneOS as a daily driver. Can you elaborate on being banned from paypal so I don't do the same ?
I mean you're not degoogling yourself if you put all your transactions through a google server. Cash if possible, card if not.
(Also it is possible to do these things if you root your phone, but caries its own risks and I wouldn't recommend. Ending your dependency on third party processors is probably the best outcome)
"Break Free from Android and iOS" looks inside - Android
It should probably be "break free from Google and Apple"?
As long as it is based on AOSP, it is at the mercy of Google to release source code and updates. Given recent trends, I wouldn't be surprised if Google stops shipping Android source completely.
You are right! I will change the title :)
GrapheneOS is not Android. It's AOSP-based.
You may be surprised to learn what that "A" stands for.
Been using GOS since roughly 2020. I refuse to use a Phone without GOS on it. It's been amazing.
I am really hoping that other phone manufacturers will eventually realise that and start making phones that can be supported by GOS.
Hah, just talked with my colleague, his feedback is that it’s too raw to be used daily
What about device attestation? Will you be able to run banking apps and Netflix et. al.?
For me the biggest concern is that while you may be able to use and run your own device, you will be locked out of most propietary services. Much like how more and more websites simply don't work with Firefox anymore.
Here's a community maintained list of apps and whether or not they work:
https://privsec.dev/posts/android/banking-applications-compa...
This is linked to from the Banking Apps section on GrapheneOS docs: https://grapheneos.org/usage#banking-apps
Sample size of 1: my UK banking apps all work fine.
This might be one of those things were if there is big enough user base, companies will start to take it seriously.
I only use Firefox. It has been years since I ran into a chrome only website. Though recently I ran into an edge only websit on my corporate network, not even sure how that happens.
Well i do use banking and netflix on graphene os on my pixel 8a and everything works perfectly
All Swedish banking apps I've tried works great. Including BankID, swish, Sparbanken, Nordea, LF, Revolut and more.
I've had less issues than with CalyxOS for example, where more apps broke.
Netflix and almost all banking apps work fine.
https://grapheneos.org/articles/attestation-compatibility-gu...
https://privsec.dev/posts/android/banking-applications-compa...
Should be noted that in order for OEM unlocking toggle to work, you need to turn on WiFi and connect to the internet.
How is it a break from google/appple if the only supported devices are Pixels? I can't use my sony or other vendors hardware at all.
Are there valid reasons to only support pixels?
They are the only Android phones that have the proper security primitives to build a secure OS on top.
Also, they are working on bringing a non-Pixel alternative to market:
https://www.androidauthority.com/graphene-os-major-android-o...
GrapheneOS is Android isn't it? Same binary blob issues and such? Or is that not an issue on Pixel devices?
It is not. GrapheneOS is AOSP-based.
But yeah, same binary blob issues for firmwares, but Linux on Mobile has the same issues.
Many are complaining about banking app compatability, but I've never felt compelled to use anything other than my browser for banking. What's the big deal with the banking apps? Am missing out on some huge advantage here?
Some banks force you to validate transfers on your phone; unfortunately its not the user who decides
Anyone like GrapheneOS better? Like it has some features? Or is it a locked down version of Android?
It's a sign of how far we've come that this article says "Break Free from Google and Apple", not "Break Free from Google, Apple and Microsoft".
I heard that Windows on phones is about to make a return later this year, thanks to NexPhone.
People seem to fondly remember the Microsoft phones. If they made them now though, I can't really imagine what sort of Copilot-filled abomination they would be.
Yeah that's not actually good. As much as I'd never use anything from Microsoft, having less diversity is not a step in the right direction.
Break free from Android... by installing Android? I'm not sure it's really breaking free when the first task to do is intall Google Play Services so your banking app works.
Sounds like we can't actually breaking free from Android and iOS. Maybe with Linux like the Fedora Atomic for mobile devices? https://github.com/pocketblue/pocketblue Or PostmarketOS? https://postmarketos.org/
Even then banking would probably only work through the browser... Sad state of the world really.
You're confused. GrapheneOS is not Android, it's an AOSP-based OS.
> I'm not sure it's really breaking free when the first task to do is intall Google Play Services so your banking app works.
sandboxed Google Play Services. It's an important difference.
What is the difference here between "Android" and "AOSP" (Android Open Source Project)?
I tried Ubuntu Touch and Droidian
https://blog.tomaszdunia.pl/ubuntu-touch-eng/
https://blog.tomaszdunia.pl/droidian-eng/
And the 50% of banking apps still wont work because it wants an android signed by google.
And no tap to pay.
Hopefully the new EU banking system will work on Graphene and Ill switch back
I would put the focus on having capable web-banking. I never install the banking app on my phone.
I must also be getting old, because I don't get the big fuss about NFC payments. Firstly, I'd never use them if they go through Google/Apple. But even when/if they don't, it's not a big deal to use a card, isn't it (if you hate cash)?
Agreed about NFC, I'm happy to scan a QR code.
> But even when/if they don't, it's not a big deal to use a card, isn't it (if you hate cash)?
Card is usually linked to the US. Some people would like to not depend on that. But the rational solution IMO is for the banking system to use QR codes instead of NFC. Some countries do that and it just works.
> And the 50% of banking apps still wont work because it wants an android signed by google.
Where do you get that number from? All the banking apps I've tried work on GrapheneOS.
> And no tap to pay.
There are countries where the payment terminals show QR codes, and banking apps work by scanning it. No need for NFC :-).
The new payment networks are not an independent app. They are a protocol your banking app has to implement, so unless your bank supports non-Google phones you are out of luck (not my case, thankfully).
They should get the same level of financing (donations) as Tor project at least. Some big organization like Open Technology Fund or NLnet should give them yearly grants.
For some (and other not-so) obvious reasons I switched to Graphene a few weeks ago. For years I've been pushing towards de-cloudifying my digital life and there were several reasons for it: On one hand it was the constant content subscription which gave me 0 guarantees that what I am interested in will still be available the next morning, even though I've paid for it, and the other was, you guessed it, the idiotic LLMs everywhere and subsequently the complete annihilation of security practices by giving a probabilistic model unrestricted access to all of your data.
First things, first, kudos to the GrapheneOS team for making it this easy to install and the surprisingly rapid support for new devices. Sure, there are features which I otherwise liked in the stock android that came with Pixel phones(swipe typing is something I very much enjoyed) but all in all, I can't say I miss much from it otherwise. I've slimmed down my list of apps to basic functionalities backed by self-hosted services (nextcloud, immich, jellifin, etc. along with a VPN I maintain myself) and I honestly don't miss much from the stock Android.
I want to point out that for a very long time I worked for a company that developed games for mobile devices and while the data we collected was mostly anonymous(*unless you logged in with facebook and by implications we had your facebook id) and it was never even utilized all that much beyond bad attempts at maximizing sales(not effectively anyway cause the people in charge were as incompetent as they could get), I can say that we collected ungodly amounts of data: most of the cloud bills were storage for that specific reason. While we did not have bad intentions and had to operate under strict GDPR regulations, this was a large company that was constantly monitored. Small companies can fly under the radar and get away with not abiding by the rules and laws and commonly they are not even aware what the repercussions could be. Similarly, the US and Asia-based giants can simply shrug it off and toss a few billions in fines. Make no mistake, no company is looking for your best interest and with that in mind, I couldn't recommend GrapheneOS (and self-hosting everything) enough, assuming you know what you are doing.
Check out FUTO Keyboard, It has swipe-typing feature.
Why only pixel phones are supported?
Because google actually cares about hardware and software security. Read the FAQ: https://grapheneos.org/faq#supported-devices
>Because google actually cares about hardware and software security.
That statement might not have aged so well, especially consindering googles attempt to lock out apps from their devices, If the developers do not comply with being oficially registered.
There is a difference between security and privacy or freedom of use. Locking down the device to only allow a subset of apps that Google has some control over (by requiring developers to register) is a measure that can increase security, even though it obviously takes some control away from the end-user.
The fact that the play store is not exactly known for exceptionally high standards w.r.t. malware, or that there are lots of valid concerns that come along with a company controlling who is allowed to supply apps for the device is a different topic.
Don't mix security and freedom. They're commonly opposed to each other.
This is true, I don't get the downvotes.
I believe (as it's open source) there is nothing impeding anybody else to compile grapheneOS in a samsung S10, which would not be as secure, but should still work as any lineage
However I haven't seen anybody try
Because phones have device-specific code. Effectively, each single model is running its own fork of Android. Naturally, Google has no incentive to change this - it makes it difficult to update (planned obsolescence) and install other software (like GrapheneOS).
GrapheneOS is like using Firefox. Works on most sites, but those few things just don’t. Maybe it’s a dealbreaker for some. And they’re dependent on Google.
What you want is a solar 6502 with lots of memory and GMRS mesh
Unless govts make web a primary citizen of information dissemination and acceptance, it will be only apple/google on the sim card linked access
Break free from Google and Apple by buying a phone from Google /s
I commented elsewhere but GrapheneOS on Pixels actively siphon resources from Google and is arguably a good protest against google.
They subsidize Pixel hardware (to incentivize users to adopt their spyware OS), you (buying used obviously) take their subsidized hardware and do not repay them by using their spyware, replacing it with Graphene. Only google loses. Their hardware is technically very good otherwise (in fact no other hardware fits the strict graphene security requirements).