Why YSK GrapheneOS is a step above the rest. I understand it’s ironic de-google phone/tablet with google hardware, but it just works better then anything else. Permission toggles, pin scrambling, auto-reboot, scopes, MAC randomization, isolated user profiles, longer passwords, sandboxed apps, open source firmware, no bloat & the battery life is incredible now.
I hope people understand how easy it is to move to Linux & GrapheneOS full time & remove Apple, Google, Microsoft etc. It exceeded expectations so much so that I want to share it with other people. I cannot recommend this enough to improve your life. #FOSS
Too bad it’s only on available on the Pixel. My pixel 6 had a terrible fingerprint scanner… And when I upgraded to the 7, it was even worse (didn’t work in the dark).
So for now afwall+ on my rooted Moto Edge 2022 Plus gets the job done with blocking Google (and other invasive) apps.
I’m sitting on a Chinese phone hoping the pixel 8 switches to a unltrasonic sensor. It’s really too bad my work doesn’t let me use custom ROMs. Makes me want to get a work phone
If the pixel 8 switches to ultrasonic instead of optical, then I’m all over it. The pixel fold has it built into the power button… The phone I’m using does the same and it has a 10/10 success rate. So I’m hoping they to with that.
Is it possible to spoof device signatures or relock the bootloader to get around those work restrictions? MagiskHide might also be able to help depending on the case
Why do you let them take over your device like that?
Because I get a lot of flexibility from being able to take meetings from my phone. I can go for a walk during a meeting for example
Fair enough. I thought you meant they forced you into it lol.
I have a Pixel 7 that runs GrapheneOS and don’t have any of the fingerprint scanner issues you described. I don’t even understand how using it in the dark could make a difference since a circular portion of the screen under your finger lights up at maximum brightness when it is scanning your fingerprint. The only issue that I have is that sometimes a piece of dead skin peels off of my thumb or I wore a glove in the heat making my skin a little pruney which makes the scanner unable to read my fingerprint right. But that was a problem with my old Moto phone as well.
Edit: After making some research it appears that Google fixed the fingerprint scanner issue with a software update.
On my 7a, I found that making sure your thumb is clean and then pressing kinda firmly does the trick. I still prefer the back fingerprint sensor from my previous phone, a Pixel 2, as that was fast, locatable, and could be used to bring down the notifications, but honestly the success rate now is about equal
I have the pixel 6 now and the fingerprint scanner sucks. I thought about getting a pixel 7 because I assumed it would be better, thanks for the warning. Also, how did you manage to get a custom ROM for the Moto Edge 2022? I was looking for custom ROMs and found nothing. I read that nobody really has that phone so the support is lacking.
Don’t hold back from getting a good deal on the Pixel 7 because of the fingerprint scanner issue. It has been resolved with a software update since then. I have a Pixel 7 and the fingerprint scanner works just fine regardless of lighting conditions.
Do you have the regular Moto Edge 2022… or the Moto Edge Plus 2022?
oh dear.
i got all excited when i read “moto edge” cause it’s been a long while since i last rooted my phone. but now i suppose i will hold off on excitement until there is more clarification on your question.
If you have the non plus moto edge 2022 model… You can root it the same way as the plus version
Regular
Pixel 7 has face unlock though 👀
Doesn’t work in the dark… or any low light conditions. It’s not really a good implementation
I have a Pixel 7 and it works in the dark just fine. I feel like @techgearwhips might have gotten a defective phone.
Edit: After a quick search it appears that Google fixed it with a software update.
On my pixel 6 you just have to wipe clean the scanner area first or press hard with your finger.
Can you add “Why YSK” to the start of your text body? This is for readability purposes as stated in Rule 2.
Removed by mod
This is informative, and unfortunate.
They have trouble interacting with people. Although I got frustrated with their behavior from time to time, nor do I in anyway endorse their behavior; I do not believe they are acting out of ill intent.
I do believe they need to get some help though. I personally go to therapist sometimes; I think they would benefit from the same help that we have access to.
It is truly unfortunate (and informative), the situation with Daniel. But they have stepped down from the project, so safe to say this won’t be an issue.
That’s a single person on a project with multiple contributors. He’s also since stepped down. You’re acting like he’s the sole guy.
https://discuss.grapheneos.org/d/5235-stepping-down-as-project-leader-of-grapheneos
Ohhhhh, didn’t know that. I guess it’s time to try this OS again. 👌
That’s a pretty harsh thing to say about one of the most talented and dedicated open source devs around. It’s also no longer true, he stepped down from his post in the GrapheneOS team a few months ago.
What did the team feel about him?
Does anyone else find it strange that three separate replies to this post use the words “unfortunate and informative?” Same guy with sock accts, bots, or just “unfortunate and informative” has been added to the lexicon today in the fashion of “cap” or “bet?”
Either way I guess it’s unfortunate and informative.
I can’t tell if you are asking in jest or seriously, but if you really are wanting to know, the phrase comes from Louis Rossman’s video about his encounter with the creator/previous lead dev on GrapheneOS. The dev was flipping out at Rossman and threatening him despite his product being advertised for free. So Rossman publicized the conversation and called the whole interaction “unfortunate and informative.” It’s become a bit of a meme phrase for the people who watch him and within his ongoing videos.
No thanks for clueing me in, I was aware of the situation but nkt the meme phrase, felt real creepy to see in the wild for the uninitiated lol.
Good thing open source projects are… open and worked on by a bunch of people.
Here’s the original Techlore video Rossmann is referring to: https://neat.tube/w/gctuauB8TRVxCWjwdGWr8d
It’s been two years, so I’m not 100% sure, but I recall it being very detailed and convincing. Techlore’s main argument against using GrapheneOS is that “Leadership reflects the project.” Since the person in question stepped down, the project should be fine, now, even if that holds true. (Personally, I installed GrapheneOS despite that video.)
To get out of my bubble, I’ve also searched for a meta-video about the Techlore/GrapheneOS dev drama. I came to this frankly ridiculous video: https://www.youtube.com/watch?v=SjCM8srhTW4
I’m 7 minutes in, and having not seen Tom Sparks before, he pretty much ruined his reputation with me already. He tries find evidence of Techlore being toxic by searching for his own name. His “evidence” of toxicity is literally people saying that Tom Sparks has a bad reputation and that specific videos or recommendations by him are bad. Literal case of “all criticism is toxic”.
Later, I paused when he scrolled through the dozens of mentions he brings as “evidence”, and nearly everything is either neutral. Even the negative posts seem to be more about how is takes on various topics are, apparently, bad enough to become a bit of a meme.
Even his interpretations of what he quotes directly from Techlore are stretchy at times.
The fact that this is the supportive evidence of Techlore being toxic, my faith in Techlore being a good creator is fortified.
Unfortunate and informative. Time to look into CalyxOS.
Not a helpful comment.
I don’t understand most of those terms, but uh, sounds good?
Permission toggles that mean something, battery life and no bloat ware sound great to me.
Yeah those three things by themselves are worth switching for. Add to that the great security features and it’s basically the ideal smartphone.
Permission toggles are are what things apps have access to, Grapheneos gives:
-
Sensors permission (this is how your phone can use sensors to determine if you are walking, moving, how far your phone is away from your face)
-
internet permission toggle (this allows you to control what apps can directly connect to the internet)
-
Storage Scopes (You can control what files or directory any app that uses legacy storage permissions have access to instead of blank allowing all files access to the app)
-
Contact Scopes (This allows, like Storage Scopes, for you to control what apps can access contacts and who’s contact the app can or can not see)
You can and should give https://grapheneos.org/features a read.
As for banking apps, depending on what they are, may work. Paypal and some others work.
-
It is such a liberating experience not having any google product in my main profile. I only use some of the google app from time to time, like map and waze; so I locked them in a secondary profile with background data disabled, and background activity restricted.
Unfortunately, I still need to use slack for work and spotify for music though. These are the only two proprietary app in my main profile with network access.
loberating
I don’t know why my spell checker do not work in jebra… Apparently I see much more misspellings on lemmy than other site, so it seems like I am not alone.
Understandable. I tried to use Jerboa too but it just has too many bugs right now.
GrapheneOS, Signal (or, I suppose, Telegram, just something E2E encrypted) and a raspberry pi running PiHole are 3 of the best investments I ever made in my day to day experience.
I could never get my pihole to remain stable over long periods of time. Multiple reinstalls, two different pis, always issues with the network dropping or requiring both the pi and connected devices to be rebooted. A pain in the neck for a reason I’m not immediately able to figure out.
That’s really strange to hear, I’ve run it in on a pi zero, until it died, a 4b, and now on a pair of orange pi zero 2 I think they are, without any issues I didn’t directly cause by computing drunk.
I’d give it another shot if you’re up for it, it’s worth it in my opinion. I’m also running wireguard on it, with clients on all our phones so we take that protection with us everywhere.
Interesting, I basically set it and forget it and the only time I’ve ever had to interact with it again was to tweak the blacklist to block something new or allow something through
It might be an issue with your particular cocktail of router/modem/isp/what have you - which is way harder to diagnose
I wonder if it’s an SD card failure.
Mine was up for 200 days or so, basically untouched, before I upgraded the hardware.
Telegram is NOT e2e encrypted by default. Even Signal has issues due to its insistence on not federating with other servers and being the sole CA in the system.
Not had issues with Signal, but yeah, wouldn’t touch Telegram with a barge pole. Probably a CIA honeypot.
deleted by creator
That’s a single person on a project with multiple contributors. He’s also since stepped down. You’re acting like he’s the sole guy.
https://discuss.grapheneos.org/d/5235-stepping-down-as-project-leader-of-grapheneos
deleted by creator
Yeah doesn’t he have some kinda meltdown? Seems like a control freak.
deleted by creator
That’s a link to Louis’s video: https://www.youtube.com/watch?v=4To-F6W1NT0
Sad really as I also like the idea behind it. I’ve been running Cyanogenmod on 2 old phones in the past and just installed LineageOS on an old Tab S2 to breathe some new life into that old but still good tablet.
I wonder if it is somewhat related to that?
https://discuss.grapheneos.org/d/5235-stepping-down-as-project-leader-of-grapheneos
Here is an alternative Piped link(s): https://piped.video/watch?v=4To-F6W1NT0
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
I have already saw the video about Louis and I’m totally with him totally, the only threat I just saw in that chat was threating banning Louis because he commented on a video of a youtuber with a community that swatted him and always go against him.
Yes, not the best way to get someone do what you want to do, but not as worse as leaking a private chat with someone without the other part agreement, and falsely accusing someone of possibly injecting malware inside a project only to go against you.
this is informative, and unfortunate
I can’t recommend this enough. Been using GrapheneOS for the past 3 years and been happy with it ever since. No issues whatsoever and works just as well as the stock OS. Granted, it has less features but I like the minimalist approach.
You didn’t mention which devices this is compatible with, which even on the Android side is very limited, unfortunately.
It’s a neat idea, I’m glad it exists, but I can’t be sure it has full support the way stock Android does, and it’s not necessarily compatible with my Android phone anyway, and I’d have to root my phone and void the warranty, so I think I’ll give it a miss for now.
Maybe in a few years I’ll try it on an old phone that I don’t mind killing if something goes wrong, just in case! :-D
GrapheneOS only has support for OEM unlocked Google Pixel phones, and it runs pretty much perfectly on every device it supports. It is extremely easy to install, no rooting required. You just click buttons in a web browser while your phone is plugged in and there’s pretty much 0% chance of breaking anything.
https://grapheneos.org/install/
You’re supposed to buy a phone specifically to run GrapheneOS. This isn’t a ROM that you can swap onto any device, it’s native to a specific platform. Also, using GrapheneOS does NOT void the warranty, you can always switch back to stock Android with Google’s web installer.
Agreed with many others here. GrapheneOS it’s fantastic.
A few points that haven’t been highlighted:
- The GrapheneOS camera is fast and responsive. I haven’t had a responsive camera in several generations of Android until I installed GrapheneOS.
- Everything is faster and more responsive on GrapheneOS. A $300.00 phone from last year running GrapheneOS responds to input like a $1000.00 phone, while keeping the longer battery life of a $300.00 phone.
- Defense-in-depth privacy and security controls. A lot of good privacy and security defaults add up to a lot more peace of mind. Thiis phone feels like my property, not just a portal to deliver ads and collect data about me.
Agreed. I have actually spent a lot of time reading through their code and I find what they do amazing. It’s a solid OS and is actually secure where the phone owner actually has control over their own phone.
You are such a nerd…
… and so wonderful! Thanks for looking over source code so busy folk like me don’t have to! :)
deleted by creator
Who said anything about less important?
We’re all busy, and we use our time how we choose. They choose to use it in this way and I thanked them. Maybe consider how you spend your time. Arguing on the internet gives you very little.
Does Graphene work with Android Auto?
No it doesn’t https://discuss.grapheneos.org/d/2249-is-there-a-way-to-get-android-auto-to-work/ and https://grapheneos.org/usage#sandboxed-google-play-limitations
Android auto requires deep system integration that is against the goal of grapheneos. It will likely removes all the benefit a degoogled phone will give you, since it require a close-sourced google app with privilaged access to your phone.
This, and Google Pay/Wallet would be the deciding factor for me
You’ll only remove the trackers from your phone if you can add them back on? Just skip a step and keep all your trackers in that case, if you like 'em you like 'em ya know?
The two main features that aren’t biggies and GrapheneOS doesn’t support and they’re the deal breakers? Yeah, right…
Before switching OS’s I need to know if it’s compatible with the features that I value. It’s okay if you don’t value the same features as I do, but there’s no reason to be both rude and provide no useful information at the same time.
Apologies if I came across as rude, but there has been several posters that are “interested” but couldn’t live without Auto or payment. It’s like of all the millions of features phones have, and the majority of dissenters here need the exact combination that GrapheneOS doesn’t support. I find that really odd. If you are one of the few that needs that, point taken and maybe it isn’t for you, but until today I hadn’t heard of Auto’s and now it’s critical and something that cannot be lived without.
Haha, I can see how that can be frustrating, especially because it seems like GrapheneOS provides a lot of value for lots of people minus those two features. After buying a car with Android Auto I have never bought a car without it. OEM car integration usually is very lacking especially when it comes to navigation. I wish there were open source alternatives to android auto. Thank you for the respectful response :)
No it does not work with android auto. Sorry
Are there any major daily driver features from Android missing here? Also are the updates usually stable?
It seems quite stable from my experience, and from online reviews. Some might say it us more stable than stock pixel. For example pixel 6 used to suffer from network issue due to google’s software: https://www.androidcentral.com/pixel-6-possible-network-connection-fix , which I haven’t found any discussion about the same problem on grapheneos.
However graphenos has its problems:
- App installation is very slow, this it further worsened by crapy apps on google play, for example Mcdonald app took me around 5mins to install. But it will only be annoying when you install, since update is done in the background, so you will hardly notice it.
- No support for android auto.
- No now playing, call screning, face unlock (camera and photo, on the other hand, works fantastically, even without network premission).
- fingerprint will not trigger at least half of the time, become worse in low light. (I have a 7a, so it is probably because the software is not yet optimized)
The fingerprint scanner issue has been resolved with an update. I recently bought a Pixel 7 and am surprised to hear about a fingerprint scanner issue. It is working just fine now regardless of lighting conditions.
Nice! I have a 7a so it is probably because the software is not optimized yet.
Why would the app installation be slow? Do they create sandbox for each app?
“Android Runtime Just-In-Time (JIT) compilation/profiling is fully disabled and replaced with full ahead-of-time (AOT) compilation. The only JIT compilation in the base OS is the v8 JavaScript JIT which is disabled by default for the Vanadium browser with per-site exception support.”
Why would fingerprint reading get worse if the ambient light is low?
The issue was resolved in a software update. I recently got a Pixel 7 and didn’t even know about the existence of a fingerprint scanner issue until I came to this thread. It works perfectly fine now regardless of lighting conditions.
I think the in screen fingerprint reader on pixel is currently optical (which is just a little in screen camera), so it needs more optimizations to work well under low light.
https://www.howtogeek.com/694294/how-does-in-display-fingerprint-scanning-work/
However pixel 8 is planning to move to ultrasonic, which probably will not be affected by low light.
Does GPS work as expected for you?
I don’t use GPS much, but I haven’t encounter any problem so far. Graphene uses GPS instead of network location, so it likely doesn’t work as well under a roof. But again, I personally have not encountered a problem.
Face unlock and fingerprint unlock are the biometric stuff I avoid when I get a phone to improve my privacy. I’ve not had issues with download speeds.
What is android auto?
Edit: auto = some car integration. Hands free works OOTB for me on GrapheneOS. Not needed anything more.
No Android auto is a deal killer for me.
I have used GrapheneOS for years now and it’s absolutely great as a daily driver. Very few apps malfunction and you can even use Google play store if you want. Updates are very frequent and Android OS updates usually release even faster than Google
Depends on how you use your phone. Main thing I miss is Google Pay’s tap to pay (disabled by Google unless you run a Google certified OS…which Google could easily certify Graphene but won’t), but most banking apps NFC tap to pay work.
Android Auto also doesn’t work, but I never used it. Some people might, though.
which Google could easily certify Graphene but won’t
I’m not on the Google fan bus and would be the first one here to drop Android at the drop of a hat, however, you are being deliberately deceptive here and I hate people like that: the reason it’s not certified is because Graphene devs don’t want to pay to get it certified, it’s not because Google refused to, like you are saying.
you are being deliberately deceptive here and I hate people like that
To be fair, you have no idea if they are being deceptive. They might simply not be aware that GrapheneOS chose not to pay to get certified. I certainly didn’t know that, and I’m not at all certain that Google would certify them if they chose to pay. Do you have a source for that?
Any developer can go here to start the process for GMS certification. If the Graphene devs didn’t know this, then they are fucking stupid, which i know they are not. Their TOS provides you the answers:
GMS is only available through a licence with Google and delivers a holistic set of popular apps and cloud-based services.
And I think the costs vary depending on how much bandwidth traffic you will be bringing Google to serve the certified content. Also, they allow you to certify non-Android OSes (such as Tizen and etc).
According to this post, it’s not that they don’t want to, it’s that GrapheneOS can’t be certified:
https://discuss.grapheneos.org/d/475-wallet-google-pay/9
That post implies that there is something Google won’t do which prevents them from certifying, which supports what the OP was saying.
That’s a very funny post to read. In summary they are demanding Google comply with their own standards they designed. It’s definitely two children yelling “No, you!” at each other.
I like Graphenes standards better, but it looks like Google is sticking with Play Integrity API over hardware-key attestation because it’s less insane to force end users to rely on costly solutions and more compatible with different commercial vendors (looks like some Certificate Authority vendors are effected).
I’m not being deliberately deceptive. Google absolutely could whitelist GrapheneOS if Google chose to, just like any app developer can as well by checking for the verifiedBootState with proper verifiedBootKey (GrapheneOS attestation link below).
Now, I don’t see Google doing that as GrapheneOS doesn’t and won’t ship with Play Store, Play services, or Service Framework. GrapehenOS actually has a compatibility layer so those don’t get special and device wide privileges like they do on devices that ship with them (sandboxed link below)…which Google probably requires. And I don’t see GrapheneOS budging on this as that’s one of their main selling points for security and privacy.
But I’m always down to learn and I’m not a developer. I don’t suppose you have a link that says the main thing that Graphene is missing is handing over money to Google to get certified, and ideally how much? If that was it, I’d be willing to bet money Graphene would’ve forked over the cash by now.
https://grapheneos.org/articles/attestation-compatibility-guide
Hi google, can you approve our phone that basically cuts your apps out and offers privacy from your mass spying operation please? Such a weird point.
I did acknowledge what you said by saying Google doesn’t want Graphene not including GMS stuff and won’t whitelist GrapheneOS, despite Graphene’s extra security measures. But this doesn’t change the fact that Google could…but won’t.
In the UK we have tap to pay debit cards. Mixing that in with the phone is always weird, especially from a privacy perspective. I wouldn’t want that.
deleted by creator
I would love to switch to GrapheneOS, but I need to know a certain apps work before I can make the change. Is there any way I can do this? They are financial apps and sadly use GSF. I cannot avoid not having them sadly. Any tips?
They should work if you install sandboxed play services from the built in app store.
If those financial apps include banking apps, then this post by a mod of the GrapheneOS Discussion Forum should be useful. It includes a link to an up-to-date list of banking apps compatible with GrapheneOS and a link to steps to help resolve compatibility issues if they do occur.
Thanks for that, just what I was looking for! ✨
I upgraded a little early (while my previous phone wasn’t dead yet, for once) for this reason.
I’ve found financial apps work fine* even if they claim they need GFS. Your mileage may vary, of course.
*With the sandboxed GFS from the Graphene app store.
It’s hard to tell in advance, but apps that check SafetyNet will definitely not work and a lot banking apps use this.
There are some databases though that list compatibility for apps you can check out, e.g. https://plexus.techlore.tech/. If they work with microG, they should also work on GrapheneOS + sandboxes google play.
The main reason I keep a “real” smartphone around is for banking app, that requires Google Play Protect (or whatever it is called, the thing that supposedly check around if you’re on a rooted phone). Support for this doesn’t seem there yet, which defeat the purpose.
banking should not be done on a phone
Why not?
deleted by creator
Shhhhhhh…the banks might hear us!
very insecure. especially if your 2fa method is on your phone as well (unfortunately many banks enforce this)
Sounds like scare mongering.
Why would that be any different than a PC with the 2FA app on the PC?
Banking on suitably patched and secured phone is NOT an inherently risky activity.
banks have old ahh security. not many support proper 2fa. but if u log in on your phone, and u do have your phone as the 2fa method, it makes no difference having 2fa. if someone gets your phone they get your banking log in and your 2fa method. its like putting totp 2fa on a computer to sign into something on the same computer. different devices for different purposes. remeber banking apps are always proprietry, so any zero day could be active right now, and we would not be the wiser. i suppose banking on a webpage on your phone is better, if you delete the cookie after.
If your phone is secure with screenlock, kept up to date and uses grapheneos than your banking should be safe. Using grapheneOS auto reboot feature would prevent anybody accessing private data stored in RAM , as it’s all at rest after reboot
i still dont trust it. theres no real reason to use it on phone. just becoming more dependant
It is also not recommended to use 2FA on PC to verify stuff on PC. (Personally, I still do that for some stuff due to laziness, though…)
Basically, hacking/stealing one device should not be enough to get your stuff. Smartphones are relatively often compared to PCs. As long as you still have a secure password you need to enter, I wouldn’t care too much, though.
I’d bet that a GrapheneOS phone is more secure than your average PC.
That is correct they are
not if u have linux and a hardened browser
I said “average PC,” and you throw out Linux with a hardened browser. That’s not average. But how many people have Linux with a hardened browser? More importantly, how easy is that to set up compared to setting up GOS (I promise GOS is much, much easier to set up and use)?
But if we’re going with extremes like this: no one should use banks on Linux with hardened browsers. Just go in person.
installing a just-works distro (say linux mint) is just/almost as easy as grapheneos. assuming not doing dual booting (the phone is dual booting is it).
librewolf (hardened fork of firefox) is like 2 commands on linux, or an installer wizard on windows.
unironically the last statement is based. less technology is always more secure. we managed without it back in the day didnt we.
im not going to say privacy and digital security is easy or one-size-fits-all or anything, we each have to make comprimises on convenience.
It’s harder for the average person. You have to know how to change device boot order in BIOS/UEFI, average person barely knows what an operating system is, let alone how to find their PC UEFI/BIOS setting menu to configure boot order. Grapheneos explains it clearly, how to install. You simply tap a few buttons on the browser and on the phone, when prompted.
its like 10 key presses total. there are many tutorials (although none as good and official as grapheneos i assume). people can learn things, and digital literacy is very important
Linux is the least secure desktop os 😂
what r u smoking ? linux is the only widely used open source desktop operating system. it has heaps less viruses made for it. its unix-like permission system (like mac) is always better than uac of windows. you can say a lot of bad things about linux, sure, but security is most certainly not one of them. unless you compare it to a locked-down os like android, it is the most secure.
source model is not indicative of security. besides that, though, Linux is much easier to gain privilege escalation and perform a data exfiltration.
in order of least to most secure is; ChromeOS, MacOS, Windows, Linux. (BSD derivatives arguably below Linux but that is a more complicated topic that I’m not educated enough on).
do you have a source for this claim by any chance ? windows is main target for viruses
