I use this daily on one of my devices and I am a huge fan. I experience better battery life, better app speed, and obviously appreciate the decreased telemetry and more cautious memory allocator, among many other beneficial changes.
For those who are considering it though, its worth noting that the community has a very... Confrontational style of correcting others though.
Not a dealbreaker, but a nuisance. It can feel like being back in grade 8 again with the class know it all.
I am also a bit concerned with the project's stance on similar ones like Calyx, with GrapheneOS people claiming they are being harassed by them, while not providing evidence. Meanwhile, there are numerous logs that show the exact opposite occuring.
Still, I am a happy GrapheneOS user, I just hope the OS doesn't suffer from this situation. Also, those Pine64 offerings are becoming more attractive with every update.
Can't understand their warped logic in providing a mobile OS stripped of Google services, while officially supporting the mobile OS only on a mobile phone offered by Google! How is that supposed to inspire any confidence? (For those wondering what other good alternative hardware is available for such a project, Sony "Open Devices" offers a set of mobile devices with "open" bootloaders along with AOSP device configurations and build guides - https://developer.sony.com/develop/open-devices/get-started/... ... it's also a bonus that Sony makes good quality phones).
From my understanding it has to do with the fact that only Google phones contain a security chip which allows you to use verified boot and re-lock the bootloader on a custom ROMS. Graphene's threat model places security over privacy so if that doesn't align with your goals then it probably isn't the product for you
I didn't know Sony had an "Open Devices" program, so thanks for bringing it to my attention. Apart from the price of their phones, I think that makes Sony a strong competitor to Google for people who value privacy over security and want a really good phone (spec-wise) that can flash a custom ROM out of the box.
Ultimately the custom ROM support for Sony phones is pretty lacking due to their tiny marketshare. For instance there are no official LineageOS builds for any of their recent releases.
I'm using LineageOS 19 (with microG) on my Sony XA2 :) Well supported.
Or do you mean Sony's latest device releases? The open firmware program is only for the midrange devices like the Xperia 10 and XA series before that, and of course it depends on having a maintainer. And new devices take time.
I found that odd as well; they could be confident that the Pixel phones hardware isn't backdoored at iron+firmware level, which would defeat any protection at upper OS and software level created by GrapheneOS.
Anyone know where I can buy a phone flashed with GrapheneOS? The thoughts of messing with my phone’s default OS is daunting and I’m scared of bricking it.
You don't want to buy a phone pre-flashed with GrapheneOS, this was the problem with CopperheadOS - they would only flash the phone if you sent it to them (unattended, across 2+ customs borders) - apparently that caused some internal strife.
Seriously though, pick up a Pixel 6, flash it at home via Web-USB.
My only qualm is that the Google bootloader doesn't show a QR code on boot to verify the kernel image being loaded, instead it simply shows a big yellow warning saying the OS is unsupported with no way of verifying if it's the GrapheneOS image you loaded or one the maid loaded while you were AFK.
Did it and on a similar pixel device and love it so much! Was super skeptical of the webusb thing as a jaded old fart (which IIRC is funded by the community) and I whistled with sheer amazement it worked perfectly the second time. First failure was BC of flakey internet with a bad download and a time crunch when another phone died.
I have hated android not meeting my own personal watermark in respecting open dev and privacy forward user design at its core. This project, although not core and on the fringe, gives me a small glimmer of hope in a dark smart phone world! Been a stable daily driver for like six months now.
> My only qualm is that the Google bootloader doesn't show a QR code on boot to verify the kernel image being loaded, instead it simply shows a big yellow warning saying the OS is unsupported with no way of verifying if it's the GrapheneOS image you loaded or one the maid loaded while you were AFK.
Once upon a time it at least showed part of a hash or somesuch ostensibly uniquely identifying the OS, such that it would change if an Evil Maid flashed a new one.
This is the type of thing that happens that happens when you make yourself dependent on someone whose goals are opposed to you by making your OS exclusively for google's phones.
I honestly don't know why we can't have a system to visualise the signed image source as the default. Put any public key you want in the firmware, show a 32-64 bit fingerprint of the loaded key as an abstract pattern and only boot an image signed with that key. Manufacturer doesn't get any special treatment.
Fairphone at least shows a hash on boot as well as the scary yellow text when relocked. Calyx is available, don't know about graphene.
Hi, actually there is a way to verify if ROM you have installed or not is GOS. There's attestation.app which let's you remotely verify your installation.
Avoid buying a GrapheneOS phone being advertised specifically for privacy with encrypted chat. They are specifically for selling to criminals, be it from a government or an enterprising young adult.
Many people have tried to pay me to make them a custom ROM based on GrapheneOS but with their name and reskinning notepads and encrypted chat apps. They'll claim it's for privacy-focused businesses of course.
There is no official store, and the official project does not reference any third-party vendors.
You do have options:
1. Do you want to buy a third-party device like a NitroPhone? If you can afford to purchase a phone in the first place, then purchase a used phone to try flashing GrapehenOS. You can buy multiple used devices for the cost of such a device, and then you can familiarize yourself with the flashing procedure.
2. Have a friend help you. There are probably events in your town that you could find on Facebook, Reddit, or Meetup (e.g., OS install parties are a thing).
Surprisingly, of any rom you could install, graphene is the simplest. You just open a website after installing android drivers for your pc. Its an impressive feat on its own beyond how impressive the software is.
I think it depends on your goals. Graphene's team rightly point out that Calyx's approach to spoofing the play store (microG) isn't safe, so security will be better on Graphene as long as that stays the same.
On the other hand, Calyx does actually include an app store with the base ROM. This is important if you are setting devices up for other people who need to be able to reproduce the steps you have taken. In such a case, even though I could set up Graphene myself, I would probably suggest Calyx. However I know that graphene are (were?) Working on a store of their own at some point, so when that is released my opinion may change.
Currently, it lists only graphene apps like Secure Camera, graphene PDF vewier, Auditor, Sandboxed Play services. Also, it only works for Android 12 and above, not only on GrapahenOS but other OS like Calyx, Lineage and it forks etc.
They are planning to add other graphene apps too, like Vandaium* etc. Non-graphene apps (like apps available on f-droid), I don't think they will be added. This store seems to be only for Graphene Apps.
> Graphene's team rightly point out that Calyx's approach to spoofing the play store (microG) isn't safe, so security will be better on Graphene as long as that stays the same.
AviD's rule of usability applies here, IMO. Doesn't GrapheneOS's approach have worse third-party app support than CalyxOS's approach? I can see that leading to people trying GrapheneOS and then saying "none of my apps work on this more secure version of Android, so I'll just stick with stock Android from now on."
At the same time, doesn't a "typical person" wanting Facebook, Uber, etc apps running kind of counter to the type of people that would want or need something like Graphene?
It's about the war, not the individual. If you're completely compromised by and beholden to google, then you've already lost. For many people, the threat model is protecting the commons and keeping the future possibility of commerce without a 30% tax collected by some middleman in california.
If people start from a device they own, then they can actually fight the other battles. Install facebook in a work profile for now but try and get some friends to move to xmpp. Install uber if and only if you're stuck and public transport has stopped for the night (and uninstall it after). Or any other compromise between complete submission and full device ownership.
Graphene as a project doesn't really seem aligned with this idea. Calyx and /e/ are a bit better.
If you have to compromise your values to allow such things, an example might be TikTok with Play Services on Graphene is possible, but you will be permanently banned shortly for not being spyable enough and failing modified ROM detection, would you want to compromise by re-adding what's basically a vulnerability if it increases userbase?
If it means that I only have to convince someone to give up a tiktok account they don't have rather than tiktok and pinterest amd facebook and whatsapp (and subsequently the ability to communicate with any of the local community groups) and the local covid app that allows you to leave the house and their university app and any kind of paid media, then yes.
A phone that my partner owns that I can actually realistically ask her to use is better than one that is secure against an attack that isn't even in my threat model and is a complete non starter.
> you will be permanently banned shortly for not being spyable enough and failing modified ROM detection
Wait, do they actually do this too, or is this a hypothetical you made up for the example? Or did you mean Snapchat instead of TikTok, which I know does actually do that?
I picked it as a random example but yes, it does do safetynet/aggressive device fingerprinting/bans root (magiskhide used to work for a bit afaik)/collecting as many identifiers as possible based on version of android.
That's a bit too coarsely grained IMO. There are different ways to resolve the question of security vs usability, varying by threat model and user confidence.
Graphene's approach is not inherently untenable: using the play store can be done via a separated profile - which is probably good opsec anyhow.
An alternative approach (which I believe the Graphene team are aware of, but don't necessary encourage) is to use F-Droid or the Aurora store. I believe there are some important shortcomings with this approach though.
In regards to 3rd party stores, I wouldn't use this approach for any kind of corporate or professional application, but if you're an end user there might be a case that this is preferable (suppose privacy is a much greater concern than security). I think that would be case by case though.
In the case of F-Droid, the apps need to be built using F-droid's build system, and is signed using F-Droids own keys[1], rather than the devs signing themselves. Not awful, but definitely not good.
So, regarding the 'too hard, gave up' problem you mentioned, I think you're right that its an important consideration, but disagree that Graphene's approach is "strictly" worse third party support.
> An alternative approach (which I believe the Graphene team are aware of, but don't necessary encourage) is to use F-Droid or the Aurora store. I believe there are some important shortcomings with this approach though.
I know the Aurora Store works fine for installing apps from the Play Store. My concern is more so whether those apps all work right after they're installed.
> Doesn't GrapheneOS's approach have worse third-party app support than CalyxOS's approach?
This isn't even correct anymore. "Sandboxed Play services" is essentially just play services but with the ability to uninstall it, and deny it permissions.
For those who are considering it though, its worth noting that the community has a very... Confrontational style of correcting others though.
Not a dealbreaker, but a nuisance. It can feel like being back in grade 8 again with the class know it all.