GrapheneOS – Break Free from Google and Apple

https://blog.tomaszdunia.pl/grapheneos-eng/

89•to3k•1h ago

Comments

ordainedclicks•46m ago

One of the only big downsides I've noticed with GrapheneOS is that several banking apps don't work with it at all thanks to being tied to Google's verification ecosystem.

Luckily I have hardware 2FA keys from my bank so I can authenticate using that. It also slightly decreases the suck-factor from whenever the phone decides to fly off down a drain. This may not be the case for you, so do your research on what you need for daily living.

stinos•43m ago

Author is installing Google Play Services it seems, wouldn't that work around this?

In any case, for me this also sort of defeats the purpose: I'd rather break free from Google and Apple, not just (stock) Android and iOS.

UnreachableCode•36m ago

No, because most banking apps call upon the Google Play Integrity API, which GrapheneOS doesn't (or can't?) use. There's a decent list kicking around of which ones work (Monzo, for instance).

https://privsec.dev/posts/android/banking-applications-compa...

adezxc•42m ago

Yup, also Google Pay doesn't work, though there are other providers which work fine (Curve Pay I think works in all of EU), but it just made me carry my wallet everywhere and I understood I don't mind that at all.

zhouzhao•37m ago

Of course that is highly depdendet on the bank used, but so far none of my banking apps didn't work!

If you are using a rather popular banking app, chances are high that it has been discussed in the GrapheneOS forum.

Anyway, with google play services installed, mine have worked out of the box.

dgxyz•29m ago

Does anyone know if HSBC's UK app works on it? I've seen inconsistent reports that it does and doesn't.

Edit: ignore this - there's a list elsewhere in this thread!

mentalgear•28m ago

"Banking Applications Compatibility with GrapheneOS" https://privsec.dev/posts/android/banking-applications-compa...

rcMgD2BwE72F•23m ago

I contacted my bank, insisting that GrapheneOS is one of the most secure OS on the market and therefore should be supported if they actually care about users' security (it's actually far more secure than all the old, far less secure but Google-approved devices out there). They acknowledged an fixed their app, one of the most popular in France.

Still missing Android Pay but that's due to Android Pay being closed. I wish banks would do something and support NFC payment systems that don't require the device to be controlled by Google (how can we be okay with this?!)

jackhalford•20m ago

I’m interested which french bank is this?

lpcvoid•42m ago

Been using GOS since roughly 2020. I refuse to use a Phone without GOS on it. It's been amazing.

franczesko•38m ago

Why only pixel phones are supported?

lpcvoid•37m ago

Because google actually cares about hardware and software security. Read the FAQ: https://grapheneos.org/faq#supported-devices

zhouzhao•35m ago

>Because google actually cares about hardware and software security.

That statement might not have aged so well, especially consindering googles attempt to lock out apps from their devices, If the developers do not comply with being oficially registered.

lowdude•28m ago

There is a difference between security and privacy or freedom of use. Locking down the device to only allow a subset of apps that Google has some control over (by requiring developers to register) is a measure that can increase security, even though it obviously takes some control away from the end-user.

The fact that the play store is not exactly known for exceptionally high standards w.r.t. malware, or that there are lots of valid concerns that come along with a company controlling who is allowed to supply apps for the device is a different topic.

izacus•27m ago

Don't mix security and freedom. They're commonly opposed to each other.

erremerre•32m ago

I believe (as it's open source) there is nothing impeding anybody else to compile grapheneOS in a samsung S10, which would not be as secure, but should still work as any lineage

However I haven't seen anybody try

h4x0rr•38m ago

"Break Free from Android and iOS" looks inside - Android

mft_•27m ago

It should probably be "break free from Google and Apple"?

to3k•24m ago

You are right! I will change the title :)

Myzel394•37m ago

I've been using GrapheneOS for about 3 years now. For the most part, it works very well. I don't have any issues with banking apps, nor any other closed source apps. I'm using two profiles both with sandboxed Google play installed. I'm logged in into my private Google account on the work profile.

However, there was one case that lead me to thinking about ditching grapheneos to this day. I installed Uber on my phone and I was able to successfully create an account and use it. When it came to booking a ride, the app crashed and I had to log in again. Once I did that, I was told that my account has been suspended for violating the terms of services. All I did to that point was creating an account and booking a ride. I was able to resolve the issue luckily after a few days and going back and fourth a couple of times with the Uber support, however, the risk of getting banned on any such platform is still risky, and thus I'm not sure if grapheneos is usable if you need to use such services.

peanut_merchant•34m ago

I regularly use Uber on Graphene OS and have had no issues.

rcMgD2BwE72F•34m ago

That's clearly a Uber problem. I'm also a GrapheneOS and used Uber once -- it worked.

ThePowerOfFuet•17m ago

>there was one case that lead me to thinking about ditching grapheneos to this day

Your aim is misplaced: ditch Uber, not GrapheneOS.

budududuroiu•13m ago

I'm a new GrapheneOS user and stopped using Uber as altogether. Taxis aren't that bad where I'm at, and cheaper than Uber

franga2000•12m ago

What exactly is the risk of getting temporarily banned on Uber? You have to use a different taxi app? As if such a thing even exists?!? Unacceptable!!

Every app on my phone has at least one other app, usually already installed, that can replace it. This wasn't intentional, it just happened naturally. Unless all two or three apps in a category get blocked for me at the same time, this already unlikely situation is barely an inconvenience.

palata•8m ago

No problem here with Uber on GrapheneOS.

mentalgear•36m ago

This is especially interesting in regard to the recent HN dicussion on spyware by for-profit intel firms having access to Whatsapp, Telegram, Signal, etc. (https://news.ycombinator.com/item?id=47033976) through OS-level no-click hijacks.

I wonder how secure GrapheneOS is in that regard, and what the other contenders are?

ramon156•33m ago

Does anyone have a good grasp of the differences between GOS and /e/OS? I'm buying a Fairphone soon and was wondering what both are like

SockThief•23m ago

Consider this (by Graphene OS): https://discuss.grapheneos.org/d/24134-devices-lacking-stand...

/e/OS community talking about it: https://community.e.foundation/t/article-from-grapheneos-abo...

And then maybe this: https://eylenburg.github.io/android_comparison.htm

Hope that helps.

realusername•9m ago

I like GrapheneOS but they fail to understand in this post that the #1 security concern an android user face is the lack of privacy.

Sure they have hardened everything but realistically, that's not the main threat for your average user.

Their top contribution to android is the sandboxed Google Play, by far.

lawn•21m ago

Read this:

https://eylenburg.github.io/android_comparison.htm

In short, GrapheneOS is vastly superior.

onli•21m ago

GrapheneOS claims to be a lot more secure, having additional hardening. See https://eylenburg.github.io/android_comparison.htm - keep in mind that it is not an independent comparison, the Graphene guys directly feed what this table is supposed to say in the issue tracker, https://github.com/eylenburg/eylenburg.github.io/issues/. But it gives a good representation of the state of the ROMs according to Graphene.

In regular use, main difference will be that /e/OS comes with access to the alternative cloud service that project provides. It uses the default FOSS solution microG for google api compatibility, unlike GrapheneOS with their sandbox approach. /e/OS sets on AppLounge to install and upgrade both play store or F-Droid apps. Graphene has a small curated app repo instead.

I'd never use GrapheneOS since I don't trust the project. /e/OS is also not my favorite since it feels like it is developing slowly, having had issues with outdated software versions - though it does work well in practice. Have a look at iode for an alternative.

noirscape•4m ago

[delayed]

dizhn•30m ago

GrapheneOS is Android isn't it? Same binary blob issues and such? Or is that not an issue on Pixel devices?

6jQhWNYh•29m ago

It's a shame only Pixel phones are supported. I have PWM sensitivity and Pixel phones are notoriously bad for this, my eyes hurt when I look at one for more than 30mn. Due to the lack of good, secure alternative, I have had to give up on privacy in exchange for manufacturer updates.

sudonem•17m ago

The Pixel limitations has been my main concern as well.

The good news is that they are actively working on developing their own hardware. The bad news is that it’s been delayed. But I’m watching closely.

https://www.galaxus.at/en/page/grapheneos-postpones-pixel-al...

xvilka•27m ago

They should get the same level of financing (donations) as Tor project at least. Some big organization like Open Technology Fund or NLnet should give them yearly grants.

choeger•26m ago

What about device attestation? Will you be able to run banking apps and Netflix et. al.?

For me the biggest concern is that while you may be able to use and run your own device, you will be locked out of most propietary services. Much like how more and more websites simply don't work with Firefox anymore.

buzzwords•22m ago

This might be one of those things were if there is big enough user base, companies will start to take it seriously.

xnacly•21m ago

Well i do use banking and netflix on graphene os on my pixel 8a and everything works perfectly

lawn•16m ago

All Swedish banking apps I've tried works great. Including BankID, swish, Sparbanken, Nordea, LF, Revolut and more.

I've had less issues than I had with CalyxOS for example, where more apps broke.

ThePowerOfFuet•15m ago

Netflix and almost all banking apps work fine.

https://grapheneos.org/articles/attestation-compatibility-gu...

https://privsec.dev/posts/android/banking-applications-compa...

galangalalgol•6m ago

I only use Firefox. It has been years since I ran into a chrome only website. Though recently I ran into an edge only websit on my corporate network, not even sure how that happens.

haunter•25m ago

Break free from Android... by installing Android? I'm not sure it's really breaking free when the first task to do is intall Google Play Services so your banking app works.

Sounds like we can't actually breaking free from Android and iOS. Maybe with Linux like the Fedora Atomic for mobile devices? https://github.com/pocketblue/pocketblue Or PostmarketOS? https://postmarketos.org/

Even then banking would probably only work through the browser... Sad state of the world really.

to3k•21m ago

I tried Ubuntu Touch and Droidian

https://blog.tomaszdunia.pl/ubuntu-touch-eng/

https://blog.tomaszdunia.pl/droidian-eng/

arein3•20m ago

And the 50% of banking apps still wont work because it wants an android signed by google.

And no tap to pay.

Hopefully the new EU banking system will work on Graphene and Ill switch back

rubymamis•17m ago

We need Linux OSes and phones to catch up to really break free from this duopoly. Only when there is enough traction, essential infrastructure like banks will start supporting Oses like that. It's a chicken and egg kind of problem.

gf000•8m ago

Android is a Linux OS and is eons ahead anything that would sit on top of "GNU/Linux" userspace.

Why start from scratch?

villgax•16m ago

Unless govts make web a primary citizen of information dissemination and acceptance, it will be only apple/google on the sim card linked access

absqueued•13m ago

How is it a break from google/appple if the only supported devices are Pixels? I can't use my sony or other vendors hardware at all.

Are there valid reasons to only support pixels?

daoboy•10m ago

Many are complaining about banking app compatability, but I've never felt compelled to use anything other than my browser for banking. What's the big deal with the banking apps? Am missing out on some huge advantage here?

dgan•9m ago

Some banks force you to validate transfers on your phone; unfortunately its not the user who decides

voxadam•10m ago

While I admire GrapheneOS and its goals, I feel that until we free the proprietary baseband processors and their RTOS from the grips of Qualcomm and friends it's a pyrrhic victory, at best.

palata•7m ago

When there isn't a perfect solution, the next best thing is... the next best thing :-).

voxadam•5m ago

I don't disagree. There's a sign on the wall behind my monitors that reads "Perfect is the enemy of good", something I agree with whole hardheartedly, still, I strongly believe that the imperfection needs to be identified and called out.

thisislife2•5m ago

GrapheneOS' approach is to focus more on security than privacy, because they believe increased security leads to increased privacy. Unfortunately, that means their hardware requirements pretty much limit the hardware that you can run it on (currently only the Pixel phone range). Worse, it also means they stop supporting a device when it reaches End-Of-Life as software security updates stop for it (see How long can GrapheneOS support my device for? - https://grapheneos.org/faq#device-lifetime ). Sad though - GrapheneOS on Sony Open Devices ( https://developer.sony.com/open-source/aosp-on-xperia-open-d... ) would have been nice.

Retired Netflix Engineering Director on Regrets, Video Engineering, Hiring

Toolspotting: A new way to measure engagement

499 is a prime number with this property: 499⁴⁹⁹ ends in 499499

Ask HN: What is the best bang for buck budget AI coding?

Teaching Claude to Write Pony

Browse Code by Meaning

A remote control for your agents

Data Is Your Moat

Capita taps Microsoft Copilot to dig it out from UK pensions backlog

Show HN: Nibble a fast and easy to use network scanner

Capitalist Countries 2026

Two Bits Are Better Than One: making bloom filters 2x more accurate

I broke into my own AI system in 10 minutes. I built it

Cascade standalone DNSSEC signer in Rust from NLnet

The Infrastructure of Jeffrey Epstein's Power

The Cost of Staying

Chinese Memory Penetrates Global PC Supply Chains

Show HN: CleanCloud – 20 rules to find what's costing you money in AWS and Azure

Maybe America Needs Some New Cities

The Rev. Jesse Jackson, pioneering civil rights activist, dies at 84

I attacked my own LangGraph agent system. All 6 attacks worked

OpenFactBook – The World Factbook

Show HN: Free domain health monitoring tool

'All records broken' as storm leaves swaths of France under water

A phone is stolen in London every seven to eight minutes

Hunt Globally

Fast Sorting, Branchless by Design

You Only Debug Once? Think Again

How Mitchell Hashimoto Builds Ghostty [video]

OpenAI Tapped for Voice Control Tech in US Drone Swarm Challenge