I would have guessed HMD, but they just pulled out of the US market: https://www.androidauthority.com/hmd-global-leaves-us-market...
However, Motorola/Lenovo seems the most logical partner, they were previously in the Android One program (which was sort of the successor to the Nexus line).
Some of their Xperia Compact models have been excellent, but they haven't been making them like that in recent years. Dare I hope for a return of their truly compact flagship phones and GrapheneOS support?
Hopefully they select an OEM which supports pKVM - that's the one Pixel feature I'd really like to see being implemented on other Android devices.
But it's obviously not for everyone so I can't really recommend it to everyone. And to be honest I can't in good faith recommend any Android phone these days, I hate what Google and other OEMs have done to the ecosystem.
I'm quite bullish on Linux phones though, like the FuriPhone FLX1, the Volla Phone Quintus, and the Jolla C2 - obviously again they're not for everyone, so for normies I would recommend an iPhone, and for techies I'd suggest giving the Linux phones a try (or maybe get a OnePlus/Nothing phone and load LineageOS+Magisk if you don't mind playing the cat-and-mouse game with Play Integrity).
Edit: Looks like there's an updated workaround now, but this is what I mean - it's really unacceptable that an essential feature like VoLTE - which is required to make phone calls - may not work depending on your carrier/region.
I suspect there will be a Pixel 11, maybe a Pixel 12, but that'll be it.
[1] While it might not be an official requirement, being granted a Google apps license will go a whole lot easier if you join the Open Handset Alliance. The OHA is a group of companies committed to Android—Google's Android—and members are contractually prohibited from building non-Google approved devices. That's right, joining the OHA requires a company to sign its life away and promise to not build a device that runs a competing Android fork. Acer was bit by this requirement when it tried to build devices that ran Alibaba's Aliyun OS in China. Aliyun is an Android fork, and when Google got wind of it, Acer was told to shut the project down or lose its access to Google apps. - https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on...
To me that sounds like devices with GrapheneOS preinstalled is not gonna happen.
7. For a period of three years ending on November 1, 2027, Google may not condition a payment, revenue share, or access to any Google product or service, on an agreement with an original equipment manufacturer (OEM) or carrier to preinstall the Google Play Store on any specific location on an Android device.
8. For a period of three years ending on November 1, 2027, Google may not condition a payment, revenue share, or access to any Google product or service, on an agreement with an OEM or carrier not to preinstall an Android app distribution platform or store other than the Google Play Store.
Almost nobody cares about privacy, and this is going to be super expensive. I might be fine with paying extra, but the economy might not work out, like it didn't for Blackphone. Fairphone is barely alive as well. Seeing as phones are just source of ad money Google can drop the prices on their phones as well.
Some European countries and banks already require crap like Play Integrity for essential apps. So far it's possible to hold out, but for how much longer?
Edit: https://en.wikipedia.org/wiki/Chip_Authentication_Program
There's legitimately zero reason to allow 2FA only on your own propreitary app. You can't even make a financial argument - allowing other TOTP methods is cheaper because now you don't need an app!
Small comfort for whoever needs to use that bank. This is the disconnect geeks and Free Software needs to bridge to make any headway.
I am still very surprised that any OEM is willing to commit to monthly security updates and OS upgrades for a minimum of possibly five years. I think it would be a good thing for GrapheneOS to have more than one partnership in future for the Android ecosystem as a whole.
I suspect the answer is "no" but I want to believe...
But being certified by Google of course precludes not preinstalling or sandboxing their GMS apps.
> Google Play Integrity
Essentially a Google API that App Developers integrate that checks if the device runs an Operating System signed by Google as "Play Certified". This can go as far as being backed by a hardware trusted platform module. I doubt Google will certify GrapheneOS given their modifications towards sandboxing the play services. This can be faked to a degree but GrapheneOS choses not to do it and to fake the TPM part you need leaked keys. For more details on how to fake it look at this thread: https://xdaforums.com/t/guide-how-to-pass-strong-integrity-o...
> Fingerprinting the Device OS
This can very from app to app and just tries to fingerprint the device in many ways to see if it's running a custom rom of some kind. This does things like check to see if the bootloader is unlocked or if root is installed. I think this is something an official grapheneos phone might fix since the phone vendor could allow grapheneos to sign their releases as native equivalent
> Banning GrapheneOS by Name
Some Apps Developers literally ban GrapheneOS by name.
> Failures due to Google Play Sandboxing
Since GrapheneOS sandboxes Google Play Services there might be compatibility issues that prevent the app from working right. This would likely be unaffected by a GrapheneOS Phone.
> Failures due to Advanced Security Features
Some Apps just don't "like" the advanced security features like the hardened malloc and other protections and just fail. This can be disabled most of the time
FWIW I have run several banking apps on GrapheneOS without any issues whatsoever, never had any blocks or compatibility issues. Might just be luck of the draw but just to say you probably do have options.
If you don't like their requirements, you need to take the liability yourself. You could use PayPal or a stablecoin to store your money.
Your money is far more at risk with scams and phishing than it is with whatever boogeyman spyware you may try to think of that does not exist in real life.
Banks have plenty of money. They don't need to be up your ass to keep liability down.
OEM support is a step toward passing integrity, and that's what those apps are looking for.
They can fund the development and support work for attesting GrapheneOS along with funding support for compatibility with the os. The more users that GrapheneOS has the less money they'll need to pay to fund such a project.
This would of course be contigent on GrapheneOS growing their market- and mind-share in the general public, while also taking several years to impact the least move-fast-and-break-things industry (consumer banking).
But still, a man can dream.
Boo
Dual eSIMs when travelling have failed me too many times.
[1] https://discuss.grapheneos.org/d/21946-grapheneos-popularity...
According to one estimate, there are about 250k total GrapheneOS users https://discuss.grapheneos.org/d/12281-how-many-grapheneos-u...
This source claims Google shipped 10 million devices last year https://coolest-gadgets.com/google-pixel-smartphones-statist...
If we generously assume every GrapheneOS user bought a new phone in the last year, 2.5% of those Pixels are running Graphene.
Not a phrase I expected to read, whew. Tough customers.
I've been very happy with several generations of pixels at this point compared to the alternatives.
Which is, generally, not that good for Linux mainlining. Qualcomm SoCs are "meh" when it comes to mainline Linux support - some parts are there, but a lot of them aren't. It has been getting better for the last bit though?
WD-42•5h ago