It's well written and focuses on facts rather than poorly made assumptions
The article describes downsides to all 3 options, and everything they say about GOS seems reasonable to me; what exactly do you find objectionable?
GrapheneOS doesn't do anything which reduces USB-C functionality beyond having a setting which blocks new USB-C connections and then disables USB-C when locked by default which can be turned off.
The main reason I stopped using Lineage is because I got a Pixel and wanted to keep maximum picture quality with it. Open-source photo applications, from what I understood, cannot access all of the hardware features to get photos as good as Google's app.
Is it enough to get the Google Camera APK somewhere else and use it? Or do I really need to keep the OS as Google intended, in order to get best picture quality? I don't have the time lately to do much tinkering and compare it by myself.
I think if you get a Pixel, then you should use either Stock Android or GrapheneOS. I don't see the point in using something else.
> Is it enough to get the Google Camera APK somewhere else and use it?
With GrapheneOS, you can install the Play Services, the Play Store and then the Google Camera. I would be surprised if that wasn't enough. In fact I would be surprised if you needed more than the Camera APK. But like you, I haven't made the comparison. Would be interesting!
Why use GrapheneOS if you are going to install Google Services anyway? The whole point of Graphene is to have a fully locked down OS that still works as it should. A mobile fortress basically. Installing Google Services defeats the point imo as it opens multiple security holes in the fortress.
May as well just install the stock os. At the end of the day, once Google stops shipping sec updates for your phone, firmware updates stop so that's it really. Graphene cannot give you the firmware updates anyway. And at that point, you have a vulnerable phone. I think graphene os makes more sense if you go all in. Otherwise there is no much point really.
It just seems odd to me, may as well install LineageOs if you just want an alternative android os really. You get more privacy controls than stock android. I just feel that the whole point of graphene is to be able to have a private phone and live outside big tech and you pay a price for that.
If you don't really care that much about privacy and are happy to let google apps run in the background then data about you can still reach the mothership but your smartphone experience is quite degraded imo
I do at least some of those, so I can say you are making wrong claims. I won't test all of them, it would be your job to test them before claiming that they don't work.
> It just seems odd to me, may as well install LineageOs if you just want an alternative android os really.
GrapheneOS is a lot more secure, and in my experience I get better support than I did with /e/OS.
> You get more privacy controls than stock android.
I do on GrapheneOS, even though I installed the Play Services and Play Store. I love being able to run them in the sandbox!
> I just feel that the whole point of graphene is to be able to have a private phone and live outside big tech and you pay a price for that.
Well you are not forced to install the Play Services. But if you own a phone that is supported by GrapheneOS, I would say it's a better choice than anything else out there.
Why would I choose LineageOS instead of GrapheneOS? I can't see any benefits in using LineageOS, I only see major drawbacks.
Why is it always 0 or 1 with privacy? Why can't I use GrapheneOS with sandboxed Google Play Services? Seems like the best option. I can still use all the apps I want and also get privacy and security benefits. I only give Google what I want and still get to live like a normal person, without making huge compromises on security, privacy, usability and GrapheneOS has been the most stable OS I've used. More stable than the stock PixelOS.
This has nothing to do with it being sandboxed. You are talking about the SafetyNet api, which makes sure the device is using the "official" android version.
And no, not every banking app requires this.
No, Grapheneos is quite more secure than stock os when comes to handling google play service if you need to use it.
https://grapheneos.social/@GrapheneOS/113459782313987260
> At the end of the day, once Google stops shipping sec updates for your phone, firmware updates stop so that's it really.
That is true. Graphene does not hide that. If you want to live without any influence of google use iOS/MacOS or Windows.
Imo, installing a Google app on your phone is living under the influence of Google. The apps can still run in the background and collect and ship info about you. Less influence sure, but still a ton if they get to run background services.
Everything I want to do works on GrapheneOS. Actually better than it did on /e/OS.
> Can't buy subs or buy apps on the app store. Forget about using banking apps on your phone and resign yourself to use Whatsapp with no cloud backups.
I use at least some of those, so... you make wrong claims :-).
> Imo, installing a Google app on your phone is living under the influence of Google.
You're entitled to your opinion. IMO, if you use microg you still allow your non-Google apps to contact Google. If you use Android apps, or if you use the web, you're under the influence of Google. That sucks, but that's how it is.
This is just plainly wrong. Im doing both with GrapheneOS.
Not at all. The reasons I use GrapheneOS:
- Better security than other alternatives, even with the Play Services. A lot of hardened stuff, very quick updates.
- Play Services run in the sandbox, in terms of privacy that's not worse than microg, but I find it more convenient (I used both)
- More control over the app permissions, notion of "scopes", etc.
Also: If there’s no upstream security patches, you throw away the device.
With alternative OS, you’ll often get backported security patches.
Either way, upstream patch guarantee date is your deciding factor when buying - not OS.
https://grapheneos.org/features#sandboxed-google-play https://grapheneos.org/faq#hardware-identifiers
I keep hearing this name, "Sailfish OS", but I just don't know what it is. I probably should have a look one of these days :-).
Furthermore, microG can be installed on LineageOS, as can the official play services. Either of these choices gives you compatibility with anything that doesn't require play integrity - just like with GrapheneOS.
Lineage + Magisk does not do that for me. I've tried the modules, zygisk/lsposed, deny lists, all that jazz - the app still says no.
palata•2mo ago
Doesn't that mean that I could write an app, sign it with those keys (they are public, since they are for testing), and then have it behave like a "system" app on those devices? Isn't that how a system app proves to the system that it is, in fact, a system app?
I can understand the "I am not paranoid and I don't really mind about an evil maid attack, so I don't need to relock my bootloader". But isn't it risky to use the Google test keys to sign the whole system?
Not trying to criticise Lineage and /e/OS here: I'm hoping that someone knowledgeable about this will be able to help me understand the actual risks.
udev4096•2mo ago
Lineage is better and Graphene is obviously the gold standard which provides better privacy and security for normal people. The author is wrong in thinking you gotta be some journalist to use it. GrapheneOS is for everyone
palata•2mo ago
em-bee•2mo ago
grapheneOS only runs on expensive pixel phones. until i can buy a phone that runs grapheneOS for $100 or less, it is not for everyone.
_imnothere•2mo ago
em-bee•2mo ago
i can't speak to their server. i am not using it. i am not even reminded about its existence. i think you are asked once on setup and then never again. hence there is no luring to it either.
udev4096•2mo ago
em-bee•2mo ago
but the key point is: no matter what you think about me: you think i'd do better with lineageOS? i'd be using all the same apps there. so i really can't see how that would be any safer.
netdevphoenix•2mo ago
You are right. The user saying that "GrapheneOs is for everyone" is just classic HN bubble syndrome speaking from a position of privilege so great it blinds their worldview.
GrapheneOS is obviously not for everyone because it relies on the user having a certain income relative to their local cost of living. While Lineage is leaning more towards extending the usable lives of smartphones officially unsupported, Graphene leans towards security, especifically features that are only present on a few high-end devices.
This is why it is not hard to see why Lineage is the better option for most people while Graphene is the option for those wealthy enough.
Just like celebrities find hard to relate to non-celebs, many users here find hard to relate to those who are not wealthy. This to me sounds like if a celeb said that "space travel is for everyone".
faust201•2mo ago
No.
In a way it does not matter if the app is system or not. Even user apps (signed with some other key) can be powerful to do damage.
System partitions cannot be edited due to SELinux and also thesedays the partition ext4 is created with certain blocks - cant be changed.
Yes one can use magisk to do some gimmick - but that is kinda telling OS - Allow me to do anything.
The notion of locked bootloader as a holy grail against anything is stupidity. Apps inherently have too much power - assuming user somehow granted permissions. (or you are from a 3-letter organisation - incl. NSO)
palata•2mo ago
faust201•2mo ago
I have no idea what is security. What is good? Such questions cannot be answered easily. Read https://ssd.eff.org/module/your-security-plan
- Trying to protect all your data from everything all the time is impractical and exhausting. - There is no perfect option for security. Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.
- Some install custom ROM because they don't install 3rd party apps like WhatsApp etc but want to use only OpenSource Email - Some may say - using original factory ROM is bad for privacy as Google snoops a lot but they have some assurance that some random script kiddie cannot take over
- Some want security but not privacy (i.e) get a ChromeOS - yes everything is given to Google but Google has one of the best security team in the world.
palata•2mo ago
> Doesn't that mean that I could write an app, sign it with those keys (they are public, since they are for testing), and then have it behave like a "system" app on those devices?
gruez•2mo ago
That might be true, but at the same time you shouldn't run random scripts off the internet as root, even though there are plenty of EoP or RCE exploits. The same applies to letting random apps get privileged permissions, even if sophisticated attackers can bypass those permissions with 0days.
>System partitions cannot be edited due to SELinux and also thesedays the partition ext4 is created with certain blocks - cant be changed.
That's irrelevant on Android because system apps can be updated without touching the /system partition, if the .apk is signed with the same key. The system will store the updated .apk file in /data/app, but otherwise grant it privileged permissions that only system apps can get. That's how google play services can update itself and still keep its privileged status, even though the phone OS hasn't been updated in years.
faust201•2mo ago
How is this relevant? Yes, in a custom ROM - USER NEEDS TO BE CAREFUL. (i.e) if someone installs random app - signed by AOSP keys (and that ROM was installed by AOSP keys) it will get installed.
I am yet to see proof that this causes major meltdown.
Reg complete ROM- Except for this: https://wiki.lineageos.org/signing_builds#changing-keys
Assuming a phone was securely installed (after verifying sha/sig) with lineageOS RECOVERY and ROM - it will not accept a build with different sign keys. (i.e) AOSP keys.
gruez•2mo ago
It's relevant because it's an exploit vector that can be easily closed with basically zero downside, but for whatever reason it hasn't. Besides the risk of having such holes in the first place, the lack of willingness to fix is indicative of the security culture of the organization as a whole (ie. not very good).
>I am yet to see proof that this causes major meltdown.
It doesn't cause a major meltdown because most people don't use lineageos, so mass infections don't bother targeting them. That doesn't mean the system is actually secure. It's like using netscape navigator to browse the web. It might not cause a "major meltdown", but only because nobody bothers targeting it, not because it's actually secure.
>Assuming a phone was securely installed (after verifying sha/sig) with lineageOS RECOVERY and ROM - it will not accept a build with different sign keys. (i.e) AOSP keys.
Right, but the allegation is that /e/os uses test keys, either intentionally or through incompetence.
palata•2mo ago
GrapheneOS is an alternative OS, that keeps the same security model as Android. It's not a "custom, hacked thing that disables the security".
> Assuming a phone was securely installed (after verifying sha/sig) with lineageOS RECOVERY and ROM - it will not accept a build with different sign keys. (i.e) AOSP keys.
Do you know which keys are used by Lineage? My understanding is that some phones running Lineage use the testing keys. Simply because some phones don't allow "custom keys". But that means that it defeats the point of the signing.
Are you saying that the signing is useless in Android?