So all apps with premium subscription you can only handle through in-app purchase, usually won't work.
I've heard that some banking apps are not working correctly either as not "secured" enough device, in my personal experience, they all worked, it's really a case-by-case logics here.
For the upgrade, OTA upgrade around every month, and it has always worked smoothly
>Operated by Murena, your Murena Workspace account @murena.io is at the centre of the ecosystem, allowing to store, back up and retrieve your data safely on remote servers.
This sounds like their version is somewhat married to Murena. While probably better than Google, still not independent.
They're also advertising features such as "hiding your IP address [...] when you feel like it" – which sounds a lot like a VPN – without mentioning much about who the traffic is going through or how they might log it.
This is usually not a good sign.
I'd prefer to have an OS provider that does one thing well.
https://eylenburg.github.io/android_comparison.htm is a fairly complete comparison. One of GrapheneOS' biggest features is that they sandbox Google services (if you choose to install them), whereas e/OS gives them privileged access by default (via microG). Calling it a "degoogled" OS while microG uses Google's proprietary blobs is... a choice.
The GrapheneOS developers are very sceptical of e/OS (https://xcancel.com/GrapheneOS/search?f=tweets&q=e/os), but you should obviously take biases into account here. Murena's CEO occasionally participates too: https://xcancel.com/gael_duval/search?f=tweets&q=grapheneos
(That said, yes, I don't quite trust their VPN or app store, since it's unclear who's running it - in the latter's case, I imagine that's also a legal matter.)
You can do this on any other android device using an app like Orbot or Tor VPN beta
Look at the AdBlocker crackdown of Google Chrome. Every single chrome-fork has shut down MV2 extensions, even Brave is about to do it, because it is impossible to maintain features that complex on a browser that Google spends >$1B/year to develop.
Same story for /e/ and GrapheneOS, the day Google pulls the plug on source code releases, god knows how long they will last. We should focus our efforts on truly open platforms.
But on mobile, my bank and my government force me to use the Android/iOS duopoly.
* is this device rooted, is it an unsigned build ?
* Device is signed, but is it part of the blessed signing keys ? is play services untampered with ?
* Additional checks over the lifetime of the device.
You could fully trust the results of Play Integrity on device, but you can also send the returned token to your server, and your server then contacts play integrity to validate that token. So unless you know how to spoof those encrypted tokens, you won't go very far.
https://developer.android.com/google/play/integrity/overview
This is something that could be addressed at least in the EU by mandating banks to allow alternative services or not use this service at all.
https://e.foundation/installer/
I get a pop-up telling me that my browser is not compatible, and I should use Edge, Opera or Chrome. See [1]
So I was actually expecting a device listing page, not a WebUSB program.
But currently AOSP is very much open. That's also what the GrapheneOS devs say and why they want to continue using Android. Until it becomes clear that they will completely stop releasing the source code under a free software license i dont see why one should not use Android.
But the source isn't the point, it's the governance. Just like Chrome, having the source is not enough to guarantee an open platform. Sure you can disable telemetry flags. But you cannot afford to maintain an important feature Google wants to remove, like MV2.
https://arstechnica.com/gadgets/2025/03/google-makes-android... https://www.androidauthority.com/android-16-qpr1-source-code...
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
"Google built Android to be impossible to maintain without them."
Could be a very genuine answer to that question. Do you really need all of Android? What if you can build a very similar thing at a fraction of the size.
>it is impossible to maintain features that complex on a browser
While Chromium is complex, it is modularized which does make it possible for teams to maintain features.
Source?
Unfortunately even the fully open source Firefox isn't immune to the pressure from the advertising industry, with all their Google funding and their purchase of anonym.
I appreciate the vibes where this is coming from, but does it really? I think that assumes that everyone that works on this would work on a true open source OS otherwise, and that if they did, that would result in us breaking free from Android where we otherwise wouldn't. I'm not confident about either of those assumptions.
Meanwhile I'll keep complaining to orgs that don't allow me to work through their website, and tell them that their app won't work on my phone.
It's like bailing out water from the Titanic. We should prepare the lifeboats instead.
Sent from my Librem 5.
There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing. Running Ubuntu Touch isn't a viable option. Neither is postmarket, librem, tizen, they're all terrible. Security wise, for something as critically important in our lives as a smartphone, I am also not trusting any new pet project that won't be stable for 10 years.
Sure, you might be a poweruser that doesn't care about your phone burning its battery in your pocket after 1 hour because you know how to SSH on it from your watch and put it in sleep, but that's not a viable option. Leaving Android is suicide. A large part of its critical underpinnings are already into the kernel anyways, just disabled. (although a distro running binder could be a fun project). APIs are reverse engineerable generally speaking, except for the server part of play services. But then, if your issue is "my bank won't let me access their app without play services attesting me", I have great news, you won't even have an app for it on your new OS anyways, so it will not work by default. There's already not enough people working on GrapheneOS _or_ on mainstream linux OSes, what makes you think the sitation won't be ten times worse for your custom made mobile OS ?
>We should focus our efforts on truly open platforms.
Android is one, and that can never be taken away. Google pulls the plug ? cool, you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community. Hell, for all the shit that Google is doing, they're still constrained by having to work with other vendors: the system privileged notification receiver is swappable at build time, the recent app signing/verification system also is, because Samsung wouldn't let them control it all.
About hard-forking Android, no one was brave enough (pun intended) to do that for Chrome, considering the insane complexity and engineering costs (>$1B/y). (Only Apple was able to affort it with Webkit/Safari, but they are in the ad business too.)
Building and maintainance cost are not linear, especially when you inherit legacy code. The AOSP codebase isn't great, is 4x bigger than the Linux Kernel, and full of "Ship now, patch later" mess.
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
8 of the 10 top smartphone manufacturers are Chinese, there's no going back from that.
To what?
I've been running /e/OS on a Fairphone for about a year now. The experience is... fine. Not great. App compatibility is the main pain point. Banking apps are hit or miss even with microG. Updates lag behind GrapheneOS significantly.
The Murena cloud stuff is the part that bothers me most. You're trading one cloud dependency for another. At least with GrapheneOS you get a clean slate and can choose your own sync solution (Nextcloud, whatever).
That said, /e/ supports way more devices than GrapheneOS does. For people who can't or won't buy a Pixel (or now Motorola), it's one of the few options. The real question is whether the Motorola partnership changes the calculus. If GrapheneOS gets proper OEM support, the device limitation argument mostly goes away.
But then again, maybe that's the point :)
> a unique privacy enhanced environment.
... consider proofreading.
fuck me i'm doing work even though i should be working right now
Browsing:
https://e.foundation/installer/
Reply:
It's the specific functionality needed here that Firefox lacks that makes the /e/ page show the warning, unlike the lineage page that does not have the problem in the first place.
So I was actually expecting a device page, not a WebUSB program..
Which is in my opinion a fairly reasonable take.
But given the current situation, I would assume that the companies providing WebUSB tools like installers would also spend a few moments to create e.g. a Python script that would do the same thing but locally. So that anyone unwilling to use WebUSB within their browser can have a vetted and transparent way to get the same thing done.
No, it's security concern.
Very poor first impression.
This seems like the worst of both worlds.
I get the appeal of degoogling, but this seems to just be replacing that with alternatives run by another commercial company, just one I've never heard of before.
Why does it even need "One account for your privacy" ... "Operated by Murena, your Murena Workspace account @murena.io is at the centre of the ecosystem" when it'd be even better to have everything on-device without an account at all.
Even more, Murena seems to be owned by Qwant who seem to be in the business of selling a search engine, and while they currently claim to be all about user privacy, this is basically exactly how Google started nearly 30 years ago.
I wonder if they'd be happy if, for instance, somebody took this system and debundled Murena and switched it to using duckduckgo. Would they embrace that too, or sue them into oblivion?
EDIT: maybe I was too hasty. I've just seen that it's open source and it seems like you can self-host the required cloud parts: https://gitlab.e.foundation/e/infra/ecloud-selfhosting
> Operated by Murena, your Murena Workspace account @murena.io is at the > centre of the ecosystem, allowing to store, back up and retrieve your > data safely on remote servers.
That seems to suggest that we would be replacing one large overbearing corporation with a smaller and less-evil overbearing corporation. Is e/OS an open-source facade for Murena?
This is what that auditing actually reveals:
* /e/OS sends user speech data to OpenAI without consent [1], and thought this was ok until they got caught [2].
* /e/OS massively delays security patches, and calls this a "standard industry practice" [3]. Meanwhile, GrapheneOS' opt-in security preview releases provide early access to security updates prior to official disclosure [4]. Also see [0] (Security update speed) and [7] (WebView being 40 security updates behind).
* microG downloads and executes proprietary Google binaries in a privileged environment [5] [6]. You can obviously not audit these, nor should this count as "degoogled".
* microG still phones home to Google by default (android.clients.google.com for device registration check-in, mtalk.google.com for FCM push, firebaseinstallations.googleapis.com for SIM activations) [7].
[0] has a comparison of popular privacy and security-focused Android-based OS, which paints the whole picture. Privacy-friendly does not necessarily mean secure, but in this case "privacy-friendly" is quite a stretch already.
[0] https://eylenburg.github.io/android_comparison.htm
[1] https://grapheneos.social/@GrapheneOS/114880528716479708
[2] https://community.e.foundation/t/clarification-about-voice-t...
[3] https://community.e.foundation/t/e-os-and-security-updates/7...
[4] https://discuss.grapheneos.org/d/27068-grapheneos-security-p...
[5] https://github.com/microg/GmsCore/blob/e19a9985204ec8329c1d9...
[6] https://github.com/microg/GmsCore/blob/e19a9985204ec8329c1d9...
[7] https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...
I know the versions differ by model, so perhaps your model was not as well supported.
lpcvoid•1h ago
https://eylenburg.github.io/android_comparison.htm
preisschild•1h ago
przmk•1h ago
wolvoleo•1h ago
FireInsight•1h ago
miroljub•1h ago
flexagoon•1h ago
I don't think they use this term anywhere.
It also now works on Motorola devices, it's on my HN feed literally right above this post.
szmarczak•1h ago
[1] https://grapheneos.org/releases
krige•1h ago
wolvoleo•1h ago
It is going to become available on selected Motorola devices at some point in the future.
miroljub•19m ago
Did you read the article you mentioned? There's not yet a single non-Google device that can run GrapheneOS.
_ache_•1h ago
But we have to keep in mind that /e/ has a lot of problems, the only one solved is sending data to Google. The security aspect of the OS is problematic and some key elements of a privacy seem questioning (IA integration, commercial collaborations, ...).
chrisjj•1h ago
microtonal•21m ago
soufron•49m ago
microtonal•15m ago
https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...
https://gitlab.e.foundation/e/os/GmsCore/-/blob/a9e102567518...
https://forum.fairphone.com/t/e-os-betrays-users-privacy-ope...
https://eylenburg.github.io/android_comparison.htm
Well and besides that only shipping ASBs and no other security updates outside major Android releases (and both usually late). Using heavily outdated kernel trees (e.g. FP4 is using a Linux kernel patch level that hasn't been updated since 2020!), outdated vendor firmware blobs, etc.
It might work, but it is not very secure, nor very private.
dns_snek•1h ago
izacus•1h ago
So if you're trying to be a silly purist, then /e/OS doesn't fit either. If you're not, getting a Pixel will significantly enhance your safety since they're better supported for security patches and better designed in hardware when it comes to security.
eloisant•1h ago
So is GrapheneOS
einpoklum•41m ago
I think it is legitimate to be a purist about smartphones, but I don't think the GP is. So, let's talk about the non-purist situation: Users like us want to de-google. But we are not willing to make all of the sacrifices that purists do. The question is then, what can we use (and - what projects can we support financially).
Now, we can use GrapheneOS if we have Google Pixel's. But - most people don't have those phones, for any number of reasons. One of them is price, by the way: You can get a decent smartphone for under 100 USD and even a half-decent one for 70 USD. And most people in the world are not in an economic situation where you can tell them "shell out 300 USD and buy a Google Pixel".
Moreover - suggesting we strengthen our ties to Google in order to de-Google is fundamentally problematic. Even if we're not going all the way, we are striving to distance ourselves from them.
So, an imperfect software solution for a wider selection of phones does sound quite useful. Change my mind! :-)
microtonal•12m ago
suggesting we strengthen our ties to Google in order to de-Google is fundamentally problematic
You may have seen that they are working with Motorola to release GrapheneOS-capable phones.
Arch-TK•1h ago
The goal is to give you the option to avoid needing to rely on Google's spying or services while not having to compromise on security.
None of these other solutions regularly get included in Celebrite's documentation as being an explicit benchmark of their software's ability to break into phones. And that's almost certainly due to the fact that unless you leverage hardware security features like what GrapheneOS (and stock Android on a Pixel, and iOS on an iPhone) utilises, you have no chance of going against any actual adversaries.
And I'm not just talking about state actors here, even drive-by opportunistic attacks are likelier on a random other phone running some other Android build.
So yeah, you are running Google hardware, that doesn't make you "googled". It's just a sad reflection on the reality of the hardware landscape. If you want the same security as what GrapheneOS offers, you will currently need to use a Pixel.
I'd be curious to see what comes out of their Motorola partnership though.
dminik•10m ago
If I have to give Google a lot of money every 4-6 years to remain "de-googled" then I never was.
fragmede•1h ago
https://news.ycombinator.com/item?id=47214645
mrbn100ful•1h ago
For some user, /e/ is more approachable (Friendly and colorful UI)
I could not get my mother to use GrapheneOS, /e/ is a lot simpler.
Still miles better than to use a Default ROM from most OEM.
ploum•1h ago
If you can use GrapheneOS, good for you but what /e/OS offers is:
- Usable Android with your usual Android app (banking, etc) - No data sent to Google by default - Easier interface with nearly no bloatware - Available easily on many smartphones, including older ones - Extending the life of some smartphones
The price to pay is:
- Some Murena cloud bloatware - Android security patches are sometimes delayed - Security is not on par with GrapheneOS
If your main concern is protecting your privacy from Google and extending the life of your smartphone without breaking a sweat, /e/OS is probably the best option.
If your main concern is protecting against state actors attacks or very specific threats, then GrapheneOS might be better.
/e/OS works really great for non-techie users. I’ve done it in my family.
microtonal•4m ago
No data sent to Google by default
Not true. /e/OS does send data to Google by default: https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...
They also use Google for assisted GPS when you use it, eSIM provisioning, widevine provisioning. Last time I checked, microG on /e/OS also downloads a Google binary blob for SafetyNet.
Besides analytics, if you install Google Apps (e.g. for Android Auto), many of them get higher privileges on /e/OS.
The price to pay is:
I would also add installing F-Droid apps (if you use App Lounge) through 'CleanAPK', without wanting to reveal why this is necessary or who owns/maintains CleanAPK.
They do quite a lot of fishy stuff. It may be incompetence, but yeah...
If your main concern is protecting against state actors attacks or very specific threats
This always sounds like systems like GrapheneOS are for paranoid people. But this is basically you if you ever go to a demonstration or cross borders of certain countries, sadly things like Cellebrite have become very common.
soufron•48m ago
wolvoleo•1h ago
StingyJelly•1h ago
(/e/ used to be heavily based on an outdated version of LineageOS for microG. I'm not sure what the current state is after I settled on second-hand pixel with graphene)
Vinnl•58m ago