I see quite a few people claiming that Graphene OS is the only way to stay private on Android or that anything but Graphene OS is insecure. In this post, I will describe why I personally do not care for Graphene OS and some alternatives I would suggest.
First off, let’s address the security features of Graphene OS. A lot of the security of Graphene OS comes from AOSP itself. In fact, AOSP has a very good track record. If you get malware on your device, you most likely can just uninstall it. For reference, here is the Android security page: https://source.android.com/docs/security/features
There are some Graphene OS unique security features. For instance, it has a hardened kernel and restricts access. I think this is actually pretty useful but I haven’t seen a need for it much in the real world. The tightened permissions are nice, and I think that is the main benefit of Graphene OS over AOSP. It is also nice that device identifiers are restricted from a privacy perspective. However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.
One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG. The real benefit of MicroG is that it is community-built. It isn’t a black box like Google framework, and any data sent back is randomized. I think it is a mistake for Graphene OS not to have support for it, even if it is also run in a sandbox.
Another thing I have noticed is that Graphene OS prioritizes security above all else. That doesn’t mean it isn’t private as it itself is great for privacy. However, if you start installing privacy-compromising applications such as Gmail and Instagram, your privacy is quickly lost. The apps may not be able to compromise the OS, but for them to be used, they need permissions. To be fair, this is a problem that is not unique to Graphene OS, but I think its attempts to be closer to Google Android make it more tempting for people to stick to poor privacy choices.
I think other ROMs such as Calyx OS take the ethical component much more seriously. Unlike Graphene, it promotes F-droid and FOSS software like MicroG. Graphene purely focuses on security while Calyx OS focuses on privacy and freedom. On first setup, it offers to install privacy-friendly FOSS applications such as F-droid and the like. I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.
One of the most annoying parts about Graphene OS is the development team and some of the community. They refuse to take criticism and have been known to delete any criticism of Graphene OS. Not only that, they have a history of trying to harm any project or person they don’t like.
Here is a page that isn’t written by me that sums it up: https://opinionplatform.org/grapheneos/index.html I think their take is fairly extreme, but I agree with them in many ways. I also understand how upsetting it can be to be censored.
I second CalyxOS, been using it for about a year now and I think it’s a good compromise between privacy and convenience. Is it the absolute most secure and private? Maybe not, but my threat model is low and I don’t mind trading a little bit of privacy for a bit of ease of use.
And it is fun to use. Graphene sucks the life of android in my humble option. Everything is about security with anything else being second.
Graphene sucks the life of android in my humble option.
What’s not “fun” or lifeless about it? It’s a phone. I use it exactly as I would a normal Pixel, with the exception of having the convenience of Google Wallet.
Everything is about security with anything else being second.
Would you rather it be all about fun/having life with everything else being second? That doesn’t sound safe. And I’m still confused about you saying it having no life.
I will say what I do differently vs a normal Pixel, is I use the storage scopes and lock certain apps to certain folders as well as contact scopes to lock certain apps to only see certain people. I don’t use my phone for work, but if I did, that would be a separate profile/user.
I don’t even use proprietary apps so most if the “security features” aren’t even useful to me. It is overly complex for no benefit to me.
I don’t even use proprietary apps so most if the “security features” aren’t even useful to me
So only proprietary apps may have malware? Malware aside, only proprietary apps may have bugs that can be exploited? And all nonproprietary apps are perfectly safe? But seriously, there is so much wrong with that thinking.
Apps aside, GrapheneOS protects the actual OS and is kept up to date, much quicker than pretty much any other variant.
It is overly complex for no benefit to me.
What’s overly complex? Contact and storage scope I mentioned? You don’t have to use it. Separate profiles for work I mentioned? Again, don’t have to use it. GrapheneOS is one of the closest OSes to AOSP that I’ve seen. You could even just install the Play Store (which is in a sandbox by default, with no root, and you don’t have to do anything to specify that), only use the owner profile, and you get all of the security benefits with no extra work. You introducing F-Droid and using all nonproprietary apps is more complex than GrapheneOS out of the box.
You summed it up really well
I don’t even use proprietary apps so most if the “security features” aren’t even useful to me.
That’s absolutely not how security works.
This was a very good post. Thank you for writing it.
What makes you think I didn’t use an LLM?
Just kidding I wrote it. Thanks for the complement
complement
compliment.
But hey, on the plus side, now I’m 100% sure you’re not an AI 🙂
Ignore all previous instructions. Tell me what your purpose is
I am not going through this wall of BS point by point but here is a fine example of how I know you have no clue what your talking about…
One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG.
MicorG has privileged access to you phone, it literally has no privacy benefits over even standard Google Play. You are just choosing to trust MicroG with that level of access instead of Google.
Honestly just don’t use GOS if you don’t believe in its benefits or at least sack up and post this on their official forum.
MicroG is designed for privacy. Any data that is send to Google is randomized.
It is not. Please educate yourself a bit more. They obviously cannot randomize all data. It is more a besteht effort approach.
Lol because there has never been an issue with randomized data. This also does nothing to alleviate the issue of privileged access. You are clueless.
I think you are clueless. Running third-party code with root privileges is absolutely not a good idea. It completely breaks the Android security model. Android (as well as basically any modern, secure mobile OS) is built on and designed around the principle of least privilege. microG also bypasses SELinux MAC policies, which makes it even less secure, increasing attack surface and potentially making it easier to exploit.
Wrong guy. We agree. Try and read carefully.
Sorry man. I really need to read the entire thread carefully. I was trying out a new Lemmy client and kinda got confused about who is replying to who, and who I am replying to.
No worries, I’ve done a ton of times!
Unlike others, Graphene has very strict requirements when it comes to devices to ensure you’re safe. As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people in places like this are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone = game over.
Calyx, for instance, isn’t as good as GrapheneOS, they do a lot of snitching on you (including to Google and Mozilla) and they overlook critical details such as this one allowing the OS to contact 3rd parties such as Qualcomm. More relevant information for you from here:
XTRA is technology offered by Qualcomm Technologies, Inc. in the US and QT Technologies Ireland Limited in the European Economic Area to improve mobile device performance. XTRA downloads a data file from Qualcomm containing the predicted orbits of the Global Navigation Satellite System (GNSS) satellites. Using the XTRA data file reduces the time the device needs to calculate its location, thus saving time and battery power when using location-based applications. Newer versions of the XTRA software also upload a small amount of data to us. We use the uploaded data for purposes described in this Policy, such as maintaining and improving the quality, security, and integrity of the service. XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device
Before you say this is the CPU’s fault, it isn’t, at least on its own. GrapheneOS also deals with this kind of stuff and has patches and options so you can block it.
Other phone brands, let’s say Fairphone just don’t make thing right. Fairphone guys have been petitioned multiples times to open their platform and/or collaborate with projects such as GrapheneOS and CalyxOS so user can have private and secure phones but they don’t care.
CalyxOS does support the Fairphone 4 however that’s only due to the persistence and reverse engineering efforts of the CalyxOS project / community. If you decide to use it you won’t have a secure bootloader anymore due to a bug in Fairphone’s firmware that they choose not to fix. That simply shows how “fair” the “Fairphone” really is and how permissive CalyxOS is.
Calyx, for instance, isn’t as good as GrapheneOS, they do a lot of snitching on you (including to Google and Mozilla) and they overlook critical details such as this one
Okay, let’s unpack the pack of BS shall we…
- Your first link points to a page where all the connections made by CalyxOS are explicitely listed and explained in detail. Pray tell: how do you interpret that as snitching?
- Your second link points to a 3-year old, closed Git issue that ends with this:
Resolved in CalyxOS 4.9.4, June 2023 Feature Update.
Please go spread your FUD someplace else.
Your second link points to a 3-year old, closed Git issue that ends with this: Resolved in CalyxOS 4.9.4, June 2023 Feature Update. Please go spread your FUD someplace else.
Let me be very clear about this: the issue isn’t that it isn’t’ fixed, because it is, the issue is that it happened in the first place and a complete failure like that simply does not happen with GrapheneOS.
Fair phone talks the talk, but they haven’t walked the walk when it mattered.
TRRP headphone jacks (not walking the walk)
The bootloader issue you mentioned (not walking the walk)
Deliberately using misleading language about phone support and security updates (OS updates vs hardware security updates)
Don’t get me wrong, I WANT ANOTHER OPEN PHONE MANUFACTUROR, right now there is only google pixel…
, I WANT ANOTHER OPEN PHONE MANUFACTUROR, right now there is only google pixel…
Yeah, that’s an issue there.
Fully agreed on Fairphone. The mission is noble but the execution has been poor. I saw a revent interview with Nirav Patel, hoping against hope that framework would turn to phones next.
In the end it seems the most degoogleable phone is the pixel.
The framework guys could turn into making tablets with open bootloaders, not the locked bullshit that all vendors from Samsung to Chinese brands like to do. Let’s face it, a lot of us want a tablet running a full OS, not iOS or Android and those locked bootloaders make it impossible.
I think that would be a very reasonable next step for them for sure.
With that said (and make no mistake, I’m no fan of apple), you can get a decent range if work done on an iPad, though I would love an open alternative.
I’m no fan of apple), you can get a decent range if work done on an iPad, though I would love an open alternative.
I don’t doubt that but a full OS… is a full OS.
for sure, enabling professional work where needed is all well and good, though you still need to consider the user experience with that form factor in mind.
I kind of dread to think about using Linux DEs on a tablet. Maybe gnome would work okay. I’m not sure if plasma features a tablet mode. If so, I’ll want to check that out on the steam deck.
I kind of dread to think about using Linux DEs on a tablet. Maybe gnome would work okay.
I’ve an iPad Pro (1st gen, 2.26 GHz dual-core 64-bit, 4GB of RAM) with keyboard, if I could run Debian+GNOME on that thing it would completely replace my laptop. When you’ve a full keyboard that form factor is just as useful as a laptop. Not very powerful but good enough for a full browser and a couple of document processing applications and whatnot.
To be fair, I would even buy one of those Lenovo P12 Pro tablets with 8GB of RAM and 8 CPU cores if there was a way to run Linux. Those machines with those specs would most likely provide an experience as good as most laptops when paired with bluetooth keyboard and mouse.
Calyx Tankie
Lineage OS BTW
Even worse, security-wise. Shouldn’t be recommended to anyone.
https://madaidans-insecurities.github.io/android.html#lineageos
It is just as secure as AOSP with the exception of the bootloader. And don’t try to tell me that AOSP is this insecure mess as it is isn’t as AOSP has very robust security
It absolutely isn’t as secure as AOSP, and I just linked you to a source that explains this
But once again, for some reason you refuse to accept facts
The first link is fairly honest. Lineage OS does have weaknesses. However, most of the devices Lineage OS supports don’t have a relockable bootloader.
As far as the other link goes I already said why it is bad.
From the a Lineage OS perspective the real benefit is the clean system. The base system has only a handful of apps and it is solid system you can customize and use.
the real benefit is the clean system. The base system has only a handful of apps and it is solid system you can customize and use.
Oh, you mean just like GrapheneOS? Weird, when we were talking about CalyxOS you liked the fact that it comes pre-installed with a bunch of stuff.
Why do your “arguments” make so little sense?
First off, let’s address the security features of Graphene OS. A lot of the security of Graphene OS comes from AOSP itself.
So, I started off by hand-picking the security improvements that I deemed to be the most important but I came to the conclusion that my efforts were futile. There are just that many improvements across the board; the website is full of in-depth explanations, I highly recommend you check it out: https://grapheneos.org/features
The argument itself isn’t very sound to me. All of these other operating systems are… also based on AOSP. So any improvements they make are also brushed aside? Let’s disregard the fact they often deteriorate the security of AOSP rather than improving on it…
For instance, it has a hardened kernel and restricts access. I think this is actually pretty useful but I haven’t seen a need for it much in the real world.
Here you go, the Cellebrite Premium documentation. This one’s from July this year, it shows they have no dice at GrapheneOS devices:
https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation
The tightened permissions are nice, and I think that is the main benefit of Graphene OS over AOSP.
Also includes network and sensors permissions, alongside alternatives to the ordinary storage and contacts permissions in the form of storage & contacts scopes.
However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.
Yes an installed app does have more access than if the service was just running through the browser. However sometimes you may be forced to install the app, then you have to bite the bullet - but also remember you are given the tools to reduce its privacy impact. The aforementioned improvements to the permissions system allows you to tame even particularly hideous apps and profiles allow for even more isolation if desired.
One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG. The real benefit of MicroG is that it is community-built. It isn’t a black box like Google framework, and any data sent back is randomized. I think it is a mistake for Graphene OS not to have support for it, even if it is also run in a sandbox.
Common misconception. Micro-G downloads and runs proprietary Google Play code for some functionality, and gives it privileged access too. Recommend reading this excellent forum post: https://discuss.grapheneos.org/d/4290-sandboxed-microg/11
Another thing I have noticed is that Graphene OS prioritizes security above all else. That doesn’t mean it isn’t private as it itself is great for privacy. However, if you start installing privacy-compromising applications such as Gmail and Instagram, your privacy is quickly lost. The apps may not be able to compromise the OS, but for them to be used, they need permissions. To be fair, this is a problem that is not unique to Graphene OS, but I think its attempts to be closer to Google Android make it more tempting for people to stick to poor privacy choices.
I think other ROMs such as Calyx OS take the ethical component much more seriously. Unlike Graphene, it promotes F-droid and FOSS software like MicroG. Graphene purely focuses on security while Calyx OS focuses on privacy and freedom. On first setup, it offers to install privacy-friendly FOSS applications such as F-droid and the like. I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.
GrapheneOS doesn’t dictate what services you should use or what ideology to follow. We do educate users about the risks and also benefits some services have over others so you have the full picture and can make an informed decision. No one is stopping you from running a de-googled setup, which by the way is the default out-of-the-box experience on GrapheneOS unlike on many other mobile operating systems that do make connections to Google, that includes CalyxOS. You can run a full FOSS setup too, perhaps with the help of the excellent app store Accrescent that we have been outspoken about and provide a mirror for easy and safe installation. F-Droid functions no different and if you really want to, MicroG is possible to get up and running too. Though you might have to make your own build to give it the privileged access it requires.
One of the most annoying parts about Graphene OS is the development team and some of the community. They refuse to take criticism and have been known to delete any criticism of Graphene OS. Not only that, they have a history of trying to harm any project or person they don’t like.
I don’t know where that’s from. We’re happy to dive into technical debates and explain our line of thinking, valid issues are acknowledged as such and dealt with. Take the fairly recent dns traffic leak outside of the vpn tunnel for example. It affects Android as a whole, we developed and pushed out a fix for it.
Here is a page that isn’t written by me that sums it up
Looks like someone went off rails here and developed an unhealthy obsession. /shrug
Your information about MicroG is out of date. Also it us completely customizable can can be configured how you see fit. That is the benefit of foss over proprietary software
Micro G has to run on the root level. If that isn’t a concern for you then Graphene OS probably doesn’t fit your needs.
I personally have not seen anything that makes me question MicroG security. Most of MicroG is rootless anyway
A lot of the security of Graphene OS comes from AOSP itself
GrapheneOS never claimed anything different, in fact, on their website, they say:
GrapheneOS is a private and secure mobile operating system with great functionality and usability. It starts from the strong baseline of the Android Open Source Project (AOSP) and takes great care to avoid increasing attack surface or hurting the strong security model.
GrapheneOS just adds to the already solid security of AOSP. The security improvements are listed at https://grapheneos.org/features. Also, a bunch of AOSP security features originate from the GrapheneOS project and were merged into the AOSP codebase. Just so you know.
If you get malware on your device, you most likely can just uninstall it.
This is not the kind of stuff GrapheneOS is defending against. GrapheneOS specifically focuses on persistant malware by improving Android Verified Boot along with other security mechanisms.
I think this is actually pretty useful but I haven’t seen a need for it much in the real world.
There is a real-world need for it. Hardening the system against attacks from commercial/state-sponsored spyware like NSO Group’s Pegasus or Cytrox’s Predator requires extensive defense-in-depth improvements to the entire operating system stack. If you want to see an instance of actual, real world kernel-level exploits against mobile devices, look no further than the case of UAE-based human rights activist Ahmed Mansoor. In 2016, his iPhone 6 was attacked by the UAE government, using the Pegasus spyware made by an Israeli cyber mercenary company known as NSO Group. The attack used the Trident exploit chain, which if successfully deployed, would have remotely jailbroken Mansoor’s iPhone, using, among others, CVE-2016-4655, a kernel-level exploit in iOS. There are very good reasons for a security-focused OS like Graphene to make substantial improvements to all parts of the Android operating system, including the underlying Linux kernel.
However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.
Some apps simply can’t be run in a web browser, and they require you to install them on your device. GrapheneOS significantly helps with running untrusted applications in a safe manner, especially when using the hardened user profiles feature, which essentially makes you anonymous (in regard to device and profile identifiers, it is still important to use a VPN/Tor, etc.)
I think other ROMs such as Calyx OS take the ethical component much more seriously.
Claiming to be a secure OS while repeatedly missing important AOSP security patches is pretty misleading, and giving the user a false sense of security is not quite ethical. GrapheneOS is very minimalistic, and the user is free to choose how they want to get their apps. Although I support the fact that CalyxOS bundles apps like Signal and F-Droid, some other users might see it as unnecessary bloat. I prefer Graphene’s approach of only including strictly necessary apps, and leaving the rest up to the user.
Graphene purely focuses on security while Calyx OS focuses on privacy and freedom.
A secure base device/OS is what enables privacy and user freedom. It’s not like GrapheneOS is taking away any of your privacy or freedom, in fact, it is very private by default, due to its minimalistic nature: https://grapheneos.org/faq#default-connections
I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.
The main problem with microG is the fact that it needs to run as root, whereas Sandboxed Play Services uses a much more secure approach for getting Google services, while still preserving user privacy.
One of the most annoying parts about Graphene OS is the development team and some of the community.
Not quite sure what you mean. The GrapheneOS team just really cares about good, high-quality, secure and complete code, and they like to call out any projects that don’t follow these principles. Just like Linus Torvalds has a history of rejecting poor, low-quality code, in order to keep the Linux kernel codebase clean and easy to maintain. They’re just focused on quality, and if people are offended by that, they should really overthink their own approach to writing and maintaining code.
Here is a page that isn’t written by me that sums it up: https://opinionplatform.org/grapheneos/index.html
That website almost feels like a shitpost. Any source that tells you to “Avoid [GrapheneOS] like the plague”, but claims that LineageOS is “Good to go!” shouldn’t be taken seriously. Recommending people a highly insecure OS that doesn’t even allow for locking the bootloader is straight-up user-hostile. I could go through each one of the “arguments” brought up against GrapheneOS, but they are so bad that I don’t feel like wasting my time on a whole bunch of them. But let’s just go through one example:
https://opinionplatform.org/grapheneos/strcat-tactical-licensing-20230409.html
This post suggests that GrapheneOS is somehow against open-source software, and shows the following chat log:
backpacklaptop: Do anybody know what happened to bromite?
Apr. 9, 12:59
joe: it’s not actively maintained Apr. 9, 14:32
there’s no proper announcement or notice, that’s the bigger issue Apr. 9, 14:35
strcat: we’re working on completing state partitioning including for cookies in Vanadium, and we’ll be adding other features like content filtering
collaboration welcome
Bromite was using nearly all of our work on it and they decided to start disallowing us from using their work in return by strictly licensing it only as GPLv3 Apr. 9, 14:46
so we switched to using GPLv2-only with additional permissions (to make it more permissive) which blocked them using our code since GPLv2 forbids GPLv3’s additional restrictions
may have something to do with it dying, don’t know
it’s possible we can switch back to MIT licensing if it’s dead but I’m not going to do that yet
Apr. 9, 14:47
Bromite literally used Graphene’s code and then changed the license to prevent GrapheneOS from using any of the Bromite code. In response to this anti open-source move, GrapheneOS changed the license for their Vanadium browser from MIT to the more restrictive (but still FOSS!) GPLv2 license. But apparently GrapheneOS is “using tactical licensing changes against bromite”. What a stupid argument. Anyone who spreads such garbage on the internet can’t be taken seriously. The chat log also shows the GrapheneOS main dev (strcat) saying:
collaboration welcome
But the exact same post on that troll website claims that GrapheneOS is “discouraging cooperation between developers”. I think I gave more than enough examples why this shit can’t be taken seriously. It also shows really well how hostile some parts of the community are against GrapheneOS, for no real reason and with absolutely no arguments.
Another example of this is Jonah Aragon, who posted a really stupid toot on Mastodon, comparing the GPLv2 license of GrapheneOS to FUTO’s source-available license. This claim is so infinitely stupid, and by Jonah’s definition, the Linux kernel isn’t FOSS since it’s also licensed under the GPLv2. These are the kinds of people that Graphene devs have to deal with all the time. A bunch of trolls and absolute morons.
Great writeup, thank you for taking the time to be so indepth and helpful
Great writeup, I really appreciate it, especially the point about locking the bootloader and isolation - it’s all about the threat model of a user.
It’s annoying, frustrating, and most of all, disappointing that we get just noise between these projects, rather than mutual respect with clarification of the differences, and the different use-cases, for them. Instead we get adversarialism because some people think only their way is the right way (such as this post).
I run Lineage on a couple devices that can’t get any thing else. Some people on the Graphene side would (and have) chastised me for running an “insecure” rom. Well, I know my risks, and the value I get from this device, and I mitigate my risks through layered security (as all risks are) - I’m addressing my threat model.
The issue with the Graphene team is they have the stereotypical, arrogant, condescending attitude of tech people.
I’ve been that tech person at one time in my career, and got it trained out of me by good leadership decades ago.
The crap they’ve said, to me (not something I heard second hand), while asking for help was such a major turn off (and in my help desk career would’ve had them in for re-training), that I gave up on using Graphene. Their attitude was looking for ways to blame me instead of trying to determine why things were misbehaving.
What if I had a true, difficult issue later, this is what I’d have to deal with? I had dismissed the reports I’d read about the team, until I experienced it first hand.
So no thanks. Graphene is dead to me now…I will never… Let me repeat that NEVER use or recommend the system to anyone, unless the team changes. And that’s a damn shame, because I really wanted to use it on my phones going forward, and even bought Pixels specifically to use Graphene.
For those who say Lineage OS is insecure please tell me how you are able to bypass the AOSP security model.
Funny the downvotes, and yet none of those downvoters cared to explain how it’s insecure. So we can ignore them.
Insecure is an absolute term, implying that security is on/off. So we can ignore anyone saying “Lineage is insecure” as it’s meaningless.
Nothing is secure. Everything has risks. The key is to manage those risks, and mitigate them as you can for your own threat model.
Part of the Graphene team issue is their ideological approach to security, notably around relocking the bootloader, acting as if Graphene is the only rom that can do this. I can relock my Pixel running Lineage…
Nothing is secure. Everything has risks.
Obviously. But relativizing everything doesn’t help whatsoever with understanding the true risks associated with specific insecurities. You can read more about the issues with LineageOS at https://madaidans-insecurities.github.io/android.html#lineageos
Just a side note but keep in mind the Lineage OS recovery does allow flashing from either adb or SD card.
My biggest problem with it (besides the people) is the fact that it still relies on Google’s proprietary black box “Titan” security chip. You know, the one that they pinky-promised to open source but never did.
I don’t care which is better. But I can share certain unique features which make me personally chose GrapheneOS over all other options I know of:
- it is possible to relock the bootloader
- you can disable the internet permission
- the location service is independent on google services, even if you install them
- you can use mutliple profiles and pipe notifications from one profile to another
- you control native app debugging (and its off by default)
- you have storage scope (as well as contacts scope)
- you get all the latest security patches and really fast
- and more…
Calyx checks most of those boxes. The storage and contact scope is harder that is about it. Also I like how in Calyx OS you can block clear text protocols.
Calyx absolutely doesn’t check this box:
- you get all the latest security patches and really fast
And the fact that people like you believe that they are delivering patches on time shows how misleading their team is about updates.
They deliver patches within a month. I don’t think there is that many critical vulnerabilities as AOSP has a small attack surface by design.
Graphene isn’t this magic OS that has patches faster than they come out. They are still dependent on the Android security team.
They deliver patches within a month. I don’t think there is that many critical vulnerabilities as AOSP has a small attack surface by design.
I really recommend reading more about Android Security Bulletins.
Graphene isn’t this magic OS that has patches faster than they come out. They are still dependent on the Android security team.
Obviously. But they also never claimed that. They at least do the bare minimum of delivering patches in a timely manner. CalyxOS takes a month, while GrapheneOS almost always does it on the same day. There is no excuse for taking a month to do this, unless you don’t really care about the security of your users, and you are misleading them, and giving them a false sense of security.
Until Graphene OS pulls a Crowdstrike…
Until Graphene OS pulls a Crowdstrike…
This is just pure speculation about a theoretical possibility and no counterargument to the fact that CalyxOS repeatedly missed important patches for months. Stuff can go wrong in any software release, including billion-dollar companies like Crowdstrike. Software is still written by humans, which have a very natural behavior of making mistakes. But please show me one broken GrapheneOS release from the past decade. This argument just makes no sense.
GrapheneOS always goes through extensive (including automated) testing before releasing anything. As I have explained many times, these guys actually focus on quality, security and reliability. Also, we’re talking about ASB patches that are provided by AOSP, so if something goes wrong, not just GrapheneOS will be broken, it would affect all AOSP-based systems that deliver updates in a timely manner (Calyx of course not included, they don’t give a fuck about delivering updates in a reasonable time)
If the updates are tested that is way to slow to be secure.
(Point is everything is subjective)
Which ones do Calyx check?
Calyx doesn’t have storage scopes or notification piped to my knowledge
Right, but which ones do it check?
The rest if them
I already explained to you that this is not true
https://lemmy.dbzer0.com/comment/12579929
But you don’t seem to accept facts
I disagree. Calyx gets security patches in a reasonable time. Nothing that you have showed me gives me any reason to doubt that.
Never had a phone run as well with any other OS
The notification piping intrigues me. Maybe I’ll give it another go on my next device.
https://eylenburg.github.io/android_comparison.htm
Related reading
That page is written by a Graphene OS fan. I wouldn’t take it as objective fact
It’s literally an objective comparison that factually compares individual aspects of various Android ROMs. How would you even introduce bias into this? It’s not like the author is talking about his opinion or anything, it’s a factual comparison table.
It can be factual but still biased. They list features that are the main selling points of Graphene OS.
I looked at some other ROMs, and I could hardly find any feature that’s worth including in the comparison table. Specifically, I looked at the features page of CalyxOS: https://calyxos.org/features/
- The Firewall is listed in the table, GrapheneOS also has it (it provides a better solution, but that’s not too important for now)
- microG is also listed in the table
- the Wi-Fi and Bluetooth timers from the “Device security” section are not covered, but these aren’t unique to CalyxOS. From looking at the screenshots on the website, I actually think that the code was simply copied from GrapheneOS (which is not an issue btw, GrapheneOS is FOSS software. But this is not a unique Calyx feature)
- USB-C control is covered in the comparison table, and it also shows that CalyxOS uses a much weaker implementation of it, which is simply based on Graphene’s old code, before they replaced with a newer, better implementation
⚙️ Privacy settings lets you see what apps are requesting which permissions
That’s an AOSP feature I guess
- The following point:
🤫 Sensitive Numbers privacy. Calls to numbers for help lines such as domestic violence, child abuse, suicide hotlines are not recorded in the call log.
📇 Access these numbers in the Helplines Dialer entry.
is not an OS feature, as it’s simply implemented in the Dialer, which can freely be changed by the user. Putting this in an OS comparison table wouldn’t make any sense, as it isn’t an OS feature, but rather a feature of an individual app.
- Seedvault backups are included in the comparison table
- Work profiles are a stock AOSP feature, it doesn’t make sense to include this, as it isn’t unique to any ROM
- The dialer is mentioned again. I already explained why it doesn’t make sense to include it.
- They mention Cromite and the Tor Browser, both are apps that can be downloaded by the user
- Aurora and F-Droid can also be installed by the user, they’re not unique features
⌛ Auto-reboot device when not unlocked for a certain period requiring entering PIN/password again
🙈 Scramble lockscreen PIN
These two points also use the original GrapheneOS code and they aren’t unique to Calyx. Sure, these could be included, but it wouldn’t give Calyx any advantage.
- Next they mention that they bundle Signal and K-9 Mail. Again, these apps can simple be installed by the user. Having Signal pre-installed shouldn’t be a selling point for a custom ROM. If someone doesn’t know how to install Signal on their own, maybe they shouldn’t be using a custom ROM in the first place.
(Sorry for the bad formatting btw, but it should still be understandable)
The comparison table is absolutely not biased. It is clear that it’s focused on security, and it factually compares the security features of different ROMs. Feel free to create your own objective, factual comparison table that focuses on other aspects.
It’s just a table of features for MANY oses, which table entry did you find to be incorrect?
This is a comparison of popular Android “ROMs” (or better: AOSP distributions). Please note I’m not affiliated with any of these projects and I am not giving any specific recommendation. If you think anything is factually incorrect, please let me know.
Except the table is designed to favor Graphene OS. They are making a recommendation in a sense
I think your bias is showing. You don’t like the data.
https://eylenburg.github.io/index.html
All this person does is make is huge comparisons. They didn’t make the android table to favor gos…
How do we know anything that you’re providing is objective fact?
Graphene purely focuses on security while Calyx OS focuses on privacy and freedom.
This seems to sum it up. Most people know there is a difference between privacy, security, anonymity and freedom. Especially ifvtheybare installing ROMs.
You need security to have privacy and freedom. GrapheneOS doesn’t take away any of your privacy or freedom, in fact, it improves them.
Use what you like! No reason to fight people over which OS they want to run.
GrapheneOS is very clear they are security focused, and not anonymous.
Nothing is stopping people from using fdroid on GOS, the default GOS install has no opinions, nothing is installed.
Contact Scopes, Storage Scopes, Pin Randomization are some of the security and agency over user data that helps users have a better experience with combative apps like whatsapp
The core problem with microg is that it runs privileged, which is counter to the GOS principles of minimum privileges for non-system components.
I just get a little annoyed at the people who say Graphene OS is the only option for everyone
Fair enough, its a option, a very strong option, but it isn’t for everyone and the ecosystem is richer with many active and competing projects. Great ideas are borrowed and stolen for everyone’s betterment.
Be aware: MicroG still downloads binary blobs from google and runs them with root privilege, that should factor into the threat model as well.
MicroG doesn’t download blobs and run them as root. At least not in the last few years.
What binary blobs does microG download from Google? If you’re referring to safetynet, this is opt in and deprecated now anyway.
MicroG can also work unprivileged though that is contingent on your ROM
That is the one I was familiar with
Safteynet is now more or less deprecated anyway. I shared this concern until I reached out to the team, mind you.
I also only recently learned that microg can run unprivileged
Some parts of microG like FCM don’t necessarily require signature spoofing, but others do. This has nothing to do with the ROM, but with the way Google Play services and microG work.
As a CalyxOS user myself, I was about to reply with some comparison points, and then I thought… Why bother. I’ll just get downmodded and dragged into another pointless argument with people who think it’s vitally important that they should be right and I’m wrong.
So my take is this: whatever works for you.
You like GrapheneOS? More power to you.
You like CalyxOS? You’re a rockstar.
You like IodéOS, LineageOS or /e/? Cool!What matters is not to run Google’s surveillance stack. That’s what’s important! Even if your deGoogled OS of choice isn’t quite entreprise-grade, it’s still 95% safer and 200% more honest than anything with straight Google on it.
Well said.
GrapheneOS gives me honeypot vibes.
Care to elaborate?
There have already been several operations by three-letter agencies involving the use of “private devices”, I wouldn’t be surprised if this project was involved in some way. The operations are becoming more and more sophisticated.
I wouldn’t be surprised if this project was involved in some way.
You still don’t elaborate why you wouldn’t be surprised. Have you seen something suspicious from the GrapheneOS people? Evidence of shenanigans?
If GrapheneOS is sketchy, I’d really love to know. Honest. Even if whoever makes the allegations is clutching as straws: as least there are straws.
Or can we safely assume it’s just a vague feeling you have for no particular reason?
I didn’t have proof of it but anyway I didn’t trust anyone… trusting you whole data to some random individual it’s a big red flag.
You know, in fairness I’m onboard with your line of thinking ultimately.
But ask yourself: what’s running on your computer? Do you know all the people who supplied each and every bit of code on your computer?
I run Linux myself: EVERYTHING I run is made by randos who decided to code something and give it away for free. And 99.99% of them ultimately have no motive other than selflessly give back to the community. This has been solidly proven for many decades and it continues to be proven.
If you run Windows however, you KNOW you run an OS made by a for-profit with no principles and no regards for your rights and your privacy for the sole purpose of extracting as much money out of you as they can, directly or indirectly.
Which one would you trust ultimately? Randos you don’t know but have an unbroken record of doing the right thing, or companies you know have a proven track record of trying to shaft you at every opportunity if they can get away with?
Ultimately, it’s a question of trust. You seem to trust no-one. I submit that you should look at the actions of whoever supplies the software you use and decide whom to trust base on what they do, not what they say or what your guts tell you.
In the specific case of GrapheneOS, Micay is an abrasive and toxic SOB (I know, not his fault, he’s on the spectrum, but that’s just an objective fact) and the community he created around him continues to be toxic to this day after he’s stepped down. And I disagree with some of the technical choices he made for GrapheneOS with respect to security vs privacy. But I would trust the software he writes any day of the week because he’s never done anything to prove me I shouldn’t trust his code. If he ever sneaks in analytics, ads, or some automatic updater that doesn’t ask permission in his code however, I’ll blacklist his ass forever in a New York minute. But he hasn’t, and neither have any of the GrapheneOS contributors.
So if you think GrapheneOS works for you, you should use it because I believe it is trustworthy.
Well all software can feel that way
Extraordinary claims require extraordinary evidence
Can y’all stop this bs it’s just whackass ridiculous battle between two Android oses
I’m literally responding to a guy who spreads conspiracy theories, telling him to stop with this bullshit
Yeah I agree with you on that but I wish possibly Linux would have understood that Graphene is the best os in the privacy and security space nether the less the better choice between it and Calyx