I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.
Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can’t just “install Linux” on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.
According to https://grapheneos.org/features , they start from base AOSP’s latest version, imptoves upon it’s security and significantly hardens it. There’s hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you’re using. That means with Tor and zero permissions given, apps are anonymous.
Compatibility with apps are best in Custom ROMs but there are still that can’t work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn’t the friendliest but you can get help. Just don’t try and engage too much or have too many debates.
Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let’s have a discussion!
Yeah it’s ironic but what is the alternative? At least we CAN remove Google’s known spyware from the device, and there’s no evidence of firmware level spying. If you get Samsung, or some chinese crap, you can’t remove Google period, and you might get spied by the manufacturer as a cherry on top. There is no way to have a perfect solution, well unless Samsung starts to provide Custom ROM support or something.
I’m using a Fairphone with /e/os. No Google at all.
Not hardened though. I was heavily considering fairphone but over the back and forth between them discussing with Graphene developers, their hardware is not secure enough yet for graphene to be made for the fairphones. If and when fairphones are on graphene then I will definitely buy them.
Also, even though I commend their phone, the accessories for earbuds and headphones certainly bring up some questions as to their intentions.
It’s because Graphene is not a custom ROM. /e/os is. Graphene is just an OS on top of the ROM, and Fairphone doesn’t update their ROM often enough.
This is a complete non-issue though if you use a custom ROM like LineageOS or /e/os.
No. The issue is with hardware secure elements in how cryptographically intensive workloads are done
https://www.androidauthority.com/titan-m2-google-3261547/
Unfortunately the fairphone falls quite behind in this and relies on software salt and hash that can be exploited.
Buying a used pixel and installing Graphene OS is absolutely a more secure platform than any AOSP based open source bootloader unlocked ROM.
This was not given as reason by the devs why graphene is not on Fairphone. The delayed security updates were.
It’s a holistic statement that doesn’t factor into this.