I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can’t just “install Linux” on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP’s latest version, imptoves upon it’s security and significantly hardens it. There’s hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you’re using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can’t work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn’t the friendliest but you can get help. Just don’t try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let’s have a discussion!

  • @[email protected]
    link
    fedilink
    315 hours ago

    I use GrapheneOS but I don’t like how Google Play-centric it is. It is geared towards people installing their “normal” apps with the GrapheneOS special sauce sandboxing. No F-Droid by default where all of the FOSS apps are.

    • @Darth_Vader__OP
      link
      16 hours ago

      They are very security fovused and is against f-droid’s poor security practices. They do push accrescent through their stores tho

    • @[email protected]
      link
      fedilink
      English
      39 hours ago

      By default there is nothing, it’s a blank slate. It’s up to you to decide what apps to use.

      • brzrd
        link
        English
        24 hours ago

        Agreed. The Google implementations are there for folks who absolutely cannot go without certain apps only available from the Play Store. Upon installation, all that’s there is the OS with the necessary apps (camera, phone, browser, etc) with the security on these individual apps additionally patched.

        With the sandboxing of Google Play and Services AND the option to further house these apps from the Play Store in a separate profile, you have a perfectly working device that the individual user can customise to their needs.

        Its a great project and a real asset to the FOSS, privacy and security community against big tech/govt surveillance.

        The phone is only as good as how you choose to set it up and use it.

      • @[email protected]
        link
        fedilink
        1
        edit-2
        7 hours ago

        Screenshot for you. Google is explicitly linked to for easy setup. F-Droid is not. “There is nothing” is simply disingenuous.

          • @[email protected]
            link
            fedilink
            16 hours ago

            But it is Google Play-centric. There is an option to install Google Play. There is not an option to install other app stores like F-Droid, unlike some of the other AOSP clones.

            • @[email protected]
              link
              fedilink
              24 hours ago

              Which I think is good. Make it easy for people wanting to test FOSS to do so.

              Anyone who knows what they are doing will figure out how to install F-droid soon enough.

              I find it hard to critisize it for something that makes it so much easier to start with for anyone.

            • @[email protected]
              link
              fedilink
              English
              03 hours ago

              Thanks for the downvote! Really helps lemmy become a more welcoming place when we are just having a civil discussion.

              Having google play, and the auora store in the GOS apps system does reduce friction to install them vs f-droid, agreed, but it is a blank slate and its totally up to you.

              • @[email protected]
                link
                fedilink
                32 hours ago

                My original reply to the OP’s question, thoughts and experiences with GrapheneOS, was along the lines of “I think GrapheneOS is Google-centric” and you disagreed saying that GrapheneOS was a “blank slate”. Honestly I think you’re being a bit defensive and maybe a little gaslighty which is why I downvoted.

                GrapheneOS provides fairly prominent links to a Google Play installer or the relatively obscure Aurora Store. The Aurora Store client app is FOSS but the store is quite literally a proxy for the Google Play Store. The apps in the screenshots on Ausora Store’s homepage are mostly apps that use or require Google Play Services. This is all very Google-centric.

                If Google Play wasn’t an important part of GrapheneOS, it could just not contain a prominent link to the Google Play installer. Or it could contain a link to install a fairly prominent app store that offers an ecosystem outside of Google Play. But it exclusively steers users to the Google Play ecosystem as a part of the default, packaged experience, hence my original reply to the OP.

                • @[email protected]
                  link
                  fedilink
                  English
                  1
                  edit-2
                  22 minutes ago

                  I think google play is a necessary thing for them to distribute in the sandboxed google play harm reduction feature they advertise.

                  Ascrescent is the open source self-signed app store they promote, that is fully open, and its in their app store as well - but has very limited apps (organic maps, molly, but not fdroid inside)… but Ascrescent does not require the apps distributed to be open source… so just like google play

                  The reason they don’t include F-Droid is they have a weird cultural bias against fdroid signing apps… they don’t really speak to the relatively new fdroid reproducible build chain where the apps are signed by developers, but built by fdroid… which is the far superior security solution (verify the developers built it, and verify the source used in the binary is the published source) that no other app store offers.

                  I agree it would make sense for the GOS app installer to include fdroid, its weird that they don’t, but their line is only developer signed builds… which, google play actually does do… google play apps are developer signed.