I wouldn’t use Graphene OS personally since they refuse to accept negative press or the fact there may be alternatives. It is all about Graphene OS and how Graphene OS is grand. Don’t you dare criticize or use your device in a way they don’t endorce. I’m not even sure they would be willing to admit if there was a serious flaw in Graphene OS.
With that being said, I think Linux and AOSP have made a lot of progress in the right direction. Just because I don’t like the Graphene OS team doesn’t mean that some of there techniques can’t be applied outside of Graphene OS. Android and the Linux kernel have bith seen significant improvements in security.
Graphene OS will not work for everyone. It also only supports a handful devices even thought there are other devices that support bootloader relocking. Graphene has decided to instead frame everything that isn’t a Pixel running Graphene as universally bad.
I really don’t like how Graphene users will hate all over MicroG. MicroG is a great project but there are so many misconceptions that were started by the Graphene OS core team.
As another user stated in reply to you earlier, this is debatable. Debating does not equal hate, I used to use MicroG a ton (I was a CalyxOS/LineageOS user before). But, you must acknowledge that MicroG still communicates with Google, and you can’t disable this at the OS level. That’s the primary benefit of sandboxed Google Play - you can take away full access and many apps will continue to function, and on top of that, the sandboxing layer ensures that the rest of your phone is secure.
MicroG is fine, it’s great, even. But it’s not infallible, and depending on your threat model, that’s something to at least consider.
Can you explain more about how it’s a trap, though? This is an open source project that you can build yourself.
How do you configure it to do that, then? Because calyx’s docs only say that it’s either disabled, enabled without a Google account, or fully enabled. The last two send some data to Google regardless. I’m genuinely asking, because this is the main reason why I left Calyx for Graphene. I saw my phone hitting Google services when I wasn’t even using it. Graphene lets me disable network for apps entirely, something that wasn’t a thing for Calyx either (at the time).
Does Calyx allow you to disable your USB port as well?
Also, I’m still curious about what you said earlier about GrapheneOS being a ‘trap’. Can you elaborate?
I agree. It’s actually why I chose CalyxOS. The CalyxOS users and team will suggest a degoogled aosp depending on the posture you provide them, while the grapheneos team and users tend to only ever suggest grapheneos. It feels a lot like the Mac fans of the past. I wasn’t diggin it.
Calyx is not as degoogled as it claims to be (at least it wasn’t 2 years ago, see below). I know this is a bold claim, but the only ROM comparable with Graphene was DivestOS, which was a one human project and was dicontinued last year. And even Divest had the problem where updates were delayed by a few days or weeks.
Obligatory eylenburg link, and there’s this blogpost I like to link to. It’s written in German, but I’m sure it’s a good read if you put it through a translator.
The conclusion of the CalyxOS analysis in English:
“CalyxOS has reconfigured Android to avoid Google’s spyware and tracking.” However, I only see this to a limited extent. To be truly privacy-friendly, the project would need to modify more parameters/source code of the AOSP standard and provide users with more options/freedom (Captive Portal Check, Key Provisioning Server, SUPL Server) for customization. The mere omission of Google Play Services is not enough to consider a device “de-Googled”. There is still room for improvement.
Overall, CalyxOS is certainly not a bad custom ROM, but rather offers a coherent overall package that users who want to significantly reduce their dependence on Google should have a good starting point. However, one should also consider the drawbacks: the delayed provision of (security) updates and an external presentation that does not quite match the results of this analysis.
Take this with a grain of salt since it’s been two years since this blogpost was published.
Here I deleted a whole paragraph in which I sounded like a Graphene elitist haha. I would say using CalyxOS is a lot better than stock Android or Lineage. Please don’t choose your OS based on vibes. If you need any of the features Graphene offers that others don’t, please use it (edit: like the protester mentioned in the article). If you don’t, don’t.
I agree, Graphene is not for everyone, and what you wrote is a perfectly fine opinion when it comes to privacy- and security-focused daily driver OS’s for smartphones. If you’re a protester or a journalist though, it’s all or nothing. There are no alternatives, no compromises that can be made. If you use a smartphone you are at risk, even if it’s a Pixel with GrapheneOS.
Graphene has decided to instead frame everything that isn’t a Pixel running Graphene as universally bad.
They did say on several occasions that they would support other phones if they weren’t locked down (Samsung) and commended the security of upcoming Mediatek and Qualcomm chips.
I’m not sure I would even recommend it for a journalist. There are better tools for desktop and having basic opsec will go way farther than any tool. It also doesn’t support MicroG which is a deal breaker for me.
the debate on microg v sandboxed GPS is not settled tho
for example with sandboxed GPS you have option to cut network connection to GPS both store and service and maintain functionality of most apps
while with microg you are still pinging google with the spoofed identity
furthermore, microg is generally used in deployments like lineageos which is inherently insecure while buying decently private because bootloader is not locked unless it is pixel and because it is running in debug mode.
I think calyx upgrades on this decently from OS perspective.
Nobody should be going to a protest with their MF bootloader unclocked, bottom line.
GrapheneOS also has several hardening upgrades deployed through out the OS that is lacking in stock android. This upgrades are critical if your concern are state actors who have access to the best and freshest zero days sometimes know as backdoors depending on who you talk to.
News to me… i hope he is still around doing the hard work. Dude clearly is paranoid enough to sniff out Android better than the Mega Corp that released it lol
But he was not good at PR. He should be posting under anon account if at all haha
The product is strong and I don’t need to like the guy.
It should be noted that these were already being mitigated by GrapheneOS before this came out, mostly thanks to the hardware-level USB disable feature. https://grapheneos.social/@GrapheneOS/114081913638905015
Can you all share reasonable solutions for the masses that don’t have Pixels?
There used tp be Dovestos, but it has since shut down.
Calyx and iode exost but are not as good as graphene.
Rip out your USB port and use wireless charging. It at least slows the authorities down, they would have to fix the port first.
I wouldn’t use Graphene OS personally since they refuse to accept negative press or the fact there may be alternatives. It is all about Graphene OS and how Graphene OS is grand. Don’t you dare criticize or use your device in a way they don’t endorce. I’m not even sure they would be willing to admit if there was a serious flaw in Graphene OS.
With that being said, I think Linux and AOSP have made a lot of progress in the right direction. Just because I don’t like the Graphene OS team doesn’t mean that some of there techniques can’t be applied outside of Graphene OS. Android and the Linux kernel have bith seen significant improvements in security.
Graphene OS will not work for everyone. It also only supports a handful devices even thought there are other devices that support bootloader relocking. Graphene has decided to instead frame everything that isn’t a Pixel running Graphene as universally bad.
Lol the downvotes kind of prove your point innit
I really don’t like how Graphene users will hate all over MicroG. MicroG is a great project but there are so many misconceptions that were started by the Graphene OS core team.
Honestly Graphene OS feels like a trap.
As another user stated in reply to you earlier, this is debatable. Debating does not equal hate, I used to use MicroG a ton (I was a CalyxOS/LineageOS user before). But, you must acknowledge that MicroG still communicates with Google, and you can’t disable this at the OS level. That’s the primary benefit of sandboxed Google Play - you can take away full access and many apps will continue to function, and on top of that, the sandboxing layer ensures that the rest of your phone is secure.
MicroG is fine, it’s great, even. But it’s not infallible, and depending on your threat model, that’s something to at least consider.
Can you explain more about how it’s a trap, though? This is an open source project that you can build yourself.
MicroG only communicates with Google if you tell it to. It is very configurable and you can configure and customize it to your likening.
How do you configure it to do that, then? Because calyx’s docs only say that it’s either disabled, enabled without a Google account, or fully enabled. The last two send some data to Google regardless. I’m genuinely asking, because this is the main reason why I left Calyx for Graphene. I saw my phone hitting Google services when I wasn’t even using it. Graphene lets me disable network for apps entirely, something that wasn’t a thing for Calyx either (at the time).
Does Calyx allow you to disable your USB port as well?
Also, I’m still curious about what you said earlier about GrapheneOS being a ‘trap’. Can you elaborate?
I agree. It’s actually why I chose CalyxOS. The CalyxOS users and team will suggest a degoogled aosp depending on the posture you provide them, while the grapheneos team and users tend to only ever suggest grapheneos. It feels a lot like the Mac fans of the past. I wasn’t diggin it.
Calyx is not as degoogled as it claims to be (at least it wasn’t 2 years ago, see below). I know this is a bold claim, but the only ROM comparable with Graphene was DivestOS, which was a one human project and was dicontinued last year. And even Divest had the problem where updates were delayed by a few days or weeks.
Obligatory eylenburg link, and there’s this blogpost I like to link to. It’s written in German, but I’m sure it’s a good read if you put it through a translator.
The conclusion of the CalyxOS analysis in English:
Take this with a grain of salt since it’s been two years since this blogpost was published.
Here I deleted a whole paragraph in which I sounded like a Graphene elitist haha. I would say using CalyxOS is a lot better than stock Android or Lineage. Please don’t choose your OS based on vibes. If you need any of the features Graphene offers that others don’t, please use it (edit: like the protester mentioned in the article). If you don’t, don’t.
deleted by creator
I agree, Graphene is not for everyone, and what you wrote is a perfectly fine opinion when it comes to privacy- and security-focused daily driver OS’s for smartphones. If you’re a protester or a journalist though, it’s all or nothing. There are no alternatives, no compromises that can be made. If you use a smartphone you are at risk, even if it’s a Pixel with GrapheneOS.
They did say on several occasions that they would support other phones if they weren’t locked down (Samsung) and commended the security of upcoming Mediatek and Qualcomm chips.
I’m not sure I would even recommend it for a journalist. There are better tools for desktop and having basic opsec will go way farther than any tool. It also doesn’t support MicroG which is a deal breaker for me.
the debate on microg v sandboxed GPS is not settled tho
for example with sandboxed GPS you have option to cut network connection to GPS both store and service and maintain functionality of most apps
while with microg you are still pinging google with the spoofed identity
furthermore, microg is generally used in deployments like lineageos which is inherently insecure while buying decently private because bootloader is not locked unless it is pixel and because it is running in debug mode.
I think calyx upgrades on this decently from OS perspective.
Nobody should be going to a protest with their MF bootloader unclocked, bottom line.
GrapheneOS also has several hardening upgrades deployed through out the OS that is lacking in stock android. This upgrades are critical if your concern are state actors who have access to the best and freshest zero days sometimes know as backdoors depending on who you talk to.
That’s the one gripe I have with them; not only do they do that, they actively shame users for daring to root their phones.
I’m strongly considering Calyx OS for my own Pixel 9 Pro
Graphene OS ex main leader stepped down as he was getting death treats and was struggling with some mental problems
PS: info might not be entirely true
He is still involved but I would also like to point out that the problem is more than just him.
News to me… i hope he is still around doing the hard work. Dude clearly is paranoid enough to sniff out Android better than the Mega Corp that released it lol
But he was not good at PR. He should be posting under anon account if at all haha
The product is strong and I don’t need to like the guy.
Don’t think he’s been around for awhile.