Multiple OS choices, hardware kill switches for connectivity/camera/microphone, expansion pins, etc. Modest specs but for enough functionality to be a daily driver, zero ads or spyware, and infinite customizability, $400 is a steal.
Linux phones are not at a point where you can actually daily drive them. They even lack support for basic apps like Signal. The camera and battery on the PinePhone aren't great either. These are concept phones, but nothing that anyone can actually use. Also, Linux distributions are much less secure than GrapheneOS or even AOSP. And good luck getting normies to use a Linux phone, it's already hard with desktops, but impossible with phones.
Yeah I'm aware they're still in a really early/rough state, I definitely used the term pretty loosely. From what I understand they're capable of reliably texting, calling, light web browsing and maybe playing some audio. If you aren't someone who frequently/extensively uses your phone, and has decent knowledge of Linux, this may be enough for you. Def not the average user though.
It's actually super easy. This guy makes great videos about GrapheneOS. This is a video install guide, it's really not that hard. You really don't have to be worried, there's nothing that you can really fuck up. If something doesn't work, you just try again.
I can only recommend it. I used a Samsung phone a few years ago and putting a custom ROM on it took me a whole weekend, I had to spend many hours researching and I often encountered issues. With GrapheneOS, it was super easy. 15 minutes after taking the phone out of the box I had Graphene running on it. That was my first time installing GrapheneOS btw.
Yes, the GrapheneOS team put a lot of time and effort into creating Sandboxed Google Play services. It allows you to use Google services which are required for many apps without giving up your privacy. You get to choose which permissions you grant to Google Play services, just like with any other app. Basically any app that works on Android also works on GrapheneOS, except for a few things like Google Pay or Android Auto, because Google actually prevents them from working on Graphene.
Anyone got a source for this claim? I see it repeated often in this thread with no supporting evidence.
I’m not disputing it, I’d just like to know more.
Google has a direct financial motivation to track you through their business model. Just based on that I’d assume Google is performing more data harvesting.
No, it definitely isn't. Stop spreading false information and potentially giving people a false sense of security.
LineageOS isn't even as secure as stock Android, it's definitely not as secure as GrapheneOS as GOS has many security improvements compared to the AOSP. Some examples are the hardened C Library, hardened memory allocator, improved SELinux policies, secure app spawning, hardened browser (Vanadium) which is also used for WebView, etc. LineageOS doesn't even allow you to relock the bootloader, meaning anyone can modify the system because Android Verified Boot only works with a locked bootloader. It doesn't have any of the security features that GrapheneOS adds on top of AOSP, it also lacks basic security features from AOSP. It's ok for tinkering, but I would never use Lineage on a production device. You can read the section about LineageOS of this blog post: https://madaidans-insecurities.github.io/android.html#lineageos
Quote:
A common ROM that has many of these issues is LineageOS:
LineageOS uses userdebug builds by default. This adds many debugging features as additional attack surface. It also weakens various SELinux polices and exposes root access via ADB, which, as previously discussed, is not a good idea.
LineageOS requires an unlocked bootloader, therefore disabling verified boot, which is essential to verify the integrity of the operating system.
It does not implement rollback protection. This allows an attacker to downgrade the system to an older version and then exploit already patched vulnerabilities. The default updater even allows you to downgrade versions yourself.
Most LineageOS builds also do not include firmware updates, which prevents users from getting new patches to fix vulnerabilities. Instead, it gives a pop-up advising users to flash updates manually that most people will simply ignore.
This is a non-exhaustive list. There are more issues than just those listed above. LineageOS (and most other custom ROMs) are focused on customising the device and not privacy or security. Of course, you could build LineageOS yourself to fix many of these issues, but most users will not be capable of doing so.
It also has worse privacy because it uses Google services for things like DNS and NTP by default, which can not be changed by the user. GrapheneOS replaces all Google services like DNS, NTP, connectivity check, and the Attestation key provisioning service through either their own service or their own proxy for the Google service. Most of these can also be entirely disabled by the user on GrapheneOS. It also offers proxies for SUPL and PSDS location services and allows the user to disable these.
App compatibility is worse, as LineageOS uses microG whereas GrapheneOS uses Sandboxed Google Play services. microG is an insecure and poorly implemented version of Google Play services that sometimes has issues with basic Google SafetyNet checks. GrapheneOS just uses the standard Google Mobile Services bundle, but it's not installed as a system app and has the same privileges as any other app. It can be installed and uninstalled by the user and all permissions can be revoked (including network and sensor access).
From a privacy standpoint, Lineage OS uses hard-coded Google IPs for some core functionalities (DNS, NTP, Webview). MentalOutlaw did a video on this and how it can be removed by rooting your phone.
If you install GrapheneOS, then Google doesn't get any data from you, but they still get the money you spent on the phone. GrapheneOS only supports Google Pixels, for multiple reasons they explain in their FAQ.
No? There are many other ways to ensure privacy on Android.
Best option: Use a Custom ROM (which Graphene OS is an example of). However, going via this route is almost always a headache, as all devices don't have specific, stable builds, etc. Also, going this route poses a very real risk of bricking your device.
Easy and safe option (I would recommend this): Buy a device with stock android instead of the crappy MIUI and other variants. Disable all google services and apps and install all your applications from Fdroid. Install a firewall like TC from Fdroid for additional protection.
all devices don’t have specific, stable builds, etc
GrapheneOS is actually very stable and has specific builds for all the devices they support. It only supports Google Pixels, because these are the reference devices that AOSP is built for. They also have great hardware security features like the Titan M series of secure elements.
Also, going this route poses a very real risk of bricking your device.
Not with GrapheneOS. Their easy-to-use web installer makes is basically impossible to break your device during the installation process. It's really easy and maybe takes 15 minutes.
Unless you use GrapheneOS this is true. But iPhones aren't any better. GrapheneOS is the only solution.
PinePhone
Multiple OS choices, hardware kill switches for connectivity/camera/microphone, expansion pins, etc. Modest specs but for enough functionality to be a daily driver, zero ads or spyware, and infinite customizability, $400 is a steal.
Mine was unusable IMO but maybe I didn't try hard enough.
Linux phones are not at a point where you can actually daily drive them. They even lack support for basic apps like Signal. The camera and battery on the PinePhone aren't great either. These are concept phones, but nothing that anyone can actually use. Also, Linux distributions are much less secure than GrapheneOS or even AOSP. And good luck getting normies to use a Linux phone, it's already hard with desktops, but impossible with phones.
Yeah I'm aware they're still in a really early/rough state, I definitely used the term pretty loosely. From what I understand they're capable of reliably texting, calling, light web browsing and maybe playing some audio. If you aren't someone who frequently/extensively uses your phone, and has decent knowledge of Linux, this may be enough for you. Def not the average user though.
I’d like to do this but it looks a bit complicated. Maybe there’s a video guide I can follow so that I don’t fuck it up.
It's actually super easy. This guy makes great videos about GrapheneOS. This is a video install guide, it's really not that hard. You really don't have to be worried, there's nothing that you can really fuck up. If something doesn't work, you just try again.
Oh man, this looks so much easier than when I installed Lineage on the Poco F1! Might go for it now that I've got a pixel 7
I can only recommend it. I used a Samsung phone a few years ago and putting a custom ROM on it took me a whole weekend, I had to spend many hours researching and I often encountered issues. With GrapheneOS, it was super easy. 15 minutes after taking the phone out of the box I had Graphene running on it. That was my first time installing GrapheneOS btw.
Does it work with most common applications?
Yes, the GrapheneOS team put a lot of time and effort into creating Sandboxed Google Play services. It allows you to use Google services which are required for many apps without giving up your privacy. You get to choose which permissions you grant to Google Play services, just like with any other app. Basically any app that works on Android also works on GrapheneOS, except for a few things like Google Pay or Android Auto, because Google actually prevents them from working on Graphene.
You mean apps? Then yes. You can just install Aurora.
What do you think apps is a contraction of?
Apparently, apple applications apply appropriate approvals for the apprehension of appliance appendices.
You don't need aurora on graphene, thats the point of sandboxing.
deleted by creator
Anyone got a source for this claim? I see it repeated often in this thread with no supporting evidence.
I’m not disputing it, I’d just like to know more.
Google has a direct financial motivation to track you through their business model. Just based on that I’d assume Google is performing more data harvesting.
https://www.apple.com/legal/privacy/data/en/apple-advertising/
Straight from Apple.
https://www.tomsguide.com/news/android-ios-data-collection
The full research paper: https://www.scss.tcd.ie/doug.leith/apple_google.pdf
If you prefer a video: https://piped.video/watch?v=nQ9LR8homt4
And if you don't buy Google's Pixel you're just fucked?
I believe LineageOS has a wider selection of devices
But far worse security, privacy and app compatibility.
LMFAO, i'm interested in that explanation.
Read my comments:
https://sh.itjust.works/comment/5117498
https://sh.itjust.works/comment/5117397
LineageOS without GApps is literally as secure as GrapheneOS
No, it definitely isn't. Stop spreading false information and potentially giving people a false sense of security. LineageOS isn't even as secure as stock Android, it's definitely not as secure as GrapheneOS as GOS has many security improvements compared to the AOSP. Some examples are the hardened C Library, hardened memory allocator, improved SELinux policies, secure app spawning, hardened browser (Vanadium) which is also used for WebView, etc. LineageOS doesn't even allow you to relock the bootloader, meaning anyone can modify the system because Android Verified Boot only works with a locked bootloader. It doesn't have any of the security features that GrapheneOS adds on top of AOSP, it also lacks basic security features from AOSP. It's ok for tinkering, but I would never use Lineage on a production device. You can read the section about LineageOS of this blog post: https://madaidans-insecurities.github.io/android.html#lineageos
Quote:
What a load of crap. What's ur source for this information?
Why is my comment crap?
Which of my points are not true?
LineageOS has far worse security than both AOSP and GrapheneOS as outlined in the LineageOS section of this blog post: https://madaidans-insecurities.github.io/android.html#lineageos
It also has worse privacy because it uses Google services for things like DNS and NTP by default, which can not be changed by the user. GrapheneOS replaces all Google services like DNS, NTP, connectivity check, and the Attestation key provisioning service through either their own service or their own proxy for the Google service. Most of these can also be entirely disabled by the user on GrapheneOS. It also offers proxies for SUPL and PSDS location services and allows the user to disable these.
App compatibility is worse, as LineageOS uses microG whereas GrapheneOS uses Sandboxed Google Play services. microG is an insecure and poorly implemented version of Google Play services that sometimes has issues with basic Google SafetyNet checks. GrapheneOS just uses the standard Google Mobile Services bundle, but it's not installed as a system app and has the same privileges as any other app. It can be installed and uninstalled by the user and all permissions can be revoked (including network and sensor access).
From a privacy standpoint, Lineage OS uses hard-coded Google IPs for some core functionalities (DNS, NTP, Webview). MentalOutlaw did a video on this and how it can be removed by rooting your phone.
Which makes it even less secure
Here is an alternative Piped link(s):
video
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
No, Google does the same shit. You just decide which big company you give your data to. Or use a Nokia on 2G
If you install GrapheneOS, then Google doesn't get any data from you, but they still get the money you spent on the phone. GrapheneOS only supports Google Pixels, for multiple reasons they explain in their FAQ.
Jokes on you, we disable 2G for the sake of 5G frequencies.
But on Google Pixels you can install GrapheneOS, unlike any other Android device
No? There are many other ways to ensure privacy on Android.
Best option: Use a Custom ROM (which Graphene OS is an example of). However, going via this route is almost always a headache, as all devices don't have specific, stable builds, etc. Also, going this route poses a very real risk of bricking your device.
Easy and safe option (I would recommend this): Buy a device with stock android instead of the crappy MIUI and other variants. Disable all google services and apps and install all your applications from Fdroid. Install a firewall like TC from Fdroid for additional protection.
GrapheneOS is actually very stable and has specific builds for all the devices they support. It only supports Google Pixels, because these are the reference devices that AOSP is built for. They also have great hardware security features like the Titan M series of secure elements.
Not with GrapheneOS. Their easy-to-use web installer makes is basically impossible to break your device during the installation process. It's really easy and maybe takes 15 minutes.
Just have to pay google 800$ to leave the google ecosystem. Seems legit.
My Pixel 6a was 300 bucks