I was thinking about using graphene OS, but I’ve read some lemmy users dislike this OS due to perceived misleading advertising and the pixel 7a you’re supposed to install graphene on because it’s from google (an advertising company).
Another option would be lineage OS, but there is so much false information about this OS, namely compatible phones that simply don’t work with this OS and no support.
what works for you? I want a phone with no google, that doesn’t force me to use the manufacturer’s ecosystem and that won’t show the apps I don’t want or need (on an asus I own you cannot neither get rid nor hide bloatware)
GrapheneOS is probably the best option out there.
As you said, it’s only for Pixels currently, because
- They are more secure than most other phones. They have some kind of chip built in that makes them superior. I don’t know the specifics, but other commentators might add some information if needed. Something with encryption if I remember correctly. The GrapheneOS team is a bit …picky… when it comes to security, and most other phones don’t reach their requirements for a secure device.
- Google is one major contributor to Android, and their phones are fine tuned to work perfectly with it. Other manufacturers’ phones feel less polished.
- It’s easier to maintain one line of devices that are very similar, instead of keeping hundred phones up to date and secure. Pixels are similar to iPhones, they get updated almost simultaneously and are similar. If you now add a phone from a different line, e.g. a Fairphone or Nothing Phone, things get more complicated. If you look at Calyx (more onto that later), the FP4 caused quite some headaches for the dev team.
Pixels are cheap(ish) for what you get, and I believe Google makes them so cheap because 99% of users don’t care which ROM/OS is installed. Those are the advertisment-cows that will get milked. If you buy a Pixel and install a custom ROM on it, they will loose money.
My experience with GrapheneOS has been great. My Pixel 5 hit EOL a while ago and still gets maintenance updates almost weekly.
Many security additions are overkill for me, but quite some make a lot of sense.I used CalyxOS for a year too, but now that I don’t get full updates anymore, I don’t feel safe anymore with it.
I think GrapheneOS is technically superior to Calyx, especially due to the sandboxing they do. MicroG has full root privileges and can do with your phone what it wants, while also breaking some apps due to missing dependencies. If you choose to enable Play Services on GrapheneOS, they are user level and heavily restricted, and only you decide how much access you want to give them.
Regarding Calyx, since they don’t limit themselves as much in terms of security, they also offer a ROM for the Fairphone. Maybe check that out too.
DivestOS also seems to be a good option. AFAIK it’s based on LineageOS and supports a lot of devices, while being more secure than LOS.
Regarding Linux phones, I don’t have any experience with them. I tried Phosh (Mobile Gnome) on an exhibition a while ago, and it felt great and interesting, but from what I’ve heard, they are nowhere as good as Android.
My personal ranking:
- GrapheneOS on a Pixel. Get an used/ refurbished device if you don’t want to support Google. Best price-performance ratio, great OS, and very good hardware (battery life, camera, etc.)
- CalyxOS on a Fairphobe. Modular device with good repairability. Nowhere near as good in terms of what you’ll get for your money. Better security than 95% of other phone ROMs, oh, and you can just swap your battery in seconds if you want that :D
- DivestOS on a random supported phone, e.g. a China device. Nowhere near as sustainable (short lived update support, no spare parts, etc.)
- Linux phone. Only a good option for a tinkering device right now imo.
Great synopsis!
The cool thing about GrapheneOS: It provides basically all the comforts and usability as any Android (stock) ROM minus some compatibility issues with a portion of Google Apps and services (Google Pay doesn’t and probably will never work, for example) while providing state-of-the-art security and privacy if you choose to utilize those features. A modern Pixel with up-to-date GrapheneOS, configured the right way, is literally the most secure and private smartphone you can get today.
Same here, I have an old Pixel 4a that still gets security updates from GrapheneOS. Banking apps and Amazon don’t seem to like it, but I don’t mind just doing those on my laptop anyway.
Banking apps and Amazon don’t seem to like it
Try going into the app’s settings and toggle Exploit protection compatibility mode. That let me use my banking apps that didn’t work before.
That worked for banking, thanks!
I’ve read some lemmy users dislike this OS due to perceived misleading advertising and the pixel 7a you’re supposed to install graphene on because it’s from google
There is no misleading advertisement. Go with Graphene if you own a Pixel (from Pixel 5 up) or you can find a cheap second-hand one.
there is so much false information about this OS, namely compatible phones that simply don’t work
Care to share which devices are you talking about? If a device is officially supported by the latest LineageOS version, it works.
https://eylenburg.github.io/android_comparison.htm This is a nice overview
just so everyone is aware grapheneos only support’s pixels because it is specifically designed for taking advantage of the hardware security features found in google’s tensor and titan chips. and thus installing it on another phone would kinda miss the point (and vastly increase the scope of the project)
google is also basically the best company when it comes to phones for custom roms, as they provide stock images, a simple bootloader unlocking process (that doesn’t void your warranty as far as i can tell), and generally the aosp and software support that comes from being the phone of the developer of android.
Also because the google pixel its bootloader can be relocked without much trouble. that is a big part of why GOS only supports pixel phones.
Not sure why GrapheneOS is getting down voted so much here, did I miss something recent that happened?
I’ve been using GrapheneOS on my Pixel 6a for around 2 years and really like it.
If I couldn’t use GOS though, I would probably go with DivestOS. I haven’t looked deep into other alternative Android ROMs.
I use phones that are at least 5 year old and cost 100€ max. Graphene supports only new pixel phones, so I never got to use it. I put LineageOS with MicroG on every phone and I’m super happy with it.
Fair point, Pixels aren’t flagship expensive, but they definitely aren’t cheap either.
The reason why GrapheneOS is hated here is because one single user who spreads constantly misinfo about the project.
Calyxos user here. I like it so far. Half a year into it. I can live with microg instead of gms. And it also works on moto g32, 42 and 52 so you don’t need Google hardware.
Been using /e/OS on a OnePlus 6T for the last ~2 years and love it. The built-in ad tracker blocker works well. GoS works for the best part and if it doesnt, heading over to the website usually works.
PostmarketOS, pinephone, using phosh (sxmo is good too, but no support for dvorak keyboard :( :( :( ). Very jank, but I would never go back to Google/Android (or derivatives) after tasting what could be. Might try to switch to Void Linux or base Alpine since PostmarketOS is shipping systemd by default next release (“optionally, with openrc still being supported”, but we all know openrc is being pushed to the side, especially since it needs recompilation to switch back). Hope to boot OpenBSD on it some day.
Not next release, the one after. And even then probably not by default yet. And SXMO will not even support systemd at all. Yes OpenRC will remain an option.
systemd is good software and people should find proper reasons for disliking it for once instead of just following the hate train.
systemd is good software and people should find proper reasons for disliking it for once instead of just following the hate train.
Are “breaking portability with non-linux unix systems (and even linux systems that don’t use systemd)” and “overly complex codebases inherently being more bug-prone and systemd having a poor security track record” good enough reasons for you?
I am very happy with my moto g42 and Calix OS. The phone is reasonably priced (around 120.- euros).
Only downside is you have to register online to get full root access and I also had to wait like three days till everything unlocked. Otherwise I found the process very easy even for a caveman like me.
@merompetehla
Such question I like to answer with this link from a security specislist.
privsec.dev/posts/Please check the category Android.
Graphene seems the best possible custom rom.
I use Lineageos because I got an old phone for free.a security specislist.
I like how you highlight one of my pet peeves there.
Docs like this should be living so they can be fixed.
@corsicanguppy
Could you elaborate what you mean with that?
GrapheneOS is perfect. Pixel phones are Google hardware yes, but works like a dream once GOS is installed. NO MORE GOOGLE !!! Frequent OS updates, love it
I loved it too until I forgot my wallet one day. It’s the one thing I had to go back to stock Android for because I forget everything but my phone constantly.
You can’t pay with the phone with GrapheneOS?
I’m afraid not. You can have Google Wallet installed but you can’t have bank cards on it on GrapheneOS.
Edit: this link for more context
Ty. Saving others some time:
Contactless payments work fine on GrapheneOS. It’s not like there’s something fundamentally incompatible about them. It just so happens that the most prevalent implementation (Gpay) requires a Google certified OS. The options right now are as follows:
People find alternatives (such as their bank) which provide this without using Gpay and don’t require a certified OS themselves.
This is implemented, which would at least temporarily allow people to use apps that require a certified OS on GrapheneOS: https://github.com/GrapheneOS/os-issue-tracker/issues/1986
Apps currently requiring a Google certified OS whitelist it as per https://grapheneos.org/articles/attestation-compatibility-guide (though it is of course very unlikely that Google themselves would do this)
But:
Barclays in the UK is only one example of contactless payments working without Google Pay, there are other banks in France for example for which we’ve had reports of similar contactless payment systems working. They exist; though I’m under no illusions that they’re prevalent, since I imagine from their POV, implementing Google Pay is much easier and maintainable.
On the spoofing CTS checks thing, I did not mean to insinuate that you or some other user would be the one to implement this. When I said “an option is for this to be implemented”, I meant the development team adding it to GrapheneOS. The issue is currently open and was opened by someone on the development team, so it’s not a feature that the team has ruled out. As with everything on GrapheneOS, though, the best way to approach it has to be determined, which can take time.
On your 3rd point, lobbying Google to whitelist GrapheneOS by using that guide is realistically never going to happen. Other OEMs that have to go through certification and pass CTS (compatibility test suite) which GrapheneOS doesn’t (because it adds things like new permissions which deviate from the compatibility goals that Android has set) would be outraged if that ever happened. In fact, I would wager that it would be a much more realistic scenario for someone to invest millions into funding a company that provides an alternative to Google Pay without puttng it behind a CTS check, rather than Google ever whitelisting GrapheneOS.
When someone says “contactless payments don’t work on GrapheneOS”, it’s not immediately clear to everyone that what is meant by that is “there aren’t good options for people to use right now” and I wouldn’t want someone to think that contactless payments are fundamentally incompatible with GrapheneOS, or that it breaks them somehow. Contactless payments via Gpay on GrapheneOS don’t work as of right now for the exact same reason why the McDonalds app in some countries (I kid you not) doesn’t. SafetyNet / Play Integrity API and their ctsProfileMatch and MEETS_DEVICE_INTEGRITY checks accordingly.
Didn’t know about Barclays! Thank you for educating me.
No, Google Wallet doesn’t pass the security check.
Which is weird because I thought Graphene can pass attestation. I can pass it and use Wallet with Magisk on an unlocked bootloader, not sure what’s preventing on Graphene.
No OS is perfect, as you likely do have to use a proprietary modem and some proprietary apps, but CalyxOS works well for me on my Fairphone 4. I like the base install being as free as realistically possible on a modern Android phone, especially replacing Google apps with microG. Just don’t enable SafetyNet if you don’t want it to run (sandboxed) Google blobs. That API is deprecated anyways.
The experience is smooth, free and I get a repairable phone without having generative “”“AI”“” shoved down my throat. A win on all fronts in my opinion.
Used pixels are surprisingly cheap for how well they hold up over time, and graphene works well.
I totally agree. Used pixels are superb with grapheneos. Syncthing is what i use ad a backup. I think the problemi is that google stops releasing updates after 5 yearss old units don’t get updates I think. I have the 5th June build and it reports a security update of December 2023.
If you don’t live in the EU. Here you get a better new phone from xiaomi/motorola/oneplus than a pixel for the same price. Yes, I get grapheneos and relockable bootloader, but used things are too expensive here. If you need a cheap phone, buy a cheap phone (fuck EU’s import regulations).
I don’t know what you are on about, but if brand-new Pixels are too expensive for you (although their price is uniformed to the US one), you can easily find them second-hand.
For example at a time where my Pixel 7 was available for 500$ (466€) in the USA + 100$ trade in (93€) for my Galaxy S8 = 400$ = 373€ it still was 620€ in Austria on Amazon, the only way to buy it because Google did not offer it through their Google store here and normal stores didn’t go below 650€. I could’ve gotten 20€ trade in for my old phone = 600€. 60% more than in the USA at the same time.
Used market basically didn’t exist because Pixels generally were a bit overpriced
Doesn’t it seem that this problem is caused by Google not operating the markets in the same way?
Yes, but Persen’s point still stands.
(And Pixels also have way less features here, the only advantage they give is access to GrapheneOS, great camera and AI photo editing)
Which features do the lack?
US-only:
Call screening
Hold for me
Direct my call
Wait times
Call transcription
Answering calls with text to speech
Emergency calls on crash
English-only:
Speaker labels for Google recorder transcripts
Google recorder transcripts generally don’t work well in other languages, but at least the option to get a subpar transcript exists
Probably missed some
That’s the point. You can’t import anything to EU without paying a 20% import tax ±5€ depending on the import. This makes the used device market prices in EU inflated.
Why would you import used devices from the US in the first place? People sell them in Europe too.
Most of the market was from UK (where we all know what happened) plus taxing imports inflated the EU market.
deleted by creator
Ran LineageOS on a OnePlus 6T for a couple months. Overall, it was perfectly usable, but also lacked some of the polish of my daily (Galaxy S23), which was totally to be expected.