this post was submitted on 16 Aug 2024
283 points (95.8% liked)

Privacy

31981 readers
271 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

After using LineageOS for long time, I have finally moved to GrapheneOS. I use a lot of banking and financial apps which I never felt comfortable using on LineageOS due to lack of proper sandboxing, unlocked bootloader etc.

GrapheneOS works flawlessly just like Android. You don't even notice there's hardening underneath. Also it protects from Google's evil location tracking using WiFi/Bluetooth or even when the Location is turned off. I don't understand how people in general are comfortable with Google tracking all the time. You can use Google Play and Play Services in a sandbox that works just like regular installation, but without deep tracking.

If you haven't tried GrapheneOS, try it. You won't go back to regular Android.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 68 points 3 months ago* (last edited 3 months ago) (5 children)

If they can get it to work on non-Google devices, I will consider it. Right now Graphene compatibility is extremely limited. Besides, I basically have to give Google money to avoid Google.

๐Ÿคช

[โ€“] [email protected] 42 points 3 months ago (4 children)

Have people forgotten about the used market? Buying things second hand is the way.

[โ€“] [email protected] 25 points 3 months ago (1 children)

Doesn't change that this only runs on Pixel devices. I simply don't want a Pixel device for various reasons. Used or not, Graphene won't run officially on a Sony, a Fairphone, etc.

[โ€“] [email protected] 30 points 3 months ago* (last edited 3 months ago) (1 children)

If the security benefits of a pixel is less important then the fact Google made it then GOS is simply not meant for you.

Its silly people complain about it being only compatible for pixels but never seem to blame other android brands for making significantly less secure phones. The responsibility should be put on phone makers to create secure phones that meet GOS requirements, not to expect GOS to make a less secure OS.

The whole AOSP environment is very Google centric so its pretty weird to think because your not buying a pixel that you are somehow avoiding Google.

[โ€“] [email protected] 19 points 3 months ago (2 children)

I have more considerations than security, like a headphone jack and other details. But you have my upvote anyways, because you make a lot of sense. I agree with you. ๐Ÿ…

[โ€“] [email protected] 11 points 3 months ago (1 children)

I do agree that the lack of a headphone jack absolutely kills me. It's a reason I haven't pulled the trigger either way on a new phone yet. On the one hand, I want a secure degoogled phone that maintains a lot of functionality with GOS. On the other, I want a modern phone with a headphone jack a la Sony. I go back and forth constantly.

[โ€“] [email protected] 4 points 3 months ago* (last edited 3 months ago) (1 children)

For what its worth, my Sony Xperia 1 VI didn't come with a lot of google apps and it was easy enough to get rid of those. Obviously play services and some other stuff remain, so it's not a degoogled phone, but it's alright. Sony asks for some analytics stuff, but that's all very easy to deny.

Sony also makes it very easy to root, unlock and flash your phone, with an official guide on how to do that. It's not as easy as installing graphene OS, but I'm sure somebody will built lineage or something for it at some point

Edit: Here are links to the official documentation, Sony makes it pretty easy to built and flash AOSP

https://developer.sony.com/open-source/aosp-on-xperia-open-devices/guides/aosp-build-instructions/build-aosp-android-14/

https://developer.sony.com/open-source/aosp-on-xperia-open-devices/get-started/unlock-bootloader/how-to-unlock-bootloader/

[โ€“] [email protected] 2 points 3 months ago

This is great info, thank you so much! That definitely gives me more things to consider

[โ€“] [email protected] 3 points 3 months ago* (last edited 3 months ago)

That's fair, and the reasons why someone buys a phone is a personal choice.

I would suggest with things like a headphone jack that, while its annoying to buy an adapter (usb-c to headphone) it may be worth the cost vs sacrificing something like hardware security.

Sadly a lot of the time consumers are forced to choose between security and privacy or convenience.

[โ€“] [email protected] 13 points 3 months ago

still pricey as fuck in my country. barely any pixels here.

[โ€“] curry 7 points 3 months ago (1 children)

My country's second hand market sucks donkey balls. Import fees are crazy if you even dare to use Amazon instead of cheap Chinese shop. I just wanna scream.

[โ€“] [email protected] 4 points 3 months ago

Damn, that really sucks, I'm sorry :(

[โ€“] [email protected] 5 points 3 months ago (2 children)

I'm always wary of buying second hand phones. How healthy is that battery going to be?

[โ€“] [email protected] 5 points 3 months ago

It is possible to replace them, with a little research. Or just taking them to a phone repair shop if you're too anxious for that

[โ€“] [email protected] 30 points 3 months ago (1 children)

Yeah, it's kind of wild and ironic that one of the most private OSes requires a Google phone.

[โ€“] refalo 16 points 3 months ago* (last edited 3 months ago) (1 children)

Not only that but it relies on the Pixel's black box "Titan" security chip, that google pinky-promised to open source but never did...

[โ€“] [email protected] 15 points 3 months ago (2 children)

The Titan security chip is not a black box. The Titan M1 gas been scrutinazed by blackhat: https://dl.acm.org/doi/fullHtml/10.1145/3503921.3503922

Just because something is not open source does not mean you can't verify it (no, i'm not shilling closed slurce; no i don't think closed > open; no i don't think closed source is more secure)

[โ€“] [email protected] 6 points 3 months ago* (last edited 3 months ago)

'Just reverse engineer it bro'

[โ€“] refalo -1 points 3 months ago (1 children)

That work was not available when GrapheneOS was developed, and is not necessarily applicable to devices released after those findings... I still consider it a black box.

[โ€“] [email protected] -1 points 3 months ago

That work was not available when GrapheneOS was developed

What do you mean ? This has nothing to do with GrapheneOS in the first place (which by the way has been created in 2014. The article i linked refers to 2021).

I still consider it a black box.

Reverse engineering is a thing. It always has been. If every piece of closed source was a blackbox how can you explain exploitation ? How can bad actors exploit Windows, MacOS, CPU firmware and so on ? Your argument here is not practical. Also, why should Google put a backdoor inside a chip ? They already get every information they what directly from the people agreeing to use their software. So, why bother ? Moreover, every phone on the market has closed source firmware.

[โ€“] [email protected] 12 points 3 months ago (2 children)

Buy a Pixel second hand. Then you're just reimbursing someone who already made that mistake. ;)

[โ€“] [email protected] 5 points 3 months ago

Just research ahead and don't buy one with a known hardware defect such as the 5As which are notorious for frying motherboards and screens. Went through 5 of them with the extended warranty over my phones life and they all died while in my hand abruptly. Less than a year or life per device almost always failing around 8 months for me.

If grapheneOS wasn't so damn good I would've left pixels after that, Pixel XL abruptly died, 2XL had both cameras and the fingerprint sensor die out of nowhere, then the 4 5As. On an 8a right now and love it so fingers crossed it lasts!

If they had a user repairable device that ran it I'd buy it in a heartbeat

[โ€“] [email protected] -1 points 3 months ago* (last edited 3 months ago)

Like Google will bankrupt without my money. I'd rather remove their malware.